Systems and methods for enforcing geolocation-based policies

US 9,038,158 B1
Filed: 07/07/2011
Issued: 05/19/2015
Est. Priority Date: 07/07/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for enforcing geolocation-based policies, the method comprising:

identifying a request from a computing system to access a computing resource;

identifying a public key certificate, comprising a certificate of a public key, that is associated with the computing resource, the public key certificate including location data that indicates permissible locations from which the computing resource may be accessed;

determining a current location of the computing system;

determining that the location data within the public key certificate indicates that the computing resource may be accessed from the current location of the computing system;

allowing access to the computing resource based on the determination that the computing resource may be accessed from the current location of the computing system;

wherein at least a portion of the method is performed by a computing device comprising at least one processor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for enforcing geolocation-based policies may include (1) identifying a request from a computing system to access a computing resource, (2) identifying a public key certificate associated with the computing resource, the public key certificate including location data that indicates where the computing resource may be accessed from, (3) determining a current location of the computing system, (4) determining that the location data within the public key certificate indicates that the computing resource may be accessed from the current location of the computing system, and (5) allowing access to the computing resource based on the determination that the computing resource may be accessed from the current location of the computing system. Various other methods, systems, and computer-readable media are also disclosed.

38 Citations

View as Search Results

20 Claims

1. A computer-implemented method for enforcing geolocation-based policies, the method comprising:
- identifying a request from a computing system to access a computing resource;
  
  identifying a public key certificate, comprising a certificate of a public key, that is associated with the computing resource, the public key certificate including location data that indicates permissible locations from which the computing resource may be accessed;
  
  determining a current location of the computing system;
  
  determining that the location data within the public key certificate indicates that the computing resource may be accessed from the current location of the computing system;
  
  allowing access to the computing resource based on the determination that the computing resource may be accessed from the current location of the computing system;
  
  wherein at least a portion of the method is performed by a computing device comprising at least one processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, wherein identifying the public key certificate comprises verifying the integrity of the public key certificate to ensure that the location data within the public key certificate is valid.
  - 3. The computer-implemented method of claim 1, wherein the public key certificate further comprises temporal data that indicates when the computing resource may be accessed.
  - 4. The computer-implemented method of claim 3, further comprising:
    - determining a current time;
      
      determining that the temporal data indicates that the computing resource may be accessed at the current time;
      
      wherein allowing access to the computing resource is further based on the determination that the temporal data indicates that the computing resource may be accessed at the current time.
  - 5. The computer-implemented method of claim 1, wherein the location data within the public key certificate specifies a plurality of locations from which the computing resource may be accessed.
  - 6. The computer-implemented method of claim 5, wherein:
    - the location data within the public key certificate specifies differentiated levels of access for the plurality of locations from which the computing resource may be accessed;
      
      allowing access to the computing resource comprises allowing access to the computing resource in accordance with the differentiated level of access associated with the current location of the computing system.
  - 7. The computer-implemented method of claim 1, wherein the computing system comprises a mobile computing device.
  - 8. The computer-implemented method of claim 1, wherein:
    - the location data within the public key certificate comprises three-dimensional location data;
      
      the current location of the computing system comprises a three-dimensional location of the computing system.
  - 9. The computer-implemented method of claim 1, wherein identifying the public key certificate associated with the computing resource comprises identifying a public key certificate created to regulate access to the computing resource.
  - 10. The computer-implemented method of claim 1, wherein allowing access to the computing resource further comprises allowing access to the computing resource based on a content type specified in the request.

11. A system for enforcing geolocation-based policies, the system comprising:
- an identification module programmed to;
  
  identify a request from a computing system to access a computing resource;
  
  identify a public key certificate, comprising a certificate of a public key, that is associated with the computing resource, the public key certificate including location data that indicates permissible locations from which the computing resource may be accessed;
  
  a location module programmed to determine a current location of the computing system;
  
  a determination module programmed to determine that the location data within the public key certificate indicates that the computing resource may be accessed from the current location of the computing system;
  
  an allowance module programmed to allow access to the computing resource based on the determination that the computing resource may be accessed from the current location of the computing system;
  
  at least one hardware processor configured to execute the identification module, the location module, the determination module, and the allowance module.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the identification module is programmed to identify the public key certificate by verifying the integrity of the public key certificate to ensure that the location data within the public key certificate is valid.
  - 13. The system of claim 11, wherein the public key certificate further comprises temporal data that indicates when the computing resource may be accessed.
  - 14. The system of claim 13, wherein:
    - the determination module is further programmed to;
      
      determine a current time;
      
      determine that the temporal data indicates that the computing resource may be accessed at the current time;
      
      the allowance module is further programmed to allow access to the computing resource based on the determination that the temporal data indicates that the computing resource may be accessed at the current time.
  - 15. The system of claim 11, wherein the location data within the public key certificate specifies a plurality of locations from which the computing resource may be accessed.
  - 16. The system of claim 15, wherein:
    - the location data within the public key certificate specifies differentiated levels of access for the plurality of locations from which the computing resource may be accessed;
      
      the allowance module is programmed to allow access to the computing resource in accordance with the differentiated level of access associated with the current location of the computing system.
  - 17. The system of claim 11, wherein:
    - the location data within the public key certificate comprises three-dimensional location data;
      
      the current location of the computing system comprises a three-dimensional location of the computing system.
  - 18. The system of claim 11, wherein the identification module is programmed to identify the public key certificate associated with the computing resource by identifying a public key certificate created to regulate access to the computing resource.
  - 19. The system of claim 11, wherein the allowance module is further programmed to allow access to the computing resource based on a content type specified in the request.

20. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify a request from a computing system to access a computing resource;
  
  identify a public key certificate, comprising a certificate of a public key, that is associated with the computing resource, the public key certificate including location data that indicates permissible locations from which the computing resources may be accessed;
  
  determine a current location of the computing system;
  
  determine that the location data within the public key certificate indicates that the computing resource may be accessed from the current location of the computing system;
  
  allow access to the computing resource based on the determination that the computing resource may be accessed from the current location of the computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
MacKay, Paul
Primary Examiner(s)
Kim, Tae

Application Number

US13/178,225
Time in Patent Office

1,412 Days
Field of Search

726 1- 4, 726/16, 726/17, 726 26- 29, 713/150, 713/155, 713/156, 709/203, 709/225, 709/226
US Class Current

726/10
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/107   wherein the security polici...

H04L 9/0872   using geo-location informat...

H04L 9/3263   involving certificates, e.g...

H04W 12/069   using certificates or pre-s...

H04W 4/80   Services using short range ...

Systems and methods for enforcing geolocation-based policies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for enforcing geolocation-based policies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others