Authentication of a user device using traffic flow information

US 10,097,546 B2
Filed: 07/22/2015
Issued: 10/09/2018
Est. Priority Date: 07/22/2015
Status: Active Grant

First Claim

Patent Images

1. A device, comprising:

a memory; and

one or more processors, coupled to the memory, to;

receive traffic flow information, associated with one or more network traffic flows of a network, that includes a plurality of user device identifiers of user devices communicating via the one or more network traffic flows,the traffic flow information including one or more of;

a source network address,a source port identifier,a destination network address,a destination port identifier, ora protocol identifier,the plurality of user device identifiers being stored in a data structure, andthe plurality of user device identifiers being source network addresses or destination network addresses;

receive, from a user device accessing an application associated with a third party service, an authentication request to authenticate the user device with a third party device that provides the third party service,the authentication request including a session token that identifies a session, an application identifier that identifies the application, and a user device identifier that identifies the user device,the session token, with a challenge request, being received by the user device from a third party server after the user device sends an expired session token to the third party server, andthe expired session token being sent by the user device to the third party server based on an attempt, associated with the application, to log-in;

determine that the user device identifier matches one of the plurality of user device identifiers stored in the data structure;

determine that the user device identifier is associated with a fixed device identifier stored in the data structure,the fixed device identifier including one of;

a telephone number,an international mobile subscriber identity (IMSI), oran international mobile station equipment identity (IMEI);

determine that the user device is authenticated, as a valid user device that has communicated using the network, based on determining that the user device identifier matches the one of the plurality of user device identifiers stored in the data structure and based on determining that the user device identifier is associated with the fixed device identifier stored in the data structure; and

provide, to the third party device, the session token and an indication that the user device is authenticated to permit the third party device to allow or deny access, by the user device, to the third party service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device may receive traffic flow information that includes user device identifiers. The device may receive, from a user device accessing an application associated with a third party service, an authentication request to authenticate the user device with a third party device that provides the third party service. The request may include a session token that identifies a session, an application identifier that identifies the application, and a user device identifier that identifies the user device. The device may determine to authenticate the user device based on whether the user device identifier matches one of the user device identifiers included in the traffic flow information. The device may provide, to the third party device, the session token and an indication of whether the user device has been authenticated to permit the third party device to allow or deny access to the third party service.

71 Citations

View as Search Results

20 Claims

1. A device, comprising:
- a memory; and
  
  one or more processors, coupled to the memory, to;
  
  receive traffic flow information, associated with one or more network traffic flows of a network, that includes a plurality of user device identifiers of user devices communicating via the one or more network traffic flows,the traffic flow information including one or more of;
  
  a source network address,a source port identifier,a destination network address,a destination port identifier, ora protocol identifier,the plurality of user device identifiers being stored in a data structure, andthe plurality of user device identifiers being source network addresses or destination network addresses;
  
  receive, from a user device accessing an application associated with a third party service, an authentication request to authenticate the user device with a third party device that provides the third party service,the authentication request including a session token that identifies a session, an application identifier that identifies the application, and a user device identifier that identifies the user device,the session token, with a challenge request, being received by the user device from a third party server after the user device sends an expired session token to the third party server, andthe expired session token being sent by the user device to the third party server based on an attempt, associated with the application, to log-in;
  
  determine that the user device identifier matches one of the plurality of user device identifiers stored in the data structure;
  
  determine that the user device identifier is associated with a fixed device identifier stored in the data structure,the fixed device identifier including one of;
  
  a telephone number,an international mobile subscriber identity (IMSI), oran international mobile station equipment identity (IMEI);
  
  determine that the user device is authenticated, as a valid user device that has communicated using the network, based on determining that the user device identifier matches the one of the plurality of user device identifiers stored in the data structure and based on determining that the user device identifier is associated with the fixed device identifier stored in the data structure; and
  
  provide, to the third party device, the session token and an indication that the user device is authenticated to permit the third party device to allow or deny access, by the user device, to the third party service.
- View Dependent Claims (2, 3, 4, 5, 6, 18)
- - 2. The device of claim 1, where the one or more processors, when providing the session token and the indication that the user device is authenticated, are to:
    - provide, to the third party device, the session token, the indication that the user device is authenticated, and information to be used to identify the user device or a user of the user device to permit the third party device to allow or deny access, by the user device, to the third party service.
  - 3. The device of claim 2, where the information to be used to identify the user device or the user of the user device includes at least one of:
    - a name associated with the user;
      
      a street address associated with the user;
      
      ora credit card number associated with the user.
  - 4. The device of claim 1, where the one or more processors, when providing the session token and the indication that the user device is authenticated, are to:
    - provide, to the third party device, the session token, the indication that the user device is authenticated, and information identifying a geographic location of the user device to permit the third party device to allow or deny access, by the user device, to the third party service.
  - 5. The device of claim 1, where the one or more processors, when receiving the authentication request, are to:
    - receive, from the user device accessing the application associated with the third party service, the authentication request to authenticate the user device with the third party device that provides the third party service,the authentication request including the session token that identifies the session, the application identifier that identifies the application, the user device identifier that identifies the user device, and information that identifies a geographic location of the user device.
  - 6. The device of claim 5, where the one or more processors are further to:
    - determine that the geographic location matches one of a plurality of geographic locations,the user device being authenticated further when the geographic location matches the one of the plurality of geographic locations.
  - 18. The device of claim 1, where a username and a password are entered during the attempt to log-in.

7. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- one or more instructions that, when executed by one or more processors, cause the one or more processors to;
  
  receive traffic flow information that includes a plurality of user device identifiers of user devices communicating using one or more network traffic flows of a network,the traffic flow information including one or more of;
  
  a source network address,a source port identifier,a destination network address,a destination port identifier, ora protocol identifier,the plurality of user device identifiers being stored in a data structure, andthe plurality of user device identifiers being source network addresses or destination network addresses;
  
  receive, from a user device accessing an application associated with a third party service, an authentication request to authenticate the user device for a third party device, that provides the third party service,the authentication request including a session token that identifies a session, an application identifier that identifies the application, and a user device identifier that identifies the user device,the session token, with a challenge request, being received by the user device from a third party server after the user device sends an expired session token to the third party server, andthe expired session token being sent by the user device to the third party server based on an attempt, associated with the application, to log-in;
  
  determine that the user device identifier matches one of the plurality of user device identifiers stored in the data structure;
  
  determine that the user device identifier is associated with a fixed device identifier stored in the data structure,the fixed device identifier including one of;
  
  a telephone number,an international mobile subscriber identity (IMSI), oran international mobile station equipment identity (IMEI);
  
  determine that the user device is authenticated, as a valid user device that has communicated using the network, based on determining that the user device identifier matches the one of the plurality of user device identifiers stored in the data structure and based on determining that the user device identifier is associated with the fixed device identifier stored in the data structure;
  
  identify the third party device, associated with the application, based on the application identifier; and
  
  send, to the third party device, the session token and an indication that the user device is authenticated to permit the third party device to allow or deny access, by the user device, to the third party service.
- View Dependent Claims (8, 9, 10, 11, 12, 19)
- - 8. The non-transitory computer-readable medium of claim 7, where the one or more instructions, that cause the one or more processors to send the session token and the indication that the user device is authenticated, cause the one or more processors to:
    - receive an authentication preference that indicates a particular type of information to be sent to the third party device, andsend, to the third party device, the session token, the indication that the user device is authenticated, and the particular type of information to permit the third party device to allow or deny access, by the user device, to the third party service.
  - 9. The non-transitory computer-readable medium of claim 8, where the particular type of information includes at least one of:
    - a name associated with a user of the user device;
      
      a street address associated with the user;
      
      ora credit card number associated with the user.
  - 10. The non-transitory computer-readable medium of claim 7, where the one or more instructions, that cause the one or more processors to send the session token and the indication that the user device is authenticated, cause the one or more processors to:
    - receive an authentication preference that indicates the third party device is to receive information that identifies a geographic location of the user device; and
      
      send, to the third party device, the session token, the indication that the user device is authenticated, and the information that identifies the geographic location of the user device to permit the third party device to allow or deny access, by the user device, to the third party service.
  - 11. The non-transitory computer-readable medium of claim 7, where the authentication request includes:
    - information that identifies a geographic location of the user device.
  - 12. The non-transitory computer-readable medium of claim 11, where the user device is determined to be authenticated further based the geographic location.
  - 19. The non-transitory computer-readable medium of claim 7, where a username and a password are entered during the attempt to log-in.

13. A method, comprising:
- receiving, by a device, traffic flow information, associated with one or more network traffic flows of a network, that includes a plurality of user device identifiers of user devices,the user devices having communicated via the one or more network traffic flows,the traffic flow information including one or more of;
  
  a source network address,a source port identifier,a destination network address,a destination port identifier, ora protocol identifier,the plurality of user devices identifiers being stored in a data structure, andthe plurality of user device identifiers being source network addresses or destination network addresses;
  
  receiving, by the device and from a user device accessing an application associated with a third party service, an authentication request to authenticate the user device with a third party device providing the third party service,the authentication request including a session token, an application identifier, and a user device identifier that identifies the user device,the session token, with a challenge request, being received by the user device from a third party server after the user device sends an expired session token to the third party server, andthe expired session token being sent by the user device to the third party server based on an attempt, associated with the application, to log-in;
  
  determining, by the device, that the user device identifier matches one of the plurality of user device identifiers stored in the data structure;
  
  determine that the user device identifier is associated with a fixed device identifier stored in the data structure,the fixed device identifier including one of;
  
  a telephone number,an international mobile subscriber identity (IMSI), oran international mobile station equipment identity (IMEI);
  
  determine that the user device is authenticated, as a valid user device that has communicated using the network, based on determining that the user device identifier matches the one of the plurality of user device identifiers stored in the data structure and based on determining that the user device identifier is associated with the fixed device identifier stored in the data structure; and
  
  providing, by the device and to the third party device, the session token and an indication that the user device is authenticated to permit the third party device to allow or deny access, by the user device, to the third party service.
- View Dependent Claims (14, 15, 16, 17, 20)
- - 14. The method of claim 13, further comprising:
    - receiving an authentication preference that indicates a particular type of information to be sent to the third party device; and
      
      where providing the session token comprises;
      
      providing, to the third party device, the particular type of information to permit the third party device to allow or deny access, by the user device, to the third party service.
  - 15. The method of claim 13, where providing the session token comprises:
    - providing, to the third party device, information that identifies the user device or a user associated with the user device to permit the third party device to allow or deny access, by the user device, to the third party service.
  - 16. The method of claim 13, further comprising:
    - identifying the third party device, associated with the application, using the application identifier; and
      
      where providing the session token comprises;
      
      providing the session token and the indication to the third party device, based on identifying the third party device.
  - 17. The method of claim 13, where providing the session token comprises:
    - providing, to the third party device, information that identifies a geographic location of the user device.
  - 20. The method of claim 13, where a username and a password are entered during the attempt to log-in.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Hao, Jianxiu, Yin, Fenglin, Chen, Zhong, Kalyanasundaram, Pramod
Primary Examiner(s)
Shaw, Yin Chen
Assistant Examiner(s)
Cruz-Franqui, Richard W

Application Number

US14/805,725
Publication Number

US 20170026369A1
Time in Patent Office

1,175 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04L 63/107   wherein the security polici...

Authentication of a user device using traffic flow information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

71 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication of a user device using traffic flow information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links