| 发明名称 |
Method and apparatus for token-based access of related resources |
| 摘要 |
According to one embodiment, an apparatus may store a plurality of tokens indicating that a user is attempting to access a resource. The apparatus may determine an authorization level for the user based at least in part upon the plurality of tokens. The authorization level may indicate whether the user is authorized to access the resource. The apparatus may then determine a related resource that shares a relationship with the resource, and determine that the authorization level indicates that the user is authorized to access the related resource. The apparatus may then communicate a decision token indicating that the user is authorized to access the resource and the related resource. |
| 申请公布号 |
US8950002(B2) |
申请公布日期 |
2015.02.03 |
| 申请号 |
US201113210213 |
申请日期 |
2011.08.15 |
| 申请人 |
Bank of America Corporation |
发明人 |
Radhakrishnan Rakesh;Frick Cynthia Ann;Marian Radu;Barbir Abdulkader Omar;Badhwar Rajat P. |
| 分类号 |
G06F21/00;H04L9/32;H04L9/08;H04L29/06;G06F21/40 |
主分类号 |
G06F21/00 |
| 代理机构 |
|
代理人 |
Springs Michael A. |
| 主权项 |
1. An apparatus comprising:
a memory that stores a plurality of tokens indicating that a user is attempting to access a resource; and a processor that:
determines a related resource that shares a relationship with the resource, wherein:
the resource is a composite resource;the related resource is a sub-resource of the composite resource; andthe related resource is accessed in conjunction with accessing the resource;receives a risk token computed based at least in part upon the resource and the related resource;determines a numeric authorization level for the user based at least in part upon the plurality of tokens and the risk token, the numeric authorization level indicating whether the user is authorized to access the resource, wherein the composite resource comprises at least one sub-resource that the user is not authorized to access based on the numeric authorization level and at least one sub-resource that the user is authorized to access based on the numeric authorization level;compares the numeric authorization level to a numeric threshold;determines, based at least in part on the comparison between the numeric authorization level and the numeric threshold, that the user is authorized to access the related resource;communicates a decision token indicating that the user is authorized to access the resource and the related resource;receives a recomputed risk token computed based at least in part upon:
a form of authentication performed by the user; andthe presence of network jitter;re-determines determine the numeric authorization level based at least in part upon the recomputed risk token;determines, based at least in part upon the recomputed risk token, that the user is authorized to access the at least one sub-resource; andcommunicates a second decision token indicating that the user is authorized to access the resource, the related resource, and the at least one sub-resource. |
| 地址 |
Charlotte NC US |
