Access control to files based on source information

US 20060120526A1
Filed: 01/11/2006
Published: 06/08/2006
Est. Priority Date: 02/28/2003
Status: Active Grant

First Claim

Patent Images

1. A method for making data accessible by a mobile computing device, the method comprising the steps of:

determining a location of the mobile computing device;

receiving a request to access a file;

determining source information for the file; and

allowing access to the file based on the determined location and the determined source information.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is a security tool for protection of data on a mobile computing device. The security tool provides a plurality of security policies to be enforced based on source information for the data and a location associated with a network environment in which a mobile device is operating. The security tool may be either located at the mobile computing device or at the server. The security tool includes a file access module for determining whether files are visible or accessible. The file access module comprises a tag generator, an association module, and a policy enforcement module. The tag generator creates source information for the file being accessed and the policy enforcement module determines what actions, if any, can be performed on the file and under what conditions such as location and network environment, type of file and other factors.

339 Citations

21 Claims

1. A method for making data accessible by a mobile computing device, the method comprising the steps of:
- determining a location of the mobile computing device;
  
  receiving a request to access a file;
  
  determining source information for the file; and
  
  allowing access to the file based on the determined location and the determined source information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the location of the mobile computing device comprises a network environment in which the mobile device is operating.
  - 3. The method of claim 1 wherein the source information includes a file name and a source address.
  - 4. The method of claim 1 wherein the source information includes privilege information relating to data in the file.
  - 5. The method of claim 3 wherein the source address includes one from the group of a subnet identifier, a server identifier, a folder name, a file type, and other information.
  - 6. The method of claim 5 wherein the other information includes one from the group of an owner of the file, version control information, a hash value, a cyclical redundancy check, a digital signature or other information extracted from the file.
  - 7. The method of claim 1 wherein the step of allowing access to the file based on the determined location and the determined source information further comprises the steps of:
    - setting a file access policy based on the determined location and the determined source information; and
      
      enforcing the file access policy for the request to access the file.
  - 8. The method of claim 1 wherein the request for file access is one from the group of reading a file, writing a file, viewing a file, emailing a file, transferring a file, and accessing a file using a universal serial bus, a serial port, a parallel port or a infrared interface.
  - 9. The method of claim 1 wherein the step of determining the source information further comprises the steps of:
    - determining the file name;
      
      assigning a unique identification number in a name space to the file;
      
      collecting source information about the file creating a record in source data storage; and
      
      storing the unique identification number and the source information in the record.

10. A method for making a file visible on a mobile computing device, the method comprising the steps of:
- determining a location of the mobile computing device;
  
  retrieving a file name for the file;
  
  determining source information for the file; and
  
  making the file visible on the mobile computing device based on the determined location and the determined source information.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10 wherein the location of the mobile computing device comprises a network environment in which the mobile device is operating.
  - 12. The method of claim 10 wherein the source information includes a file name and a source address.
  - 13. The method of claim 12 wherein the source address includes one from the group of a subnet identifier, a server identifier, a folder name, a file type, and other information.
  - 14. The method of claim 13 wherein the other information includes one from the group of an owner of the file, version control information, a hash value, a cyclical redundancy check, a digital signature or other information extracted from the file.
  - 15. The method of claim 10 wherein the step of making the file visible on the mobile computing further comprises the steps of:
    - setting a security policy based on the determined location and the determined source information; and
      
      making the file visible if allowed by the security policy for the file.
  - 16. The method of claim 10 wherein the step of determining the source information further comprises the steps of:
    - determining the file name;
      
      assigning a unique identification number in a name space to the file;
      
      collecting source information about the file creating a record in source data storage; and
      
      storing the unique identification number and the source information in the record.
  - 17. The method of claim 10, further comprising the step of retrieving a second file name for a second file, and performing the steps of determining source information for the second file, and making the second file visible on the mobile computing device based on the determined location and the determined source information for the second file.

18. An apparatus for protection of data accessible by a mobile computing device, the apparatus comprising:
- a tag generator for generating source information for a file in response to a request for access to the file, the source information including a file name, a source address and privilege information;
  
  an association module for managing a name space and providing an unique identification number that identifies a file in response to a signal from the tag generator, the association module coupled to the tag generator; and
  
  a controller coupled to the tag generator and the association module, the controller coupled to a policy enforcement module to provide source information useable by the policy enforcement module to control access to the file.
- View Dependent Claims (19, 20, 21)
- - 19. The apparatus of claim 18 further comprising a file request log for storing source information about files that have been accessed by the mobile computing device, the file request log coupled to the tag generator to receive the source information about the files that have been accessed by the mobile computing device.
  - 20. The apparatus of claim 18 further comprising a source data storage for storing a record of source information, the source data storage coupled to the tag generator to receive the record of source information.
  - 21. The apparatus of claim 18 wherein the policy enforcement module operates on a server and controls access to files on the server by mobile computing devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Novell Incorporated (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Wright, Michael, Nault, Gabe, Smith, Merrill, Boucher, Peter, Cranny, Tim

Granted Patent

US 9,197,668 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/247
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

H04L 9/3247   involving digital signatures

Access control to files based on source information

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

339 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Access control to files based on source information

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

339 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links