ORGANIZATIONAL ASSETS/DEVICES AND CONTROLLING ACCESS TO ORGANIZATIONAL NETWORK

BACKGROUND Technical Field of Invention

[001] The embodiments herein generally relate to a field of securing organizational assets/devices and particularly relate to a system and method for securing organizational assets/devices. The embodiments herein more particularly relate to a system and method for securing organizational assets/devices when working outside of organization network and controlling access to organizational network.

Description of Related Art

[002] A number of control, monitoring, and/or security systems, products, and services, are available in the marketplace today, which allows individuals, businesses, or other entities, to control, monitor, and/or to secure, their offices, businesses, and/or premises. Many of these systems, products, and services, also allow or facilitate the use of the same via the Internet and/or the World Wide Web. While these systems, products, and services, can prove to be valuable and convenient in accomplishing their intended goals, there are number of problems associated with the same.

[003] There are huge security data breaches within the organization and we do not know if the data is being viewed by anyone else than intended.

[004] Organizations need to provide seamless work environment to its associates. There are mechanisms to tamper the GPS signals in multiple ways and in some cases; GPS signals might not be available/intermittent. Also, there are inherent limitations with VPN connections, since the refresh token has a delay. And enabling working offline with an asset also becomes critical in order to create a secure seamless work environment.

[005] There is no secured system proposed in the art for enabling associates/employees to work offline with an asset, like any computing device. Further, there is no system proposed in the art to create a secure seamless work environment.

[006] In order to prevent the data leakage and ensure security of the devices, the system will need to be equipped with the advised physical device and the software to enable connection/disconnection of the organization networks.

[007] In view of the foregoing, there is a need to provide a method and system for a secured seamless work environment. There is also a need to provide a physical device/dongle along with relevant software instructions, which work with help of GPS transmitter/receiver, motion sensor and/or VPN connection(s) or any other type of pairing via the asset to enable accesses to the organization network and/or asset(s). Further, there is also a need to provide a method and system for enabling associates to work from remote locations/non-office locations, as allowed by the organization and still mitigate the risk of the potential data breaches, if any. Further, there is also need for a system to track movement of the organization asset(s); and generate reports based on GPS locations.

[008] The above-mentioned shortcomings, disadvantages and problems are addressed herein, as detailed below.

SUMMARY OF THE INVENTION

[009] The primary object of the embodiments herein is to provide a system for securing organizational assets/devices. [0010] Another object of the embodiments herein is to provide a method and system for controlling access of the said organizational assets/devices to the organizational network. [0011] Yet another object of the embodiments herein is to provide a device connected to each of the organizational asset/device for recording location coordinates.

[0012] Yet another object of the embodiments herein is to provide a device, connected to each of the organizational assets for detecting physical movement of the said assets within environment.

[0013] Yet another object of the embodiments herein is to define a set of rules for the device connected to each of the organizational assets/devices to enable offline and online connection and disconnection to the network.

[0014] Yet another object of the embodiments herein is to provide a dongle like physical device to enable secured connection to the organization network, typically a plug-and-play device.

[0015] The various embodiments herein provide a system for securing organizational assets/devices and controlling access to organizational network. The said system comprises a plurality of organizational assets/devices, a dongle connected to each of the organizational asset/device, an organizational network comprising at-least one policy server for storing plurality of rules/polices for providing/approving access to the target asset/device connected with the said dongle.

[0016] According to an embodiment herein, the plurality of organizational assets/devices are any of the electronic computing devices such as but not limited to one or more personal computers, one or more laptops, one or more PDAs, one or more tablets, and one or more servers.

[0017] According to an embodiment herein, the said dongle comprises a GPS receiver/transmitter for recording location co-ordinates of the dongle within an environment, a motion sensor for detecting physical movement of the said asset/device within an environment, a memory chip/card 25 for storing one or more instructions and one or more processors, in combination or individual for processing plurality of instructions stored in the said memory chip/card.

[0018] According to an embodiment herein, the said processor ensures all the computations are carried out and instructions passed on in a computer readable format for the software component to function. The said components (including GPS receiver/transmitter, memory, processor and motion sensor) can co-exist within the same device or the components may be standalone or assembled in possible combinations as appropriate. The interaction of these components is key, within the disclosed art. The connection with the asset can be through any of the component or combination of components.

[0019] According to an embodiment herein, the said polices/rules are derived based on the GPS locations/co-ordinates of the dongles connected to each of the said assets/devices; and a policy based decision, implemented within the network or elsewhere such as but not limited to cloud or at an individual profile level maintained within the said organization network or elsewhere such as but not limited to a cloud. Further, the information stored in the policy server is retrieved every time, when a connection is attempted, against the credentials provided for the access of the target asset/device.

[0020] According to an embodiment herein, each of the said organizational asset/device is installed with a dedicated client application typically a software program for establishing connection between the organizational asset/device and the said dongle.

[0021] According to an embodiment herein, the said dongle is connected to the organizational asset/device through a USB or a micro USB or wirelessly through any of the technologies such as but limited to Bluetooth, Wi-Fi, NFC, and Li-Fi. [0022] According to an embodiment herein, a dedicated software program/component/firmware is pre-installed in the said dongle for establishing a connection between the organizational asset/device and the said dongle.

[0023] According to an embodiment herein, the plurality of rules stored in the policy server are executed based the on the defined GPS locations and approved ranges. The said plurality of rules is defined for offline and online connection and disconnection, and also in the absence of the said GPS signal.

[0024] According to an embodiment herein, the said plurality of rules/polices stored in the policy server are encrypted and any attempt to overwrite the said system, results in disabling the asset/device, dongle and/or combination thereof.

[0025] According to an embodiment herein, the said motion sensor attempts to detect for the physical movement of the said asset/device within an environment, in the absence of the GPS signal. Further, the said motion sensor attempts for pre-configured number of attempts, and in case of failure, disconnection rules are triggered.

[0026] According to an embodiment herein, the said disconnection rules are not limited to actions defined within the asset/device, but also include sending additional alerts outside the said system and/or to the people or other resources. Further, additional devices, such as but not limited to memory chip/card and cloud storage are updated as part of disconnection process.

[0027] According to an embodiment herein, the said software program/component/firmware is enhanced to capture additional data points such as but not limited to, the GPS locations, mode of access, and statistics of network used to connect. [0028] According to an embodiment herein, the additional reports pertaining to asset/device and the user behavior are generated at pre-determined intervals. [0029] According to an embodiment herein, the said dongle further comprises a power source comprising a battery pack for storing required energy or a socket for connecting to an external power supply, a self powered mechanism, additional memory and processors. [0030] According to an embodiment herein, the GPS transmitter/receiver adopted for recording location co-ordinates of the dongle within an environment; the motion sensor adopted for detecting physical movement of the said asset/device within an environment; the memory chip/card adopted for storing one or more instructions; and one or more processors, in combination or individual adopted for processing plurality of instructions stored in the said memory chip/card are incorporated within the organizational asset/device.

[0031] The embodiments herein provide a method for securing organizational assets/devices. The said method comprises the steps of connecting dongle to an organizational asset/device; activating the dongle, upon switching ON the said organizational asset/device; receiving GPS location co-ordinates of the dongle connected to the organizational asset/device through the client application/software program pre installed in the organizational asset/device; detecting the current location co-ordinates through the GPS receiver/transmitter of the dongle and computing the distance against the primary location and range stored in the memory chip of the dongle; validating the computed location co-ordinates and range by the dongle; and authenticating the said organizational asset/device to establish a connection to an organization network via VPN or any other mechanism, upon successful validation.

[0032] According to an embodiment herein, the said GPS receiver/transmitter of the dongle records location co-ordinates at regular intervals and sends the recorded information over the network to match with the pre-stored range and location details. In case of a valid connection request, an acknowledgement for the connection is sent and connection to the network is established. Further, in case of failure of validation checks, a disconnection request is triggered and pre-configured actions are triggered for disconnection.

[0033] According to an embodiment herein, the motion sensor of the said dongle triggers for the rule check, if there is any change in the position of the dongle once the connection is established. Further, the said motion sensor triggers for the rule check via the said GPS receiver/transmitter of the dongle. Further, the said motion sensor triggers for the disconnection rules, if there is any change in the position of the dongle, beyond the predetermined range. The said motion sensor triggers actions even if the GPS signals are not available.

[0034] According to an embodiment herein, the software implementation is either integrated at one location or split into multiple components.

[0035] According to an embodiment herein, the validation of access is stored within the organization network. Further, the validation of access is also stored in any other sources such as but not limited to cloud storage or any other device that authenticates the access to the asset/device such as an SMS alert.

[0036] These and other aspects of the embodiments herein will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. It should be understood, however, that the following descriptions, while indicating preferred embodiments and numerous specific details thereof, are given by way of illustration and not of limitation. Many changes and modifications may be made within the scope of the embodiments herein without departing from the spirit thereof, and the embodiments herein include all such modifications.

BRIEF DESCRIPTION OF THE DRAWINGS [0037] The other objects, features and advantages will occur to those skilled in the art from the following description of the preferred embodiment and the accompanied drawings in which:

[0038] FIG. 1 illustrates a block diagram of system for securing organizational assets/devices and controlling access to organizational network, according to an embodiment herein.

[0039] FIG. 2 illustrates a block diagram of the dongle connected to organizational assets/devices for securing the said organizational assets/devices and controlling access to organizational network, according to an embodiment herein.

[0040] FIG. 3 is a flowchart illustrating a method of configuring dongle for securing organizational assets/devices, according to an embodiment herein.

[0041] FIG. 4 is a flowchart illustrating a method for securing organizational as sets/de vices and controlling access to organizational network, according to an embodiment herein.

DETAILED DESCRIPTION OF THE DRAWINGS [0042] In the following detailed description, a reference is made to the accompanied drawings that form a part hereof, and in which the specific embodiments that may be practiced is shown by way of illustration. The embodiments are described in sufficient detail to enable those skilled in the art to practice the embodiments and it is to be understood that the logical, mechanical and other changes may be made without departing from the scope of the embodiments. The following detailed description is therefore not to be taken in a limiting sense.

[0043] Various embodiments herein provide a system for securing organizational assets/devices and controlling access to organizational network. The said system comprises a software component (first software component); which is installed within the said organizational asset/device for enabling the connection with the physical device and other functions to be performed, as intended. Further, the said dongle/physical device is preinstalled with a separate software component/firmware (second software component). Further, a third software component is installed on the server within the organization network.

[0044] According to an embodiment herein, when the organization asset is switched on, the said application software (first software) initiates a trigger action to check the presence of the hardware i.e. dongle/physical device. Based on the positive check, the initial location and the range, as detected and computed, are checked within the dongle/physical device. A connection is then attempted, via VPN or any other mechanism, with the organization network. A validation check is initiated to complete the connection. When the pre-defmed criteria’s are met, the connection is established. Similarly, lack of dongle/physical device or validation will result in trigger of disconnection actions, as pre- configured.

[0045] According to an embodiment herein, once the connection is established, if there is any change in the position, the motion sensor within the dongle/physical device, will trigger the rule checks, via the GPS receiver/transmitter. If there is any change in the position, beyond the agreed (predetermined) range, the disconnection rules are triggered. The motion sensor acts as a mechanism to trigger actions, even if the GPS signals are not available. For offline work, there will be a pre-configured set of attempts, before disconnection rule sets are triggered.

[0046] According to an embodiment herein, as per the implementation, lack of hardware or violation of any of the validation checks (Ex. GPS range), results in actions that are pre- configured for these scenarios. [0047] FIG. 1 illustrates a block diagram of system for securing organizational assets/devices and controlling access to organizational network, according to an embodiment herein. The said system comprises a plurality of organizational assets/devices 101, a dongle 103 connected to each of the organizational asset/device 101, an organizational network 105 comprising at-least one policy server 106 for storing plurality of rules/polices for providing/approving access to the target asset/device 101 connected with the said dongle 103.

[0048] According to an embodiment herein, each of the said organizational asset/device 101 is installed with a dedicated client application (first software component) 102 typically a software program for establishing connection between the organizational asset/device 101 and the said dongle 103.

[0049] According to an embodiment herein, the said dongle 103 is connected to the organizational asset/device 101 through a USB or a micro USB or wirelessly through any of the technologies such as but limited to Bluetooth, Wi-Fi, NFC, and Li-Fi.

[0050] According to an embodiment herein, a dedicated software program/component/firmware (second software component) 104 is pre-installed in the said dongle 103 for establishing a connection between the organizational asset/device 101 and the said dongle 103.

[0051] According to an embodiment herein, the said policy server 106 further comprises a dedicated software program/component /firmware (third software component) for triggering the predefined actions when a connection is attempted to the organization network 107 Further, the plurality of rules stored in the policy server 106 are executed based the on the defined GPS locations and approved ranges. The said plurality of rules is defined for offline and online connection and disconnection, and also in the absence of the said GPS signal. [0052] According to an embodiment herein, the said polices/rules are derived based on the GPS locations/co-ordinates of the dongles 103 connected to each of the said assets/devices 101; and a policy based decision is implemented within the network 107 or elsewhere such as but not limited to cloud or at an individual profile level maintained within the said organization network or elsewhere such as but not limited to a cloud.

[0053] Further, the information stored in the policy server 106 is retrieved every time, when a connection is attempted, against the credentials provided for the access of the target asset/devicelOl.

[0054] According to an embodiment herein, the said plurality of rules/polices stored in the policy server 106 are encrypted and any attempt to overwrite the said system, results in disabling the asset/device 101, donglel03 and/or combination thereof.

[0055] According to an embodiment herein, the plurality of organizational assets/devices 101 are any of the electronic computing devices such as but not limited to one or more personal computers, one or more laptops, one or more PDAs, one or more tablets, and one or more servers.

[0056] FIG. 2 illustrates a block diagram of the dongle connected to organizational assets/devices for securing the said organizational assets/devices and controlling access to organizational network, according to an embodiment herein. The said dongle comprises a GPS receiver/transmitter 201 for recording location co-ordinates of the dongle 103 within an environment, a motion sensor 203 for detecting physical movement of the said asset/device 101 within an environment, a memory chip/card 202 for storing one or more instructions and one or more processors 204, in combination or individual for processing plurality of instructions stored in the said memory chip/card 202. [0057] According to an embodiment herein, the said motion sensor 203 attempts to detect for the physical movement of the said asset/device 101 within an environment, in the absence of the GPS signal.

[0058] Further, the said motion sensor 203 attempts for pre-configured numbers, and in case of failure, disconnection rules are triggered.

[0059] According to an embodiment herein, the said disconnection rules are not limited to actions defined within the asset/device 101, but also include sending additional alerts outside the said system and/or to the people or other resources. Further, additional devices, such as but not limited to memory chip/card 202 and cloud storage are updated as part of disconnection process.

[0060] According to an embodiment herein, the said software program/component/firmware pre-installed in the policy server 106 is enhanced to capture additional data points such as but not limited to, the GPS locations, mode of access, and statistics of network used to connect.

[0061] According to an embodiment herein, the additional reports pertaining to asset/device 101 and the user behavior are generated at pre-determined intervals.

[0062] According to an embodiment herein, the said dongle 103 further comprises a power source (not shown in FIG. 2) comprising a battery pack for storing required energy or a socket for connecting to an external power supply, a self-powered mechanism, additional memory and processors.

[0063] According to an embodiment herein, the said physical device/dongle device layout 200 comprises a GPS receiver/transmitter 201, a memory chip (or any other forms of memory) 202, a processor 204 and a motion sensor 203. The said processor 204 ensures all the computations are carried out and instructions passed on in a computer readable format for the software component to function. The said components (including GPS receiver/transmitter 201, memory 202, processor 204 and motion sensor 203) can co-exist within the same device or the components may be standalone or assembled in possible combinations as appropriate. The interaction of these components is key, within the disclosed art. The connection with the asset can be through any of the component or combination of components.

[0064] FIG. 3 is a flowchart illustrating a method of configuring dongle for securing organizational assets/devices, according to an embodiment herein. The pre-configuration for the organization network (Step 301), organization asset/device (Step 302) and the dongle/physical device (Step 306) includes set-up of all the GPS locations (Step 303) by entering all GPS home locations and ranges. There is an approval triggered (Step 304), to approve the GPS locations and the range from each of these respective locations, to relevant authority within the organization. Storing the said information (Step 305) is a policy based decision, implemented within the network or elsewhere (ex. via cloud) or at an individual profile level maintained within organization network (or elsewhere, ex. cloud) (Step 309). However, the information is stored such that, it needs to be retrieved against the credentials provided for the access of the said asset/device. A primary GPS location of access and range, for the asset is identified and stored in the dongle/physical device as well (Step 307). The primary location of the asset/device (though not limited to one), can always be configured, within the organization network/elsewhere based on the organization policy and the same stored in the dongle/physical device.

[0065] According to an embodiment herein, the pre configuration, also includes the rules related to connection/disconnection (Step 308) and accesses of the application(s) or environments through the asset/device when working offline. The dongle/physical device comprises the trigger mechanisms for the disconnection, as well. The pre-configuration rules should be in sync, and is achieved based on the organization need (either through approval workflow or giving the authorization to the users, when in organization network). [0066] FIG. 4 is a flowchart illustrating a method for securing organizational as sets/de vices and controlling access to organizational network, according to an embodiment herein. The said method comprises the steps of connecting dongle to an organizational asset/device; activating the dongle, upon switching ON the said organizational asset/device (Step 401); receiving GPS location co-ordinates of the dongle connected to the organizational asset/device through the client application/software program pre-installed in the organizational asset/device (Step 402); detecting whether the dongle is present (Step 403); detecting the current location co-ordinates through the GPS receiver/transmitter of the dongle and computing the distance against the primary location and range stored in the memory chip of the dongle (Step 404); validating the computed location co-ordinates and range by the dongle (Step 405); checking whether offline connection is allowed (Step 406); and authenticating the said organizational asset/device to establish a connection to an organization network via VPN or any other mechanism, upon successful validation (Step 407).

[0067] According to an embodiment herein, when the asset/device 101 is switched ON (Step 401), the request for GPS location is sought by the client software (Step 402), installed in the asset/device 101. Within the dongle/physical device (Step 403), the GPS receiver/transmitter (Step 404) detects the initial location and computes the distance against the primary location and range stored in memory chip. The validation check (Step 405), is completed within the dongle/physical device. Once the check is validated, if offline is not allowed (Step 406), a connection to organization network (A) via VPN or any other mechanism is launched and authenticated (B) accordingly. The GPS receiver/transmitter sends the current location again over the network (Step 408) and check (Step 409) for the range and location is completed. In case of valid connection request, an acknowledgement (Step 410) for the connection is sent and connection established. In case of failure of validation checks, disconnection request is triggered (Step 411) and preconfigured actions are triggered for disconnection (Step 413).

[0068] According to an embodiment herein, if offline connection is allowed (Step 406), connection is established (Step 407). Further, in case of no hardware detection (Step 403), a request for disconnection is triggered (Step 411) and pre-configured actions are triggered for disconnection (Step 413).

[0069] According to an embodiment herein, when an offline connection (Step 406) is not allowed and the user doesn’t launch or attempt to connect to organization network (A) an internal check in the dongle/physical device is initiated (C). There is a pre-set delay for these checks that needs to be configured and also the number of attempts to check the GPS location. If the number of attempts exceeds the set limit a disconnection is triggered (Step 411) and pre-configured actions are triggered for disconnection (Step 413).

[0070] According to an embodiment herein, in case of asset movement, the motion sensor (Step 412) triggers a validation check for GPS location (Step 404). Based on the check (Step 405) pre-determined actions are triggered as described above.

[0071] According to an embodiment herein, while working online, disconnections happen either when the said dongle/physical device triggers for the disconnection by itself (by sending a signal to VPN to disconnect or shut down the VPN connection) or VPN initiates the disconnection, based on the dongle/physical device input.

[0072] According to an embodiment herein, if the GPS signals are unavailable, it attempts for pre-defmed number times to check, offline mode (Step 406) and relevant rules are triggered for establishing connection (Step 407). If offline mode (Step 406) is not allowed, disconnection is triggered (Step 411). [0073] According to an embodiment herein, further said software component of the dongle is enhanced to continuously store the GPS data within the memory chip or the organization asset and retrieve it at a later point in time for purposes of tracking the asset movements. [0074] According to an embodiment herein, the said GPS receiver/transmitter of the dongle records location co-ordinates at regular intervals and sends the recorded information over the network to match with the pre-stored range and location details. In case of a valid connection request, an acknowledgement for the connection is sent and connection to the network is established. Further, in case of failure of validation checks, a disconnection request is triggered and pre-configured actions are triggered for disconnection.

[0075] According to an embodiment herein, the motion sensor of the said dongle triggers for the rule check, if there is any change in the position of the dongle once the connection is established. Further, the said motion sensor triggers for the rule check via the said GPS receiver/transmitter of the dongle. Further, the said motion sensor triggers for the disconnection rules, if there is any change in the position of the dongle, beyond the predetermined range. The said motion sensor triggers actions even if the GPS signals are not available.

[0076] According to an embodiment of the present invention, the software implementation is either integrated at one location or split into multiple components.

[0077] According to an embodiment herein, the validation of access is stored within the organization network. Further, the validation of access is also stored in any other sources such as but not limited to cloud storage or any other device or mechanism that authenticates the access to the asset/device such as an SMS alert. [0078] The various embodiments of the present invention provide a system and method for securing organizational assets/devices and controlling access to organizational network.

[0079] The system of the present invention solves the problem of data security, network delay in refreshing due to VPN.

[0080] The system of the present invention deals with data security, network delay in refreshing due to VPN through a combination of hardware component attached to the organization asset and software that can work directly with the VPN (when connected to the organization network) and/or can work as a standalone model to shutdown the system, based on the application desired by the organization.

[0081] The organizational asset/device, in all practicality, can be moved within the fixed radius from the home position (fixed GPS location) set.

[0082] The dongle/physical device of the present invention is a portable plug-and-play device.

[0083] The present invention provides a robust hardware and software connection.

[0084] The present invention overcomes the limitations of the refresh token by VPN, which at times doesn’t disconnect even if outside the network range.

[0085] The system of the present invention works, even if VPN is not connected, since the software component alternatively looks to /shut down the system if beyond the defined radii from the home location.

[0086] The system of the present invention is enabled for people working from remote locations/non-office locations, as allowed by the organization and still mitigates the risk of the potential data breaches if any.

[0087] The present invention enables the connection for a range that is preconfigured. The said range is added and it’s not a point location. [0088] There is no continuous monitoring of GPS, if no motion is detected.

[0089] The motion sensor of the present invention overcomes the limitations of refresh time in VPN.

[0090] If GPS doesn’t work, disconnection rules will be checked for and triggered by the motion sensor (if device is moved).

[0091] The system of the present invention provides 2 level security checks with additional motion sensor. The said additional motion sensors is adopted to fix security check, and/or overcome limitations of refresh tokens of VPNs, enable connection or disconnection for offline usage by providing an integrated hardware etc.

[0092] The system of the present invention provides multi-level checks within the system, even if the server doesn’t respond (to enable/disable working offline with the asset).

[0093] The system of the present invention does not allow for connection, without the said dongle/physical device/hardware.

[0094] It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the spirit and scope of the claims.