Location-based access control in a data network
First Claim
Patent Images
1. A method comprising:
- establishing a network connection with a network infrastructure by a client device;
identifying location sensitive data which requires at least one access parameter to access the location sensitive data, wherein the location sensitive data is located on the client device, and wherein the at least one access parameter is based on a physical location and defines a region of allowed use;
receiving location information of the client device from a source providing the location information, wherein the source providing the location information is separate from the client device;
determining that a level of trustworthiness of the source providing the location information is below a predefined threshold;
determining, at least in part by one or more packet relaying devices, a first physical location of the client device without trusting the location information provided by the source based upon, at least in part, determining that the level of trustworthiness of the source is below a threshold, and wherein the first physical location is within the region of allowed use;
generating, by a network infrastructure device, a first set of access parameters based, at least in part, on the first physical location determined without trusting the location information provided by the source;
transmitting the first set of access parameters to the client device, wherein the client device is at the determined first physical location;
enabling the client device to access the location sensitive data by utilizing, at least in part, the first set of access parameters;
receiving, at subsequent intervals of time, the location information of the client device from the source providing the location information;
determining, at least in part by one or more packet relaying devices, one or more subsequent physical locations of the client device without trusting the location information provided by the source based upon, at least in part, determining that the level of trustworthiness of the source is below the threshold, and wherein the one or more subsequent physical locations are within the region of allowed use;
generating, by a network infrastructure device, a second set of access parameters based, at least in part, on the one or more subsequent physical locations determined without trusting the location information provided by the source;
transmitting the second set of access parameters to the client device, wherein the client device is at the one or more determined subsequent physical locations;
enabling the client device to maintain access to the location sensitive data by utilizing, at least in part, the second set of access parameters;
determining, at least in part by one or more packet relaying devices, whether the client device is outside the region of allowed use; and
denying access to the location sensitive data on the client device, if the client device is determined to be outside the region of allowed use.
7 Assignments
0 Petitions
Accused Products
Abstract
A request for network access is received from a client device at a network entry device of a network infrastructure. The network infrastructure determines a physical location of the client device and determines authorization of the client device based on the physical location. The approach can include providing the physical location along with other user credentials to an authorizing device. The method can also include determining a level of service based on the physical location. Communication for the approach can make use of the IEEE 802.1X protocol.
235 Citations
20 Claims
-
1. A method comprising:
-
establishing a network connection with a network infrastructure by a client device; identifying location sensitive data which requires at least one access parameter to access the location sensitive data, wherein the location sensitive data is located on the client device, and wherein the at least one access parameter is based on a physical location and defines a region of allowed use; receiving location information of the client device from a source providing the location information, wherein the source providing the location information is separate from the client device; determining that a level of trustworthiness of the source providing the location information is below a predefined threshold; determining, at least in part by one or more packet relaying devices, a first physical location of the client device without trusting the location information provided by the source based upon, at least in part, determining that the level of trustworthiness of the source is below a threshold, and wherein the first physical location is within the region of allowed use; generating, by a network infrastructure device, a first set of access parameters based, at least in part, on the first physical location determined without trusting the location information provided by the source; transmitting the first set of access parameters to the client device, wherein the client device is at the determined first physical location; enabling the client device to access the location sensitive data by utilizing, at least in part, the first set of access parameters; receiving, at subsequent intervals of time, the location information of the client device from the source providing the location information; determining, at least in part by one or more packet relaying devices, one or more subsequent physical locations of the client device without trusting the location information provided by the source based upon, at least in part, determining that the level of trustworthiness of the source is below the threshold, and wherein the one or more subsequent physical locations are within the region of allowed use; generating, by a network infrastructure device, a second set of access parameters based, at least in part, on the one or more subsequent physical locations determined without trusting the location information provided by the source; transmitting the second set of access parameters to the client device, wherein the client device is at the one or more determined subsequent physical locations; enabling the client device to maintain access to the location sensitive data by utilizing, at least in part, the second set of access parameters; determining, at least in part by one or more packet relaying devices, whether the client device is outside the region of allowed use; and denying access to the location sensitive data on the client device, if the client device is determined to be outside the region of allowed use. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
one or more packet relaying devices, each packet relaying device comprising a processor and a memory, the one or more packet relaying devices configured to; establish a network connection with a network infrastructure by a client device;
identify location sensitive data which requires at least one access parameter to access the location sensitive data, wherein the location sensitive data is located on the client device, and wherein the at least one access parameter is based on a physical location and defines a region of allowed use;receive location information of the client device from a source providing the location information, wherein the source providing the location information is separate from the client device; determine that a level of trustworthiness of the source providing the location information is below a predefined threshold; determine a first physical location of the client device without trusting the location information provided by the source based upon, at least in part, determining that the level of trustworthiness of the source is below a threshold, and wherein the first physical location is within the region of allowed use; generate a first set of access parameters based, at least in part, on the first physical location determined without trusting the location information provided by the source;
transmit the first set of access parameters to the client device, wherein the client device is at the determined first physical location;receive, at subsequent intervals of time, the location information of the client device from the source providing the location information; determine one or more subsequent physical locations of the client device without trusting the location information provided by the source based upon, at least in part, determining that the level of trustworthiness of the source is below the threshold, and wherein the one or more subsequent physical locations are within the region of allowed use; if the subsequent physical location of the client device necessitates a second set of access parameters; generate the second set of access parameters based, at least in part, on the one or more subsequent physical locations determined without trusting the location information provided by the source; transmit the second set of access parameters to the client device, wherein the client device is at the one or more determined subsequent physical locations; enable the client device to maintain access to location sensitive data in accordance with one of the first set of access parameters and the second set of access parameters; determine whether the client device is outside the region of allowed use; and deny access to the location sensitive data on the client device if the client device is determined to be outside the region of allowed use. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. An article of manufacture comprising a non-transitory machine-readable medium that stores executable instruction signals that cause a machine to perform operations comprising:
-
establishing a network connection with a network infrastructure by a client device; identifying location sensitive data which requires at least one access parameter to access the location sensitive data, wherein the location sensitive data is located on the client device, and wherein the at least one access parameter is based on a physical location and defines a region of allowed use; receiving location information of the client device from a source providing the location information, wherein the source providing the location information is separate from the client device; determining that a level of trustworthiness of the source providing the location information is below a predefined threshold; determining a first physical location of the client device without trusting the location information provided by the client device source based upon, at least in part, determining that the level of trustworthiness of the source is below a threshold, and wherein the first physical location is within the region of allowed use; generating a first set of access parameters based, at least in part, on the first physical location determined without trusting the location information provided by the source; transmitting the first set of access parameters to the client device, wherein the client device is at the determined first physical location; receiving, at subsequent intervals of time, the location information of the client device from the source providing the location information; determining one or more subsequent physical locations of the client device without trusting the location information provided by the source based upon, at least in part, determining that the level of trustworthiness of the source is below the threshold, and wherein the one or more subsequent physical locations are within the region of allowed use; if the subsequent physical location of the client device necessitates a second set of access parameters; generating the second set of access parameters based, at least in part, on the one or more subsequent physical locations determined without trusting the location information provided by the source; transmitting the second set of access parameters to the client device, wherein the client device is at the one or more determined subsequent physical locations; enabling the client device to maintain access to location sensitive data in accordance with one of the first set of access parameters and the second set of access parameters; determining whether the client device is outside the region of allowed use; and denying access to the location sensitive data on the client device if the client device is determined to be outside the region of allowed use. - View Dependent Claims (18, 19, 20)
-
Specification