Authentication of a user device using traffic flow information
First Claim
1. A device, comprising:
- a memory; and
one or more processors, coupled to the memory, to;
receive traffic flow information, associated with one or more network traffic flows of a network, that includes a plurality of user device identifiers of user devices communicating via the one or more network traffic flows,the traffic flow information including one or more of;
a source network address,a source port identifier,a destination network address,a destination port identifier, ora protocol identifier,the plurality of user device identifiers being stored in a data structure, andthe plurality of user device identifiers being source network addresses or destination network addresses;
receive, from a user device accessing an application associated with a third party service, an authentication request to authenticate the user device with a third party device that provides the third party service,the authentication request including a session token that identifies a session, an application identifier that identifies the application, and a user device identifier that identifies the user device,the session token, with a challenge request, being received by the user device from a third party server after the user device sends an expired session token to the third party server, andthe expired session token being sent by the user device to the third party server based on an attempt, associated with the application, to log-in;
determine that the user device identifier matches one of the plurality of user device identifiers stored in the data structure;
determine that the user device identifier is associated with a fixed device identifier stored in the data structure,the fixed device identifier including one of;
a telephone number,an international mobile subscriber identity (IMSI), oran international mobile station equipment identity (IMEI);
determine that the user device is authenticated, as a valid user device that has communicated using the network, based on determining that the user device identifier matches the one of the plurality of user device identifiers stored in the data structure and based on determining that the user device identifier is associated with the fixed device identifier stored in the data structure; and
provide, to the third party device, the session token and an indication that the user device is authenticated to permit the third party device to allow or deny access, by the user device, to the third party service.
1 Assignment
0 Petitions
Accused Products
Abstract
A device may receive traffic flow information that includes user device identifiers. The device may receive, from a user device accessing an application associated with a third party service, an authentication request to authenticate the user device with a third party device that provides the third party service. The request may include a session token that identifies a session, an application identifier that identifies the application, and a user device identifier that identifies the user device. The device may determine to authenticate the user device based on whether the user device identifier matches one of the user device identifiers included in the traffic flow information. The device may provide, to the third party device, the session token and an indication of whether the user device has been authenticated to permit the third party device to allow or deny access to the third party service.
71 Citations
20 Claims
-
1. A device, comprising:
-
a memory; and one or more processors, coupled to the memory, to; receive traffic flow information, associated with one or more network traffic flows of a network, that includes a plurality of user device identifiers of user devices communicating via the one or more network traffic flows, the traffic flow information including one or more of; a source network address, a source port identifier, a destination network address, a destination port identifier, or a protocol identifier, the plurality of user device identifiers being stored in a data structure, and the plurality of user device identifiers being source network addresses or destination network addresses; receive, from a user device accessing an application associated with a third party service, an authentication request to authenticate the user device with a third party device that provides the third party service, the authentication request including a session token that identifies a session, an application identifier that identifies the application, and a user device identifier that identifies the user device, the session token, with a challenge request, being received by the user device from a third party server after the user device sends an expired session token to the third party server, and the expired session token being sent by the user device to the third party server based on an attempt, associated with the application, to log-in; determine that the user device identifier matches one of the plurality of user device identifiers stored in the data structure; determine that the user device identifier is associated with a fixed device identifier stored in the data structure, the fixed device identifier including one of; a telephone number, an international mobile subscriber identity (IMSI), or an international mobile station equipment identity (IMEI); determine that the user device is authenticated, as a valid user device that has communicated using the network, based on determining that the user device identifier matches the one of the plurality of user device identifiers stored in the data structure and based on determining that the user device identifier is associated with the fixed device identifier stored in the data structure; and provide, to the third party device, the session token and an indication that the user device is authenticated to permit the third party device to allow or deny access, by the user device, to the third party service. - View Dependent Claims (2, 3, 4, 5, 6, 18)
-
-
7. A non-transitory computer-readable medium storing instructions, the instructions comprising:
one or more instructions that, when executed by one or more processors, cause the one or more processors to; receive traffic flow information that includes a plurality of user device identifiers of user devices communicating using one or more network traffic flows of a network, the traffic flow information including one or more of; a source network address, a source port identifier, a destination network address, a destination port identifier, or a protocol identifier, the plurality of user device identifiers being stored in a data structure, and the plurality of user device identifiers being source network addresses or destination network addresses; receive, from a user device accessing an application associated with a third party service, an authentication request to authenticate the user device for a third party device, that provides the third party service, the authentication request including a session token that identifies a session, an application identifier that identifies the application, and a user device identifier that identifies the user device, the session token, with a challenge request, being received by the user device from a third party server after the user device sends an expired session token to the third party server, and the expired session token being sent by the user device to the third party server based on an attempt, associated with the application, to log-in; determine that the user device identifier matches one of the plurality of user device identifiers stored in the data structure; determine that the user device identifier is associated with a fixed device identifier stored in the data structure, the fixed device identifier including one of; a telephone number, an international mobile subscriber identity (IMSI), or an international mobile station equipment identity (IMEI); determine that the user device is authenticated, as a valid user device that has communicated using the network, based on determining that the user device identifier matches the one of the plurality of user device identifiers stored in the data structure and based on determining that the user device identifier is associated with the fixed device identifier stored in the data structure; identify the third party device, associated with the application, based on the application identifier; and send, to the third party device, the session token and an indication that the user device is authenticated to permit the third party device to allow or deny access, by the user device, to the third party service. - View Dependent Claims (8, 9, 10, 11, 12, 19)
-
13. A method, comprising:
-
receiving, by a device, traffic flow information, associated with one or more network traffic flows of a network, that includes a plurality of user device identifiers of user devices, the user devices having communicated via the one or more network traffic flows, the traffic flow information including one or more of; a source network address, a source port identifier, a destination network address, a destination port identifier, or a protocol identifier, the plurality of user devices identifiers being stored in a data structure, and the plurality of user device identifiers being source network addresses or destination network addresses; receiving, by the device and from a user device accessing an application associated with a third party service, an authentication request to authenticate the user device with a third party device providing the third party service, the authentication request including a session token, an application identifier, and a user device identifier that identifies the user device, the session token, with a challenge request, being received by the user device from a third party server after the user device sends an expired session token to the third party server, and the expired session token being sent by the user device to the third party server based on an attempt, associated with the application, to log-in; determining, by the device, that the user device identifier matches one of the plurality of user device identifiers stored in the data structure; determine that the user device identifier is associated with a fixed device identifier stored in the data structure, the fixed device identifier including one of; a telephone number, an international mobile subscriber identity (IMSI), or an international mobile station equipment identity (IMEI); determine that the user device is authenticated, as a valid user device that has communicated using the network, based on determining that the user device identifier matches the one of the plurality of user device identifiers stored in the data structure and based on determining that the user device identifier is associated with the fixed device identifier stored in the data structure; and providing, by the device and to the third party device, the session token and an indication that the user device is authenticated to permit the third party device to allow or deny access, by the user device, to the third party service. - View Dependent Claims (14, 15, 16, 17, 20)
-
Specification