Apparatus and Method for Performing End-to-End Encryption

US 20130046987A1
Filed: 05/24/2012
Published: 02/21/2013
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory operable to store a plurality of token-based rules, wherein a token-based rule facilitates access to a resource; and

a processor communicatively coupled to the memory and operable to;

receive a first token indicating that a first form of encryption has been performed;

determine, based at least in part upon the first token, at least one token-based rule;

determine, based at least in part upon the token-based rule, that a second form of encryption should be performed;

receive a second token indicating that the second form of encryption has been performed;

determine that access to the resource should be granted in response to the determination that the second form of encryption has been performed;

generate a decision token representing the determination that access to the resource should be granted; and

transmit the decision token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may receive a first token indicating that a first form of encryption has been performed and determine, based at least in part upon the first token, at least one token-based rule. The apparatus may determine, based at least in part upon the token-based rule, that a second form of encryption should be performed. The apparatus may receive a second token indicating that the second form of encryption has been performed and determine that access to the resource should be granted in response to the determination that the second form of encryption has been performed. The apparatus may then generate a decision token representing the determination that access to the resource should be granted and transmit the decision token.

Citations

18 Claims

1. An apparatus comprising:
- a memory operable to store a plurality of token-based rules, wherein a token-based rule facilitates access to a resource; and
  
  a processor communicatively coupled to the memory and operable to;
  
  receive a first token indicating that a first form of encryption has been performed;
  
  determine, based at least in part upon the first token, at least one token-based rule;
  
  determine, based at least in part upon the token-based rule, that a second form of encryption should be performed;
  
  receive a second token indicating that the second form of encryption has been performed;
  
  determine that access to the resource should be granted in response to the determination that the second form of encryption has been performed;
  
  generate a decision token representing the determination that access to the resource should be granted; and
  
  transmit the decision token.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus of claim 1, wherein the processor is further operable to grant at least one of a user and a device access to the resource, wherein the determination of the at least one token-based rule is further based at least in part upon at least one of:
    - a subject token associated with the user and the device; and
      
      a resource token associated with the resource.
  - 3. The apparatus of claim 1, wherein the processor is further operable to:
    - determine, based at least in part upon the token-based rule, that a third form of encryption should be performed in response to receiving the second token;
      
      generate a message indicating that the third form of encryption should be performed; and
      
      transmit the message.
  - 4. The apparatus of claim 1, wherein the processor is further operable to:
    - receive an encrypted token;
      
      determine, based at least in part upon the encrypted token, at least one second token-based rule, wherein;
      
      the at least one second token-based rule specifies a first form of encryption and a second form of encryption; and
      
      the first and second forms of encryption have been performed on the encrypted token;
      
      determine, based at least in part upon the at least one second token-based rule, a first form of decryption and a second form of decryption, wherein;
      
      the first and second forms of decryption correspond to the first and second forms of encryption performed on the encrypted token; and
      
      performing the first and second forms of decryption on the encrypted token decrypts the encrypted token;
      
      determine that the first form of decryption has been performed on the encrypted token; and
      
      determine, in response to the determination that the first form of encryption has been performed, that the second form of decryption should be performed on the encrypted token.
  - 5. The apparatus of claim 1, wherein the first form of encryption is associated with a lower layer of the open systems interconnection model than the second form of encryption.
  - 6. The apparatus of claim 1, wherein the processor is further operable to grant access to the resource over a network, wherein:
    - the first token is associated with the network; and
      
      the second token is associated with the resource.

7. A method comprising:
- storing, by a memory, a plurality of token-based rules, wherein a token-based rule facilitates access to a resource;
  
  receiving, by a processor communicatively coupled to the memory, a first token indicating that a first form of encryption has been performed;
  
  determining, by the processor, based at least in part upon the first token, at least one token-based rule;
  
  determining, by the processor, based at least in part upon the token-based rule, that a second form of encryption should be performed;
  
  receiving, by the processor, a second token indicating that the second form of encryption has been performed;
  
  determining, by the processor, that access to the resource should be granted in response to the determination that the second form of encryption has been performed;
  
  generating, by the processor, a decision token representing the determination that access to the resource should be granted; and
  
  transmitting, by the processor, the decision token.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising granting, by the processor, at least one of a user and a device access to the resource, wherein the determination of the at least one token-based rule is further based at least in part upon at least one of:
    - a subject token associated with the user and the device; and
      
      a resource token associated with the resource.
  - 9. The method of claim 7, further comprising:
    - determining, by the processor, based at least in part upon the token-based rule, that a third form of encryption should be performed in response to receiving the second token;
      
      generating, by the processor, a message indicating that the third form of encryption should be performed; and
      
      transmitting, by the processor, the message.
  - 10. The method of claim 7, further comprising:
    - receiving, by the processor, an encrypted token;
      
      determining, by the processor, based at least in part upon the encrypted token, at least one second token-based rule, wherein;
      
      the at least one second token-based rule specifies a first form of encryption and a second form of encryption; and
      
      the first and second forms of encryption have been performed on the encrypted token;
      
      determining, by the processor, based at least in part upon the at least one second token-based rule, a first form of decryption and a second form of decryption, wherein;
      
      the first and second forms of decryption correspond to the first and second forms of encryption performed on the encrypted token; and
      
      performing the first and second forms of decryption on the encrypted token decrypts the encrypted token;
      
      determining, by the processor, that the first form of decryption has been performed on the encrypted token; and
      
      determining, by the processor, in response to the determination that the first form of encryption has been performed, that the second form of decryption should be performed on the encrypted token.
  - 11. The method of claim 7, wherein the first form of encryption is associated with a lower layer of the open systems interconnection model than the second form of encryption.
  - 12. The method of claim 7, further comprising granting, by the processor, access to the resource over a network, wherein:
    - the first token is associated with the network; and
      
      the second token is associated with the resource.

13. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- store a plurality of token-based rules, wherein a token-based rule facilitates access to a resource;
  
  receive a first token indicating that a first form of encryption has been performed;
  
  determine, based at least in part upon the first token, at least one token-based rule;
  
  determine, based at least in part upon the token-based rule, that a second form of encryption should be performed;
  
  receive a second token indicating that the second form of encryption has been performed;
  
  determine that access to the resource should be granted in response to the determination that the second form of encryption has been performed;
  
  generate a decision token representing the determination that access to the resource should be granted; and
  
  transmit the decision token.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The media of claim 13 embodying software further operable when executed to grant at least one of a user and a device access to the resource, wherein the determination of the at least one token-based rule is further based at least in part upon at least one of:
    - a subject token associated with the user and the device; and
      
      a resource token associated with the resource.
  - 15. The media of claim 13 embodying software further operable when executed to:
    - determine, based at least in part upon the token-based rule, that a third form of encryption should be performed in response to receiving the second token;
      
      generate a message indicating that the third form of encryption should be performed; and
      
      transmit the message.
  - 16. The media of claim 13 embodying software further operable when executed to:
    - receive an encrypted token;
      
      determine, based at least in part upon the encrypted token, at least one second token-based rule, wherein;
      
      the at least one second token-based rule specifies a first form of encryption and a second form of encryption; and
      
      the first and second forms of encryption have been performed on the encrypted token;
      
      determine, based at least in part upon the at least one second token-based rule, a first form of decryption and a second form of decryption, wherein;
      
      the first and second forms of decryption correspond to the first and second forms of encryption performed on the encrypted token; and
      
      performing the first and second forms of decryption on the encrypted token decrypts the encrypted token;
      
      determine that the first form of decryption has been performed on the encrypted token; and
      
      determine, in response to the determination that the first form of encryption has been performed, that the second form of decryption should be performed on the encrypted token.
  - 17. The media of claim 13, wherein the first form of encryption is associated with a lower layer of the open systems interconnection model than the second form of encryption.
  - 18. The media of claim 13 embodying software further operable when executed to grant access to the resource over a network, wherein:
    - the first token is associated with the network; and
      
      the second token is associated with the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh

Granted Patent

US 8,806,602 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/172
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/62   Protecting access to data v...

H04L 2463/082   applying multi-factor authe...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/16   Implementing security featu...

H04L 63/20   for managing network securi...

H04L 9/3213   using tickets or tokens, e....

Apparatus and Method for Performing End-to-End Encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and Method for Performing End-to-End Encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links