LOCATION BASED NETWORK USAGE POLICIES
First Claim
1. A method performed by a data processing apparatus, the method comprising:
- receiving first information indicating that a first client device operated by a user is connected to a network at a first physical location;
identifying a first user role associated with the user;
identifying, from among a plurality of network policy groups that each has a corresponding policy location and a corresponding policy role, a first network policy group having both (i) a first policy location that corresponds to the first client device'"'"'s first physical location, and (ii) a policy role that corresponds to the user'"'"'s first user role;
receiving, from the first client device while the first client device is associated with the first physical location, a first resource request to access a resource available on the network;
determining, while the first client device is associated with the first physical location and in response to receiving the first resource request, first access permissions for the first client device to the requested resource using the first network policy group;
receiving second information indicating that a second client device operated by the user is connected to the network at a second physical location, and identifying a second user role associated with the second client device, the second physical location different from the first physical location;
identifying, from among the plurality of network policy groups, a default network policy group having both (i) a second policy location that corresponds to the second client device'"'"'s second physical location, and (ii) a policy role that applies to all client devices and to all users that connect to the network at the second physical location;
receiving, from the second client device while the second client device is associated with the second physical location, a second resource request to access the resource; and
determining, while the second client device is associated with the second physical location and in response to receiving the second resource request, second access permissions for the second client device to the requested resource using the default network policy group.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for location based network usage policies. One of the methods includes storing information defining a plurality of network policy groups, receiving first information indicating that a client device is connected to the network at a first physical location, and identifying a first user role associated with the client device, identifying, from among the plurality of network policy groups, a first network policy group having both (i) an associated first policy location that corresponds to the client device'"'"'s first physical location, and (ii) an associated policy role that corresponds to the client device'"'"'s first user role, and regulating the client device'"'"'s access to resources available on the network based on the one or more network usage policies associated with the identified first network policy group.
-
Citations
30 Claims
-
1. A method performed by a data processing apparatus, the method comprising:
-
receiving first information indicating that a first client device operated by a user is connected to a network at a first physical location; identifying a first user role associated with the user; identifying, from among a plurality of network policy groups that each has a corresponding policy location and a corresponding policy role, a first network policy group having both (i) a first policy location that corresponds to the first client device'"'"'s first physical location, and (ii) a policy role that corresponds to the user'"'"'s first user role; receiving, from the first client device while the first client device is associated with the first physical location, a first resource request to access a resource available on the network; determining, while the first client device is associated with the first physical location and in response to receiving the first resource request, first access permissions for the first client device to the requested resource using the first network policy group; receiving second information indicating that a second client device operated by the user is connected to the network at a second physical location, and identifying a second user role associated with the second client device, the second physical location different from the first physical location; identifying, from among the plurality of network policy groups, a default network policy group having both (i) a second policy location that corresponds to the second client device'"'"'s second physical location, and (ii) a policy role that applies to all client devices and to all users that connect to the network at the second physical location; receiving, from the second client device while the second client device is associated with the second physical location, a second resource request to access the resource; and determining, while the second client device is associated with the second physical location and in response to receiving the second resource request, second access permissions for the second client device to the requested resource using the default network policy group. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer storage medium encoded with instructions that, when executed by one or more computers, cause the one or more computers to perform operations comprising:
-
receiving first information indicating that a first client device operated by a user is connected to a network at a first physical location; identifying a first user role associated with the user; identifying, from among a plurality of network policy groups that each has a corresponding policy location and a corresponding policy role, a first network policy group having both (i) a first policy location that corresponds to the first client device'"'"'s first physical location, and (ii) a policy role that corresponds to the user'"'"'s first user role; receiving, from the first client device while the first client device is associated with the first physical location, a first resource request to access a resource available on the network; determining, while the first client device is associated with the first physical location and in response to receiving the first resource request, first access permissions for the first client device to the requested resource using the first network policy group; receiving second information indicating that a second client device operated by the user is connected to the network at a second physical location, and identifying a second user role associated with the second client device, the second physical location different from the first physical location; identifying, from among the plurality of network policy groups, a default network policy group having both (i) a second policy location that corresponds to the second client device'"'"'s second physical location, and (ii) a policy role that applies to all client devices and to all users that connect to the network at the second physical location; receiving, from the second client device while the second client device is associated with the second physical location, a second resource request to access the resource; and determining, while the second client device is associated with the second physical location and in response to receiving the second resource request, second access permissions for the second client device to the requested resource using the default network policy group. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system comprising:
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising; receiving first information indicating that a first client device operated by a user is connected to a network at a first physical location; identifying a first user role associated with the user; identifying, from among a plurality of network policy groups that each has a corresponding policy location and a corresponding policy role, a first network policy group having both (i) a first policy location that corresponds to the first client device'"'"'s first physical location, and (ii) a policy role that corresponds to the user'"'"'s first user role; receiving, from the first client device while the first client device is associated with the first physical location, a first resource request to access a resource available on the network; determining, while the first client device is associated with the first physical location and in response to receiving the first resource request, first access permissions for the first client device to the requested resource using the first network policy group; receiving second information indicating that a second client device operated by the user is connected to the network at a second physical location, and identifying a second user role associated with the second client device, the second physical location different from the first physical location; identifying, from among the plurality of network policy groups, a default network policy group having both (i) a second policy location that corresponds to the second client device'"'"'s second physical location, and (ii) a policy role that applies to all client devices and to all users that connect to the network at the second physical location; receiving, from the second client device while the second client device is associated with the second physical location, a second resource request to access the resource; and determining, while the second client device is associated with the second physical location and in response to receiving the second resource request, second access permissions for the second client device to the requested resource using the default network policy group. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
Specification