System and Methods for Context-Aware and Situation-Aware Secure, Policy-Based Access Control for Computing Devices

US 20180157858A1
Filed: 04/20/2016
Published: 06/07/2018
Est. Priority Date: 04/21/2015
Status: Active Grant

First Claim

Patent Images

1. A system for context-aware policy-based access control for access to resources by computing devices comprising:

a policy-based access control system, having at least one policy decision point and at least one policy enforcement point for storing policy rules, adjudicating access to resources in accordance with secure policy-driven conditions for permitted operations on the resources, and for enforcing policy adjudicated decisions;

at least one policy information point having a local memory for storing external contextual information;

a connecting interface for connecting policy information points to each other and to the policy decision points of the policy-based access control system;

an incoming information interface coupled to the policy information point for securely receiving and storing external contextual information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and methods for context-aware and situation-aware secure, policy-based access control for computing devices. The invention enhances the previously disclosed policy-based control system by adding contextual information to the set of resources by which a policy decision point can adjudicate a query to execute a transaction or to access a secure resource. Policy information points are able to store information collected over time related to resources under the control of the system. The system can further include an analytical processing engine capable of inferring new information from existing information that also can be used by the decision points. The policy information points provide context to the decision. They are also able to consider and include information that is external to the system or detected outside the system itself.

Citations

13 Claims

1. A system for context-aware policy-based access control for access to resources by computing devices comprising:
- a policy-based access control system, having at least one policy decision point and at least one policy enforcement point for storing policy rules, adjudicating access to resources in accordance with secure policy-driven conditions for permitted operations on the resources, and for enforcing policy adjudicated decisions;
  
  at least one policy information point having a local memory for storing external contextual information;
  
  a connecting interface for connecting policy information points to each other and to the policy decision points of the policy-based access control system;
  
  an incoming information interface coupled to the policy information point for securely receiving and storing external contextual information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1 wherein an analytic processing engine computes inferred information from the information stored in the policy information point.
  - 3. The system of claim 2 wherein the analytical processing engine includes a policy interface for connecting the analytical processing engine to the policy decision points in the policy-based access control subsystem.
  - 4. The system of claim 1 wherein the connecting interface includes a secure network for encrypting information.
  - 5. The system of claim 1 wherein only read-only access by the policy decision point to the policy information point is allowed.
  - 6. The system of claim 2 wherein the analytical processing engine includes:
    - one or more analytical processors;
      
      one or more calibrators for calibrating internal variables against reference or baseline standards; and
      
      one or more data type and format conversions.
  - 7. The system of claim 2 wherein the analytical processing engine serializes system information for use by the policy decision points.
  - 8. The system of claim 1 wherein information within the policy information point is contained in Lightweight Directory Access Protocol (LDAP) directories.
  - 9. The system of claim 1 wherein the context-aware policy-based access control system is embedded in a lightweight computing object having local processing, memory, and network capabilities.

10. A method for context-aware policy-based access control for access to resources by computing devices comprising the steps of:
- receiving secure contextual information from external sources at the policy information points;
  
  storing contextual information at the policy information points;
  
  connecting the policy information points to the policy decision points;
  
  transmitting contextual information from the policy information points to the policy decision points as requested by the policy decision points; and
  
  adjudicating queries for access to resources in accordance with secure, policy-driven conditions for permitted operations on the resources by evaluating policy rules at the policy decision points using contextual information from the policy information points.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10 wherein multiple policy information points are connected to each other using a secure network.
  - 12. The method of claim 10 wherein connecting policy information points to the policy decision points further includes the steps of:
    - analyzing the contextual information to produce new inferred information;
      
      calibrating the contextual information against reference or baseline standards; and
      
      converting data types and formats within the contextual information.
  - 13. The method of claim 10 wherein contextual information is transmitted between policy information points and to policy decision points over a secure encrypted network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sequitur Labs, Inc.
Original Assignee
Sequitur Labs, Inc.
Inventors
Attfield, Philip, Chenard, Paul, Curry, Simon, Narvaez, Julia, Reed, Mark

Granted Patent

US 10,685,130 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6218   to a system of files or obj...

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 4/70   Services for machine-to-mac...

H04W 4/80   Services using short range ...

System and Methods for Context-Aware and Situation-Aware Secure, Policy-Based Access Control for Computing Devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System and Methods for Context-Aware and Situation-Aware Secure, Policy-Based Access Control for Computing Devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links