Method and apparatus for token-based real-time risk updating

US 9,253,197 B2
Filed: 08/15/2011
Issued: 02/02/2016
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory for storing a plurality of tokens indicating a user is accessing a resource over a network, wherein;

the plurality of tokens comprises a risk token indicating a risk associated with access by the user to the resource; and

each token of the plurality of tokens is associated with a layer of the Open Systems Interconnection stack; and

a processor for;

determining, based at least in part upon a form of authentication performed by the user, a numeric identity assurance level;

determining, based at least in part upon a form of security provided by the resource, a numeric trust level; and

determining, based at least in part upon the risk token, a numeric risk level;

detecting a network token indicating the network is experiencing jitter;

determining at least one token-based rule associated with the network token;

determining, based at least in part upon the at least one token-based rule, that the jitter triggers a risk update;

generating, in response to the determination that the jitter triggers the risk update, a dataset token that represents the risk token and the network token;

communicating the dataset token to a token provider to perform the risk update;

receiving a recomputed risk token representing an updated risk, the updated risk indicating the risk associated with continuing access to the resource with the change;

updating, based at least in part upon the at least one token-based rule and the recomputed risk token, the numeric risk level;

comparing the updated numeric risk level to a threshold risk level;

determining, based at least in part upon comparing the numeric risk level to the threshold risk level and based at least in part upon the identity assurance level and the trust level, that access to the resource should be terminated;

generating, in response to the determination that access to the resource should be terminated, a decision token representing the determination that access to the resource should be terminated; and

communicating the decision token to facilitate terminating access to the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may store a plurality of tokens indicating a user is accessing a resource over a network. The plurality of tokens may include a risk token indicating a risk associated with access by the user to the resource. The apparatus may detect a token indicating a change associated with accessing the resource, and determine that the change triggers a risk update. The apparatus may then generate a dataset token that represents the risk token and the token indicating the change, and communicate the dataset token to a token provider to perform the risk update. The apparatus may then receive a recomputed risk token representing an updated risk. The updated risk may indicate the risk associated with continuing access to the resource with the change.

41 Citations

12 Claims

1. An apparatus comprising:
- a memory for storing a plurality of tokens indicating a user is accessing a resource over a network, wherein;
  
  the plurality of tokens comprises a risk token indicating a risk associated with access by the user to the resource; and
  
  each token of the plurality of tokens is associated with a layer of the Open Systems Interconnection stack; and
  
  a processor for;
  
  determining, based at least in part upon a form of authentication performed by the user, a numeric identity assurance level;
  
  determining, based at least in part upon a form of security provided by the resource, a numeric trust level; and
  
  determining, based at least in part upon the risk token, a numeric risk level;
  
  detecting a network token indicating the network is experiencing jitter;
  
  determining at least one token-based rule associated with the network token;
  
  determining, based at least in part upon the at least one token-based rule, that the jitter triggers a risk update;
  
  generating, in response to the determination that the jitter triggers the risk update, a dataset token that represents the risk token and the network token;
  
  communicating the dataset token to a token provider to perform the risk update;
  
  receiving a recomputed risk token representing an updated risk, the updated risk indicating the risk associated with continuing access to the resource with the change;
  
  updating, based at least in part upon the at least one token-based rule and the recomputed risk token, the numeric risk level;
  
  comparing the updated numeric risk level to a threshold risk level;
  
  determining, based at least in part upon comparing the numeric risk level to the threshold risk level and based at least in part upon the identity assurance level and the trust level, that access to the resource should be terminated;
  
  generating, in response to the determination that access to the resource should be terminated, a decision token representing the determination that access to the resource should be terminated; and
  
  communicating the decision token to facilitate terminating access to the resource.
- View Dependent Claims (2, 3, 4)
- - 2. The apparatus of claim 1, wherein the dataset token further represents the plurality of tokens associated with accessing the resource.
  - 3. The apparatus of claim 1, wherein the access decision has been made previously and the access decision is remade based on the numeric risk level.
  - 4. The apparatus of claim 1, wherein the plurality of tokens comprises at least one of a subject token and a resource token.

5. A method for receiving real-time risk rating information in a token-based environment, comprisingstoring a plurality of tokens indicating a user is accessing a resource over a network, wherein:
- the plurality of tokens comprises a risk token indicating a risk associated with access by the user to the resource; and
  
  each token of the plurality of tokens is associated with a layer of the Open Systems Interconnection stack;
  
  determining, by the processor, based at least in part upon a form of authentication performed by the user, a numeric identity assurance level;
  
  determining, by the processor, based at least in part upon a form of security provided by the resource, a numeric trust level; and
  
  determining, by the processor, based at least in part upon the risk token, a numeric risk level;
  
  detecting, by a processor, a network token indicating the network is experiencing jitter;
  
  determine at least one token-based rule associated with the network token;
  
  determining, by the processor, based at least in part upon the at least one token-based rule, that the jitter triggers a risk update;
  
  generating, in response to the determination that the jitter triggers the risk update, a dataset token that represents the risk token and the network token;
  
  communicating the dataset token to a token provider to perform the risk update;
  
  receiving a recomputed risk token representing an updated risk, the updated risk indicating the risk associated with continuing access to the resource with the change;
  
  updating, by the processor, based at least in part upon the at least one token-based rule and the recomputed risk token, the numeric risk level;
  
  comparing, by the processor, the updated numeric risk level to a threshold risk level;
  
  determining, by the processor, based at least in part upon comparing the numeric risk level to the threshold risk level and based at least in part upon the identity assurance level and the trust level, that access to the resource should be terminated;
  
  generating, in response to the determination that access to the resource should be terminated, a decision token representing the determination that access to the resource should be terminated; and
  
  communicating the decision token to facilitate terminating access to the resource.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein the dataset token further represents the plurality of tokens associated with accessing the resource.
  - 7. The method of claim 5, wherein the access decision has been made previously and the access decision is remade based on the numeric risk level.
  - 8. The method of claim 5, wherein the plurality of tokens comprises at least one of a subject token and a resource token.

9. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- store a plurality of tokens indicating a user is accessing a resource over a network, wherein;
  
  the plurality of tokens comprises a risk token indicating a risk associated with access by the user to the resource; and
  
  each token of the plurality of tokens is associated with a layer of the Open Systems Interconnection stack;
  
  determine, based at least in part upon a form of authentication performed by the user, a numeric identity assurance level;
  
  determine, based at least in part upon a form of security provided by the resource, a numeric trust level; and
  
  determine, based at least in part upon the risk token, a numeric risk level;
  
  detect a network token indicating the network is experiencing jitter;
  
  determine at least one token-based rule associated with the network token;
  
  determine, based at least in part upon the at least one token-based rule, that the jitter triggers a risk update;
  
  generate, in response to the determination that the jitter triggers the risk update, a dataset token that represents the risk token and the network token;
  
  communicate the dataset token to a token provider to perform the risk update;
  
  receive a recomputed risk token representing an updated risk, the updated risk indicating the risk associated with continuing access to the resource with the change;
  
  update, based at least in part upon the at least one token-based rule and the recomputed risk token, the numeric risk level;
  
  compare the updated numeric risk level to a threshold risk level;
  
  determine, based at least in part upon comparing the numeric risk level to the threshold risk level and based at least in part upon the identity assurance level and the trust level, that access to the resource should be terminated;
  
  generate, in response to the determination that access to the resource should be terminated, a decision token representing the determination that access to the resource should be terminated; and
  
  communicate the decision token to facilitate terminating access to the resource.
- View Dependent Claims (10, 11, 12)
- - 10. The media of claim 9, wherein the dataset token further represents the plurality of tokens associated with accessing the resource.
  - 11. The media of claim 9, wherein the access decision has been made previously and the access decision is remade based on the numeric risk level.
  - 12. The media of claim 9, wherein the plurality of tokens comprises at least one of a subject token, a resource token, and a network token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh, Frick, Cynthia Ann, Marian, Radu, Barbir, Abdulkader Omar, Badhwar, Rajat P.
Primary Examiner(s)
GOLDBERG, ANDREW C

Application Number

US13/210,145
Publication Number

US 20130047253A1
Time in Patent Office

1,632 Days
Field of Search

726/29
US Class Current

1/1
CPC Class Codes

G06F 21/552   involving long-term monitor...

H04L 2463/082   applying multi-factor authe...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Method and apparatus for token-based real-time risk updating

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for token-based real-time risk updating

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others