Location based network usage policies

US 9,225,790 B2
Filed: 05/08/2015
Issued: 12/29/2015
Est. Priority Date: 07/17/2013
Status: Active Grant

First Claim

Patent Images

1. A method performed by a data processing apparatus, the method comprising:

receiving first information indicating that a first client device operated by a user is connected to a network at a first physical location;

identifying a first user role associated with the user;

identifying, from among a plurality of network policy groups that each has a corresponding policy location and a corresponding policy role, a first network policy group having both (i) a first policy location that corresponds to the first client device'"'"'s first physical location, and (ii) a policy role that corresponds to the user'"'"'s first user role by;

selecting a highest priority network policy group from a subset of network policy groups as the first network policy group, each of the network policy groups in the subset of network policy groups having priority information and being one of the network policy groups in the plurality of network policy groups, the highest priority network policy group having a higher priority than the other network policy groups in the subset of network policy groups based on the priority information associated with the highest priority network policy group;

receiving, from the first client device while the first client device is associated with the first physical location, a first resource request to access a resource available on the network;

determining, while the first client device is associated with the first physical location and in response to receiving the first resource request, first access permissions for the first client device to the requested resource using the first network policy group;

receiving second information indicating that a second client device operated by the user is connected to the network at a second physical location, and identifying a second user role associated with the second client device, the second physical location different from the first physical location;

identifying, from among the plurality of network policy groups, a default network policy group having both (i) a second policy location that corresponds to the second client device'"'"'s second physical location, and (ii) a policy role that applies to all client devices and to all users that connect to the network at the second physical location;

receiving, from the second client device while the second client device is associated with the second physical location, a second resource request to access the resource; and

determining, while the second client device is associated with the second physical location and in response to receiving the second resource request, second access permissions for the second client device to the requested resource using the default network policy group.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for location based network usage policies. One of the methods includes storing information defining a plurality of network policy groups, receiving first information indicating that a client device is connected to the network at a first physical location, and identifying a first user role associated with the client device, identifying, from among the plurality of network policy groups, a first network policy group having both (i) an associated first policy location that corresponds to the client device'"'"'s first physical location, and (ii) an associated policy role that corresponds to the client device'"'"'s first user role, and regulating the client device'"'"'s access to resources available on the network based on the one or more network usage policies associated with the identified first network policy group.

50 Citations

View as Search Results

30 Claims

1. A method performed by a data processing apparatus, the method comprising:
- receiving first information indicating that a first client device operated by a user is connected to a network at a first physical location;
  
  identifying a first user role associated with the user;
  
  identifying, from among a plurality of network policy groups that each has a corresponding policy location and a corresponding policy role, a first network policy group having both (i) a first policy location that corresponds to the first client device'"'"'s first physical location, and (ii) a policy role that corresponds to the user'"'"'s first user role by;
  
  selecting a highest priority network policy group from a subset of network policy groups as the first network policy group, each of the network policy groups in the subset of network policy groups having priority information and being one of the network policy groups in the plurality of network policy groups, the highest priority network policy group having a higher priority than the other network policy groups in the subset of network policy groups based on the priority information associated with the highest priority network policy group;
  
  receiving, from the first client device while the first client device is associated with the first physical location, a first resource request to access a resource available on the network;
  
  determining, while the first client device is associated with the first physical location and in response to receiving the first resource request, first access permissions for the first client device to the requested resource using the first network policy group;
  
  receiving second information indicating that a second client device operated by the user is connected to the network at a second physical location, and identifying a second user role associated with the second client device, the second physical location different from the first physical location;
  
  identifying, from among the plurality of network policy groups, a default network policy group having both (i) a second policy location that corresponds to the second client device'"'"'s second physical location, and (ii) a policy role that applies to all client devices and to all users that connect to the network at the second physical location;
  
  receiving, from the second client device while the second client device is associated with the second physical location, a second resource request to access the resource; and
  
  determining, while the second client device is associated with the second physical location and in response to receiving the second resource request, second access permissions for the second client device to the requested resource using the default network policy group.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein identifying the first network policy group comprises:
    - identifying the subset of network policy groups for the first client device using the first user role and the first physical location, wherein the policy location for each of the network policy groups in the subset of network policy groups is the same as the first physical location and the policy role for each of the network policy groups in the subset of network policy groups is the same as the first user role; and
      
      comparing the priority information associated with each of the network policy groups from the subset of network policy groups to determine the highest priority network policy group.
  - 3. The method of claim 1, wherein the first resource request comprises the first information.
  - 4. The method of claim 1, wherein the default network policy group is more restrictive than the first network policy group for at least some of the resources available on the network.
  - 5. The method of claim 1, wherein the first access permissions allow the first client device access to the requested resource and the second access permissions do not allow the second client device access to the requested resource.
  - 6. The method of claim 1, wherein receiving the first information comprises:
    - receiving, from a specific network connection point on the network, first client device information indicating that the first client device is connected to the specific network connection point, wherein a plurality of network connection points provide access to the network and each network connection point is associated with a network connection point location, the specific network connection point location associated with the specific network connection point identifying the first physical location, and the specific network connection point being one of the plurality of network connection points.
  - 7. The method of claim 1, wherein each of the network policy groups in the plurality of network policy groups is linked to one of a plurality of user roles based on a network policy group name associated with the linked network policy group that is the same as a user role name associated with the linked user role, the first user role associated with the user being one of the plurality of user roles.
  - 8. The method of claim 1, wherein the first policy location and the first physical location both comprise the same location name.
  - 9. The method of claim 1, wherein identifying the first network policy group comprises:
    - determining, from the plurality of network policy groups, a first subset of the plurality of network policy groups that each has a location that matches the first physical location; and
      
      determining, from the first subset, the first network policy group that has a user role that matches the first user role.
  - 10. The method of claim 1, wherein the first client device and the second client device are the same device.

11. A non-transitory computer storage medium encoded with instructions that, when executed by one or more computers, cause the one or more computers to perform operations comprising:
- receiving first information indicating that a first client device operated by a user is connected to a network at a first physical location;
  
  identifying a first user role associated with the user;
  
  identifying, from among a plurality of network policy groups that each has a corresponding policy location and a corresponding policy role, a first network policy group having both (i) a first policy location that corresponds to the first client device'"'"'s first physical location, and (ii) a policy role that corresponds to the user'"'"'s first user role by;
  
  selecting a highest priority network policy group from a subset of network policy groups as the first network policy group, each of the network policy groups in the subset of network policy groups having priority information and being one of the network policy groups in the plurality of network policy groups, the highest priority network policy group having a higher priority than the other network policy groups in the subset of network policy groups based on the priority information associated with the highest priority network policy group;
  
  receiving, from the first client device while the first client device is associated with the first physical location, a first resource request to access a resource available on the network;
  
  determining, while the first client device is associated with the first physical location and in response to receiving the first resource request, first access permissions for the first client device to the requested resource using the first network policy group;
  
  receiving second information indicating that a second client device operated by the user is connected to the network at a second physical location, and identifying a second user role associated with the second client device, the second physical location different from the first physical location;
  
  identifying, from among the plurality of network policy groups, a default network policy group having both (i) a second policy location that corresponds to the second client device'"'"'s second physical location, and (ii) a policy role that applies to all client devices and to all users that connect to the network at the second physical location;
  
  receiving, from the second client device while the second client device is associated with the second physical location, a second resource request to access the resource; and
  
  determining, while the second client device is associated with the second physical location and in response to receiving the second resource request, second access permissions for the second client device to the requested resource using the default network policy group.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer storage medium of claim 11, wherein identifying the first network policy group comprises:
    - identifying the subset of network policy groups for the first client device using the first user role and the first physical location, wherein the policy location for each of the network policy groups in the subset of network policy groups is the same as the first physical location and the policy role for each of the network policy groups in the subset of network policy groups is the same as the first user role; and
      
      comparing the priority information associated with each of the network policy groups from the subset of network policy groups to determine the highest priority network policy group.
  - 13. The computer storage medium of claim 11, wherein the first resource request comprises the first information.
  - 14. The computer storage medium of claim 11, wherein the default network policy group is more restrictive than the first network policy group for at least some of the resources available on the network.
  - 15. The computer storage medium of claim 11, wherein the first access permissions allow the first client device access to the requested resource and the second access permissions do not allow the second client device access to the requested resource.
  - 16. The computer storage medium of claim 11, wherein receiving the first information comprises:
    - receiving, from a specific network connection point on the network, first client device information indicating that the first client device is connected to the specific network connection point, wherein a plurality of network connection points provide access to the network and each network connection point is associated with a network connection point location, the specific network connection point location associated with the specific network connection point identifying the first physical location, and the specific network connection point being one of the plurality of network connection points.
  - 17. The computer storage medium of claim 11, wherein each of the network policy groups in the plurality of network policy groups is linked to one of a plurality of user roles based on a network policy group name associated with the linked network policy group that is the same as a user role name associated with the linked user role, the first user role associated with the user being one of the plurality of user roles.
  - 18. The computer storage medium of claim 11, wherein the first policy location and the first physical location both comprise the same location name.
  - 19. The computer storage medium of claim 11, wherein identifying the first network policy group comprises:
    - determining, from the plurality of network policy groups, a first subset of the plurality of network policy groups that each has a location that matches the first physical location; and
      
      determining, from the first subset, the first network policy group that has a user role that matches the first user role.
  - 20. The computer storage medium of claim 11, wherein the first client device and the second client device are the same device.

21. A system comprising:
- one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising;
  
  receiving first information indicating that a first client device operated by a user is connected to a network at a first physical location;
  
  identifying a first user role associated with the user;
  
  identifying, from among a plurality of network policy groups that each has a corresponding policy location and a corresponding policy role, a first network policy group having both (i) a first policy location that corresponds to the first client device'"'"'s first physical location, and (ii) a policy role that corresponds to the user'"'"'s first user role by;
  
  selecting a highest priority network policy group from a subset of network policy groups as the first network policy group, each of the network policy groups in the subset of network policy groups having priority information and being one of the network policy groups in the plurality of network policy groups, the highest priority network policy group having a higher priority than the other network policy groups in the subset of network policy groups based on the priority information associated with the highest priority network policy group;
  
  receiving, from the first client device while the first client device is associated with the first physical location, a first resource request to access a resource available on the network;
  
  determining, while the first client device is associated with the first physical location and in response to receiving the first resource request, first access permissions for the first client device to the requested resource using the first network policy group;
  
  receiving second information indicating that a second client device operated by the user is connected to the network at a second physical location, and identifying a second user role associated with the second client device, the second physical location different from the first physical location;
  
  identifying, from among the plurality of network policy groups, a default network policy group having both (i) a second policy location that corresponds to the second client device'"'"'s second physical location, and (ii) a policy role that applies to all client devices and to all users that connect to the network at the second physical location;
  
  receiving, from the second client device while the second client device is associated with the second physical location, a second resource request to access the resource; and
  
  determining, while the second client device is associated with the second physical location and in response to receiving the second resource request, second access permissions for the second client device to the requested resource using the default network policy group.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The system of claim 21, wherein identifying the first network policy group comprises:
    - identifying the subset of network policy groups for the first client device using the first user role and the first physical location, wherein the policy location for each of the network policy groups in the subset of network policy groups is the same as the first physical location and the policy role for each of the network policy groups in the subset of network policy groups is the same as the first user role; and
      
      comparing the priority information associated with each of the network policy groups from the subset of network policy groups to determine the highest priority network policy group.
  - 23. The system of claim 21, wherein the first resource request comprises the first information.
  - 24. The system of claim 21, wherein the default network policy group is more restrictive than the first network policy group for at least some of the resources available on the network.
  - 25. The system of claim 21, wherein the first access permissions allow the first client device access to the requested resource and the second access permissions do not allow the second client device access to the requested resource.
  - 26. The system of claim 21, wherein receiving the first information comprises:
    - receiving, from a specific network connection point on the network, first client device information indicating that the first client device is connected to the specific network connection point, wherein a plurality of network connection points provide access to the network and each network connection point is associated with a network connection point location, the specific network connection point location associated with the specific network connection point identifying the first physical location, and the specific network connection point being one of the plurality of network connection points.
  - 27. The system of claim 21, wherein each of the network policy groups in the plurality of network policy groups is linked to one of a plurality of user roles based on a network policy group name associated with the linked network policy group that is the same as a user role name associated with the linked user role, the first user role associated with the user being one of the plurality of user roles.
  - 28. The system of claim 21, wherein the first policy location and the first physical location both comprise the same location name.
  - 29. The system of claim 21, wherein identifying the first network policy group comprises:
    - determining, from the plurality of network policy groups, a first subset of the plurality of network policy groups that each has a location that matches the first physical location; and
      
      determining, from the first subset, the first network policy group that has a user role that matches the first user role.
  - 30. The system of claim 21, wherein the first client device and the second client device are the same device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
iBoss
Original Assignee
iBoss
Inventors
Martini, Paul Michael
Primary Examiner(s)
Katsikis, Kostas

Application Number

US14/708,113
Publication Number

US 20150244822A1
Time in Patent Office

235 Days
Field of Search

709/229, 709/225, 726 3- 8
US Class Current

1/1
CPC Class Codes

H04L 41/50   Network service management,...

H04L 63/102   Entity profiles

H04L 67/01   Protocols

H04L 67/51   Discovery or management the...

H04L 67/52   specially adapted for the l...

H04L 67/54   Presence management, e.g. m...

Location based network usage policies

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Location based network usage policies

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links