What technology area does this patent fall under?

Primary CPC classification G06F21/6218. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Apr 21 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Dynamic network connections for data access control and information security

US10628598B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10628598-B2
Application number	US-201815861349-A
Country	US
Kind code	B2
Filing date	Jan 3, 2018
Priority date	Jan 3, 2018
Publication date	Apr 21, 2020
Grant date	Apr 21, 2020

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A system that includes a network device, an access controller, and a data vault. The network device is configured to receive a first tokenized sub-string, combine a second tokenized sub-string with the first tokenized sub-string to generate an initiation token, and send the initiation token to the access controller. The access controller is configured to validate the initiation token and to send connection information comprising a connection identifier to the network device and send a post-action verification token to a data vault in response to validating the initiation token. The network device is further configured to send a network connection request comprising the connection identifier to the data vault. The data vault is configured to receive the network connection request, determine that the post-action verification token linked the connection identifier has been received, establish a network connection with the network device, and exchange data with the network device.

First claim

Opening claim text (preview).

The invention claimed is: 1. A network system, comprising: a network device configured to: receive a first tokenized sub-string; combine a second tokenized sub-string with the first tokenized sub-string to generate an initiation token in response to receiving the first tokenized sub-string; and send the initiation token to an access controller; the access controller is in signal communication with the network device, and configured to: validate the initiation token; send connection information comprising a connection identifier to the network device in response to validating the initiation token, wherein the connection identifier indicates the network device has passed authentication; send a post-action verification token to a data vault in response to validating the initiation token, wherein the post-action verification token is linked with the connection identifier; the network device is further configured to send a network connection request comprising the connection identifier to the data vault using at least a portion of the information from the connection information; and the data vault is in signal communication with the access controller, and configured to: receive the network connection request comprising the connection identifier from the network device; determine that the post-action verification token linked the connection identifier has been received; establish a network connection with the network device in response to determining that the post-action verification token linked the connection identifier has been received; and exchange data with the network device upon establishing the network connection with the network device. 2. The system of claim 1 , wherein the data vault is configured to break the network connection after exchanging data with the network device. 3. The system of claim 1 , wherein: the access controller is configured to initiate communications with the network device; and the network device sends the initiation token in response to the access controller initiating communications with the network device. 4. The system of claim 1 , wherein: the first tokenized sub-string is linked with an operator of the network device; and the second tokenized sub-string is linked with the network device. 5. The system of claim 1 , wherein: the data vault is configured to periodically change an IP address for connecting with the data vault; the connection information comprises a current IP address for connecting with the data vault; and the network device sends the network connection request using the current IP address for connecting with the data vault. 6. The system of claim 1 , wherein: the access controller is configured to send the initiation token to the data vault; the network device is configured to encrypt data using the initiation token; and the data vault is configured to decrypt data received from the network device using the initiation token. 7. The system of claim 1 , wherein: the connection information identifies a time interval for connecting with the data vault; and the data vault is configured to determine the time interval has not lapsed prior to establishing the network connection with the network device. 8. A data access control method, comprising: receiving, by an access controller, an initiation token from a network device; validating, by the access controller, the initiation token; sending, by the access controller, connection information comprising a connection identifier to the network device in response to validating the initiation token, wherein the connection identifier indicates the network device has passed authentication; sending, by the access controller, a post-action verification token to a data vault in response to validating the initiation token, wherein the post-action verification token is linked with the connection identifier; receiving, by the data vault, a network connection request comprising the connection identifier from the network device; determining, by the data vault, that the post-action verification token linked the connection identifier has been received; establishing, by the data vault, a network connection with the network device in response to determining that the post-action verification token linked the connection identifier has been received; and exchanging, by the data vault, data with the network device upon establishing the network connection with the network device. 9. The method of claim 8 , further comprising breaking, by the data vault, the network connection after exchanging data with the network device. 10. The method of claim 8 , further comprising initiating, by the access controller, communications with the network device; and wherein the initiation token is received in response to the access controller initiating communications with the network device. 11. The method of claim 8 , wherein the initiation token comprises: a first tokenized sub-string linked with an operator of the network device; and a second tokenized sub-string linked with the network device. 12. The method of claim 8 , further comprising periodically changing, by the data vault, an IP address for connecting with the data vault; and wherein the connection information comprises a current IP address for connecting with the data vault. 13. The method of claim 8 , further comprising: sending, by the access controller, the initiation token to the data vault; and decrypting, by the data vault, data received from the network device using the initiation token. 14. The method of claim 8 , wherein the connection information identifies a time interval for connecting with the data vault; and further comprising determining, by the data vault, the time interval has not lapsed prior to establishing the network connection with the network device. 15. A network system, comprising: an access controller configured to: receive an initiation token from a network device; validate the initiation token; send connection information comprising a connection identifier to the network device in response to validating the initiation token, wherein the connection identifier indicates the network device has passed authentication; send a post-action verification token to a data vault in response to validating the initiation token, wherein the post-action verification token is linked with the connection identifier; and the data vault in signal communication with the access controller, and configured to: receive a network connection request comprising the connection identifier from the network device; determine that the post-action verification token linked the connection identifier has been received; establish a network connection with the network device in response to determining that the post-action verification token linked the connection identifier has been received; and exchange data with the network device upon establishing the network connection with the network device. 16. The system of claim 15 , wherein the access controller is configured to: initiate communications with the network device; and the initiation token is received in response to the access controller initiating communications with the network device. 17. The system of claim 15 , wherein the initiation token comprises: a first tokenized sub-string linked with an operator of the network device; and a second tokenized sub-string linked with the network device. 18. The system of claim 15 , wherein: the data vault is configured to periodically change an IP address for co

Assignees

Bank Of America

Inventors

Classifications

G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
H04L63/0428
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
H04L63/083
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
H04L65/1069Primary
Session establishment or de-establishment · CPC title

Patent family

Related publications grouped by family.

View patent family 67059631

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10628598B2 cover?: A system that includes a network device, an access controller, and a data vault. The network device is configured to receive a first tokenized sub-string, combine a second tokenized sub-string with the first tokenized sub-string to generate an initiation token, and send the initiation token to the access controller. The access controller is configured to validate the initiation token and to sen…
Who is the assignee on this patent?: Bank Of America
What technology area does this patent fall under?: Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Apr 21 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Archive systems and methods

Embedding archived data in a data source

Archiving data in database management systems

Scalable enterprise data archiving system

Frequently asked questions