Provisioning location-based security policy

US 9,600,670 B2
Filed: 12/23/2014
Issued: 03/21/2017
Est. Priority Date: 12/23/2014
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a processor including at least one core to execute instructions;

a plurality of sensors, including a first sensor to obtain location information regarding a location of the system; and

a security engine to apply a security policy to the system, wherein the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, wherein the location information indicates a location different than locations associated with the plurality of security policies, the security policy to determine one or more of user authentication strength, authentication session duration, and asset access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.

21 Citations

View as Search Results

21 Claims

1. A system comprising:
- a processor including at least one core to execute instructions;
  
  a plurality of sensors, including a first sensor to obtain location information regarding a location of the system; and
  
  a security engine to apply a security policy to the system, wherein the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, wherein the location information indicates a location different than locations associated with the plurality of security policies, the security policy to determine one or more of user authentication strength, authentication session duration, and asset access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1, wherein the security engine comprises a location policy classifier to determine a similarity between the location of the system and a stored location associated with a security policy of the plurality of security policies, the plurality of security policies stored in a policy database of a storage.
  - 3. The system of claim 2, wherein the security engine is to select and directly apply the one of the plurality of security policies to the system if the similarity is greater than a threshold level.
  - 4. The system of claim 3, wherein the security engine is to seek user confirmation of selection of the one of the plurality of security policies if the similarity is less than the threshold level.
  - 5. The system of claim 3, wherein the security engine is to not apply the one of the plurality of security policies to the system if the similarity is less than a second threshold level.
  - 6. The system of claim 1, wherein the security engine is to update a first security policy associated with a first location responsive to analysis of user interaction with the system at the first location.
  - 7. The system of claim 1, wherein the security engine further comprises a first classifier to compare a first string associated with the location information to a second string associated with the one of the plurality of security policies, and to output a first comparison result.
  - 8. The system of claim 7, wherein the security engine further comprises a second classifier to compare first information associated with the location information to second information associated with the one of the plurality of security policies, and to output a second comparison result.
  - 9. The system of claim 8, wherein the security engine further comprises a third classifier to determine a semantic location similarity between a first ontology associated with the location information and a second ontology associated with a stored location associated with the one of the plurality of security policies, and to output a third comparison result.
  - 10. The system of claim 9, further comprising a location policy classifier comprising a weighting logic to weight the first comparison result, the second comparison result and the third comparison result to determine a similarity between the location of the system and the stored location associated with the one of the plurality of security policies.
  - 11. The system of claim 1, wherein the plurality of sensors further comprises a second sensor to measure environmental information.
  - 12. The system of claim 11, further comprising a location policy classifier to compare environmental information obtained from the second sensor and associated with the location information to stored environmental information associated with the plurality of security policies, and to output an environmental comparison result, the policy logic to determine the one of the plurality of security policies to apply based at least in part on the environmental comparison result.
  - 13. The system of claim 1, further comprising a first database to store the plurality of security policies, each of the plurality of security policies associated with location information including one or more of string information, map information, and geographic information.
  - 14. The system of claim 13, further comprising a second database to store training data, the training data obtained from a remote source and including security policy information and corresponding location information obtained from a plurality of devices of a plurality of users, at a plurality of locations.

15. At least one non-transitory computer readable storage medium comprising instructions that when executed enable a system to:
- receive location information regarding a location of the system from one or more sources;
  
  based on the location information, determine whether a security policy is associated with the location; and
  
  if so, apply the security policy to the system, and otherwise determine a similarity between the location of the system and a second location having an associated security policy via an ontological analysis to determine the similarity based on a type classification for the location of the system, and based on the similarity, apply the associated security policy to the system.
- View Dependent Claims (16, 17)
- - 16. The at least one non-transitory computer readable medium of claim 15, further comprising instructions that when executed enable the system to:
    - if the similarity is greater than a threshold confidence level, directly apply the associated security policy to the system;
      
      if the similarity is less than the threshold confidence level, determine whether a user accepts the associated security policy, and if so to apply the associated security policy to the system.
  - 17. The at least one non-transitory computer readable medium of claim 15, further comprising instructions that when executed enable the system to determine the similarity based at least in part on a classification between training data and environmental information obtained from one or more sensors of the system.

18. A system comprising:
- a processor including at least one core and a location policy classifier to receive and weight a plurality of classification results from a plurality of sub-classifiers to output a similarity value between a location of the system and a second location associated with a stored security policy, and a policy logic to determine whether to apply the stored security policy to the system based at least in part on the similarity value;
  
  at least one sensor to obtain sensor information to be used to determine the location of the system;
  
  at least one user input device to receive user input from a user.
- View Dependent Claims (19, 20, 21)
- - 19. The system of claim 18, wherein the plurality of sub-classifiers comprises a first classifier to compare a first string associated with the location of the system to a second string associated with the second location, and to output a first comparison result, a second classifier to compare first information associated with the location of the system to second information associated with the second location, and to output a second comparison result, and a third classifier to determine a semantic location similarity between a first ontology associated with the location of the system and a second ontology associated with the second location, and to output a third comparison result.
  - 20. The system of claim 19, wherein the location policy classifier is to weight at least one of the first comparison result, the second comparison result, and the third comparison result higher than at least another of the first comparison result, the second comparison result, and the third comparison result.
  - 21. The system of claim 18, wherein the processor comprises a monitor logic to update a first security policy associated with a first location responsive to analysis of user interaction with the system at the first location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Goss, Nathaniel J., Heldt-Sheller, Nathan, Wells, Kevin C., Sheller, Micah J., Pandian, Sindhu, Smith, Ned M., Keany, Bernard N.
Primary Examiner(s)
McNally, Michael S

Application Number

US14/580,517
Publication Number

US 20160180093A1
Time in Patent Office

819 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 21/629   to features or functions of...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/107   wherein the security polici...

Provisioning location-based security policy

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Provisioning location-based security policy

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others