Device-specific authorization at distributed locations
First Claim
1. A method comprising:
- receiving a request at a server from a client device via an access point, the request received via a first network, wherein the request identifies a network resource available from a second server via a second network, wherein the second server is distinct from the server, and wherein the second network is different than the first network;
responsive to the receiving the request, determining, at the server, whether access to the network resource is conditioned upon authentication;
transmitting an authentication request from the server to the client device in response to determining that access to the network resource is conditioned upon authentication, wherein the authentication request includes an authentication seed;
receiving authentication information at the server from the client device, wherein the authentication information includes a first result of a one-way hash function based on the authentication seed;
computing, at the server, a second result of the one-way hash function based on the authentication seed;
performing a first comparison of the first result to the second result;
in response to a first determination based on the first comparison that the first result matches the second result, determining a location associated with the client device based on the access point;
determining whether the client device is permitted to access the second network from the location; and
in response to a second determination by the server that the client device is permitted to access the second network from the location, enabling, via the server, the client device to access the second network.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes receiving authentication information for a client device at a server. The authentication information includes a geographic location of the client device and a first result of a one-way hash function based on a combination including an authentication seed and a first secret. The method includes computing, at the server, a second result of the one-way hash function based on a combination including the authentication seed and a second secret. The method also includes enabling the client device to access a second network in response to a determination by the server that the first result matches the second result and a determination by the server that the client device is authorized to access the second network based on the geographic location.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving a request at a server from a client device via an access point, the request received via a first network, wherein the request identifies a network resource available from a second server via a second network, wherein the second server is distinct from the server, and wherein the second network is different than the first network; responsive to the receiving the request, determining, at the server, whether access to the network resource is conditioned upon authentication; transmitting an authentication request from the server to the client device in response to determining that access to the network resource is conditioned upon authentication, wherein the authentication request includes an authentication seed; receiving authentication information at the server from the client device, wherein the authentication information includes a first result of a one-way hash function based on the authentication seed; computing, at the server, a second result of the one-way hash function based on the authentication seed; performing a first comparison of the first result to the second result; in response to a first determination based on the first comparison that the first result matches the second result, determining a location associated with the client device based on the access point; determining whether the client device is permitted to access the second network from the location; and in response to a second determination by the server that the client device is permitted to access the second network from the location, enabling, via the server, the client device to access the second network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable storage device including instructions that, when executed by a processing system, cause the processing system to perform operations, the operations comprising:
-
receiving a request from a computing device via an access point, the request received via a first network, wherein the request identifies a network resource available from a server via a second network, wherein the server is distinct from the processing system, and wherein the second network is different than the first network; responsive to the receiving the request, determining whether access to the network resource is conditioned upon authentication; transmitting an authentication request to the computing device in response to determining that access to the network resource is conditioned upon authentication, wherein the authentication request includes an authentication seed; receiving, from the computing device, authentication information, wherein the authentication information includes a first result of a one-way hash function based on the authentication seed; computing a second result of the one-way hash function based on the authentication seed; performing a first comparison of the first result to the second result; in response to a first determination based on the first comparison that the first result matches the second result, determining a location associated with the computing device based on the access point; determining whether the computing device is permitted to access the second network from the location; and in response to a second determination that the computing device is permitted to access the second network from the location, enabling the computing device to access the second network. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
a processor; and a memory coupled to the processor, wherein the memory includes program instructions executable by the processor to perform operations, the operations including; receiving a request from a computing device via an access point, the request received via a first network, wherein the request identifies a network resource available from a server via a second network, wherein the server is distinct from the processor, and wherein the second network is different than the first network; responsive to the receiving the request, determining whether access to the network resource is conditioned upon authentication; transmitting an authentication request to the computing device in response to determining that access to the network resource is conditioned upon authentication, wherein the authentication request includes an authentication seed; receiving authentication information from the computing device, wherein the authentication information includes a first result of a one-way hash function based on the authentication seed from the computing device; computing a second result of the one-way hash function based on the authentication seed; performing a first comparison of the first result to the second result; in response to a first determination based on the first comparison that the first result matches the second result, determining a location associated with the computing device based on the access point; determining whether the computing device is permitted to access the second network from the location; and in response to a second determination that the computing device is permitted to access the second network from the location, enabling the computing device to access the second network. - View Dependent Claims (17, 18, 19, 20)
-
Specification