Contextual-based virtual data boundaries

US 8,910,246 B2
Filed: 05/14/2012
Issued: 12/09/2014
Est. Priority Date: 11/18/2010
Status: Active Grant

First Claim

Patent Images

1. A method to improve data access control, the method comprising:

assigning at least one threshold to at least one contextual criterion;

receiving, by a receiver associated with a claimant, at least one secure geographically dependent spot beam based signal;

receiving contextual information from the claimant;

determining whether the contextual information from the claimant meets the at least one threshold to the at least one contextual criterion;

authenticating the claimant, when the contextual information from the claimant meets at least one of the at least one threshold to the at least one contextual criterion; and

allowing the claimant access to data, when the claimant is authenticated,wherein the contextual information from the claimant includes a geographical location of the claimant when the claimant is attempting to access the data, the geographical location of the claimant is determined by using satellite geolocation techniques, and the satellite geolocation techniques use the at least one secure geographically dependent spot beam based signal to obtain the geographical location of the claimant,wherein the at least one secure geographically dependent spot beam based signal depends upon the geographical location of the receiver associated with the claimant.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and apparatus for contextual-based virtual data boundaries are disclosed herein. In particular, the present disclosure relates to improvements in access control that work to restrict the accessibility of data based on assigning contextual data thresholds that create a virtual boundary. Specifically, the disclosed method involves assigning at least one threshold to at least one contextual criterion. The method further involves determining whether contextual information from the claimant meets at least one threshold to at least one contextual criterion. Also, the method involves authenticating the claimant, if the contextual information from the claimant meets at least one of the thresholds to at least one contextual criterion. Further, the method involves allowing the claimant access to the data, if the claimant is authenticated.

29 Citations

View as Search Results

43 Claims

1. A method to improve data access control, the method comprising:
- assigning at least one threshold to at least one contextual criterion;
  
  receiving, by a receiver associated with a claimant, at least one secure geographically dependent spot beam based signal;
  
  receiving contextual information from the claimant;
  
  determining whether the contextual information from the claimant meets the at least one threshold to the at least one contextual criterion;
  
  authenticating the claimant, when the contextual information from the claimant meets at least one of the at least one threshold to the at least one contextual criterion; and
  
  allowing the claimant access to data, when the claimant is authenticated,wherein the contextual information from the claimant includes a geographical location of the claimant when the claimant is attempting to access the data, the geographical location of the claimant is determined by using satellite geolocation techniques, and the satellite geolocation techniques use the at least one secure geographically dependent spot beam based signal to obtain the geographical location of the claimant,wherein the at least one secure geographically dependent spot beam based signal depends upon the geographical location of the receiver associated with the claimant.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the at least one contextual criterion is at least one of a permitted geographic area of permitted accessibility defined by a permitted virtual data boundary, a non-permitted geographic area of non-permitted accessibility defined by a non-permitted virtual data boundary, a permitted time of permitted accessibility, a non-permitted time of non-permitted accessibility, a permitted subset of a population with permitted accessibility, a non-permitted subset of the population with non-permitted accessibility, and a password.
  - 3. The method of claim 2, wherein the permitted subset of the population and the non-permitted subset of the population each include at least one person.
  - 4. The method of claim 1, wherein the contextual information from the claimant further includes at least one of a time of day the claimant is attempting to access the data, a day of the week the claimant is attempting to access the data, a job function assigned to the claimant, a quantity of data the claimant has gained access to during a first predefined time period, a number of times the claimant has logged in during a second predefined time period, and a type of a device associated with the claimant that the claimant is using to attempt to access the data.
  - 5. The method of claim 1, wherein the at least one signal used for authentication is transmitted by at least one transmission source.
  - 6. The method of claim 5, wherein the at least one transmission source is employed in at least one of at least one satellite and at least one pseudo-satellite.
  - 7. The method of claim 6, wherein the at least one satellite is at least one of a Lower Earth Orbiting (LEO) satellite, a Medium Earth Orbiting (MEO) satellite, and a Geosynchronous Earth Orbiting (GEO) satellite.
  - 8. The method of claim 1, wherein the geographical location of the claimant is further determined by using ranging techniques.
  - 9. The method of claim 1, wherein access to the data is obtained by at least one of viewing at least a portion of the data, copying at least a portion of the data, editing at least a portion of the data, deleting at least a portion of the data, and adding additional data to the data.
  - 10. The method of claim 1, wherein the method further comprises providing viewing access to at least a portion of the data, when the claimant is authenticated, by supplying to the claimant at least one of a file containing the at least a portion of the data and a link to a webpage including the at least a portion of the data.
  - 11. The method of claim 1, wherein at least a portion of the data is related to at least one of at least one textual file, at least one image file, at least one application, at least one webpage, at least one computer code, and at least one server structure.
  - 12. The method of claim 1, wherein at least one of the at least one contextual criterion is dependent upon a type of a device associated with the claimant.
  - 13. The method of claim 12, wherein the type of the device associated with the claimant is one of a laptop computer, a desktop computer, a cellular device, and a personal digital assistant (PDA).
  - 14. The method of claim 1, wherein at least a portion of the contextual information from the claimant is related to at least one of an identity of the claimant, a device associated with the claimant that is attempting to access the data, a device associated with the claimant that is not attempting to access the data, the data the claimant is attempting to access, a node that is storing the data the claimant is attempting to access, interconnects between the node that is storing the data and the device associated with the claimant, and a network that the data the claimant is attempting to access resides.
  - 15. The method of claim 1, wherein the method further comprises logging at least a portion of the contextual information from the claimant.
  - 16. The method of claim 1, wherein the data is encrypted, and wherein the encrypted data is decrypted by the claimant by using a decryption key.
  - 17. The method of claim 16, wherein the decryption key is based on at least one of the at least one contextual criterion.
  - 18. The method of claim 16, wherein the data is encrypted by at least one of an author of the data, an owner of the data, an editor of the data, a device that is creating the data, and a network node transmitting the data.
  - 19. The method of claim 1, wherein the at least one threshold to the at least one contextual criterion is assigned by at least one of an author of the data, an owner of the data, an editor of the data, a device that is creating the data, and a network management entity.

20. A device to improve data access control, the device comprising:
- memory to store data, data access control policies, and at least one executable program product to enforce at least one of the data access control policies;
  
  a transmitter to transmit contextual information related to a claimant associated with the device;
  
  a receiver to receive at least one secure geographically dependent spot beam based signal, and to receive a response regarding whether the claimant is authenticated; and
  
  at least one processor to enforce the data access control policies and to allow the claimant access to at least a portion of the data, when the claimant is authenticated,wherein the contextual information from the claimant includes a geographical location of the claimant when the claimant is attempting to access the data, the geographical location of the claimant is determined by using satellite geolocation techniques, and the satellite geolocation techniques use the at least one secure geographically dependent spot beam based signal to obtain the geographical location of the claimant,wherein the at least one secure geographically dependent spot beam based signal depends upon the geographical location of the receiver of the device, which is associated with the claimant.

21. A method for a device to improve data access control, themethod comprising:
- storing, in memory of the device, data, data access control policies, and at least one executable program product to enforce at least one of the data access control policies;
  
  receiving, by a receiver associated with the device, at least one secure geographically dependent spot beam based signal;
  
  transmitting, by a transmitter associated with the device, contextual information related to a claimant associated with the device;
  
  receiving, by the receiver associated with the device, a response regarding whether the claimant is authenticated; and
  
  enforcing, by at least one processor associated with the device, the data access control policies and allowing the claimant access to at least a portion of the data, when the claimant is authenticated,wherein the contextual information from the claimant includes a geographical location of the claimant when the claimant is attempting to access the data, the geographical location of the claimant is determined by using satellite geolocation techniques, and the satellite geolocation techniques use the at least one secure geographically dependent spot beam based signal to obtain the geographical location of the claimant,wherein the at least one secure geographically dependent spot beam based signal depends upon the geographical location of the receiver associated with the device, which is associated with the claimant.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, the method further comprises, performing with the at least one processor at least one of:
    - causing at least a portion of the data to be deleted from the memory,encrypting at least a portion of the data in memory,causing a notification to be sent to a network management entity, andproviding to the claimant access to false data,when the response regarding whether the claimant is authenticated is not received within a predefined time duration starting from when the transmitter transmitted the contextual information.
  - 23. The method of claim 21, the method further comprises, performing with the at least one processor at least one of:
    - causing at least a portion of the data to be deleted from the memory,encrypting at least a portion of the data in memory,causing a notification to be sent to a network management entity, andproviding to the claimant access to false data,when the data is not accessed by the claimant within a predefined time duration starting from when the at least one processor allows the claimant access to the data.
  - 24. The method of claim 21, the method further comprises, performing with the at least one processor at least one of:
    - causing at least a portion of the data to be deleted from the memory,encrypting at least a portion of the data in memory,causing a notification to be sent to a network management entity, andproviding to the claimant access to false data,when the data is attempted to be accessed by the claimant after the receiver received a response that the claimant is not authenticated.

25. A system to improve data access control, the system comprising:
- a first transmitter to transmit contextual information from a claimant;
  
  a first receiver to receive the contextual information;
  
  at least one processor to determine whether the contextual information meets at least one threshold that is assigned to at least one contextual criterion, to authenticate the claimant if the contextual information meets at least one of the at least one threshold to the at least one contextual criterion, to allow the claimant access to data if the claimant is authenticated, and to not allow the claimant access to the data if the claimant is not authenticated;
  
  a second transmitter to transmit a response regarding whether the claimant is authenticated; and
  
  a second receiver to receive at least one secure geographically dependent spot beam based signal, and to receive the response regarding whether the claimant is authenticated,wherein the contextual information from the claimant includes a geographical location of the claimant when the claimant is attempting to access the data, the geographical location of the claimant is determined by using satellite geolocation techniques, and the satellite geolocation techniques use the at least one secure geographically dependent spot beam based signal to obtain the geographical location of the claimant,wherein the at least one secure geographically dependent spot beam based signal depends upon the geographical location of the second receiver, which is associated with the claimant.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 26. The system of claim 25, wherein the at least one contextual criterion is at least one of a permitted geographic area of permitted accessibility defined by a permitted virtual data boundary, a non-permitted geographic area of non-permitted accessibility defined by a non-permitted virtual data boundary, a permitted time of permitted accessibility, a non-permitted time of non-permitted accessibility, a permitted subset of a population with permitted accessibility, a non-permitted subset of the population with non-permitted accessibility, and a password.
  - 27. The system of claim 26, wherein the permitted subset of the population and the non-permitted subset of the population each include at least one person.
  - 28. The system of claim 25, wherein the contextual information from the claimant further includes at least one of a time of day the claimant is attempting to access the data, a day of the week the claimant is attempting to access the data, a job function assigned to the claimant, a quantity of data the claimant has gained access to during a first predefined time period, a number of times the claimant has logged in during a second predefined time period, and a type of a device associated with the claimant that the claimant is using to attempt to access the data.
  - 29. The system of claim 25, wherein the at least one signal used for authentication is transmitted by at least one transmission source.
  - 30. The system of claim 29, wherein the at least one transmission source is employed in at least one of at least one satellite and at least one pseudo-satellite.
  - 31. The system of claim 30, wherein the at least one satellite is at least one of a Lower Earth Orbiting (LEO) satellite, a Medium Earth Orbiting (MEO) satellite, and a Geosynchronous Earth Orbiting (GEO) satellite.
  - 32. The system of claim 25, wherein the geographical location of the claimant is further determined by using ranging techniques.
  - 33. The system of claim 25, wherein access to the data is obtained by at least one of viewing at least a portion of the data, copying at least a portion of the data, editing at least a portion of the data, deleting at least a portion of the data, and adding additional data to the data.
  - 34. The system of claim 33, wherein when the claimant is authenticated, the at least one processor is to provide the viewing access to at least a portion of the data by supplying to the claimant at least one of a file containing the at least a portion of the data and a link to a webpage including the at least a portion of the data.
  - 35. The system of claim 25, wherein at least a portion of the data is related to at least one of at least one textual file, at least one image file, at least one application, at least one webpage, at least one computer code, and at least one server structure.
  - 36. The system of claim 25, wherein at least one of the at least one contextual criterion is dependent upon a type of a device associated with the claimant.
  - 37. The system of claim 36, wherein the type of the device associated with the claimant is one of a laptop computer, a desktop computer, a cellular device, and a personal digital assistant (PDA).
  - 38. The system of claim 25, wherein at least a portion of the contextual information from the claimant is related to at least one of an identity of the claimant, a device associated with the claimant that is attempting to access the data, a device associated with the claimant that is not attempting to access the data, the data the claimant is attempting to access, a node that is storing the data the claimant is attempting to access, interconnects between the node that is storing the data and the device associated with the claimant, and a network that the data the claimant is attempting to access resides.
  - 39. The system of claim 25, wherein the at least one processor is to log at least a portion of the contextual information from the claimant.
  - 40. The system of claim 25, wherein the data is encrypted, and wherein the encrypted data is decrypted by the claimant by using a decryption key.
  - 41. The system of claim 40, wherein the decryption key is based on at least one of the at least one contextual criterion.
  - 42. The system of claim 40, wherein the data is encrypted by at least one of an author of the data, an owner of the data, an editor of the data, a device that is creating the data, and a network node transmitting the data.
  - 43. The system of claim 25, wherein the at least one threshold to the at least one contextual criterion is assigned by at least one of an author of the data, an owner of the data, an editor of the data, a device that is creating the data, and a network management entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Whelan, David A., Gutt, Gregory M., Lawrence, David G., O'Connor, Michael L., Ayyagari, Arun, Schmalzried, Rachel Rane
Primary Examiner(s)
Abyaneh, Ali

Application Number

US13/471,178
Publication Number

US 20130031598A1
Time in Patent Office

939 Days
Field of Search

726/3, 726/5, 726/22, 713/168
US Class Current

726/3
CPC Class Codes

G01S 1/725   Marker, boundary, call-sign...

H04B 7/18593   Arrangements for preventing...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/083   using passwords cryptograph...

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

H04L 9/3239   involving non-keyed hash fu...

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 4/021   Services related to particu...

Contextual-based virtual data boundaries

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Contextual-based virtual data boundaries

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links