Browse Prior Art Database

Mandate encryption based on geographic location data

IP.com Disclosure Number: IPCOM000237204D
Publication Date: 2014-Jun-08
Document File: 2 page(s) / 20K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method for performing mandated encryption based on geographic location data is disclosed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

Mandate encryption based on geographic location data

Disclosed is a method for performing mandated encryption based on geographic location data.

System administrators need more flexibility in configuration encryption policy in complex environments. System administrators can make decisions on when to encrypt sensitive data in several ways. They can ensure all connections to a particular web page are encrypted, such as by using Secure Sockets Layer (SSL). They can pre-configure encryption between two systems using Internet Protocol Security (IPSec). They can unilaterally encrypt data exported from a particular share, but this is not granular enough. Encryption is expensive and slow and error prone. Therefore, system administrators may also want to mandate encryption based on other factors, such as the location of a user accessing the information. For instance, encryption would be costly and unnecessary when transferring data across two adjacent machines on the same secure network behind a locked door. Currently, system administrators could only make decisions based on network identity, such as IP subnet information. For instance, if a user is on a private network, that connection to a server may bypass encryption for performance reasons. However, lower granularity and geographical location based solutions are needed to comply with data security policies, such as governmental and corporate policies.

Global Positioning System (GPS) location data that is more granular than IP subnet information can easily be acquired using GPS units. The geographic location of the origin of a connection can be provided to a server over the network at various points, such as when a connection is first established, periodically, etc., depending on the specific protocol. System administrators can mandate an encrypted connection based on this geographic location of a user. For example, if a user is not at a controlled or private site, the system administrator could require certain data to be encrypted. Additio...