Restricting network and device access based on presence detection

US 9,336,356 B2
Filed: 10/06/2011
Issued: 05/10/2016
Est. Priority Date: 10/06/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

an interface for communicating with an associated network; and

a controller coupled with the interface;

wherein the controller obtains data representative of a location of the apparatus;

wherein the controller obtains data representative of a location of a user associated device, wherein the location of the user associated device comprises one of a geographical location and a network location;

wherein the controller determines a first proximity of the apparatus with the user associated device;

wherein the controller obtains data representative of a predefined trigger event, the predefined trigger event comprising the first proximity of the apparatus with the user associated device exceeding a predetermined threshold;

wherein the controller selects a network policy in accordance with the location of the apparatus;

wherein the controller, in response to the predefined trigger event, applies the selected network policy to restrict communication with the associated network via the interface;

wherein the controller obtains data representative of a plurality of release triggers, the plurality of release triggers comprising a first release trigger responsive to the user associated device returning to within a predefined proximity of the apparatus, and a second release trigger comprising the controller receiving a predefined response to a secondary challenge issued by the controller; and

wherein the controller applies a network restoration policy responsive to obtaining the data representative of the plurality of release triggers and wherein network restoration policy restores access to the associated network via the interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example embodiment, a technique that applies a network policy responsive to specified events, or triggers, to a networked device. If a specified event occurs, the network policy may restrict the device'"'"'s access to the network. For example, if a user walks away from their networked device, such as a laptop, the device'"'"'s network access changes. For example, depending upon the policy, network traffic may be blocked or otherwise restricted.

23 Citations

View as Search Results

18 Claims

1. An apparatus, comprising:
- an interface for communicating with an associated network; and
  
  a controller coupled with the interface;
  
  wherein the controller obtains data representative of a location of the apparatus;
  
  wherein the controller obtains data representative of a location of a user associated device, wherein the location of the user associated device comprises one of a geographical location and a network location;
  
  wherein the controller determines a first proximity of the apparatus with the user associated device;
  
  wherein the controller obtains data representative of a predefined trigger event, the predefined trigger event comprising the first proximity of the apparatus with the user associated device exceeding a predetermined threshold;
  
  wherein the controller selects a network policy in accordance with the location of the apparatus;
  
  wherein the controller, in response to the predefined trigger event, applies the selected network policy to restrict communication with the associated network via the interface;
  
  wherein the controller obtains data representative of a plurality of release triggers, the plurality of release triggers comprising a first release trigger responsive to the user associated device returning to within a predefined proximity of the apparatus, and a second release trigger comprising the controller receiving a predefined response to a secondary challenge issued by the controller; and
  
  wherein the controller applies a network restoration policy responsive to obtaining the data representative of the plurality of release triggers and wherein network restoration policy restores access to the associated network via the interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The apparatus of claim 1, further comprising a sensor for detecting the user associated device returning to within the predefined proximity of the apparatus as a predefined trigger event.
  - 3. The apparatus of claim 2, wherein the sensor is a radio frequency identification transceiver and the trigger event is based on whether a predefined radio frequency identification tag is within a predefined proximity of the sensor.
  - 4. The apparatus of claim 2, wherein the sensor is a wireless transceiver and the trigger event is based on whether a predefined wireless device is within a predefined proximity of the wireless transceiver.
  - 5. The apparatus of claim 1, wherein the network policy comprises blocking packets from the network.
  - 6. The apparatus of claim 1, wherein the network policy comprises preventing packets from being sent to the network.
  - 7. The apparatus of claim 1, wherein the network policy comprises pausing a virtual private network session.
  - 8. The apparatus of claim 1, wherein the network policy comprises disconnecting a virtual private network session.
  - 9. The apparatus of claim 1, wherein the network policy comprises establishing a session for remediation.
  - 10. The apparatus of claim 1, wherein the network policy comprises encrypting data stored on the apparatus.
  - 11. The apparatus of claim 1, wherein the secondary challenge of the second release trigger comprises the controller obtaining data representative of facial recognition associated with a predefined user.
  - 12. The apparatus of claim 1, wherein the secondary challenge of the second release trigger comprises the controller identifying a fingerprint associated with a predefined user.
  - 13. The apparatus of claim 1, wherein the secondary challenge of the second release trigger comprises the controller identifying a voice associated with a predefined user.
  - 14. The apparatus of claim 1, wherein the network restoration policy is selected from a group consisting of restoring full access to the network, providing a logon to the network, reconnecting a virtual private network session, and credential renewal.

15. A method, comprising:
- determining a location of a networked device associated with a user;
  
  determining a location of a user associated device associated with the user, wherein the location comprises one of a geographical location or a network location;
  
  determining the proximity of the networked device with the user associated device;
  
  selecting a network policy in accordance with the location of the networked device;
  
  restricting access to an associated network in accordance with the selected network policy responsive to the proximity of the networked device with the user associated device exceeding a predetermined threshold;
  
  determining an updated location of the user associated device;
  
  determining the proximity of the networked device with the user associated device based on the updated location; and
  
  restoring access to the network responsive to;
  
  i) determining the proximity of the networked device with a user associated device does not exceed a predetermined threshold, and ii) receiving a predefined response to a secondary challenge.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein restricting access to the network comprises one of a group consisting of blocking packets from the networked device and preventing packets from being sent to the networked device.
  - 17. The method of claim 15, wherein the user associated device is selected from a group consisting of a radio frequency identification tag and a wireless device employing a predefined communication protocol.

18. Logic encoded in a non-transitory computer readable media for execution by a processor, and when executed by the processor, operable to perform an operation, the operation comprising:
- determining a location of a networked device associated with a user;
  
  determining a location of a user associated device associated with the user, wherein the location comprises one of a geographical location or a network location;
  
  determining the proximity of the networked device with the user associated device;
  
  selecting a network policy in accordance with the location of the networked device;
  
  restricting access to an associated network in accordance with the selected network policy responsive to the proximity of the networked device with the user associated device exceeding a predetermined threshold;
  
  determining an updated location of the user associated device;
  
  determining the proximity of the networked device with the user associated device based on the updated location; and
  
  restoring access to the network responsive to;
  
  i) determining the proximity of the networked device with a user associated device does not exceed a predetermined threshold, and ii) receiving a predefined response to a secondary challenge.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Parla, Vincent E., Gelasco, Eli John, Tillotson, Paul Michael
Primary Examiner(s)
Dinh, Minh

Application Number

US13/267,508
Publication Number

US 20130091537A1
Time in Patent Office

1,678 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04W 12/082   using revocation of authori...

H04W 12/086   using security domains

Restricting network and device access based on presence detection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Restricting network and device access based on presence detection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links