Enforcement of proximity based policies
First Claim
1. A non-transitory computer-readable medium embodying program code being configured to allow remote application of a policy that controls the type of authentication to be used between devices under a device management system, the program code being executable in a computing device, the program code being configured to cause the computing device to at least:
- obtain, remotely at a policy server, a first location indication associated with an anchor device, the first location indication being at least one of a geographic location or a network location of the anchor device;
obtain, remotely at the policy server, a second location indication associated with a companion device, the second location indication being at least one of a geographic location or a network location of the companion device;
identify, on the policy server, a policy stored in a data store that associates the anchor device and the companion device, the policy specifying a security requirement that when the first location and the second location are within a proximity, the companion device can be accessed using a reduced authentication, and when the first location and the second location are not within the proximity, the companion device cannot be accessed using the reduced authentication;
determine whether the policy is violated based at least in part upon the first location indication and the second location indication; and
issue a command to the companion device from the policy server in response to a determination that the policy is violated based at least in part upon the first location indication and the second location indication, the command requiring that the companion device be accessed in accordance with the security requirement, wherein the policy server operates as part of the device management system to vary and control the types of authorization required between a plurality of anchor devices and companion devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the disclosure are related to enforcing a policy on a computing device, or a companion device, based upon its proximity to another computing device, or an anchor device. In one example, the anchor device and companion device can report their location with respect to one another to a policy server. The policy server can determine whether the anchor device and proximity device are in proximity to one another as well as determine whether a policy should be applied to the companion device based upon whether it is in proximity to the anchor device.
357 Citations
21 Claims
-
1. A non-transitory computer-readable medium embodying program code being configured to allow remote application of a policy that controls the type of authentication to be used between devices under a device management system, the program code being executable in a computing device, the program code being configured to cause the computing device to at least:
-
obtain, remotely at a policy server, a first location indication associated with an anchor device, the first location indication being at least one of a geographic location or a network location of the anchor device; obtain, remotely at the policy server, a second location indication associated with a companion device, the second location indication being at least one of a geographic location or a network location of the companion device; identify, on the policy server, a policy stored in a data store that associates the anchor device and the companion device, the policy specifying a security requirement that when the first location and the second location are within a proximity, the companion device can be accessed using a reduced authentication, and when the first location and the second location are not within the proximity, the companion device cannot be accessed using the reduced authentication; determine whether the policy is violated based at least in part upon the first location indication and the second location indication; and issue a command to the companion device from the policy server in response to a determination that the policy is violated based at least in part upon the first location indication and the second location indication, the command requiring that the companion device be accessed in accordance with the security requirement, wherein the policy server operates as part of the device management system to vary and control the types of authorization required between a plurality of anchor devices and companion devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for remotely applying a policy that controls the type of authentication to be used between devices under a device management system comprising:
-
establishing, at a remote policy server, a proximity policy for selectively enforcing a restriction upon at least one of an anchor device or a companion device; transmitting a first location indicator to the policy server using a network, the first location indicator indicating a location of the companion device relative to the anchor device; and obtaining a command from the policy server or in response to the first location indicator, the command being related to a proximity of the companion device to an anchor device, the proximity being determined based upon the first location indicator, the command further specifying the restriction enforced upon at least one of the anchor device or the companion device, wherein the restriction indicates that when the first location and the second location are within the proximity, the companion device can be accessed using a reduced authentication, and when the first location and the second location are not within the proximity, the companion device cannot be accessed using the reduced authentication, wherein the policy server operates as part of the device management system to vary and control the types of authorization required between a plurality of anchor devices and companion devices. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method for remotely applying a policy that controls the type of authentication to be used between devices under a device management system, comprising:
-
obtaining, remotely in a policy server, a first location indicator corresponding to a location of a first computing device relative to a second computing device; determining, in the policy server, whether a policy is associated with the first computing device and the second computing device, the policy specifying a security requirement associated with the first computing device based upon a proximity of the first computing device to the second computing device, the security requirement indicating that when the first location and the second location are within the proximity, the first computing device can be accessed using a reduced authentication, and when the first location and the second location are not within the proximity, the first computing device cannot be accessed using the reduced authentication; determining, in the policy server, whether the first computing device complies with the policy based upon the proximity; and issuing, remotely from the policy server, a command specified by the policy, wherein the policy server operates as part of the device management system to vary and control the types of authorization required between a plurality of first computing devices and second computing devices. - View Dependent Claims (17, 18, 19)
-
-
20. A system for remotely changing the authentication types required between devices under a device management system based on proximity, comprising:
-
a first computing device; a second computing device; and a policy server that is remote to the first computing device and remote to the second computing device, wherein; the policy server stores a profile with a security restriction, the security restriction indicating that when the second computing device is not within the proximity to the first computing device, the first computing device must be accessed using additional authentication; the policy server issues a command to the first computing device requiring the additional authentication when the first computing device is not within the proximity of the second computing device; and the policy server varies and controls the types of authorization required between a plurality of first computing devices and second computing devices.
-
-
21. A system for changing authentication types based on proximity, comprising:
-
a first computing device; and a second computing device, wherein; the first computing device receives a profile with a security restriction from a remote policy server, the remote policy server storing a plurality of different profiles for controlling authentication types between devices under a device management system, the first computing device determines a proximity between the first computing device and the second computing device; the first computing device accesses the profile with the security restriction, the security restriction indicating that when the second computing device is within the proximity to the first computing device, the first computing device can be accessed using a reduced authentication; and the first computing device detects the proximity with the second computing device and allows access using the reduced authentication.
-
Specification