| 发明名称 |
Method and apparatus for token-based reassignment of privileges |
| 摘要 |
According to one embodiment, an apparatus may monitor a session that facilitates a user's access to a resource. The user may be granted a privilege associated with accessing the resource. The apparatus may detect a change associated with the privilege granted to the user in at least one token of a plurality of tokens. The apparatus may then communicate a token that represents the change, and receive a risk token associated with the token. The apparatus may then determine to revoke the privilege based on the risk token, and generate a second token that represents the determination to revoke the privilege. The apparatus may then communicate the second token to facilitate the revoking of the privilege. |
| 申请公布号 |
US8752143(B2) |
申请公布日期 |
2014.06.10 |
| 申请号 |
US201113210277 |
申请日期 |
2011.08.15 |
| 申请人 |
Bank of America Corporation |
发明人 |
Radhakrishnan Rakesh;Frick Cynthia Ann;Marian Radu;Barbir Abdulkader Omar;Badhwar Rajat P. |
| 分类号 |
G06F7/04 |
主分类号 |
G06F7/04 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. An apparatus comprising a:
a memory operable to store a plurality of tokens comprising a first risk token; and a hardware processor communicatively coupled to the memory and operable to:
monitor a session, wherein the session facilitates a user's access to a resource, the user granted a privilege associated with accessing the resource based at least in part upon the first risk token;detect a change in at least one token of the plurality of tokens during the session, the change associated with the privilege granted to the user;communicate the first risk token and a token associated with the change;receive a second risk token associated with the first risk token and the token, wherein the second risk token indicates an increased risk associated with the change;determine to revoke the privilege based on the second risk token;generate a second token associated with the determination to revoke the privilege based at least in part upon the second risk token;communicate the second token to facilitate the revoking of the privilege;determine, based on a token-based rule, to grant a new privilege based on the second risk token, wherein the second token is further associated with the determination to grant the new privilege, and wherein communicating the second token facilitates the granting of the new privilege;determine that a form of authentication associated with the session has been performed;determine, based at least in part upon the determination that the form of authentication has been performed, that the revoked privilege should be granted;generate a third token associated with the determination to grant the revoked privileged; andcommunicate the third token to facilitate the granting of the revoked privilege.
|
| 地址 |
Charlotte NC US |
