Geofencing of data in a cloud-based environment
First Claim
Patent Images
1. A method for managing access to data, the method comprising:
- configuring a geographic region for a data item, wherein the geographic region identifies a geographic location for which access is grantable to the data item, and the data item is encrypted in association with location information that corresponds to the geographic region;
receiving a request to access the data item;
determining whether to grant access to the data item by considering a role of a requestor, wherein the geographic location for which access is grantable to the data item is expanded for a higher level role or is contracted for a lower level role;
identifying a location associated with the request to access the data item;
using information pertaining to the location to attempt to decrypt the data item, where the data item is decryptable only if the location corresponds to the geographic location for which access is permitted to the data item; and
providing the data item in response to the request if the data item can be decrypted using the information pertaining to the location of the request.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is an approach to incorporate geographical access control features for a cloud-based storage platform. This allows, for example, enterprise administrators to define geographical areas (geofences) with arbitrary precision within which content access can be applied to items of data.
22 Citations
30 Claims
-
1. A method for managing access to data, the method comprising:
-
configuring a geographic region for a data item, wherein the geographic region identifies a geographic location for which access is grantable to the data item, and the data item is encrypted in association with location information that corresponds to the geographic region; receiving a request to access the data item; determining whether to grant access to the data item by considering a role of a requestor, wherein the geographic location for which access is grantable to the data item is expanded for a higher level role or is contracted for a lower level role; identifying a location associated with the request to access the data item; using information pertaining to the location to attempt to decrypt the data item, where the data item is decryptable only if the location corresponds to the geographic location for which access is permitted to the data item; and providing the data item in response to the request if the data item can be decrypted using the information pertaining to the location of the request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product, embodied in a non-transitory computer readable medium, the non-transitory computer readable medium having stored thereon a sequence of instructions which, when executed by a processor causes the processor to execute a process, the process comprising:
-
configuring a geographic region for a data item, wherein the geographic region identifies a geographic location for which access is grantable to the data item, and the data item is encrypted in association with location information that corresponds to the geographic region; receiving a request to access the data item; determining whether to grant access to the data item by considering a role of a requestor, wherein the geographic location for which access is grantable to the data item is expanded for a higher level role or is contracted for a lower level role; identifying a location associated with the request to access the data item; using information pertaining to the location to attempt to decrypt the data item, where the data item is decryptable only if the location corresponds to the geographic location for which access is permitted to the data item; and providing the data item in response to the request if the data item can be decrypted using the information pertaining to the location of the request. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system for managing access to data, the system comprising:
-
a processor; a memory comprising a computer program product, embodied in a non-transitory computer readable medium, the non-transitory computer readable medium having stored thereon a sequence of instructions which, when executed by the processor causes the processor to execute a process, the process comprising; configuring a geographic region for a data item, wherein the geographic region identifies a geographic location for which access is grantable to the data item, and the data item is encrypted in association with location information that corresponds to the geographic region; receiving a request to access the data item; determining whether to grant access to the data item by considering a role of a requestor, wherein the geographic location for which access is grantable to the data item is expanded for a higher level role or is contracted for a lower level role; identifying a location associated with the request to access the data item; using information pertaining to the location to attempt to decrypt the data item, where the data item is decryptable only if the location corresponds to the geographic location for which access is permitted to the data item; and providing the data item in response to the request if the data item can be decrypted using the information pertaining to the location of the request. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification