×

Location based network usage policies

  • US 9,049,231 B2
  • Filed: 05/01/2014
  • Issued: 06/02/2015
  • Est. Priority Date: 07/17/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method performed by a data processing apparatus, the method comprising:

  • receiving first information indicating that a client device is connected to a network at a first physical location, and identifying a first user role associated with the client device;

    identifying, from among a plurality of network policy groups that each has a corresponding policy location and a corresponding policy role, a first network policy group having both (i) a first policy location that corresponds to the client device'"'"'s first physical location, and (ii) a policy role that corresponds to the client device'"'"'s first user role;

    receiving, from the client device while the client device is associated with the first physical location, a first resource request to access a resource available on the network;

    determining, while the client device is associated with the first physical location and in response to receiving the first resource request, first access permissions for the client device to the requested resource using the first network policy group;

    receiving second information indicating that the client device is connected to the network at a second physical location, and identifying a second user role associated with the client device, the second physical location different from the first physical location;

    identifying, from among the plurality of network policy groups, a second network policy group having both (i) a second policy location that corresponds to the client device'"'"'s second physical location, and (ii) a policy role that corresponds to the client device'"'"'s second user role;

    receiving, from the client device while the client device is associated with the second physical location, a second resource request to access the resource; and

    determining, while the client device is associated with the second physical location and in response to receiving the second resource request, second access permissions for the client device to the requested resource using the second network policy group;

    wherein identifying the first network policy group further comprises;

    identifying a subset of network policy groups for the client device using the first user role and the first physical location, each of the network policy groups in the subset of network policy groups having priority information and being one of the network policy groups in the plurality of network policy groups, wherein the policy location for each of the network policy groups in the subset of network policy groups is the same as the first physical location and the policy role for each of the network policy groups in the subset of network policy groups is the same as the first user role;

    comparing the priority information associated with each of the network policy groups from the subset of network policy groups; and

    selecting a highest priority network policy group from the subset of network policy groups as the first network policy group, the highest priority network policy group having a higher priority than other network policy groups in the subset of network policy groups based on the priority information associated with the highest priority network policy group.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×