Embodiments of the disclosure are related to enforcing a policy on a computing device, or a companion device, based upon its proximity to another computing device, or an anchor device. In one example, the anchor device and companion device can report their location with respect to one another to a p
Embodiments of the disclosure are related to enforcing a policy on a computing device, or a companion device, based upon its proximity to another computing device, or an anchor device. In one example, the anchor device and companion device can report their location with respect to one another to a policy server. The policy server can determine whether the anchor device and proximity device are in proximity to one another as well as determine whether a policy should be applied to the companion device based upon whether it is in proximity to the anchor device.
대표청구항▼
1. A non-transitory computer-readable medium embodying program code being configured to allow remote application of a policy that controls the type of authentication to be used between devices under a device management system, the program code being executable in a computing device, the program code
1. A non-transitory computer-readable medium embodying program code being configured to allow remote application of a policy that controls the type of authentication to be used between devices under a device management system, the program code being executable in a computing device, the program code being configured to cause the computing device to at least: obtain, remotely at a policy server, a first location indication associated with an anchor device, the first location indication being at least one of a geographic location or a network location of the anchor device;obtain, remotely at the policy server, a second location indication associated with a companion device, the second location indication being at least one of a geographic location or a network location of the companion device;identify, on the policy server, a policy stored in a data store that associates the anchor device and the companion device, the policy specifying a security requirement that when the first location and the second location are within a proximity, the companion device can be accessed using a reduced authentication, and when the first location and the second location are not within the proximity, the companion device cannot be accessed using the reduced authentication;determine whether the policy is violated based at least in part upon the first location indication and the second location indication; andissue a command to the companion device from the policy server in response to a determination that the policy is violated based at least in part upon the first location indication and the second location indication, the command requiring that the companion device be accessed in accordance with the security requirement, wherein the policy server operates as part of the device management system to vary and control the types of authorization required between a plurality of anchor devices and companion devices. 2. The non-transitory computer-readable medium of claim 1, wherein the policy further specifies a restriction on a capability with respect to launching a particular application by the companion device. 3. The non-transitory computer-readable medium of claim 2, wherein the particular application comprises a browser application. 4. The non-transitory computer-readable medium of claim 1, wherein the first location indication or the second location indication comprises at least one of: location data obtained by a positioning system or a network address. 5. The non-transitory computer-readable medium of claim 1, wherein the policy is determined to be violated based at least in part upon the difference between the first location indication and the second location indication when the second location is determined to be more than a threshold distance from the first location. 6. The non-transitory computer-readable medium of claim 1, wherein the first location or the second location comprise at least one communication between the anchor device and the companion device using a first localized communication interface associated with the anchor device and a second localized communication interface associated with the companion device. 7. The non-transitory computer-readable medium of claim 6, wherein the first localized communication interface and the second localized communication interface comprise at least one of a Bluetooth interface, a near-field communication (NFC) interface or a radio-frequency identification (RFID) interface. 8. The non-transitory computer-readable medium of claim 1, wherein the policy further specifies a restriction on a capability comprising restricting access to content stored on the companion device. 9. The non-transitory computer-readable medium of claim 1, wherein the command comprises a command to lock a display device associated with the companion device. 10. A method for remotely applying a policy that controls the type of authentication to be used between devices under a device management system comprising: establishing, at a remote policy server, a proximity policy for selectively enforcing a restriction upon at least one of an anchor device or a companion device;transmitting a first location indicator to the policy server using a network, the first location indicator indicating a location of the companion device relative to the anchor device; andobtaining a command from the policy server or in response to the first location indicator, the command being related to a proximity of the companion device to an anchor device, the proximity being determined based upon the first location indicator, the command further specifying the restriction enforced upon at least one of the anchor device or the companion device, whereinthe restriction indicates that when the first location and the second location are within the proximity, the companion device can be accessed using a reduced authentication, and when the first location and the second location are not within the proximity, the companion device cannot be accessed using the reduced authentication, wherein the policy server operates as part of the device management system to vary and control the types of authorization required between a plurality of anchor devices and companion devices. 11. The method of claim 10, wherein the command specifies a restriction with respect to executing a particular application installed on the companion device. 12. The method of claim 11, wherein the restriction disables launching of the particular application. 13. The method of claim 10, wherein the command enables a functionality of the companion device in response to the first location indicator. 14. The method of claim 10, wherein the command disables a networking capability of the companion device. 15. The method of claim 10, wherein the command is obtained further in response to a second location indicator associated with the anchor device. 16. A method for remotely applying a policy that controls the type of authentication to be used between devices under a device management system, comprising: obtaining, remotely in a policy server, a first location indicator corresponding to a location of a first computing device relative to a second computing device;determining, in the policy server, whether a policy is associated with the first computing device and the second computing device, the policy specifying a security requirement associated with the first computing device based upon a proximity of the first computing device to the second computing device, the security requirement indicating that when the first location and the second location are within the proximity, the first computing device can be accessed using a reduced authentication, and when the first location and the second location are not within the proximity, the first computing device cannot be accessed using the reduced authentication;determining, in the policy server, whether the first computing device complies with the policy based upon the proximity; andissuing, remotely from the policy server, a command specified by the policy, wherein the policy server operates as part of the device management system to vary and control the types of authorization required between a plurality of first computing devices and second computing devices. 17. The method of claim 16, wherein the first location indicator comprises an indication that the first computing device is outside of a communication range of a localized communication interface of the first computing device. 18. The method of claim 16, wherein the command disables a communication interface associated with the first computing device. 19. The method of claim 16, wherein the command disables a particular application installed on the first computing device. 20. A system for remotely changing the authentication types required between devices under a device management system based on proximity, comprising: a first computing device;a second computing device; anda policy server that is remote to the first computing device and remote to the second computing device, wherein: the policy server stores a profile with a security restriction, the security restriction indicating that when the second computing device is not within the proximity to the first computing device, the first computing device must be accessed using additional authentication;the policy server issues a command to the first computing device requiring the additional authentication when the first computing device is not within the proximity of the second computing device; andthe policy server varies and controls the types of authorization required between a plurality of first computing devices and second computing devices. 21. A system for changing authentication types based on proximity, comprising: a first computing device; anda second computing device, wherein: the first computing device receives a profile with a security restriction from a remote policy server, the remote policy server storing a plurality of different profiles for controlling authentication types between devices under a device management system,the first computing device determines a proximity between the first computing device and the second computing device;the first computing device accesses the profile with the security restriction, the security restriction indicating that when the second computing device is within the proximity to the first computing device, the first computing device can be accessed using a reduced authentication; andthe first computing device detects the proximity with the second computing device and allows access using the reduced authentication.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (92)
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Administration of protection of data accessible by a mobile device.
Bhaskaran,Harikrishnan, Communication system and method for compressing information sent by a communication device to a target portable communication device.
Lee, Woo Jae; Bertz, Lyle T.; Perez, Cesar; Dreiling, Ryan Patrick; Cole, Jason D., Conserving bandwidth by restricting videos communicated in a wireless telecommunications network.
Johnson, David Nephi; Nielson, Dustin Lance; Griffis, Jr., Jerry E.; Beus, David Kent; Jensen, Nathan Blaine; Street, William; Sherman, Paul Erik; Cook, Michael William; Carter, Stephen R, Credential mapping.
Mendez, Daniel J.; Riggins, Mark D.; Wagle, Prasad; Bui, Hong Q.; Ng, Mason; Quinlan, Sean Michael; Ying, Christine C.; Zuleeg, Christopher R.; Cowan, David J.; Aptekar-Strober, Joanna A.; Bailes, R. Stanley, Global server for authenticating access to remote services.
Craft, David John; Dubey, Pradeep K.; Hofstee, Harm Peter; Kahle, James Allan, Method and system for controlled distribution of application code and content data within a computer network.
Craft, David John; Dubey, Pradeep K.; Hofstee, Harm Peter; Kahle, James Allan, Method and system for controlled distribution of application code and content data within a computer network.
Maurya, Sanjiv; Tse, Benson Wei-Ming; VanZile, Frank; Bonham, Larry Dean; Peterson, Phil; Friend, John, Method and system for distributing and updating software in wireless devices.
Ellis, Richard Donald; Newcombe, Christopher Richard; Jones, Paul David; Birum, Derrick Jason; Dunkle, Harold Michael; Thompson, Mikel Howard, Method and system for granting access to system and content.
Bruton, III, David Aro; Overby, Jr., Linwood H.; Rodriguez, Adolfo Francisco, Methods, systems and computer program products for selectively allowing users of a multi-user system access to network resources.
Laird,David; Jones,Martin Kelly, Notification systems and methods enabling user entry of notification trigger information based upon monitored mobile vehicle location.
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Protection of data accessible by a mobile device.
Mann, Dwayne R.; Heard, Robert W.; Burchett, Christopher D.; Gordon, Ian R., Server, computer memory, and method to support security policy maintenance and distribution.
Wolovitz, Lionel; Collins, Tim, Service management system and associated methodology of providing service related message prioritization in a mobile client.
Ng, Mason; Mendez, Daniel J.; Quinlan, Sean Michael, System and method for automatically forwarding email and email events via a computer network to a server computer.
Heard, Robert W.; Mann, Dwayne R.; Burchett, Christopher D.; Gordon, Ian R., System and method for distribution of security policies for mobile devices.
Riggins Mark D. ; Bailes R. Stanley ; Bui Hong O. ; Cowan David I. ; Mendez Daniel I. ; Ng Mason ; Quinlan Sean Michael ; Wagle Prasad ; Ying Christine C. ; Zuleeg Christopher R. ; Aptekar-Strober Jo, System and method for globally accessing computer services.
Mendez, Daniel J.; Riggins, Mark D.; Wagle, Prasad; Bui, Hong Q.; Ng, Mason; Quinlan, Sean Michael; Ying, Christine C.; Zuleeg, Christopher R.; Cowan, David J.; Aptekar-Strober, Joanna A.; Bailes, R., System and method for globally and securely accessing unified information in a computer network.
Mendez,Daniel J.; Riggins,Mark D.; Wagle,Prasad; Bui,Hong Q.; Ng,Mason; Quinlan,Sean Michael; Ying,Christine C.; Zuleeg,Christopher R.; Cowan,David J.; Aptekar Strober,Joanna A.; Bailes,R. Stanley, System and method for globally and securely accessing unified information in a computer network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for securely synchronizing multiple copies of a workspace element in a network.
Ng Mason ; Quinlan Sean Michael ; Ruan Tom ; Mendez Daniel J. ; Zhu Jing ; Cheng ; Jr. Martin ; Williams Matt ; Riggins Mark D., System and method for updating a remote database in a network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for using a global translator to synchronize workspace elements across a network.
Piccionelli, Greg A.; Rittmaster, Ted R., System and process for limiting distribution of information on a communication network based on geographic location.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.