AUTHENTICATING USER SESSIONS BASED ON REPUTATION OF USER LOCATIONS

US 20100211997A1
Filed: 12/23/2009
Published: 08/19/2010
Est. Priority Date: 12/26/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for authenticating a user session, the method comprising:

receiving a request for creating a session from a computing device;

identifying a location associated with the computing device originating the request;

receiving a measure of reputation of the location, wherein the measure of reputation of the location is determined based at least in part on statistical information for a set of past sessions that originated from the location and were determined to be suspicious;

determining a level of authentication required from the sender of the request based on the measure of reputation of the location; and

sending a request for authentication, wherein the information requested for authentication is determined based on the level of authentication.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

User sessions are authenticated based on locations associated with a user account used for sending a request for creating a session. Examples of locations of a source of a request include a geographical location, a network address, or a machine cookie associated with a device sending the request. Locations of the request are compared with stored safe locations associated with the user account and a suspiciousness index is determined for the session. The level of authentication required for the session is determined based on the suspiciousness index. Locations are associated with a reputation based on past history of sessions originating from the locations. A location associated with a history of creating suspicious session is considered an unsafe location. Reputation of the location originating the session is used to determine the level of authentication required for the session.

114 Citations

20 Claims

1. A computer implemented method for authenticating a user session, the method comprising:
- receiving a request for creating a session from a computing device;
  
  identifying a location associated with the computing device originating the request;
  
  receiving a measure of reputation of the location, wherein the measure of reputation of the location is determined based at least in part on statistical information for a set of past sessions that originated from the location and were determined to be suspicious;
  
  determining a level of authentication required from the sender of the request based on the measure of reputation of the location; and
  
  sending a request for authentication, wherein the information requested for authentication is determined based on the level of authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer implemented method of claim 1, wherein the measure of reputation of the location indicates an unsafe location if a number of suspicious sessions originating from the location in the past is above a predetermined threshold.
  - 3. The computer implemented method of claim 1, wherein the measure of reputation of the location is further based on a measure of reputation of a second location that is within a threshold distance of the location.
  - 4. The computer implemented method of claim 3, wherein the measure of reputation of the location is further determined based on a distance of the location from the neighboring location.
  - 5. The computer implemented method of claim 1, wherein a past session is determined to be suspicious if the past session was associated with an activity considered unsafe.
  - 6. The computer implemented method of claim 1, wherein a past session is determined to be suspicious if the past session was associated with an illegitimate activity.
  - 7. The computer implemented method of claim 1, wherein a past session is determined to be suspicious if the past session sent a request for access to information of a type classified as sensitive information.
  - 8. The computer implemented method of claim 1, wherein a past session is determined to be suspicious if the past session failed an authentication.
  - 9. The computer implemented method of claim 1, further comprising:
    - receiving a measure of reputation for each of a plurality of locations from a third-party service provider.
  - 10. The computer implemented method of claim 1, further comprising:
    - generating a measure of reputation for each of a plurality of locations based on actions executed by previous sessions.
  - 11. The computer implemented method of claim 1, wherein the level of authentication required from the sender of the request comprises a captcha.
  - 12. The computer implemented method of claim 1, wherein the location is a netblock and the session was created from a network address in the netblock.
  - 13. The computer implemented method of claim 1, wherein the location is a geographical location.

14. A computer implemented method for determining a measure of reputation of a netblock, the method comprising:
- receiving information related to a plurality of sessions originating from a location, wherein a session originating from a location is created from device associated with the location;
  
  determining a measure of suspiciousness for each session in the plurality of sessions based on actions associated with the session indicating authenticity of the session;
  
  determining a measure of reputation of the location based on an aggregate of measures of suspiciousness of sessions originating from the location, wherein the measure of reputation of the location is used to determine the level of authentication required for sessions originating from the location; and
  
  storing the determined measure of reputation of the location in a computer readable medium.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer implemented method of claim 14, wherein the location is a netblock and the session was created from a network address in the netblock.
  - 16. The computer implemented method of claim 14, wherein the location is a geographical location.
  - 17. The computer implemented method of claim 14, wherein the actions associated with the session indicating the authenticity of the user creating the session comprise requests from the session attempting to access information of a type classified as sensitive information.
  - 18. The computer implemented method of claim 14, wherein the actions associated with the session indicating the authenticity of the user creating the session comprise a failure of the session to provide authentication information.

19. A computer program product having a computer-readable storage medium storing computer-executable code for authenticating a user session, the code comprising:
- a session manager configured to;
  
  receive a request for creating a session from a computing device;
  
  identify a location associated with the computing device originating the request;
  
  receive a measure of reputation of the location, wherein the measure of reputation of the location is determined based at least in part on statistical information for a set of past sessions that originated from the location and were determined to be suspicious;
  
  an authentication manager configured to;
  
  determine a level of authentication required from the sender of the request based on the measure of reputation of the location; and
  
  send a request for authentication, wherein the information requested for authentication is determined based on the level of authentication.

20. A computer program product having a computer-readable storage medium storing computer-executable code for determining a measure of reputation of a netblock, the method comprising:
- a suspicious index manager configured to;
  
  receive information related to a plurality of sessions originating from a location, wherein a session originating from a location is created from device associated with the location;
  
  determine a measure of suspiciousness for each session in the plurality of sessions based on actions associated with the session indicating authenticity of the session;
  
  determine a measure of reputation of the location based on an aggregate of measures of suspiciousness of sessions originating from the location, wherein the measure of reputation of the location is used to determine the level of authentication required for sessions originating from the location; and
  
  store the determined measure of reputation of the location in a computer readable medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Palow, Christopher William, Keyani, Pedram, McGeehan, Ryan, Popov, Lev Timourovich, Read, Robert J.

Granted Patent

US 8,869,243 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/08   for authentication of entit...

H04L 63/107   wherein the security polici...

H04L 63/1483   service impersonation, e.g....

AUTHENTICATING USER SESSIONS BASED ON REPUTATION OF USER LOCATIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

114 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATING USER SESSIONS BASED ON REPUTATION OF USER LOCATIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

114 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links