Geographically based access management for internet of things device data
First Claim
1. A method comprising:
- receiving from a requesting device a request to access data collected by a device;
selecting an access policy based, at least in part, on an identifier for the device, wherein selecting the access policy based, at least in part, on the identifier for the device comprises,determining a type of the device;
retrieving an access policy template from a plurality of access policy templates based, at least in part, on the type of the device; and
modifying the access policy template with information from an account to create the access policy;
determining whether the requesting device is located within a first geographical area indicated by the access policy; and
in response, at least in part, to a determination that the location is within the first geographical area, responding to the request with the data.
1 Assignment
0 Petitions
Accused Products
Abstract
The proliferation of IOT devices has led to an increase in sensitive, cloud-stored data. To provide further protection, IOT device data may be secured by geographically based access controls as a supplement to or in place of traditional password protection. A geographically based access control restricts data accessibility to designated geographical areas. In this manner, a requesting device may not access geo-fence protected IOT device data unless the requesting device is located within a designated geographical area. Geo-fence parameters utilized for creation of a geo-fence policy may be pre-specified or generated based on operating conditions. For example, a user may provide location data, such as an address or geographical coordinate, and a radial distance from the location for which data access is permissible. Additionally, geo-fence parameters can be automatically determined based on criteria such as an IOT device type or data usage characteristics.
44 Citations
18 Claims
-
1. A method comprising:
-
receiving from a requesting device a request to access data collected by a device; selecting an access policy based, at least in part, on an identifier for the device, wherein selecting the access policy based, at least in part, on the identifier for the device comprises, determining a type of the device; retrieving an access policy template from a plurality of access policy templates based, at least in part, on the type of the device; and modifying the access policy template with information from an account to create the access policy; determining whether the requesting device is located within a first geographical area indicated by the access policy; and in response, at least in part, to a determination that the location is within the first geographical area, responding to the request with the data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more non-transitory machine-readable media having program code for providing geographically based access controls stored therein, the program code to:
-
in response to a request from a requesting device to access data, determine a plurality of devices that collected the data; determine geographic restrictions defined for the data based, at least in part, on device types of the plurality of devices, wherein the program code to determine the geographic restrictions comprises program code to, retrieve location restriction templates based, at least in part, on the device types; and determine the geographic restrictions based on the location restriction templates; determine which of the geographic restrictions are satisfied by a location of the requesting device; and provide portions of the data corresponding to the satisfied geographic restrictions. - View Dependent Claims (10)
-
-
11. An apparatus comprising:
-
a processor; and a non-transitory machine-readable medium having program code executable by the processor to cause the apparatus to, receive from a requesting device a request to access data collected by a device; select an access policy based, at least in part, on an identifier for the device, wherein the program code executable by the process to cause the apparatus to select the access policy based, at least in part, on the identifier for the device comprises program code executable by the process to cause the apparatus to, determine a type of the device; retrieve an access policy template from a plurality of access policy templates based, at least in part, on the type of the device; and modify the access policy template with information from an account to create the access policy; determine whether the requesting device is located within a first geographical area indicated by the access policy; and in response, at least in part, to a determination that the location is within the first geographical area, respond to the request with the data. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification