Location-based authentication
First Claim
1. A method for managing access to location protected data on a first computational device, the method comprising the steps of:
- a) receiving a request to access the location protected data, the request being received from a second computational device;
b) retrieving an authorized location key corresponding to a location of the second computational device when the location of the second computational device is an authorized location;
c) retrieving a data encryption key by using the authorized location key;
d) authorizing the second computational device to access the location protected data, the location protected data being decrypted by using the data encryption key; and
e) preventing the data encryption key and the authorized location key from being exposed to the second computational device.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system to configure data, such that access to data is protected based on a location. Once the data is configured, it can only be accessed from authorized locations, which are locations from which the location protected data is allowed to be accessed. Moreover, the location protected data is encrypted by using Data Encryption Keys (DEKs). DEKs are encrypted by using the authorized location information. A method and system for managing access to the location protected data is also disclosed. A request is received to access the location protected data from a location. Access to the location protected data is granted when the location is an authorized location. Once access is granted, DEKs are retrieved and the location protected data is decrypted. DEKs are periodically replaced with newly generated DEKs.
-
Citations
20 Claims
-
1. A method for managing access to location protected data on a first computational device, the method comprising the steps of:
-
a) receiving a request to access the location protected data, the request being received from a second computational device;
b) retrieving an authorized location key corresponding to a location of the second computational device when the location of the second computational device is an authorized location;
c) retrieving a data encryption key by using the authorized location key;
d) authorizing the second computational device to access the location protected data, the location protected data being decrypted by using the data encryption key; and
e) preventing the data encryption key and the authorized location key from being exposed to the second computational device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for configuring access to location protected data on a first computational device, the method comprising the steps of:
-
a) encrypting the location protected data by using a data encryption key;
b) encapsulating the data encryption key in a key ring;
c) encrypting the key ring by using an administrative public key;
d) encrypting the key ring by using at least one authorized location key;
e) associating the at least one authorized location key with at least one authorized location, access to the data being authorized from the at least one authorized location; and
f) preventing the data encryption key, and the authorized location key from being exposed to the users of a second computational device who try to access the location protected data. - View Dependent Claims (10)
-
-
11. A data protection system for managing access to location protected data on a first computational device, the system comprising:
-
a) a request receiving module, the request receiving module receiving a request from a second computational device to access the location protected data;
b) a key-retrieving module, the key-retrieving module retrieving an authorized location key corresponding to a location of the second computational device when the location of the second computational device is an authorized location, access to the data being authorized from the authorized location, the authorized location key being used to retrieve a data encryption key;
c) an encryption-decryption module, the encryption-decryption module decrypting the location protected data by using the data encryption key;
d) a control module, the control module enabling access to the location protected data; and
e) means for preventing the data encryption key and the authorized location key from being exposed to the second computational device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product for use with a computer stored program, the computer program product comprising a computer readable medium having a computer readable program code embodied therein for managing access to location protected data on a first computational device, the computer readable program code including instructions for:
-
a) receiving a request to access the location protected data, the request being received from a second computational device;
b) retrieving an authorized location key corresponding to a location of the second computational device when the location of the second computational device is an authorized location;
c) retrieving a data encryption key by using the authorized location key;
d) authorizing the second computational device to access the location protected data, the location protected data being decrypted by using the data encryption key; and
e) preventing the data encryption key and the authorized location key from being exposed to the second computational device.
-
-
20. A computer program product for use with a computer stored program, the computer program product comprising a computer readable medium having a computer readable program code embodied therein for configuring access to data on a first computational device, the computer readable program code including instructions for:
-
a) encrypting the location protected data by using a data encryption key;
b) encapsulating the data encryption key in a key ring;
c) encrypting the key ring by using an administrative public key;
d) encrypting the key ring by using at least one authorized location key;
e) associating the at least one authorized location key with at least one authorized location, access to the data being authorized from the at least one authorized location; and
f) preventing the data encryption key, and the authorized location key from being exposed to the users of a second computational device who try to access the location protected data.
-
Specification