Method and Apparatus for Token-Based Combining of Risk Ratings

US 20130047241A1
Filed: 08/15/2011
Published: 02/21/2013
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory operable to store a plurality of tokens, wherein the plurality of tokens comprises a plurality of risk tokens, each risk token representing a risk rating, the risk rating being a numerical value indicating a risk associated with granting a particular user access to a particular resource;

a processor operable to;

identify a set of related risk tokens in the plurality of risk tokens;

generate a composite risk token that represents an arithmetic combination of the risk ratings represented by the set of related risk tokens; and

use the composite risk token to facilitate the making of an access decision.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may store a plurality of tokens. The plurality of tokens may include a plurality of risk tokens. Each risk token may represent a risk rating. The risk rating may be a numerical value indicating a risk associated with granting a particular user access to a particular resource. The apparatus may identify a set of related risk tokens in the plurality of risk tokens, and generate a composite risk token that represents an arithmetic combination of the risk ratings represented by the set of related risk tokens. The apparatus may then use the composite risk token to facilitate the making of an access decision.

20 Citations

View as Search Results

24 Claims

1. An apparatus comprising:
- a memory operable to store a plurality of tokens, wherein the plurality of tokens comprises a plurality of risk tokens, each risk token representing a risk rating, the risk rating being a numerical value indicating a risk associated with granting a particular user access to a particular resource;
  
  a processor operable to;
  
  identify a set of related risk tokens in the plurality of risk tokens;
  
  generate a composite risk token that represents an arithmetic combination of the risk ratings represented by the set of related risk tokens; and
  
  use the composite risk token to facilitate the making of an access decision.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein:
    - the set of related risk tokens comprises risk tokens associated with a first resource and risk tokens associated with a second resource; and
      
      the token-based rule is based at least in part on a risk token associated with the first resource and a risk token associated with the second resource.
  - 3. The apparatus of claim 2, wherein:
    - the first resource and second resource are sub-resources of a composite resource; and
      
      the composite risk token is used to facilitate the making of an access decision to another sub-resource of the composite resource.
  - 4. The apparatus of claim 1, wherein the arithmetic combination comprises a weighted average.
  - 5. The apparatus of claim 1, wherein:
    - the set of related risk tokens comprises risk tokens associated with a first action and risk tokens associated with a second action; and
      
      the token-based rule is based at least in part on a risk token associated with the first action and a risk token associated with the second action.
  - 6. The apparatus of claim 5, wherein:
    - the first action and second action are withdrawals from a first account a second account; and
      
      the composite risk token is used to facilitate the making of an access decision associated with a withdrawal from another account.
  - 7. The apparatus of claim 1, wherein the identification of the set of related risk tokens is based on a token-based rule.
  - 8. The apparatus of claim 1, wherein the generation of the composite risk token is based on a token-based rule.

9. A method for determining a composite risk token in a token-based environment, comprising:
- storing a plurality of tokens, wherein the plurality of tokens comprises a plurality of risk tokens, each risk token representing a risk rating, the risk rating being a numerical value indicating a risk associated with granting a particular user access to a particular resource;
  
  identifying, by a processor, a set of related risk tokens in the plurality of risk tokens;
  
  generating, by the processor, a composite risk token that represents an arithmetic combination of the risk ratings represented by the set of related risk tokens; and
  
  using the composite risk token to facilitate the making of an access decision.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein:
    - the set of related risk tokens comprises risk tokens associated with a first resource and risk tokens associated with a second resource; and
      
      the token-based rule is based at least in part on a risk token associated with the first resource and a risk token associated with the second resource.
  - 11. The method of claim 10, wherein:
    - the first resource and second resource are sub-resources of a composite resource; and
      
      the composite risk token is used to facilitate the making of an access decision to another sub-resource of the composite resource.
  - 12. The method of claim 9, wherein the arithmetic combination comprises a weighted average.
  - 13. The method of claim 9, wherein:
    - the set of related risk tokens comprises risk tokens associated with a first action and risk tokens associated with a second action; and
      
      the token-based rule is based at least in part on a risk token associated with the first action and a risk token associated with the second action.
  - 14. The method of claim 13, wherein:
    - the first action and second action are withdrawals from a first account a second account; and
      
      the composite risk token is used to facilitate the making of an access decision associated with a withdrawal from another account.
  - 15. The method of claim 9, wherein the identification of the set of related risk tokens is based on a token-based rule.
  - 16. The method of claim 9, wherein the generation of the composite risk token is based on a token-based rule.

17. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- store a plurality of tokens, wherein the plurality of tokens comprises a plurality of risk tokens, each risk token representing a risk rating, the risk rating being a numerical value indicating a risk associated with granting a particular user access to a particular resource;
  
  identify a set of related risk tokens in the plurality of risk tokens;
  
  generate a composite risk token that represents an arithmetic combination of the risk ratings represented by the set of related risk tokens; and
  
  use the composite risk token to facilitate the making of an access decision.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The media of claim 17, wherein:
    - the set of related risk tokens comprises risk tokens associated with a first resource and risk tokens associated with a second resource; and
      
      the token-based rule is based at least in part on a risk token associated with the first resource and a risk token associated with the second resource.
  - 19. The media of claim 18, wherein:
    - the first resource and second resource are sub-resources of a composite resource; and
      
      the composite risk token is used to facilitate the making of an access decision to another sub-resource of the composite resource.
  - 20. The media of claim 17, wherein the arithmetic combination comprises a weighted average.
  - 21. The media of claim 17, wherein:
    - the set of related risk tokens comprises risk tokens associated with a first action and risk tokens associated with a second action; and
      
      the token-based rule is based at least in part on a risk token associated with the first action and a risk token associated with the second action.
  - 22. The media of claim 21, wherein:
    - the first action and second action are withdrawals from a first account a second account; and
      
      the composite risk token is used to facilitate the making of an access decision associated with a withdrawal from another account.
  - 23. The media of claim 17, wherein the identification of the set of related risk tokens is based on a token-based rule.
  - 24. The media of claim 17, wherein the generation of the composite risk token is based on a token-based rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh, Frick, Cynthia Ann, Marian, Radu, Barbir, Abdulkader Omar, Badhwar, Rajat P.

Granted Patent

US 9,055,053 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2115   Third party

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

Method and Apparatus for Token-Based Combining of Risk Ratings

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Apparatus for Token-Based Combining of Risk Ratings

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links