User identification based access control
First Claim
Patent Images
1. A method of controlling application-level access offered by a user device, by operating a control device communicatively coupled to the user device over a communication network;
- comprising;
providing, at the control device, a control interface to specify an access policy for the user device, the access policy specifying, for an application on the user device, a rule that specifies conditions for allowing access to the application, denying access to the application and allowing access with a notification to the application, the conditions being dependent upon an identity of a user, the control interface allowing specifying a global access policy that is applicable to all applications installed on the user device as the access policy;
transferring the access policy to the user device;
determining, by the user device, the identity of the user by;
detecting a trusted device in a proximity of the control device,estimating the identity based on a user behavior received from the user in response to a query to the user configured to test an attribute of the user, ora combination thereof; and
controlling, by the user device, application-level access to applications installed on the user device in accordance with the access policy and determined identity of the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A user'"'"'s access to software applications installed on a device is limited by evaluating the context in which the user requests access to the application and determining, based on the context analysis, whether or not the user is to be given access to the application. When it is determined that the user requesting access is not a primary authorized user, the primary authorized user may be notified of the attempt to access the application.
-
Citations
9 Claims
-
1. A method of controlling application-level access offered by a user device, by operating a control device communicatively coupled to the user device over a communication network;
- comprising;
providing, at the control device, a control interface to specify an access policy for the user device, the access policy specifying, for an application on the user device, a rule that specifies conditions for allowing access to the application, denying access to the application and allowing access with a notification to the application, the conditions being dependent upon an identity of a user, the control interface allowing specifying a global access policy that is applicable to all applications installed on the user device as the access policy; transferring the access policy to the user device; determining, by the user device, the identity of the user by; detecting a trusted device in a proximity of the control device, estimating the identity based on a user behavior received from the user in response to a query to the user configured to test an attribute of the user, or a combination thereof; and controlling, by the user device, application-level access to applications installed on the user device in accordance with the access policy and determined identity of the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
- comprising;
-
8. A system for controlling application-level access offered by a user device;
- comprising;
an apparatus comprising at least one apparatus processor and at least one apparatus non-transitory memory containing instructions that, when executed by the at least one apparatus processor, cause the at least one apparatus processor to perform processing comprising; displaying a control interface allowing entry of an access policy for the user device, the access policy specifying, for an application on the user device, a rule that specifies conditions for allowing access to the application, denying access to the application and allowing access with a notification to the application, the conditions being dependent upon an identity of a user, the control interface allowing specifying a global access policy that is applicable to all applications installed on the user device as the access policy; generating a configuration file from the access policy; and transferring the configuration file to the user device; and the user device comprising at least one user device processor and at least one user device non-transitory memory containing instructions that, when executed by the at least one user device processor, cause the at least one user device processor to perform processing comprising; determining the identity of the user by; detecting a trusted device in a proximity of the control device, estimating the identity based on a user behavior received from the user in response to a query to the user configured to test an attribute of the user, or a combination thereof, and controlling application-level access to applications installed on the user device in accordance with the access policy and determined identity of the user. - View Dependent Claims (9)
- comprising;
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeNagravision SA (Kudelski SA)
-
Original AssigneeNagravision SA (Kudelski SA)
-
InventorsBrique, Olivier, Bocchetti, Salvatore
-
Primary Examiner(s)Truong, Thanhnga B
-
Application NumberUS14/183,400Publication NumberTime in Patent Office1,638 DaysField of Search726 1- 4, 726 26- 27, 717172-174, 717176, 713161, 705 1453, 725 12US Class CurrentCPC Class CodesG06F 21/6209 to a single file or object,...G06F 2221/2111 Location-sensitive, e.g. ge...G06F 2221/2141 Access rights, e.g. capabil...H04L 63/0861 using biometrical features,...H04L 63/10 for controlling access to d...H04L 63/107 wherein the security polici...H04L 63/108 when the policy decisions a...H04W 12/08 Access security
