System, method, and computer program product for conditionally allowing access to data on a device based on a location of the device

US 8,782,084 B2
Filed: 03/31/2009
Issued: 07/15/2014
Est. Priority Date: 03/31/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A computer program product embodied on a non-transitory medium for performing operations, comprising:

initiating a data loss prevention (DLP) system provided on a device, the DLP system configured for preventing data leakage associated with personally identifying data associated with passwords specific to a user of the device, wherein the data is stored in a secured portion of a memory of the device in an encrypted form;

determining a location of the device, which is configured for storing data, using a core location framework that is built into a core services layer of an operating system of the device, wherein the core location framework is configured to determine the location of the device based upon received signal information indicative of the location of the device;

when the location of the device is determined;

comparing the location to a list of predetermined geographic locations for which access to the data of the device is allowed, wherein the list includes specific buildings for which access to the data of the device is to be allowed;

identifying a particular time of day for which access to the data is being requested; and

allowing access to the data by decrypting the data from the secured portion of the memory, based on determining that the location is secure, and based on identifying that the particular time of day is authorized for accessing the data; and

when the location of the device is not determined;

requesting a predetermined key from the user;

determining a correctness of the predetermined key from the user by comparing the predetermined key from the user to a predetermined key determined by the DLP system to indicate that the predetermined key from the user is correct;

allowing access to the data by decrypting the data from the secured portion of the memory based on determining that the predetermined key from the user is correct, and based on identifying that the particular time of day is authorized for accessing the data; and

blocking access to the data in response to determining that the predetermined key from the user is not correct and determining whether a number of times the user has incorrectly entered the predetermined key exceeds a threshold.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for conditionally allowing access to data on a device based on a location of the device. In use, a location of a device storing data is identified. Furthermore, access to the data is conditionally allowed, based on the location.

19 Citations

View as Search Results

17 Claims

1. A computer program product embodied on a non-transitory medium for performing operations, comprising:
- initiating a data loss prevention (DLP) system provided on a device, the DLP system configured for preventing data leakage associated with personally identifying data associated with passwords specific to a user of the device, wherein the data is stored in a secured portion of a memory of the device in an encrypted form;
  
  determining a location of the device, which is configured for storing data, using a core location framework that is built into a core services layer of an operating system of the device, wherein the core location framework is configured to determine the location of the device based upon received signal information indicative of the location of the device;
  
  when the location of the device is determined;
  
  comparing the location to a list of predetermined geographic locations for which access to the data of the device is allowed, wherein the list includes specific buildings for which access to the data of the device is to be allowed;
  
  identifying a particular time of day for which access to the data is being requested; and
  
  allowing access to the data by decrypting the data from the secured portion of the memory, based on determining that the location is secure, and based on identifying that the particular time of day is authorized for accessing the data; and
  
  when the location of the device is not determined;
  
  requesting a predetermined key from the user;
  
  determining a correctness of the predetermined key from the user by comparing the predetermined key from the user to a predetermined key determined by the DLP system to indicate that the predetermined key from the user is correct;
  
  allowing access to the data by decrypting the data from the secured portion of the memory based on determining that the predetermined key from the user is correct, and based on identifying that the particular time of day is authorized for accessing the data; and
  
  blocking access to the data in response to determining that the predetermined key from the user is not correct and determining whether a number of times the user has incorrectly entered the predetermined key exceeds a threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The computer program product of claim 1, wherein the device includes a mobile device.
  - 3. The computer program product of claim 2, wherein the mobile device includes a mobile phone.
  - 4. The computer program product of claim 1, wherein the data includes predetermined data.
  - 5. The computer program product of claim 4, wherein the predetermined data includes data predetermined to be protected from unauthorized access.
  - 6. The computer program product of claim 1, wherein the computer program product is operable such that the location of the device is identified utilizing a global positioning system of the device.
  - 7. The computer program product of claim 1, wherein the location includes a geographical area at which the device is located.
  - 8. The computer program product of claim 7, wherein the geographical area includes an address.
  - 9. The computer program product of claim 1, wherein the computer program product is operable such that the predetermined locations are configured by an administrator.
  - 10. The computer program product of claim 9, wherein the computer program product is operable such that the administrator configures the predetermined locations by selecting an area on a graphical user interface depicting a map.
  - 11. The computer program product of claim 1, wherein the computer program product is operable such that the access to the data is prevented if the location is outside of a predetermined location.
  - 12. The computer program product of claim 1, wherein the computer program product is operable such that the access to the data is allowed by automatically decrypting the data.
  - 13. The computer program product of claim 1, wherein the computer program product is operable such that the access to the data is allowed by transmitting a key for decrypting the data to the device via a network.
  - 14. The computer program product of claim 1, wherein the computer program product is operable such that the data loss prevention system of the device conditionally allows the access to the data.

15. A method, comprising:
- initiating a data loss prevention (DLP) system provided on a device, the DLP system configured for preventing data leakage associated with personally identifying data associated with passwords specific to a user of the device, wherein the data is stored in a secured portion of a memory of the device in an encrypted form;
  
  determining a location of the device, which is configured for storing data, using a core location framework that is built into a core services layer of an operating system of the device, wherein the core location framework is configured to determine the location of the device based upon received signal information indicative of the location of the device;
  
  when the location of the device is determined;
  
  comparing the location to a list of predetermined geographic locations for which access to the data of the device is allowed, wherein the list includes specific buildings for which access to the data of the device is to be allowed;
  
  identifying a particular time of day for which access to the data is being requested; and
  
  allowing access to the data by decrypting the data from the secured portion of the memory, based on determining that the location is secure, and based on identifying that the particular time of day is authorized for accessing the data; and
  
  when the location of the device is not determined;
  
  requesting a predetermined key from the user;
  
  determining a correctness of the predetermined key from the user by comparing the predetermined key from the user to a predetermined key determined by the DLP system to indicate that the predetermined key from the user is correct;
  
  allowing access to the data by decrypting the data from the secured portion of the memory based on determining that the predetermined key from the user is correct, and based on identifying that the particular time of day is authorized for accessing the data; and
  
  blocking access to the data in response to determining that the predetermined key from the user is not correct and determining whether a number of times the user has incorrectly entered the predetermined key exceeds a threshold.

16. A system, comprising:
- a processor, the system being configured for;
  
  initiating a data loss prevention (DLP) system provided on a device, the DLP system configured for preventing data leakage associated with personally identifying data associated with passwords specific to a user of the device, wherein the data is stored in a secured portion of a memory of the device in an encrypted form;
  
  determining a location of the device, which is configured for storing data, using a core location framework that is built into a core services layer of an operating system of the device, wherein the core location framework is configured to determine the location of the device based upon received signal information indicative of the location of the device;
  
  when the location of the device is determined;
  
  comparing the location to a list of predetermined geographic locations for which access to the data of the device is allowed, wherein the list includes specific buildings for which access to the data of the device is to be allowed;
  
  identifying a particular time of day for which access to the data is being requested; and
  
  allowing access to the data by decrypting the data from the secured portion of the memory, based on determining that the location is secure, and based on identifying that the particular time of day is authorized for accessing the data; and
  
  when the location of the device is not determined;
  
  requesting a predetermined key from the user;
  
  determining a correctness of the predetermined key from the user by comparing the predetermined key from the user to a predetermined key determined by the DLP system to indicate that the predetermined key from the user is correct;
  
  allowing access to the data by decrypting the data from the secured portion of the memory based on determining that the predetermined key from the user is correct, and based on identifying that the particular time of day is authorized for accessing the data; and
  
  blocking access to the data in response to determining that the predetermined key from the user is not correct and determining whether a number of times the user has incorrectly entered the predetermined key exceeds a threshold.
- View Dependent Claims (17)
- - 17. The system of claim 16, wherein the processor is coupled to a memory via a bus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Cambridge, Rodney Derrick, Dyton, Jonathan
Primary Examiner(s)
Bullock, Jr., Lewis A
Assistant Examiner(s)
Huynh, Tina

Application Number

US12/415,653
Publication Number

US 20130246465A1
Time in Patent Office

1,932 Days
Field of Search

705/57, 707783-788
US Class Current

707/781
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/20   for managing network securi...

H04M 1/72457   according to geographic loc...

H04M 1/724631   by limiting the access to t...

H04W 12/08   Access security

H04W 4/021   Services related to particu...

System, method, and computer program product for conditionally allowing access to data on a device based on a location of the device

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and computer program product for conditionally allowing access to data on a device based on a location of the device

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links