Token-based access control

摘要

Systems and methods for enabling token-based access control to data are provided. In particular, some embodiments use a token-based access management system to allow or restrict an individual's ability to access data. The access management system uses tokens to define rules (e.g., a Boolean matching rule or algorithm that results in a true/false output indicating the decision) within the access management system to determine if the token is valid and if the individual should be granted access to the requested data. Tokens may further have tool constraints for controlling access. In some cases, the tokens may expire upon completion of a task or after a pre-set amount of time. A generic workflow utilizing tokens and at least one specific workflow showing employees utilizing tokens as part of performing a task responsive to a user.

主权项

1. A method, comprising:
assigning a set of default tokens to a user that include a default set of permissions or restrictions for access the data; assigning, using a processor, a set of workflow specific tokens to the user in response to a workflow event, wherein the set of workflow specific tokens grant the user temporary access to a portion of data, wherein the set of workflow specific tokens and the default tokens include a cryptographic message authentication code (MAC); receiving a request from a workflow tool to allow the user to access data; and using the workflow specific tokens assigned to the user to determine which portion of the data can be accessed, wherein the set of workflow specific tokens includes two or more workflow tokens that each provides access to a different portion of data, and the workflow specific tokens and the set of default tokens each includes a matching rule.