DIGITAL ASSET PROTECTION POLICY USING DYNAMIC NETWORK ATTRIBUTES

US 20170237747A1
Filed: 12/21/2016
Published: 08/17/2017
Est. Priority Date: 02/15/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a request to access a protected data asset, wherein the request is received from a first user device;

determining whether to grant access to the protected data asset, whereinthe determining comprises evaluating one or more criteria associated with the first user device, andthe criteria comprise first information associated with a first policy constraint; and

in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

53 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving a request to access a protected data asset, wherein the request is received from a first user device;
  
  determining whether to grant access to the protected data asset, whereinthe determining comprises evaluating one or more criteria associated with the first user device, andthe criteria comprise first information associated with a first policy constraint; and
  
  in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, whereinthe first policy constraint comprises first location information, andthe first location information indicates a geographic location of the first user device.
  - 3. The method of claim 2, whereinthe criteria further comprises second information associated with a second policy constraint,the second policy constraint comprises first user group information, andthe first user group information indicates a user group associated with a user of the first user device.
  - 4. The method of claim 1, whereinthe protected data asset is encrypted, andthe providing access comprises providing decryption information for the protected data asset.
  - 5. The method of claim 1, whereinthe access to the protected data asset is limited to the first user device.
  - 6. The method of claim 1, whereinthe access is limited to a predetermined time period.
  - 7. The method of claim 1, further comprising:
    - subsequent to the granting access, receiving updated location information from the first user device, whereinthe updated location information indicates that the geographic location of the first user device has changed, andusing the updated location information to determine whether to revoke access to the protected data asset.

8. A system comprising:
- a microprocessor; and
  
  a non-transient computer-readable storage medium, comprising computer instructions executable by the microprocessor, wherein the computer instructions are configured to perform a method comprising the steps of;
  
  receiving a request to access a protected data asset, wherein the request is received from a first user device;
  
  determining whether to grant access to the protected data asset, whereinthe determining comprises evaluating one or more criteria associated with the first user device, andthe criteria comprise first information associated with a first policy constraint; and
  
  in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, whereinthe first policy constraint comprises first location information, andthe first location information indicates a geographic location of the first user device.
  - 10. The system of claim 9, whereinthe criteria further comprises second information associated with a second policy constraint,the second policy constraint comprises first user group information, andthe first user group information indicates a user group associated with a user of the first user device.
  - 11. The system of claim 8, whereinthe protected data asset is encrypted, andthe providing access comprises providing decryption information for the protected data asset.
  - 12. The system of claim 8, whereinthe access to the protected data asset is limited to the first user device.
  - 13. The system of claim 8, whereinthe access is limited to a predetermined time period.
  - 14. The system of claim 8, wherein the method further comprises the steps of:
    - subsequent to the granting access, receiving updated location information from the first user device, whereinthe updated location information indicates that the geographic location of the first user device has changed, andusing the updated location information to determine whether to revoke access to the protected data asset.

15. A computer program product, comprising a plurality of instructions stored on a non-transient computer-readable storage medium, wherein the instructions are configured to execute a method comprising the steps of:
- receiving a request to access a protected data asset, wherein the request is received from a first user device;
  
  determining whether to grant access to the protected data asset, whereinthe determining comprises evaluating one or more criteria associated with the first user device, andthe criteria comprise first information associated with a first policy constraint; and
  
  in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, whereinthe first policy constraint comprises first location information, andthe first location information indicates a geographic location of the first user device.
  - 17. The computer program product of claim 16, whereinthe criteria further comprises second information associated with a second policy constraint,the second policy constraint comprises first user group information, andthe first user group information indicates a user group associated with a user of the first user device.
  - 18. The computer program product of claim 15, whereinthe protected data asset is encrypted, andthe providing access comprises providing decryption information for the protected data asset.
  - 19. The computer program product of claim 15, whereinthe access to the protected data asset is limited to the first user device, andthe access is limited to a predetermined time period.
  - 20. The computer program product of claim 15, wherein the method further comprises the steps of:
    - subsequent to the granting access, receiving updated location information from the first user device, whereinthe updated location information indicates that the geographic location of the first user device has changed, andusing the updated location information to determine whether to revoke access to the protected data asset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Lipman, Michael E., Milano, Mike, Ward, David D., Sandler, Leonid, Kravchik, Moshe, Miller, Darrin, Lifar, Alena, Quinn, Paul, Guichard, James

Granted Patent

US 10,609,042 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

H04L 63/0428   wherein the data content is...

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/63   Location-dependent; Proximi...

DIGITAL ASSET PROTECTION POLICY USING DYNAMIC NETWORK ATTRIBUTES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

53 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DIGITAL ASSET PROTECTION POLICY USING DYNAMIC NETWORK ATTRIBUTES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links