Geo-Enabled Access Control

US 20120198570A1
Filed: 02/01/2011
Published: 08/02/2012
Est. Priority Date: 02/01/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

receiving a request from a first portable access device for a first user to access a first dataset stored in a financial services network;

determining a current location of the first portable access device;

querying a location database to determine whether the current location of the first portable access device is an authorized location for the first user to access the first dataset in the financial services network;

when the current location of the first portable access device is determined not to be an authorized location for the first user to access the first dataset, denying access to the first dataset; and

when the current location of the first portable access device is determined to be an authorized location for the first user to access the first dataset;

granting the first user access to the first dataset via the first portable access device,periodically determining a new current location of the first portable access device, andterminating access to the first dataset when the new current location of the first portable access device is not an authorized location for the first user to access the first dataset.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects described herein provide methods and systems that monitor mobile data processing devices used for remote access to a computer network or system, and allowing or preventing access to the computer system or network based at least in part on a determined geographical location of the mobile device. Different datasets stored on the network or system might have different geographical limitations associated with each. Different users also might have different geographic access limitations for the same dataset. User location may be based on GPS information associated with the device from which the user is attempting access, based on Wi-Fi, triangulation, or the like, or may be based on a photograph taken by the remote access device contemporaneously with the access request.

Citations

20 Claims

1. A method, comprising:
- receiving a request from a first portable access device for a first user to access a first dataset stored in a financial services network;
  
  determining a current location of the first portable access device;
  
  querying a location database to determine whether the current location of the first portable access device is an authorized location for the first user to access the first dataset in the financial services network;
  
  when the current location of the first portable access device is determined not to be an authorized location for the first user to access the first dataset, denying access to the first dataset; and
  
  when the current location of the first portable access device is determined to be an authorized location for the first user to access the first dataset;
  
  granting the first user access to the first dataset via the first portable access device,periodically determining a new current location of the first portable access device, andterminating access to the first dataset when the new current location of the first portable access device is not an authorized location for the first user to access the first dataset.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - receiving a request from a second portable access device for a second user to access the first dataset;
      
      determining a current location of the second portable access device, wherein the current location of the second portable access device is the same as the current location of the first portable access device;
      
      querying the location database to determine whether the current location of the second portable access device is an authorized location for the second user to access the first dataset;
      
      determining, based on the querying, that the current location of the first portable access device is an authorized location for the first user to access the first dataset; and
      
      determining, based on the querying, that the current location of the second portable access device is not an authorized location for the second user to access the first dataset.
  - 3. The method of claim 1, further comprising:
    - receiving a request from the first portable access device for the first user to access a second dataset;
      
      querying the location database to determine whether the current location of the first portable access device is an authorized location for the first user to access the second dataset;
      
      determining, based on the querying, that the current location of the first portable access device is an authorized location for the first user to access the first dataset; and
      
      determining, based on the querying, that the current location of the first portable access device is not an authorized location for the first user to access the second dataset.
  - 4. The method of claim 1, wherein the request from the first portable access device for the first user to access the first dataset comprises image data, said method further comprising:
    - determining that the image was taken by a camera associated with the first portable access device; and
      
      determining the current location of the first portable access device based on the image data.
  - 5. The method of claim 4, wherein determining the current location of the first portable access device based on the image data comprises comparing a photo stored in the image data to a database of photographs having known locations to confirm that the picture was taken at a particular location.
  - 6. The method of claim 4, wherein determining the current location of the first portable access device based on the image data comprises analyzing geo-tag, date and time metadata stored in the image data.
  - 7. The method of claim 1, wherein said method is performed by the first portable access device.

8. One or more non-transitory computer readable media storing computer executable instructions that, when executed, cause a system to perform:
- receiving a request from a first portable access device for a first user to access a first dataset;
  
  determining a current location of the first portable access device;
  
  querying a location database to determine whether the current location of the first portable access device is an authorized location for the first user to access the first dataset;
  
  when the current location of the first portable access device is determined not to be an authorized location for the first user to access the first dataset, denying access to the first dataset; and
  
  when the current location of the first portable access device is determined to be an authorized location for the first user to access the first dataset;
  
  granting the first user access to the first dataset via the first portable access device,periodically determining a new current location of the first portable access device, andterminating access to the first dataset when the new current location of the first portable access device is not an authorized location for the first user to access the first dataset.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer readable media of claim 8, said instructions further comprising:
    - receiving a request from a second portable access device for a second user to access the first dataset;
      
      determining a current location of the second portable access device, wherein the current location of the second portable access device is the same as the current location of the first portable access device;
      
      querying the location database to determine whether the current location of the second portable access device is an authorized location for the second user to access the first dataset;
      
      determining, based on the querying, that the current location of the first portable access device is an authorized location for the first user to access the first dataset; and
      
      determining, based on the querying, that the current location of the second portable access device is not an authorized location for the second user to access the first dataset.
  - 10. The computer readable media of claim 8, said instructions further comprising:
    - receiving a request from the first portable access device for the first user to access a second dataset;
      
      querying the location database to determine whether the current location of the first portable access device is an authorized location for the first user to access the second dataset;
      
      determining, based on the querying, that the current location of the first portable access device is an authorized location for the first user to access the first dataset; and
      
      determining, based on the querying, that the current location of the first portable access device is not an authorized location for the first user to access the second dataset.
  - 11. The computer readable media of claim 8, wherein the request from the first portable access device for the first user to access the first dataset comprises image data, said instructions further comprising:
    - determining that the image was taken by a camera associated with the first portable access device; and
      
      determining the current location of the first portable access device based on the image data.
  - 12. The computer readable media of claim 11, wherein determining the current location of the first portable access device based on the image data comprises comparing a photo stored in the image data to a database of photographs having known locations to confirm that the picture was taken at a particular location.
  - 13. The computer readable media of claim 11, wherein determining the current location of the first portable access device based on the image data comprises analyzing geo-tag, date and time metadata stored in the image data.
  - 14. The computer readable media of claim 11, wherein the system is the first portable access device.

15. A portable access device, comprising:
- a processor controlling operations of the portable access device;
  
  memory storing a database of authorized locations for access to a plurality of datasets, and further storing computer readable instructions that, when executed, cause the portable access device to perform;
  
  receiving a request from a first user to access a first dataset stored on the portable access device;
  
  determining a current location of the portable access device;
  
  querying the database to determine whether the current location of the portable access device is an authorized location for the first user to access the first dataset;
  
  when the current location of the portable access device is determined not to be an authorized location for the first user to access the first dataset, denying access to the first dataset; and
  
  when the current location of the portable access device is determined to be an authorized location for the first user to access the first dataset;
  
  granting the first user access to the first dataset,periodically determining a new current location of the portable access device, andterminating access to the first dataset when the new current location of the portable access device is not an authorized location for the first user to access the first dataset.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The portable access device of claim 15, said instructions further causing the portable access device to perform:
    - receiving a request for a second user to access the first dataset;
      
      querying the database to determine whether the current location of the portable access device is an authorized location for the second user to access the first dataset;
      
      determining, based on the querying, that the current location of the portable access device is an authorized location for the first user to access the first dataset; and
      
      determining, based on the querying, that the current location of the portable access device is not an authorized location for the second user to access the first dataset.
  - 17. The portable access device of claim 15, said instructions further causing the portable access device to perform:
    - receiving a request for the first user to access a second dataset;
      
      determining, based on querying the database, that the current location of the portable access device is an authorized location for the first user to access the first dataset; and
      
      determining, based on querying the database, that the current location of the portable access device is not an authorized location for the first user to access the second dataset.
  - 18. The portable access device of claim 15, wherein the request for the first user to access the first dataset comprises image data, said instructions further causing the portable access device to perform:
    - determining that the image data was generated, contemporaneously with the request, by a camera associated with the portable access device; and
      
      determining the current location of the first portable access device based on the image data.
  - 19. The portable access device of claim 18, wherein determining the current location of the portable access device based on the image data comprises comparing a photo stored in the image data to a database of photographs having known locations to confirm that the picture was taken at a particular location.
  - 20. The portable access device of claim 18, wherein determining the current location of the portable access device based on the image data comprises analyzing geo-tag, date and time metadata stored in the image data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Joa, David, Ghosh, Debashis

Application Number

US13/018,936
Publication Number

US 20120198570A1
Time in Patent Office

Days
Field of Search
US Class Current

726/30
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

Geo-Enabled Access Control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Geo-Enabled Access Control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links