Location Based Access Control
First Claim
1. A method performed on at least one computer processor, said method comprising:
- receiving a first location for a first device and a first request for access to a resource;
applying an access control policy to said first request, said access control policy comprising a set of conditions for permitting access to said resource, at least one of said set of conditions comprising a location parameter;
determining that said first request complies with said access control policy and permitting said first device to access said resource;
receiving a second location for said first device and a second request for access to a resource;
applying said access control policy to said second request;
determining that said second request does not comply with said access control policy and denying said second device to access said resource;
2 Assignments
0 Petitions
Accused Products
Abstract
A policy enforcement system may use device location as a parameter for granting or denying access to a resource. An access policy may include location parameters that may permit or deny access to the resource based on the physical location of the device. In some cases, the location may be authenticated by a server that may verify the device'"'"'s location. The access policy may grant or deny full or partial access to the resource, which may be a data resource, such as a file, database, URL, or other information, an application resource, or a physical resource such as a network or a peripheral device. The policy enforcement system may use the device location for regulatory compliance, restricting access to sensitive information, or as a primary or secondary condition for limiting access to a resource.
54 Citations
20 Claims
-
1. A method performed on at least one computer processor, said method comprising:
-
receiving a first location for a first device and a first request for access to a resource; applying an access control policy to said first request, said access control policy comprising a set of conditions for permitting access to said resource, at least one of said set of conditions comprising a location parameter; determining that said first request complies with said access control policy and permitting said first device to access said resource; receiving a second location for said first device and a second request for access to a resource; applying said access control policy to said second request; determining that said second request does not comply with said access control policy and denying said second device to access said resource; - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
an access control server comprising; at least one processor; an access control policy comprising a set of conditions for permitting access to a resource, at least one of said set of conditions comprising a location parameter; an access control system that; receives a first request for said resource and a first location for a first device; applies said access control policy to said first request; determines that said first request complies with said access control policy, and permits access to said resource for said first device. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
19. A method performed on at least one computer processor on a first device, said method comprising:
-
identifying a resource to access; determining a location for said first device; transmitting said location to a location authentication server; transmitting a request to access said resource, said resource having an access control policy that uses location information to permit or deny access to said resource, said location complying with said access control policy; and receiving access to said resource. - View Dependent Claims (20)
-
Specification