Systems and methods for enforcing access-control policies in an arbitrary physical space
First Claim
1. A computer-implemented method for enforcing access-control policies in an arbitrary physical space, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a collection of devices that are located within a predetermined physical space;
determining a physical location of each device in the collection of devices;
establishing, based on the collection of devices;
a list of controlled devices, selected from the collection of devices, that are subject to an access-control policy that describes restricted functions of each controlled device in the list of controlled devices; and
a list of monitoring devices, selected from the collection of devices, that are capable of observing actions performed by users within a physical proximity;
matching, based at least on comparing the physical locations of each device in the collection of devices, each of the controlled devices with at least one of the monitoring devices that is capable of observing actions performed by users within physical proximity to the controlled device;
monitoring, for each of the controlled devices and by each of the monitoring devices matched to the controlled device, one or more actions performed by a user as part of a user attempt to access a restricted function from among the restricted functions of the controlled device; and
performing a security action based on the user attempt to access the restricted function of the controlled device that was observed by at least one monitoring device that is matched to the controlled device.
6 Assignments
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method for enforcing access-control policies in an arbitrary physical space may include (i) identifying a collection of devices that are located within a predetermined physical space, (ii) determining the physical location of each device in the collection of devices, (iii) establishing, based on the collection of devices, (a) a list of controlled devices that are subject to an access-control policy and (b) a list of monitoring devices that are capable of monitoring user activity within a physical proximity, (iv) matching each controlled device with at least one monitoring device that is capable of monitoring user activity within physical proximity to the controlled device, and (v) monitoring, for each controlled device and by each monitoring device matched to the controlled device, user activity within proximity to the controlled device. Various other methods, systems, and computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for enforcing access-control policies in an arbitrary physical space, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying a collection of devices that are located within a predetermined physical space; determining a physical location of each device in the collection of devices; establishing, based on the collection of devices; a list of controlled devices, selected from the collection of devices, that are subject to an access-control policy that describes restricted functions of each controlled device in the list of controlled devices; and a list of monitoring devices, selected from the collection of devices, that are capable of observing actions performed by users within a physical proximity; matching, based at least on comparing the physical locations of each device in the collection of devices, each of the controlled devices with at least one of the monitoring devices that is capable of observing actions performed by users within physical proximity to the controlled device; monitoring, for each of the controlled devices and by each of the monitoring devices matched to the controlled device, one or more actions performed by a user as part of a user attempt to access a restricted function from among the restricted functions of the controlled device; and performing a security action based on the user attempt to access the restricted function of the controlled device that was observed by at least one monitoring device that is matched to the controlled device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for enforcing access-control policies in an arbitrary physical space, the system comprising:
-
an identification module, stored in a memory of the system, that identifies a collection of devices that are located within a predetermined physical space; a determination module, stored in a memory of the system, that determines a physical location of each device in the collection of devices; an establishing module, stored in a memory of the system, that establishes, based on the collection of devices; a list of controlled devices, selected from the collection of devices, that are subject to an access-control policy that describes restricted functions of each controlled device in the list of controlled devices; and a list of monitoring devices, selected from the collection of devices, that are capable of observing actions performed by users within a physical proximity; a matching module, stored in a memory of the system, that matches, based at least on comparing the physical locations of each device in the collection of devices, each of the controlled devices with at least one of the monitoring devices that is capable of observing actions performed by users within physical proximity to the controlled device; a monitoring module, stored in a memory of the system, that; monitors, for each of the controlled devices and by each of the monitoring devices matched to the controlled device, one or more actions performed by a user as part of a user attempt to access a restricted function from among the restricted functions of the controlled device; and performs a security action based on the user attempt to access the restricted function of the controlled device that was observed by at least one monitoring device that is matched to the controlled device; and at least one physical computer processor configured to execute the identification module, the determination module, the establishing module, the matching module, and the monitoring module. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising one or more computer-readable instructions for enforcing access-control policies in an arbitrary physical space that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify a collection of devices that are located within a predetermined physical space; determine a physical location of each device in the collection of devices;
establish, based on the collection of devices;a list of controlled devices, selected from the collection of devices, that are subject to an access-control policy that describes restricted functions of each controlled device in the list of controlled devices; and a list of monitoring devices, selected from the collection of devices that are capable of observing actions performed by users within a physical proximity; match, based at least on comparing the physical locations of each device in the collection of devices, each of the controlled devices with at least one of the monitoring devices that is capable of observing actions performed by users within physical proximity to the controlled device; monitor, for each of the controlled devices and by each of the monitoring devices matched to the controlled device, one or more actions performed by a user as part of a user attempt to access a restricted function from among the restricted functions of the controlled device; and perform a security action based on the user attempt to access the restricted function of the controlled device that was observed by at least one monitoring device that is matched to the controlled device.
-
Specification