Location-based authentication

US 20070101438A1
Filed: 10/26/2006
Published: 05/03/2007
Est. Priority Date: 10/28/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for managing access to location protected data on a first computational device, the method comprising the steps of:

a) receiving a request to access the location protected data, the request being received from a second computational device;

b) retrieving an authorized location key corresponding to a location of the second computational device when the location of the second computational device is an authorized location;

c) retrieving a data encryption key by using the authorized location key;

d) authorizing the second computational device to access the location protected data, the location protected data being decrypted by using the data encryption key; and

e) preventing the data encryption key and the authorized location key from being exposed to the second computational device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system to configure data, such that access to data is protected based on a location. Once the data is configured, it can only be accessed from authorized locations, which are locations from which the location protected data is allowed to be accessed. Moreover, the location protected data is encrypted by using Data Encryption Keys (DEKs). DEKs are encrypted by using the authorized location information. A method and system for managing access to the location protected data is also disclosed. A request is received to access the location protected data from a location. Access to the location protected data is granted when the location is an authorized location. Once access is granted, DEKs are retrieved and the location protected data is decrypted. DEKs are periodically replaced with newly generated DEKs.

Citations

20 Claims

1. A method for managing access to location protected data on a first computational device, the method comprising the steps of:
- a) receiving a request to access the location protected data, the request being received from a second computational device;
  
  b) retrieving an authorized location key corresponding to a location of the second computational device when the location of the second computational device is an authorized location;
  
  c) retrieving a data encryption key by using the authorized location key;
  
  d) authorizing the second computational device to access the location protected data, the location protected data being decrypted by using the data encryption key; and
  
  e) preventing the data encryption key and the authorized location key from being exposed to the second computational device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1 further comprising the step of changing at least one of the data encryption key and the authorized location key by using randomization techniques at preconfigured intervals.
  - 3. The method according to claim 1 further comprising the step of changing at least one of the data encryption key and the authorized location key by using randomization techniques when access to the location protected data is discontinued.
  - 4. The method according to claim 1 further comprising the step of encrypting the location protected data using the data encryption key when access to the location protected data is discontinued.
  - 5. The method according to claim 1 further comprising the steps of:
    - a) encapsulating the data encryption key in a key ring when access to the location protected data is discontinued;
      
      b) encrypting the key ring by using an administrative public key; and
      
      c) encrypting the key ring by using at least one authorized location key.
  - 6. The method according to claim 1, wherein the location of the second computational device is retrieved by using a Global Positioning System (GPS).
  - 7. The method according to claim 6 further comprising the step of re-retrieving the location of the second computational device at a preconfigured interval to enable the second computational device to continue to access the location protected data.
  - 8. The method according to claim 1, wherein the first computational device and the second computational device are the same.

9. A method for configuring access to location protected data on a first computational device, the method comprising the steps of:
- a) encrypting the location protected data by using a data encryption key;
  
  b) encapsulating the data encryption key in a key ring;
  
  c) encrypting the key ring by using an administrative public key;
  
  d) encrypting the key ring by using at least one authorized location key;
  
  e) associating the at least one authorized location key with at least one authorized location, access to the data being authorized from the at least one authorized location; and
  
  f) preventing the data encryption key, and the authorized location key from being exposed to the users of a second computational device who try to access the location protected data.
- View Dependent Claims (10)
- - 10. The method according to claim 9, wherein the first computational device and the second computational device are the same.

11. A data protection system for managing access to location protected data on a first computational device, the system comprising:
- a) a request receiving module, the request receiving module receiving a request from a second computational device to access the location protected data;
  
  b) a key-retrieving module, the key-retrieving module retrieving an authorized location key corresponding to a location of the second computational device when the location of the second computational device is an authorized location, access to the data being authorized from the authorized location, the authorized location key being used to retrieve a data encryption key;
  
  c) an encryption-decryption module, the encryption-decryption module decrypting the location protected data by using the data encryption key;
  
  d) a control module, the control module enabling access to the location protected data; and
  
  e) means for preventing the data encryption key and the authorized location key from being exposed to the second computational device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The data protection system according to claim 11, wherein the key-retrieving module further retrieves the data encryption key.
  - 13. The data protection system according to claim 11, wherein the encryption-decryption module further encrypts the location protected data.
  - 14. The data protection system according to claim 11, wherein the encryption-decryption module further encrypts a key ring that encapsulates the data encryption key, encryption being done by using an authorized location key and an administrative public key.
  - 15. The data protection system according to claim 11, wherein the encryption-decryption module decrypts a key ring that encapsulates the data encryption key, decryption being done by using at least one of an administrative private key and the authorized location key.
  - 16. The data protection system according to claim 11, wherein the control module further receives the location of the second computational device.
  - 17. The data protection system according to claim 11, wherein the control module further checks whether the location of the second computational device is an authorized location.
  - 18. The data protection system according to claim 11, wherein the control module further generates at least one authorized location key corresponding to at least one authorized location.

19. A computer program product for use with a computer stored program, the computer program product comprising a computer readable medium having a computer readable program code embodied therein for managing access to location protected data on a first computational device, the computer readable program code including instructions for:
- a) receiving a request to access the location protected data, the request being received from a second computational device;
  
  b) retrieving an authorized location key corresponding to a location of the second computational device when the location of the second computational device is an authorized location;
  
  c) retrieving a data encryption key by using the authorized location key;
  
  d) authorizing the second computational device to access the location protected data, the location protected data being decrypted by using the data encryption key; and
  
  e) preventing the data encryption key and the authorized location key from being exposed to the second computational device.

20. A computer program product for use with a computer stored program, the computer program product comprising a computer readable medium having a computer readable program code embodied therein for configuring access to data on a first computational device, the computer readable program code including instructions for:
- a) encrypting the location protected data by using a data encryption key;
  
  b) encapsulating the data encryption key in a key ring;
  
  c) encrypting the key ring by using an administrative public key;
  
  d) encrypting the key ring by using at least one authorized location key;
  
  e) associating the at least one authorized location key with at least one authorized location, access to the data being authorized from the at least one authorized location; and
  
  f) preventing the data encryption key, and the authorized location key from being exposed to the users of a second computational device who try to access the location protected data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gunasekaran Govindarajan
Original Assignee
Gunasekaran Govindarajan
Inventors
Govindarajan, Gunasekaran

Application Number

US11/586,932
Publication Number

US 20070101438A1
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 2209/80   Wireless

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04L 9/0872   using geo-location informat...

H04L 9/0891   Revocation or update of sec...

Location-based authentication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Location-based authentication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links