GEOGRAPHICALLY BASED ACCESS MANAGEMENT FOR INTERNET OF THINGS DEVICE DATA

US 20170366977A1
Filed: 08/30/2017
Published: 12/21/2017
Est. Priority Date: 03/31/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

based on receiving first data from a first measuring device, determining a category of the first data;

identifying one or more geographical areas based, at least in part, on the category of the first data;

generating an access policy for the first data based, at least in part, on the identified geographical areas; and

securing access to the first data based, at least in part, on the access policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The proliferation of TOT devices has led to an increase in sensitive, cloud-stored data. To provide further protection, TOT device data may be secured by geographically based access controls as a supplement to or in place of traditional password protection. A geographically based access control restricts data accessibility to designated geographical areas. In this manner, a requesting device may not access geo-fence protected TOT device data unless the requesting device is located within a designated geographical area. Geo-fence parameters utilized for creation of a geo-fence policy may be pre-specified or generated based on operating conditions. For example, a user may provide location data, such as an address or geographical coordinate, and a radial distance from the location for which data access is permissible. Additionally, geo-fence parameters can be automatically determined based on criteria such as an TOT device type or data usage characteristics.

6 Citations

View as Search Results

20 Claims

1. A method comprising:
- based on receiving first data from a first measuring device, determining a category of the first data;
  
  identifying one or more geographical areas based, at least in part, on the category of the first data;
  
  generating an access policy for the first data based, at least in part, on the identified geographical areas; and
  
  securing access to the first data based, at least in part, on the access policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - based on receipt of a request to access the first data from a requesting device, identifying a location of the requesting device; and
      
      based on determining that the location of the requesting device satisfies the access policy, supplying the first data.
  - 3. The method of claim 2 further comprising, based on determining that the location of the requesting device does not satisfy the access policy, responding to the request with a portion of the first data which is exempted from the access policy.
  - 4. The method of claim 2 further comprising:
    - associating a time period with at least one of the geographical areas in the access policy;
      
      wherein supplying the first data is also based on determining that the request was received within the associated time period.
  - 5. The method of claim 1, wherein identifying the one or more geographical areas based, at least in part, on the category of the first data comprises determining typical usage locations corresponding to the category of the first data.
  - 6. The method of claim 5, wherein the category of the first data is a protected health information;
    - wherein at least one of the geographical areas corresponds to a location of medical personnel.
  - 7. The method of claim 1 further comprising determining a current location of the first measuring device, wherein identifying the one or more geographical areas is also based on the current location of the first measuring device.
  - 8. The method of claim 1, wherein determining the category of the first data comprises determining a type of the first measuring device.
  - 9. The method of claim 1 further comprising:
    - determining a security level for the first data based, at least in part, on the category of the first data; and
      
      determining a size of at least one of the geographical areas based, at least in part, on the security level, wherein the at least one geographical area is smaller if the security level indicates heightened security and larger if the security level indicates lower security.

10. One or more non-transitory machine-readable media having program code for providing geographically based access controls for data stored therein, the program code to:
- based on receiving first data from a first measuring device, determine a category of the first data;
  
  identify one or more geographical areas based, at least in part, on the category of the first data;
  
  generate an access policy for the first data based, at least in part, on the identified geographical areas; and
  
  secure access to the first data based, at least in part, on the access policy.
- View Dependent Claims (11)
- - 11. The machine-readable media of claim 10 further comprising program code to:
    - based on receipt of a request to access the first data from a requesting device, identify a location of the requesting device; and
      
      based on a determination that the location of the requesting device satisfies the access policy, supply the first data.

12. An apparatus comprising:
- a processor; and
  
  a non-transitory machine-readable medium having program code executable by the processor to cause the apparatus to,based on receiving first data from a first measuring device, determine a category of the first data;
  
  identify one or more geographical areas based, at least in part, on the category of the first data;
  
  generate an access policy for the first data based, at least in part, on the identified geographical areas; and
  
  secure access to the first data based, at least in part, on the access policy.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The apparatus of claim 12 further comprising program code executable by the processor to cause the apparatus to:
    - based on receipt of a request to access the first data from a requesting device, identify a location of the requesting device; and
      
      based on a determination that the location of the requesting device satisfies the access policy, supply the first data.
  - 14. The apparatus of claim 13 further comprising program code executable by the processor to cause the apparatus to, based on a determination that the location of the requesting device does not satisfy the access policy, respond to the request with a portion of the first data which is exempted from the access policy.
  - 15. The apparatus of claim 13 further comprising program code executable by the processor to cause the apparatus to:
    - associate a time period with at least one of the geographical areas in the access policy;
      
      wherein the program code executable by the processor to cause the apparatus to supply the first data is also based on a determination that the request was received within the associated time period.
  - 16. The apparatus of claim 12, wherein the program code executable by the processor to cause the apparatus to identify the one or more geographical areas based, at least in part, on the category of the first data comprises program code executable by the processor to cause the apparatus to determine typical usage locations corresponding to the category of the first data.
  - 17. The apparatus of claim 16, wherein the category of the first data is a protected health information;
    - wherein at least one of the geographical areas corresponds to a location of medical personnel.
  - 18. The apparatus of claim 12 further comprising program code executable by the processor to cause the apparatus to determine a current location of the first measuring device, wherein the program code executable by the processor to cause the apparatus to identify the one or more geographical areas is also based on the current location of the first measuring device.
  - 19. The apparatus of claim 12, wherein the program code executable by the processor to cause the apparatus to determine the category of the first data comprises program code executable by the processor to cause the apparatus to determine a type of the first measuring device.
  - 20. The apparatus of claim 12 further comprising program code executable by the processor to cause the apparatus to:
    - determine a security level for the first data based, at least in part, on the category of the first data; and
      
      determine a size of at least one of the geographical areas based, at least in part, on the security level, wherein the at least one geographical area is smaller if the security level indicates heightened security and larger if the security level indicates lower security.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Girdhar, Dhiraj, Meehan, Kevin, Peck, Brian Christopher, Shah, Dhara

Granted Patent

US 10,117,101 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/107   wherein the security polici...

H04L 67/12   specially adapted for propr...

H04L 67/52   specially adapted for the l...

H04W 12/08   Access security

H04W 12/64   using geofenced areas

H04W 4/021   Services related to particu...

H04W 4/70   Services for machine-to-mac...

GEOGRAPHICALLY BASED ACCESS MANAGEMENT FOR INTERNET OF THINGS DEVICE DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

6 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

GEOGRAPHICALLY BASED ACCESS MANAGEMENT FOR INTERNET OF THINGS DEVICE DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links