APPARATUS, SYSTEM, AND METHOD FOR USER AUTHENTICATION BASED ON AUTHENTICATION CREDENTIALS AND LOCATION INFORMATION

US 20090158404A1
Filed: 12/17/2007
Published: 06/18/2009
Est. Priority Date: 12/17/2007
Status: Active Grant

First Claim

Patent Images

1. A computer program product comprising a computer readable medium having:

computer usable program code executable to perform operations for authenticating a user based on authentication credentials and location information, the operations of the computer program product comprising;

referencing past user location information in response to an authentication attempt, the past user location information comprising a past user interaction timestamp and a past user interaction location identifier;

referencing current user location information, the current user location information comprising an authentication attempt timestamp and an authentication attempt location identifier;

determining a maximum allowable distance between a physical authentication attempt location associated with the authentication attempt location identifier and a past physical location associated with the past user interaction location identifier; and

managing the authentication attempt, in response to determining that the physical authentication attempt location is outside the maximum allowable distance from the past physical location.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer program product, apparatus, and system, are disclosed for user authentication based on authentication credentials and location information. A computer program product performs operations for such authentication. These operations of the computer program product include referencing past user location information in response to an authentication validation request and referencing current user location information. These operations also include determining a maximum allowable distance between an authentication attempt location associated with the authentication attempt location identifier and a past location associated with the past user interaction location identifier, and managing the authentication attempt, in response to determining that the physical authentication attempt location is outside the maximum allowable distance. The computer program product, apparatus, and system thereby reduce the possibility of identity theft by adding an element of location awareness to the authentication process.

106 Citations

View as Search Results

25 Claims

1. A computer program product comprising a computer readable medium having:
- computer usable program code executable to perform operations for authenticating a user based on authentication credentials and location information, the operations of the computer program product comprising;
  
  referencing past user location information in response to an authentication attempt, the past user location information comprising a past user interaction timestamp and a past user interaction location identifier;
  
  referencing current user location information, the current user location information comprising an authentication attempt timestamp and an authentication attempt location identifier;
  
  determining a maximum allowable distance between a physical authentication attempt location associated with the authentication attempt location identifier and a past physical location associated with the past user interaction location identifier; and
  
  managing the authentication attempt, in response to determining that the physical authentication attempt location is outside the maximum allowable distance from the past physical location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer program product of claim 1, wherein managing the authentication attempt comprises denying the authentication attempt.
  - 3. The computer program product of claim 1, wherein managing the authentication attempt comprises prompting the user for additional information to validate the authentication attempt.
  - 4. The computer program product of claim 3, further comprising resetting past user location information to a current location in response to a positive validation, the positive validation performed with additional information provided by the user.
  - 5. The computer program of claim 1, wherein managing the authentication attempt comprises an action selected from a user-configurable set of actions.
  - 6. The computer program product of claim 1, further comprising determining that the physical authentication attempt location is within the maximum allowable distance from the past physical location and allowing the authentication attempt of the user.
  - 7. The computer program product of claim 1, wherein determining the maximum allowable distance further comprises multiplying a maximum velocity by the difference between the past user interaction timestamp and the authentication attempt timestamp.
  - 8. The computer program product of claim 1, further comprising determining that the distance between a current physical user location associated with user location information obtained from a personal device is outside the maximum allowable distance from the physical authentication attempt location obtained from an authentication attempt and denying the authentication attempt.

9. An apparatus for authenticating a user based on authentication credentials and location information, the apparatus comprising:
- a communication module configured to reference past user location information in response to an authentication attempt, the past user location information comprising a past user interaction timestamp and a past user interaction location identifier, and reference current user location information, the current user location information comprising an authentication attempt timestamp and an authentication attempt location identifier;
  
  a determination module configured to determine a maximum allowable distance between a physical authentication attempt location associated with the authentication attempt location identifier and a past physical location associated with the past user interaction location identifier; and
  
  a validation module configured to manage the authentication attempt, in response to the determination module determining that the physical authentication attempt location is outside the maximum allowable distance from the past physical location and configured to allow the authentication attempt of the user, in response to determining that the physical authentication attempt location is within the maximum allowable distance from the past physical location.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The apparatus of claim 9, wherein managing the authentication attempt comprises denying the authentication attempt.
  - 11. The apparatus of claim 9, wherein managing the authentication attempt comprises prompting the user for additional information to validate the authentication attempt.
  - 12. The apparatus of claim 11, further comprising resetting past user location information to a current location in response to a positive validation, the positive validation performed with additional information from the user.
  - 13. The apparatus of claim 9, wherein managing the authentication attempt comprises an action selected from a user-configurable set of actions.
  - 14. The apparatus of claim 9, wherein managing the authentication attempt comprises alerting the user in response to a denied authentication attempt.
  - 15. The apparatus of claim 9, wherein the determination module further comprises a calculation module configured to multiply a maximum velocity by the difference between the past user interaction timestamp and the authentication attempt timestamp to determine the maximum allowable distance.
  - 16. The apparatus of claim 9, further comprising a tracking module configured to store user location information in a repository at designated intervals.
  - 17. The apparatus of claim 9, further comprising a coordination module configured to determine that the distance between a current physical user location associated with user location information obtained from a personal device is outside the maximum allowable distance from the physical authentication attempt location obtained from an authentication attempt and denying the authentication attempt.

18. A system for authenticating a user based on authentication credentials and location information, the system comprising:
- a network configured to communicate data between a plurality of devices;
  
  a client in communication with the network, the client configured to provide authentication credentials and current user location information, the current user location information comprising an authentication attempt timestamp and an authentication attempt location identifier; and
  
  a server in communication with the network, the server configured to;
  
  reference past user location information in response to an authentication attempt, the past user location information comprising a past user interaction timestamp and a past user interaction location identifier;
  
  reference current user location information;
  
  determine a maximum allowable distance between a physical authentication attempt location associated with the authentication attempt location identifier and a past physical location associated with the past user interaction location identifier; and
  
  manage the authentication attempt, in response to determining that the physical authentication attempt location is outside the maximum allowable distance from the past physical location.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The system of claim 18, wherein managing the authentication attempt comprises denying the authentication attempt.
  - 20. The system of claim 18, wherein managing the authentication attempt comprises an action selected from a user-configurable set of actions.
  - 21. The system of claim 18, wherein the server is further configured to determine that the physical authentication attempt location is within the maximum allowable distance from the past physical location and allowing the authentication attempt of the user.
  - 22. The system of claim 18, wherein the server is further configured to multiply a maximum velocity by the difference between the past user interaction timestamp and the authentication attempt timestamp to determine the maximum allowable distance.
  - 23. The system of claim 18, wherein the server is further configured to signal the client to automatically logout a logged-in user for the same account as a current user in response to a positive authentication with the current user, the positive authentication comprising an authentication based on authentication credential information for the current user.
  - 24. The system of claim 18, further comprising a database in communication with the network and configured to store user location information in a repository in response to a user interaction.

25. A computer program product having computer usable program code executable to perform operations for a third-party validation service based on user location information, the operations of the computer program product comprising:
- tracking user location information based on a user interaction;
  
  receiving a location validation request with current user location information;
  
  the current user location information comprising an authentication attempt timestamp and an authentication attempt location identifier;
  
  referencing past user location information, the past user location information comprising a past user interaction timestamp and a past user interaction location identifier;
  
  determining a maximum allowable distance between a physical authentication attempt location associated with the authentication attempt location identifier and a past physical location associated with the past user interaction location identifier; and
  
  denying the location validation request, in response to determining that the current physical user location is outside the maximum allowable distance, and allowing the location validation request, in response to determining that the physical authentication attempt location is within the maximum allowable distance from the past physical location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hinton, Heather, Hahn, Timothy J.

Granted Patent

US 8,220,034 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/083 using passwords cryptograph...

APPARATUS, SYSTEM, AND METHOD FOR USER AUTHENTICATION BASED ON AUTHENTICATION CREDENTIALS AND LOCATION INFORMATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

106 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS, SYSTEM, AND METHOD FOR USER AUTHENTICATION BASED ON AUTHENTICATION CREDENTIALS AND LOCATION INFORMATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links