Network authentication of a geo-fenced volume

US 9,992,195 B2
Filed: 12/13/2017
Issued: 06/05/2018
Est. Priority Date: 05/08/2015
Status: Active Grant

First Claim

Patent Images

1. A system for managing a software defined network, comprising:

a memory; and

a processor in a wireless access point hardware security device in communication with the memory, the processor configured to perform a method comprisingaccessing a user profile for a device that includes one or more network permissions based on a geographic location of the device relative to a first geo-fenced volume of the software defined network,wherein the one or more network permissions includes access to resources within the first geo-fenced volume,wherein the user profile includes the geographic location of the device and security information of a user,wherein the security information includes at least one of a biometric identify marker scan and an authentication identifier of the user,wherein the biometric identity markers scan is selected from the group consisting of a retinal scan and a fingerprint scan,wherein the authentication identifier is selected from the group consisting of badge access and guarded entries,reconfiguring the one or more network permissions based on the user profile of the device,determining a first condition where the geographic location of the device is within the first geo-fenced volume,granting the one or more network permissions in response to the first condition wherein the device is within the first geo-fenced volume, andproviding physical access to the user to a second geo-fenced volume of the software defined network through a point of access based on the security information, wherein the point of access includes a locked doorway.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method for managing a software defined network using a software control layer to regulate a geo-fenced volume. The software control layer can use a Global Positioning System (GPS) including a range of latitudes, a range of longitudes and a range of altitudes. A resource within the geo-fenced volume can be assigned a location using the GPS coordinates. The resource can be managed by external applications that are operating through the software control layer. To determine an access of a device to the geo-fenced volume, the GPS coordinates, are gathered as a geographical location of the device. A user profile can be accessed to determine an access path of the user. Depending on the geographical location of the device a first condition can be generated based on the device being within the geo-fenced volume. A network permission can be granted to the device based on the first condition.

19 Citations

9 Claims

1. A system for managing a software defined network, comprising:
- a memory; and
  
  a processor in a wireless access point hardware security device in communication with the memory, the processor configured to perform a method comprisingaccessing a user profile for a device that includes one or more network permissions based on a geographic location of the device relative to a first geo-fenced volume of the software defined network,wherein the one or more network permissions includes access to resources within the first geo-fenced volume,wherein the user profile includes the geographic location of the device and security information of a user,wherein the security information includes at least one of a biometric identify marker scan and an authentication identifier of the user,wherein the biometric identity markers scan is selected from the group consisting of a retinal scan and a fingerprint scan,wherein the authentication identifier is selected from the group consisting of badge access and guarded entries,reconfiguring the one or more network permissions based on the user profile of the device,determining a first condition where the geographic location of the device is within the first geo-fenced volume,granting the one or more network permissions in response to the first condition wherein the device is within the first geo-fenced volume, andproviding physical access to the user to a second geo-fenced volume of the software defined network through a point of access based on the security information, wherein the point of access includes a locked doorway.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein the method further comprises:
    - defining the second geo-fenced volume of the software defined network;
      
      accessing the user profile for the device that includes the one or more network permissions further based on the geographic location of the device relative to the first geo-fenced volume and the second geo-fenced volume,wherein the one or more network permissions further includes access to resources within the second geo-fenced volume;
      
      determining whether the geographic location of the device is within the second geo-fenced volume; and
      
      granting the one or more network permissions in response to determining that the device is within the second geo-fenced volume.
  - 3. The system of claim 2, wherein the second geo-fenced volume is contained within the first geo-fenced volume.
  - 4. The system of claim 2, wherein the method further comprises:
    - defining the point of access to the second geo-fenced volume from the first geo-fenced volume;
      
      securing the point of access from the first geo-fenced volume to the second geo-fenced volume to prevent the user from entering the second geo-fenced volume without authenticating the user to enter the second geo-fenced volume; and
      
      granting an access permission to the device based on the user profile in response to the device being within the second geo-fenced volume.

5. A computer program product for managing a software defined network comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor in a wireless access point hardware security device to cause the processor to perform a method comprising:
- accessing a user profile for a device that includes one or more network permissions based on a geographic location of the device relative to a first geo-fenced volume of the software defined network,wherein the one or more network permissions includes access to resources within the first geo-fenced volume,wherein the user profile includes the geographic location of the device and security information of a user,wherein the security information includes at least one of a biometric identify marker scan and an authentication identifier of the user,wherein the biometric identity markers scan is selected from the group consisting of a retinal scan and a fingerprint scan,wherein the authentication identifier is selected from the group consisting of badge access and guarded entries;
  
  reconfiguring the one or more network permissions based on the user profile of the device;
  
  determining a first condition where the geographic location of the device is within the first geo-fenced volume;
  
  granting the one or more network permissions in response to the first condition wherein the device is within the first geo-fenced volume; and
  
  providing physical access to the user to a second geo-fenced volume of the software defined network through a point of access based on the security information, wherein the point of access includes a locked doorway.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The computer program product of claim 5, wherein the granting comprises:
    - accessing the security information of the user profile; and
      
      determining an access path of the device using the security information of the user profile.
  - 7. The computer program product of claim 6, wherein the granting further comprises authenticating the user by using the biometric identity marker scan of the user.
  - 8. The computer program product of claim 6, wherein the granting further comprises authenticating the user by using the authentication identifier of the user.
  - 9. The computer program product of claim 6, wherein the access path of the device includes service injections based on the security information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Barillaud, Franck, Cho, Insoo, Christiani, Daniel M., Thill, Mark R., Zhang, David S.
Primary Examiner(s)
Shaifer Harriman, Dant B

Application Number

US15/839,895
Publication Number

US 20180103035A1
Time in Patent Office

174 Days
Field of Search

726 4
US Class Current
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 41/0813   characterised by the condit...

H04L 41/40   using virtualisation of net...

H04L 63/0861   using biometrical features,...

H04L 63/107   wherein the security polici...

H04L 67/306   User profiles

H04W 12/069   using certificates or pre-s...

H04W 12/088   using filters or firewalls

H04W 4/021   Services related to particu...

H04W 4/50   Service provisioning or rec...

Network authentication of a geo-fenced volume

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Network authentication of a geo-fenced volume

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links