Controlling access to stored information based on geographical location and date and time
DC CAFCFirst Claim
1. A method for controlling access to stored information comprising:
- determining an actual geographic position where said stored information is located based on signals received at a receiver supplying reliable position information;
cryptographically signing said actual geographic position with a receiver encryption key;
verifying the signature of said actual geographic position;
determining that said actual geographic position is within a geographic region within which access to said stored information is authorized; and
permitting access to said stored information.
20 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Access to stored information by a user is controlled by comparing an actual geographic position and/or an actual date/time with a geographic region and/or a date/time interval within which access to the stored information is authorized. The actual geographic position where the stored information is located, and the actual date/time can be determined, for example, based on signals received at a receiver supplying reliable position and time information, such as a GPS receiver. Access to the stored information is authorized if the actual geographic position and/or date/time falls within the authorized geographic region and/or date/time interval. The position and date/time information supplied by the receiver may be cryptographically signed and encrypted.
341 Citations
32 Claims
-
1. A method for controlling access to stored information comprising:
-
determining an actual geographic position where said stored information is located based on signals received at a receiver supplying reliable position information;
cryptographically signing said actual geographic position with a receiver encryption key;
verifying the signature of said actual geographic position;
determining that said actual geographic position is within a geographic region within which access to said stored information is authorized; and
permitting access to said stored information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
encrypting said stored information using an encryption key; and
providing a decryption key which permits decryption of said stored information if said actual geographic position is located within said authorized geographic region.
-
-
10. The method of claim 1, wherein said stored information is divided into subsets of information and wherein at least one the subsets has a different authorized region from the other subsets, so that access is authorized to the subset whose authorized geographic region is located within the actual geographic position, but not to the subsets whose authorized geographic region is not located within the actual geographic position.
-
11. Apparatus for controlling access to stored information comprising:
-
a receiver supplying reliable position information for determining an actual geographic position where said stored information is located, wherein the receiver comprises a receiver encryption mechanism providing a receiver encryption key for cryptographically signing data comprising the actual geographic position; and
a computer for comparing said actual geographic position with a geographic region within which access to said stored information is authorized, wherein said computer permits access to said stored information if said actual geographic position is located within said authorized geographic region. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method for controlling access to a subset of files belonging to a larger set of files of stored information comprising:
-
associating a unique file encryption key with each file from the larger set of files and encrypting the files using the associated encryption keys;
associating each of the files from the larger set of files with at least one authorized geographic region within which access to said stored information is authorized;
determining an actual geographic position where said stored information is located based on signals received at a receiver supplying reliable position information;
cryptographically signing at least the actual geographic position at the receiver;
verifying the signature of the actual geographic position;
comparing said actual geographic position with said authorized geographic region; and
providing a file decryption key which authorizes access to and permits decryption of said files belonging to said subset of files, provided that the actual geographic position is located within the authorized geographic region for the files belonging to said subset of files. - View Dependent Claims (17, 18)
-
-
19. A method for controlling access to stored information comprising:
-
determining an actual date or time at the location of said stored information based on signals received at a receiver supplying reliable time information;
cryptographically signing at least the actual date or time at the receiver;
verifying the signature of the actual date or time;
comparing said actual date or time with a predetermined date or time interval at which access to said stored information is authorized; and
permitting access to said stored information if said actual date or time occurs within said authorized date or time interval. - View Dependent Claims (20, 21, 22)
-
-
23. A method for controlling access to stored information comprising:
-
forming a policy associating said information with authorized geographic regions and authorized time intervals;
cryptographically signing said policy and said information;
storing said signed policy together with said signed information;
providing a password for unlocking said policy;
determining an actual geographic position where said stored information is located based on signals received at a receiver supplying reliable position information;
determining an actual time;
cryptographically signing at least the actual geographic position and the actual time at the receiver;
verifying the signature of the actual geographic position and the actual time;
comparing said actual geographic position and said actual time with said authorized geographic regions and authorized time interval of said policy; and
permitting access to said stored information if said actual geographic position and actual time falls within said authorized geographic regions and authorized time interval of said policy. - View Dependent Claims (24, 25, 26)
-
-
27. A method for controlling access to stored information, the method comprising:
-
(a) determining a position;
(b) cryptographically signing data comprising at least a representation of the position;
(c) verifying the signature of the data comprising at least a representation of the position;
(d) determining that access to the stored information is authorized at the position; and
(e) permitting access to the information based at least upon (c) and (d). - View Dependent Claims (28, 29, 30, 31, 32)
(f) providing the cryptographically signed data to an information accessing device, wherein (c) and (e) are performed by the information accessing device. -
29. The method of claim 28, further comprising:
-
(g) identifying a token;
(h) incorporating the token in the data that is cryptographically signed; and
(i) verifying that the cryptographically signed data comprises the token.
-
-
30. The method of claim 29, wherein (g) and (i) are performed by the information accessing device.
-
31. The method of claim 29, wherein (a), (b), and (h) are performed by a position determining device.
-
32. The method of claim 29, further comprising
(j) providing the token to the position determining device.
-
Specification