SEALING SECRET DATA WITH A POLICY THAT INCLUDES A SENSOR-BASED CONSTRAINT
First Claim
Patent Images
1. A method, comprising:
- receiving a request to access secret data from an application executing on a mobile computing device;
responsive to receiving the request, retrieving a policy that defines whether the user is authorized to access the secret data, the policy comprising at least one value that is tied to at least one sensor on the mobile computing device;
retrieving a sensor reading from the at least one sensor on the mobile computing device of the user;
causing a processor on the mobile computing device to determine whether the policy has been satisfied based at least in part upon a comparison between the at least one value that is tied to the at least one sensor and the sensor reading from the at least one sensor; and
if and only if the policy is satisfied, providing the application with the secret data.
2 Assignments
0 Petitions
Accused Products
Abstract
Technologies pertaining to limiting access to secret data through utilization of sensor-based constraints are described herein. A sensor-based constraint is a constraint that can only be satisfied by predefined readings that may be output by at least one sensor on a mobile computing device. If the sensor on the mobile computing device outputs a reading that satisfies the sensor-based constraint, secret data is provided to a requesting application. Otherwise, the requesting application is prevented from accessing the secret data.
-
Citations
20 Claims
-
1. A method, comprising:
-
receiving a request to access secret data from an application executing on a mobile computing device; responsive to receiving the request, retrieving a policy that defines whether the user is authorized to access the secret data, the policy comprising at least one value that is tied to at least one sensor on the mobile computing device; retrieving a sensor reading from the at least one sensor on the mobile computing device of the user; causing a processor on the mobile computing device to determine whether the policy has been satisfied based at least in part upon a comparison between the at least one value that is tied to the at least one sensor and the sensor reading from the at least one sensor; and if and only if the policy is satisfied, providing the application with the secret data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system, comprising:
-
a retriever component that receives, from an application executing on a computing device, a request to unseal secret data from a policy, the retriever component retrieving a sensor reading from a sensor on the computing device responsive to receipt of the request to unseal the secret data from the policy, the policy defining access rights to the secret data and comprising at least one sensor-based constraint, the sensor-based constraint satisfiable only by data output by the sensor; and an unsealer component that unseals the secret data from the policy and outputs the secret data to the application if and only if the sensor reading from the sensor satisfies the sensor-based constraint. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer-readable medium comprising instructions that, when executed by a processor, cause the processor to perform acts comprising:
-
receiving one of a password or a key that is utilized to access a web-based service by way of a browser; receiving a policy that comprises a sensor-based constraint that is only satisfiable by a reading from a GPS sensor that indicates that a mobile telephone that comprises the GPS sensor is within a certain geographic region; receiving a request to seal the one of the password or the key with the policy, the request received from the web-based service by way of the browser; responsive to receiving the request to seal the one of the password or the key, sealing the one of the password or the key with the policy; subsequent to sealing the one of the password or the key with the policy, receiving a request from the browser to unseal the one of the password or the key from the policy; responsive to receiving the request to unseal the one of the password or the key from the policy, causing the GPS sensor on the mobile computing device to output a reading that indicates a current location of the mobile computing device, the reading signed to indicate that the reading is from the GPS sensor and has not been modified by a user or an application; comparing the reading with the sensor-based constraint; and outputting the one of the password or the key to the browser if and only if the sensor-based constraint is satisfied by the reading from the GPS sensor.
-
Specification