System and method for access control using network verification

US 10,193,893 B2
Filed: 07/06/2016
Issued: 01/29/2019
Est. Priority Date: 07/11/2013
Status: Active Grant

First Claim

Patent Images

1. A system for data access control, comprising:

a computing device having a processor and at least one non-transitory memory containing instructions executable by the processor to;

determine a first unique device identifier identifying a first access point being used by the computing device to access a network;

determine first access control data associated with the first unique device identifier and a first application executing on the computing device, the first access control data specifying an access control level selected from at least three different levels of access; and

control access of the first application to data associated with a target server to which the computing device is connected through the first access point and over the network based on the first access control data, wherein the first access control data specifies a first level of access to the data associated with the target server applicable when the computing device connects to the target server through the first access point.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for controlling access includes a computing device, configured to: determine a first identifier associated with a first access point being used by the computing device to access a network; determine first access control data associated with the first identifier and a first application executing on the computing device; and control access to data over the network by the first application based on the first access control data.

33 Citations

View as Search Results

22 Claims

1. A system for data access control, comprising:
- a computing device having a processor and at least one non-transitory memory containing instructions executable by the processor to;
  
  determine a first unique device identifier identifying a first access point being used by the computing device to access a network;
  
  determine first access control data associated with the first unique device identifier and a first application executing on the computing device, the first access control data specifying an access control level selected from at least three different levels of access; and
  
  control access of the first application to data associated with a target server to which the computing device is connected through the first access point and over the network based on the first access control data, wherein the first access control data specifies a first level of access to the data associated with the target server applicable when the computing device connects to the target server through the first access point.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, wherein determining the first access control data comprises sending a request to an access control update server and receiving the first access control data from the access control update server, the request comprising the first unique device identifier.
  - 3. The system of claim 1, wherein the computing device is further configured to update the first access control data by sending a request to an access control update server and receiving updated first access control data from the access control update server.
  - 4. The system of claim 1, wherein the first application comprises an access control module configured to perform the determining of the first unique device identifier, the determining of the first access control data and the controlling of access to data.
  - 5. The system of claim 1, wherein the computing device is further configured to:
    - determine a second identifier associated with a second access point being used by the computing device to access the network;
      
      determine second access control data associated with the second identifier and the first application, wherein the second access control data specifies a second level of access to the data associated with the target server; and
      
      control access to data by the first application based on the second access control data.
  - 6. The system of claim 1, wherein the first level of access is a default level of access.
  - 7. The system of claim 1, wherein the first access control data includes environmental data associated with at least one of the computing device or the first access point.
  - 8. The system of claim 7, wherein the environmental data includes geographical data associated with the computing device or the first access point.
  - 9. The system of claim 1, wherein the computing device is further configured to:
    - determine a second access control data, the second access control data associated with the first unique device identifier and a second application executing on the computing device, wherein the second access control data specifies a second level of access to the data associated with the target server; and
      
      control access to data over the network by the second application based on the second access control data.
  - 10. The system of claim 9, wherein the first access control data specifies a different level of access than the second access control data.
  - 11. The system of claim 9, wherein the first application and second application are isolated applications.
  - 12. The system of claim 11, wherein each of the first application and the second application comprises an access control module.
  - 13. The system of claim 9, wherein the computing device is configured to execute an access control module that controls access to data by the first application and the second application.
  - 14. The system of claim 1, wherein the computing device is configured to determine if a path to a target server is a permissible path and, in response to determining that the path is not a permissible path, block access by the first application to the target server.
  - 15. The system of claim 1, wherein the first access control data specifies a read access privilege and a write access privilege on content managed by a content management system.

16. A method for access control, comprising:
- determining a first unique device identifier identifying a first access point being used by a computing device to access a network;
  
  determining first access control data associated with the first unique device identifier and a first application executing on the computing device, the first access control data specifying an access control level selected from at least three different levels of access; and
  
  controlling access of the first application to the data associated with a target platform to which the computing device is connected through the first access point and over the network based on the first access control data and, wherein the first access control data specifies a first level of access to the data associated with the target platform applicable when the computing device connects to the target platform through the first access point.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The method of claim 16, wherein determining the first access control data comprises sending a request to an access control update server and receiving the first access control data from the access control update server, wherein the request comprises the first unique device identifier.
  - 18. The method of claim 16, further comprising updating the first access control data by sending a request to an access control update server and receiving updated first access control data from the access control update server.
  - 19. The method of claim 16, wherein the first application comprises an access control module configured to perform the determining of the first unique device identifier, the determining of the first access control data and the controlling of access to data.
  - 20. The method of claim 16, further comprising:
    - determining a second identifier associated with a second access point being used by the computing device to access the network;
      
      determining second access control data associated with the second identifier and the application; and
      
      controlling access to data by the first application based on the second access control data, the second access control data specifying a second level of access to the data associated with the target platform.
  - 21. The method of claim 16, wherein the level of access is a default level of access.
  - 22. The method of claim 16, wherein the first access control data specifies a read access privilege and a write access privilege on content managed by a content management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ip Ot Sub Ulc
Original Assignee
Open Text Sa Ulc (Open Text Corporation)
Inventors
Copsey, Simon Dominic
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US15/202,713
Publication Number

US 20160315946A1
Time in Patent Office

937 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 12/065   Continuous authentication

H04W 12/08   Access security

H04W 12/084   using delegated authorisati...

System and method for access control using network verification

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

System and method for access control using network verification

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others