Abstract: According to one embodiment, an apparatus may receive a hard token that identifies a device and a subject token indicating that a user is a high priority user. The subject token may include a user identifier associated with the high priority user. The apparatus may apply a token-based rule that facilitates packet prioritization in response to receiving the subject token. In response to applying the token-based rule, the apparatus may communicate a notification token to at least one network component. The notification token may include the user identifier associated with the high priority user, the device identifier associated with the device, and instructions to prioritize any packet communications associated with the user identifier or the device identifier. The apparatus may then communicate at least one token to facilitate the provisioning of a container to the device associated with the high priority user.

Abstract: According to one embodiment, an apparatus may receive a first resource token indicating that access to a resource has been requested. The apparatus may determine the value of an access value associated with at least one resource token in response to the determination that the plurality of resource tokens comprises the at least one resource token. The apparatus may determine that the value of the access value is insufficient to grant access to the resource. The apparatus may determine, in response to the determination that the value of the access value is insufficient to grant access to the resource, that access to the resource should be denied.

Abstract: According to one embodiment, an apparatus may store at least one subject token associated with a user and a device, at least one resource token associated with the resource, and at least one network token associated with a network. The apparatus may determine various access values associated with these stored tokens. The apparatus may then determine the value of a first access value based on the values of these various access values. The apparatus may determine that the value of the first access value is insufficient to grant access to the resource and determine that access by at least one of the user and the device to the resource over the network should be denied.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may further store a plurality of tokens. The plurality of tokens may include a session token. The session token may be associated with access to the resource by a user. The apparatus may receive a first token indicating that an emergency has been declared. The emergency may be associated with the user. The apparatus may determine, based at least in part upon at least one token-based rule from the plurality of token-based rules, that access to the resource should be terminated in response to receiving the first token and terminate the session token in response to the determination that access to the resource should be terminated.

Abstract: According to one embodiment, an apparatus may store a plurality of tokens associated with a session. The session may facilitate access to a resource by a user. The session may be identified by a session token. The apparatus may determine, based on a token-based rule, a second plurality of tokens required to facilitate determination of a risk token. The risk token may be used to facilitate determination of an access decision to the resource. The apparatus may determine that the plurality of tokens comprises the second plurality of tokens and generate a dataset token that represents the plurality of tokens. The apparatus may then communicate the dataset token to facilitate the generation of the risk token. The apparatus may receive the risk token and correlate it with the session token to facilitate determination of the access decision.

Abstract: According to one embodiment, an apparatus may receive a token that indicates a change that occurs during a session. The session may facilitate access to a resource. The token may indicate a risk token should be computed. The apparatus may determine, from the token, a first set of attributes. The first set of attributes may include attributes required to compute the risk token. The apparatus may determine that a cache contains a set of cached attributes. The apparatus may examine an attribute in the set of cached attributes, and determine the attribute in the set of cached attributes is not in the first set of attributes. The apparatus may then remove the attribute in the set of cached attributes from the cache.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based rules. The apparatus may further store a plurality of tokens. The apparatus may receive a first token indicating that access to a mainframe resource has been requested. The apparatus may determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule may condition access to the resource upon a second token. The second token may be associated with a device. The second token may indicate a password. The second token may further indicate a geographic location associated with the device. The apparatus may determine that the plurality of tokens includes the second token generate a session token based at least in part upon the first token and the second.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate access to a resource. The apparatus may further store a plurality of tokens. The apparatus may receive a first token indicating that an unsecured device has requested access to the resource and determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule indicates a timeout associated with the unsecured device. The apparatus may determine, based on the at least one token-based rule, that the timeout associated with the unsecured device has not been exceeded and generate a session token based at least in part upon the first token in response to the determination that the timeout has not been exceeded.

Abstract: According to one embodiment, an apparatus may receive a resource token indicating that access to the resource has been requested. The apparatus may determine the value of an access value associated with at least one network token. The apparatus may then determine that the value of the access value is insufficient to grant access to the resource and determine that access to the resource over the network should be denied.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based rules. The apparatus may further store a plurality of subject tokens associated with at least one of a user and a device. The apparatus may receive a resource token indicating that access to a resource has been requested. The apparatus may determine the value of an access value associated with the at least one subject token. The apparatus may then determine that the value of the access value is insufficient to grant access to the resource. The apparatus may then determine that access by at least one of the user and the device to the resource should be denied.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based exceptions The apparatus may receive a resource token indicating that access to the resource has been requested. The apparatus may determine, based at least in part upon the resource token, at least one token-based exception. The token-based exception further may condition the grant of access to the resource upon the apparatus determining that the plurality of tokens comprises the at least one token. The apparatus may determine that the plurality of tokens does not comprise the at least one token and determine, in response to the determination that the plurality of tokens does not comprise the at least one token, that access to the resource should be denied.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate access to a resource. The apparatus may further store a plurality of tokens. The apparatus may receive, from an entity, a first token indicating that access to the resource has been requested by a device through the entity and determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule may condition access to the resource upon a second token. The second token may be associated with a subscriber identity module of the device. The apparatus may determine that the plurality of tokens includes the second token associated with the at least one token-based rule and generate a session token based at least in part upon the first token and the second token.

Abstract: According to one embodiment, an apparatus may receive a first token indicating that access to a resource has been requested by a device. The first token may further indicate that the resource is a confidential resource. The apparatus may determine that a plurality of tokens includes a second token and generate a session token based at least in part upon the first token and the second token in response to the determination that the plurality of tokens includes the second token. The apparatus may receive a third token indicating an event affecting the risk associated with granting access to the resource and determine, based at least in part upon the at least one token-based rule, that access to the resource should be terminated in response to receiving the third token. The apparatus may then terminate the session token in response to the determination that access to the resource should be terminated.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate access to a resource. The apparatus may further store a plurality of tokens. The apparatus may receive a first token indicating that a transaction associated with the resource has been requested. The apparatus may determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule may condition access to the resource upon a second token. The apparatus may determine that the plurality of tokens includes the second token associated with the at least one token-based rule and generate a session token based at least in part upon the first token and the second token in response to the determination that the plurality of tokens includes the second token. The apparatus may then allow the transaction.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may further store a plurality of tokens. The apparatus may receive a first token indicating that access to the resource has been requested and determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule may condition access to the resource upon a second token. The second token may indicate that the resource is associated with a virtual private network of the link layer of the open systems interconnection model. The apparatus may determine that the plurality of tokens includes the second token associated with the at least one token-based rule and generate a session token based at least in part upon the first token and the second token.

Abstract: According to one embodiment, an apparatus may store a plurality of tokens that indicate a user is using a device to access a resource over a network. The apparatus may detect at least one token indicating a change associated with at least one of the device, the network, or the resource. The apparatus may then determine to re-authenticate the user in response to the change. The apparatus may then request a password generated using personal information of the user, and receive a re-authentication token comprising the password generated using personal information of the user. The apparatus may then request, from the user, a second password. The request for the second password may include instructions on how to form the second password. The apparatus may receive a response comprising the second password and determine that the second password matches the password. The apparatus may then re-authenticate the user.

Abstract: According to one embodiment, an apparatus may receive a first token indicating that access to the resource has been requested. The apparatus may determine at least one token-based rule based at least in part upon the first token, and determine that a plurality of tokens includes a second token associated with the at least one token-based rule. The apparatus may then generate a session token based at least in part upon the first token and the second token in response to the determination that the plurality of tokens includes the second token. The apparatus may terminate the session token based on a received third token.

Abstract: According to one embodiment, an apparatus may intercept a request to access a resource represented by a resource token. The apparatus may receive a hard token representing identification information of a device. The apparatus may determine, based at least in part upon the hard token and the resource token, at least one token-based rule specifying compliance criteria required to consume the resource. The apparatus may receive at least one token representing compliance information of the device in response to a request for compliance information of the device. The apparatus may then compare the compliance information against the compliance criteria to determine that the device is capable of consuming the resource. The apparatus may then generate a compliance token representing the determination that the device is capable of consuming the resource, and communicate the compliance token to facilitate the provisioning of a container to the device.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based rules that facilitate access to a risk-sensitive resource. The apparatus may further store a first token that may indicate that a user is accessing a non-risk-sensitive resource. The apparatus may receive a second token that may indicate that the user is attempting to access the risk-sensitive resource. In response to receiving the second token, the apparatus may apply the token-based rule to make an access decision whereby the user's access to the non-risk-sensitive resource will be terminated. The apparatus may then communicate at least one token representing the access decision.

Abstract: According to one embodiment, an apparatus may store a virtual machine token associated with a virtual machine running on a particular device and a secure image of the virtual machine. The virtual machine token may include a timestamp indicating when the virtual machine was established. The apparatus may receive a token indicating that the particular device is attempting to access a resource. In response, checking the validity of the virtual machine running on the particular device based at least in part upon the timestamp associated with the virtual machine token and a time threshold associated with the virtual machine. If the virtual machine is invalid, then the apparatus may communicate at least one token to initiate the recycling of the virtual machine by replacing the invalid virtual machine with the stored secure image of the virtual machine.