| Patent application number | Description | Published |
|---|
| 20130046696 | Method and Apparatus for Object Transaction Session Validation - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate access to a resource. The apparatus may further store a plurality of tokens. The apparatus may receive a first token indicating that a transaction associated with the resource has been requested. The apparatus may determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule may condition access to the resource upon a second token. The apparatus may determine that the plurality of tokens includes the second token associated with the at least one token-based rule and generate a session token based at least in part upon the first token and the second token in response to the determination that the plurality of tokens includes the second token. The apparatus may then allow the transaction. | 02-21-2013 |
| 20130046987 | Apparatus and Method for Performing End-to-End Encryption - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may receive a first token indicating that a first form of encryption has been performed and determine, based at least in part upon the first token, at least one token-based rule. The apparatus may determine, based at least in part upon the token-based rule, that a second form of encryption should be performed. The apparatus may receive a second token indicating that the second form of encryption has been performed and determine that access to the resource should be granted in response to the determination that the second form of encryption has been performed. The apparatus may then generate a decision token representing the determination that access to the resource should be granted and transmit the decision token. | 02-21-2013 |
| 20130047195 | METHOD AND APPARATUS FOR MAKING TOKEN-BASED ACCESS DECISIONS - According to one embodiment, an apparatus may store a plurality of token-based rules that facilitate access to a resource, and a plurality of tokens indicating a user is using a device to request access to a resource over a network. The apparatus may receive a risk token indicating the risk associated with granting at least one of the user and the device access to the resource. The risk token may be computed from a set of tokens in the plurality of tokens. The apparatus may determine at least one token-based rule based at least in part upon the plurality of tokens and the risk token. The apparatus may then make an access decision based upon the at least one token-based rule, and communicate a decision token representing the access decision. | 02-21-2013 |
| 20130047199 | Method and Apparatus for Subject Recognition Session Validation - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate access to a resource. The apparatus may further store a plurality of tokens. The plurality of tokens may include a session token associated with access to the resource by a user. The apparatus may receive a first token indicating at least one of the detection of a face other than the user's and the detection of a voice other than the user's. The apparatus may determine, based at least in part upon at least one token-based rule from the plurality of token-based rules, that access to the resource should be terminated in response to receiving the first token and terminate the session token in response to the determination that access to the resource should be terminated. | 02-21-2013 |
| 20130047200 | Apparatus and Method for Performing Data Tokenization - According to one embodiment, an apparatus may receive a first data token indicating a request for data associated with the resource, a subject token indicating that at least one form of authentication has been completed, and a network token indicating that at least one form of encryption has been performed. The apparatus may determine at least one token-based rule based at least in part upon the first data token, the subject token, and the network token. The apparatus may determine, based at least in part upon the at least one token-based rule, that a second data token representing the data should be generated. The apparatus may generate a message indicating the determination that the second data token should be generated and then transmit the message. | 02-21-2013 |
| 20130047201 | Apparatus and Method for Expert Decisioning - According to one embodiment, an apparatus may store at least one subject token associated with a user and a device, at least one resource token associated with the resource, and at least one network token associated with a network. The apparatus may determine various access values associated with these stored tokens. The apparatus may then determine the value of a first access value based on the values of these various access values. The apparatus may determine that the value of the first access value is insufficient to grant access to the resource and determine that access by at least one of the user and the device to the resource over the network should be denied. | 02-21-2013 |
| 20130047202 | Apparatus and Method for Handling Transaction Tokens - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate the processing of transactions. The apparatus may receive a transaction token indicating that a transaction associated with an entity has been requested. The apparatus may determine at least one token-based rule based at least in part upon the transaction token. The at least one token-based rule may indicate that there is a risk that the transaction is fraudulent. The apparatus may determine that the transaction should be denied based at least in part upon the risk that the transaction is fraudulent. | 02-21-2013 |
| 20130047203 | Method and Apparatus for Third Party Session Validation - According to one embodiment, an apparatus may store a plurality of tokens. The apparatus may receive a first token indicating that access to a resource has been requested by a device. The apparatus may determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule may condition access to the resource upon a second token. The apparatus may determine the geographic location of the device based on a token in the plurality of tokens. The apparatus may determine, based on the geographic location of the device, that the second token should be requested from an entity and transmit a request to the entity for the second token. The apparatus may receive the second token from the entity and generate a session token based at least in part upon the first token and the second token. | 02-21-2013 |
| 20130047204 | Apparatus and Method for Determining Resource Trust Levels - According to one embodiment, an apparatus may receive a first resource token indicating that access to a resource has been requested. The apparatus may determine the value of an access value associated with at least one resource token in response to the determination that the plurality of resource tokens comprises the at least one resource token. The apparatus may determine that the value of the access value is insufficient to grant access to the resource. The apparatus may determine, in response to the determination that the value of the access value is insufficient to grant access to the resource, that access to the resource should be denied. | 02-21-2013 |
| 20130047205 | Apparatus and Method for Making Access Decision Using Exceptions - According to one embodiment, an apparatus may store a plurality of token-based exceptions The apparatus may receive a resource token indicating that access to the resource has been requested. The apparatus may determine, based at least in part upon the resource token, at least one token-based exception. The token-based exception further may condition the grant of access to the resource upon the apparatus determining that the plurality of tokens comprises the at least one token. The apparatus may determine that the plurality of tokens does not comprise the at least one token and determine, in response to the determination that the plurality of tokens does not comprise the at least one token, that access to the resource should be denied. | 02-21-2013 |
| 20130047206 | Method and Apparatus for Session Validation to Access from Uncontrolled Devices - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate access to a resource. The apparatus may further store a plurality of tokens. The apparatus may receive a first token indicating that an unsecured device has requested access to the resource and determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule indicates a timeout associated with the unsecured device. The apparatus may determine, based on the at least one token-based rule, that the timeout associated with the unsecured device has not been exceeded and generate a session token based at least in part upon the first token in response to the determination that the timeout has not been exceeded. | 02-21-2013 |
| 20130047207 | METHOD AND APPARATUS FOR SESSION VALIDATION TO ACCESS MAINFRAME RESOURCES - According to one embodiment, an apparatus may store a plurality of token-based rules. The apparatus may further store a plurality of tokens. The apparatus may receive a first token indicating that access to a mainframe resource has been requested. The apparatus may determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule may condition access to the resource upon a second token. The second token may be associated with a device. The second token may indicate a password. The second token may further indicate a geographic location associated with the device. The apparatus may determine that the plurality of tokens includes the second token generate a session token based at least in part upon the first token and the second. | 02-21-2013 |
| 20130047211 | METHOD AND APPARATUS FOR NETWORK SESSION VALIDATION - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may further store a plurality of tokens. The apparatus may receive a first token indicating that access to the resource has been requested and determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule may condition access to the resource upon a second token. The second token may indicate that the resource is associated with a virtual private network of the link layer of the open systems interconnection model. The apparatus may determine that the plurality of tokens includes the second token associated with the at least one token-based rule and generate a session token based at least in part upon the first token and the second token. | 02-21-2013 |
| 20130047213 | Method And Apparatus For Token-Based Token Termination - According to one embodiment, an apparatus may store a plurality of token-based rules that facilitate access to a risk-sensitive resource. The apparatus may further store a first token that may indicate that a user is accessing a non-risk-sensitive resource. The apparatus may receive a second token that may indicate that the user is attempting to access the risk-sensitive resource. In response to receiving the second token, the apparatus may apply the token-based rule to make an access decision whereby the user's access to the non-risk-sensitive resource will be terminated. The apparatus may then communicate at least one token representing the access decision. | 02-21-2013 |
| 20130047214 | METHOD AND APPARATUS FOR TOKEN-BASED COMBINING OF AUTHENTICATION METHODS - According to one embodiment, an apparatus may store a first and second subject token that indicate a first authentication method performed by the user and a second authentication method performed by the user respectively. The apparatus may detect at least one new subject token indicating at least one different authentication method performed by the user. The apparatus may then determine that a particular combination of subject tokens in the first subject token, second subject token, and the at least one new subject token indicates a privilege should be granted to the user, and facilitate the granting of the privilege to the user. | 02-21-2013 |
| 20130047215 | METHOD AND APPARATUS FOR TOKEN-BASED REASSIGNMENT OF PRIVILEGES - According to one embodiment, an apparatus may monitor a session that facilitates a user's access to a resource. The user may be granted a privilege associated with accessing the resource. The apparatus may detect a change associated with the privilege granted to the user in at least one token of a plurality of tokens. The apparatus may then communicate a token that represents the change, and receive a risk token associated with the token. The apparatus may then determine to revoke the privilege based on the risk token, and generate a second token that represents the determination to revoke the privilege. The apparatus may then communicate the second token to facilitate the revoking of the privilege. | 02-21-2013 |
| 20130047224 | METHOD AND APPARATUS FOR TOKEN-BASED ATTRIBUTE ABSTRACTION - According to one embodiment, an apparatus may store a plurality of tokens associated with a session. The session may facilitate access to a resource by a user. The session may be identified by a session token. The apparatus may determine, based on a token-based rule, a second plurality of tokens required to facilitate determination of a risk token. The risk token may be used to facilitate determination of an access decision to the resource. The apparatus may determine that the plurality of tokens comprises the second plurality of tokens and generate a dataset token that represents the plurality of tokens. The apparatus may then communicate the dataset token to facilitate the generation of the risk token. The apparatus may receive the risk token and correlate it with the session token to facilitate determination of the access decision. | 02-21-2013 |
| 20130047225 | Method and Apparatus for Token-Based Tamper Detection - According to one embodiment, an apparatus may store: a hard token representing identification information of the device, a network token representing the status of a network, and a resource token representing information associated with a resource. The apparatus may further store secured copies of the hard token, network token, and resource token. The apparatus may receive a suspect token indicating a risk that at least one of the device, the network, and the resource has been tampered, and in response, determine to inspect at least one of the hard token, network token, and resource token. The apparatus may then compare the at least one of the hard token, network token, and resource token with its corresponding secured copy. If at least one of those tokens does not match its corresponding secured copy, the apparatus may communicate a revalidation token indicating at least one token has been tampered. | 02-21-2013 |
| 20130047226 | Method And Apparatus For Token-Based Re-Authentication - According to one embodiment, an apparatus may store a plurality of tokens that indicate a user is using a device to access a resource over a network. The apparatus may detect at least one token indicating a change associated with at least one of the device, the network, or the resource. The apparatus may then determine to re-authenticate the user in response to the change. The apparatus may then request a password generated using personal information of the user, and receive a re-authentication token comprising the password generated using personal information of the user. The apparatus may then request, from the user, a second password. The request for the second password may include instructions on how to form the second password. The apparatus may receive a response comprising the second password and determine that the second password matches the password. The apparatus may then re-authenticate the user. | 02-21-2013 |
| 20130047228 | METHOD AND APPARATUS FOR TOKEN-BASED ATTRIBUTE AGGREGATION - According to one embodiment, an apparatus may store a plurality of tokens. The apparatus may receive a subject token indicating an attempt to authenticate a user. The apparatus may determine at least one token-based rule based at least in part upon a token in the plurality of tokens and the subject token. The at least one token-based rule may indicate a plurality of attributes required to access a resource. The apparatus may determine a second plurality of attributes represented by the plurality of tokens and the subject token. The apparatus may determine at least one missing attribute, which may be in the plurality of attributes but not in the second plurality of attributes. The apparatus may then request the at least one missing attribute, and in response, receive at least one token representing the at least one missing attribute. | 02-21-2013 |
| 20130047240 | Method and Apparatus for Token-Based Container Chaining - According to one embodiment, an apparatus may intercept a request to access a resource represented by a resource token. The apparatus may receive a hard token representing identification information of a device. The apparatus may determine, based at least in part upon the hard token and the resource token, at least one token-based rule specifying compliance criteria required to consume the resource. The apparatus may receive at least one token representing compliance information of the device in response to a request for compliance information of the device. The apparatus may then compare the compliance information against the compliance criteria to determine that the device is capable of consuming the resource. The apparatus may then generate a compliance token representing the determination that the device is capable of consuming the resource, and communicate the compliance token to facilitate the provisioning of a container to the device. | 02-21-2013 |
| 20130047241 | Method and Apparatus for Token-Based Combining of Risk Ratings - According to one embodiment, an apparatus may store a plurality of tokens. The plurality of tokens may include a plurality of risk tokens. Each risk token may represent a risk rating. The risk rating may be a numerical value indicating a risk associated with granting a particular user access to a particular resource. The apparatus may identify a set of related risk tokens in the plurality of risk tokens, and generate a composite risk token that represents an arithmetic combination of the risk ratings represented by the set of related risk tokens. The apparatus may then use the composite risk token to facilitate the making of an access decision. | 02-21-2013 |
| 20130047242 | Apparatus and Method for Performing Real-Time Authentication Using Subject Token Combinations - According to one embodiment, an apparatus may receive a resource token associated with a resource indicating that access to the resource has been requested. The apparatus may determine at least one token-based rule based at least in part upon the resource token, wherein the at least one token-based rule may be associated with at least one subject token. The apparatus may then determine that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens based at least in part upon the at least one token-based rule, and deny access to the resource. | 02-21-2013 |
| 20130047243 | Apparatus and Method for Performing Session Validation - According to one embodiment, an apparatus may receive a first token indicating that access to the resource has been requested. The apparatus may determine at least one token-based rule based at least in part upon the first token, and determine that a plurality of tokens includes a second token associated with the at least one token-based rule. The apparatus may then generate a session token based at least in part upon the first token and the second token in response to the determination that the plurality of tokens includes the second token. The apparatus may terminate the session token based on a received third token. | 02-21-2013 |
| 20130047244 | Method and Apparatus for Session Validation to Access Third Party Resources - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate access to a resource. The apparatus may further store a plurality of tokens. The apparatus may receive, from an entity, a first token indicating that access to the resource has been requested by a device through the entity and determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule may condition access to the resource upon a second token. The second token may be associated with a subscriber identity module of the device. The apparatus may determine that the plurality of tokens includes the second token associated with the at least one token-based rule and generate a session token based at least in part upon the first token and the second token. | 02-21-2013 |
| 20130047245 | Apparatus and Method for Performing Session Validation to Access Confidential Resources - According to one embodiment, an apparatus may receive a first token indicating that access to a resource has been requested by a device. The first token may further indicate that the resource is a confidential resource. The apparatus may determine that a plurality of tokens includes a second token and generate a session token based at least in part upon the first token and the second token in response to the determination that the plurality of tokens includes the second token. The apparatus may receive a third token indicating an event affecting the risk associated with granting access to the resource and determine, based at least in part upon the at least one token-based rule, that access to the resource should be terminated in response to receiving the third token. The apparatus may then terminate the session token in response to the determination that access to the resource should be terminated. | 02-21-2013 |
| 20130047246 | APPARATUS AND METHOD FOR DETERMINING ENVIRONMENT INTEGRITY LEVELS - According to one embodiment, an apparatus may receive a resource token indicating that access to the resource has been requested. The apparatus may determine the value of an access value associated with at least one network token. The apparatus may then determine that the value of the access value is insufficient to grant access to the resource and determine that access to the resource over the network should be denied. | 02-21-2013 |
| 20130047248 | Apparatus and Method for Determining Subject Assurance Level - According to one embodiment, an apparatus may store a plurality of token-based rules. The apparatus may further store a plurality of subject tokens associated with at least one of a user and a device. The apparatus may receive a resource token indicating that access to a resource has been requested. The apparatus may determine the value of an access value associated with the at least one subject token. The apparatus may then determine that the value of the access value is insufficient to grant access to the resource. The apparatus may then determine that access by at least one of the user and the device to the resource should be denied. | 02-21-2013 |
| 20130047249 | Method And Apparatus For Token-Based Packet Prioritization - According to one embodiment, an apparatus may receive a hard token that identifies a device and a subject token indicating that a user is a high priority user. The subject token may include a user identifier associated with the high priority user. The apparatus may apply a token-based rule that facilitates packet prioritization in response to receiving the subject token. In response to applying the token-based rule, the apparatus may communicate a notification token to at least one network component. The notification token may include the user identifier associated with the high priority user, the device identifier associated with the device, and instructions to prioritize any packet communications associated with the user identifier or the device identifier. The apparatus may then communicate at least one token to facilitate the provisioning of a container to the device associated with the high priority user. | 02-21-2013 |
| 20130047251 | Method and Apparatus for Token-Based Context Caching - According to one embodiment, an apparatus may receive a token that indicates a change that occurs during a session. The session may facilitate access to a resource. The token may indicate a risk token should be computed. The apparatus may determine, from the token, a first set of attributes. The first set of attributes may include attributes required to compute the risk token. The apparatus may determine that a cache contains a set of cached attributes. The apparatus may examine an attribute in the set of cached attributes, and determine the attribute in the set of cached attributes is not in the first set of attributes. The apparatus may then remove the attribute in the set of cached attributes from the cache. | 02-21-2013 |
| 20130047253 | METHOD AND APPARATUS FOR TOKEN-BASED REAL-TIME RISK UPDATING - According to one embodiment, an apparatus may store a plurality of tokens indicating a user is accessing a resource over a network. The plurality of tokens may include a risk token indicating a risk associated with access by the user to the resource. The apparatus may detect a token indicating a change associated with accessing the resource, and determine that the change triggers a risk update. The apparatus may then generate a dataset token that represents the risk token and the token indicating the change, and communicate the dataset token to a token provider to perform the risk update. The apparatus may then receive a recomputed risk token representing an updated risk. The updated risk may indicate the risk associated with continuing access to the resource with the change. | 02-21-2013 |
| 20130047254 | METHOD AND APPARATUS FOR TOKEN-BASED TRANSACTION TAGGING - According to one embodiment, an apparatus may monitor a session that facilitates the processing of a transaction. The transaction may represent an action taken against a resource during the session. The apparatus may determine that the transaction qualifies for additional monitoring, and in response, generate a tag. The tag may be unique to the transaction. The apparatus may then associate the tag with the transaction to facilitate tracing of the transaction. The apparatus may then trace the transaction during the processing of the transaction by following the tag, and communicate a message to transfer the transaction to an isolated processing unit. The isolated processing unit processes the transaction in isolation. | 02-21-2013 |
| 20130047259 | METHOD AND APPARATUS FOR TOKEN-BASED VIRTUAL MACHINE RECYCLING - According to one embodiment, an apparatus may store a virtual machine token associated with a virtual machine running on a particular device and a secure image of the virtual machine. The virtual machine token may include a timestamp indicating when the virtual machine was established. The apparatus may receive a token indicating that the particular device is attempting to access a resource. In response, checking the validity of the virtual machine running on the particular device based at least in part upon the timestamp associated with the virtual machine token and a time threshold associated with the virtual machine. If the virtual machine is invalid, then the apparatus may communicate at least one token to initiate the recycling of the virtual machine by replacing the invalid virtual machine with the stored secure image of the virtual machine. | 02-21-2013 |
| 20130047262 | Method and Apparatus for Object Security Session Validation - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate access to a resource. The apparatus may further store a plurality of tokens. The plurality of tokens may include a session token associated with access to the resource by a device. The apparatus may receive a first token indicating that an alarm associated with the device has been triggered. The apparatus may determine, based at least in part upon at least one token-based rule from the plurality of token-based rules, that access to the resource should be terminated in response to receiving the first token and terminate the session token in response to the determination that access to the resource should be terminated. | 02-21-2013 |
| 20130047263 | Method and Apparatus for Emergency Session Validation - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may further store a plurality of tokens. The plurality of tokens may include a session token. The session token may be associated with access to the resource by a user. The apparatus may receive a first token indicating that an emergency has been declared. The emergency may be associated with the user. The apparatus may determine, based at least in part upon at least one token-based rule from the plurality of token-based rules, that access to the resource should be terminated in response to receiving the first token and terminate the session token in response to the determination that access to the resource should be terminated. | 02-21-2013 |
| 20130047265 | Method and Apparatus for Token-Based Conditioning - According to one embodiment, an apparatus may store a plurality of tokens indicating a user is requesting access to a resource over a network. The apparatus may determine a condition associated with accessing the resource based on the plurality of tokens. The condition may be determined in addition to a determination to grant or deny access to the resource. The condition may include an obligation to be fulfilled and a message providing instruction regarding how to fulfill the obligation. The apparatus may generate a decision token representing the condition, and communicate the decision token to a resource provider to facilitate enforcement of the condition. | 02-21-2013 |
| 20130047266 | METHOD AND APPARATUS FOR TOKEN-BASED ACCESS OF RELATED RESOURCES - According to one embodiment, an apparatus may store a plurality of tokens indicating that a user is attempting to access a resource. The apparatus may determine an authorization level for the user based at least in part upon the plurality of tokens. The authorization level may indicate whether the user is authorized to access the resource. The apparatus may then determine a related resource that shares a relationship with the resource, and determine that the authorization level indicates that the user is authorized to access the related resource. The apparatus may then communicate a decision token indicating that the user is authorized to access the resource and the related resource. | 02-21-2013 |
