Systems and Methods for Providing Location-Based Application Authentication Using a Location Token Service

US 20110092185A1
Filed: 10/16/2009
Published: 04/21/2011
Est. Priority Date: 10/16/2009
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a mobile device associated with a user to permit the mobile device to access an application, the method comprising:

determining, at the mobile device, a location of the mobile device;

receiving, at the mobile device, via an input interface of the mobile device, a user identification (user ID) and a password;

retrieving, from a subscriber identity system of the mobile device, a universal unique identifier (UUID) and a telephone number (TN);

generating, at the mobile device, a first message including the location, the UUID, the TN of the mobile device, the user ID, and the password;

sending the first message to a location token service (LTS) server;

recording, at the LTS server, the location, the UUID, the TN, the user ID, and the password;

authenticating, at the LTS server, the user ID and the password;

creating, at the LTS server, a user session associated with the mobile device based upon the location, the UUID, the TN, the user ID, and the password;

subsequent to the user session being created, in response to an application being initiated on the mobile device, determining a current location of the mobile device and generating a second message including the current location, the UUID, the TN, the user ID, and the password;

sending the second message to the LTS server;

determining, at the LTS server, whether the current location is within a threshold distance of the location for a temporal threshold; and

if the LTS server determines that the current location is within the threshold distance of the location for the temporal threshold, the LTS server returning a token to the mobile device, the token being used by the mobile device to permit access to the application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for implementing a location token service (LTS) to enhance the security of mobile device identity tokens by using the location of the mobile device to augment the tokens. The LTS enforces re-authentication (login) of the mobile device to one or more applications if the mobile device moves beyond a threshold distance from the location of the last use of the token within a time period defined in a temporal threshold. The LTS increases authentication strength and drastically reduces the potential for spoofing or otherwise permitting unauthorized access to one or more applications on the mobile device.

Citations

20 Claims

1. A method for authenticating a mobile device associated with a user to permit the mobile device to access an application, the method comprising:
- determining, at the mobile device, a location of the mobile device;
  
  receiving, at the mobile device, via an input interface of the mobile device, a user identification (user ID) and a password;
  
  retrieving, from a subscriber identity system of the mobile device, a universal unique identifier (UUID) and a telephone number (TN);
  
  generating, at the mobile device, a first message including the location, the UUID, the TN of the mobile device, the user ID, and the password;
  
  sending the first message to a location token service (LTS) server;
  
  recording, at the LTS server, the location, the UUID, the TN, the user ID, and the password;
  
  authenticating, at the LTS server, the user ID and the password;
  
  creating, at the LTS server, a user session associated with the mobile device based upon the location, the UUID, the TN, the user ID, and the password;
  
  subsequent to the user session being created, in response to an application being initiated on the mobile device, determining a current location of the mobile device and generating a second message including the current location, the UUID, the TN, the user ID, and the password;
  
  sending the second message to the LTS server;
  
  determining, at the LTS server, whether the current location is within a threshold distance of the location for a temporal threshold; and
  
  if the LTS server determines that the current location is within the threshold distance of the location for the temporal threshold, the LTS server returning a token to the mobile device, the token being used by the mobile device to permit access to the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising, if the LTS server determines that the current location is not within the threshold distance of the location for the temporal threshold:
    - the LTS server notifying the mobile device that the user is not logged in thereby triggering the application to prompt the user for the user ID and the password to re-authenticate the user to the application;
      
      determining, at the mobile device, a new location of the mobile device;
      
      generating, at the mobile device, a third message including the new location, the UUID, the TN, the user ID, and the password;
      
      sending the third message to the LTS server;
      
      the LTS server logging in the user with the user ID and the password;
      
      the LTS server creating a new user session for the mobile device;
      
      the LTS server returning a new token to the mobile device, the token being used by the mobile device to permit access to the application.
  - 3. The method of claim 2, wherein determining the location, the current location, and the new location comprises determining the location and the current location using a location component of the mobile device, the location component using at least one location determining technique to determine the location, the current location, and the new location.
  - 4. The method of claim 1, wherein determining the location and the current location comprises determining the location and the current location using a location component of the mobile device, the location component using at least one location determining technique to determine the location and the current location.
  - 5. The method of claim 1, wherein retrieving, from the subscriber identity system of the mobile device, the UUID and the TN comprises retrieving, from a subscriber identity module (SIM), the UUID and the TN.
  - 6. The method of claim 1, wherein retrieving, from the subscriber identity system of the mobile device, the UUID and the TN comprises retrieving, from a memory of the mobile device, the UUID and the TN.
  - 7. The method of claim 1, wherein the steps comprise steps for authenticating the mobile device associated with the user to permit the mobile device to access the application residing on the mobile device.
  - 8. The method of claim 1, wherein the steps comprise steps for authenticating the mobile device associated with the user to permit the mobile device to access the application residing on a server in a network.
  - 9. The method of claim 8, wherein the LTS server returning the token to the mobile device comprises the LTS server returning the token comprising the user ID and the password.

10. A method for authenticating a mobile device associated with a user to permit the mobile device to access an application, the method comprising:
- receiving, at a location token service (LTS) library (LTS LIB) of the mobile device, a request to initiate a location token service (LTS) in response to the application being intiated on the mobile device;
  
  the LTS LIB requesting a current location of the mobile device from a location services application (LSA) of the mobile device, the LSA using a location component of the mobile device to determine the current location of the mobile device;
  
  the LTS LIB receiving the current location from the location services application;
  
  the LTS LIB requesting a universal unique identifier (UUID) and a telephone number (TN) from a subscriber identity system of the mobile device;
  
  the LTS LIB receiving the UUID and the TN from the subscriber identity system;
  
  the LTS LIB generating a message comprising the current location, the UUID, and the TN;
  
  the LTS LIB communicating with an LTS server to transmit the message;
  
  the LTS LIB receiving user login information from the LTS server; and
  
  the LTS LIB providing the user login information to the application, permitting a user to access the application on the mobile device.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10, wherein the LTS LIB receiving the user login information from the LTS server and providing the user login information to the application comprises the LTS LIB receiving a token from the LTS server and providing the token to the application.
  - 12. The method of claim 10, further comprising the LTS LIB receiving a current LTS key from the LTS server and, wherein the LTS LIB generating the message comprises the message further including the current LTS key.
  - 13. The method of claim 10, further comprising the LTS LIB receiving a notification from the LTS server indicating that the user is not logged in and therefore unable to access the application, the notification being triggered at the LTS server if the current location of the mobile device is outside of a predetermined location in which access to the application is permitted.

14. A method for selectively permitting user access to an application stored on a mobile device, the method comprising:
- upon the application being initiated at the mobile device, the mobile device providing authentication information to a location token service (LTS) server to authenticate a user of the mobile device to access the application, the authentication information comprises a current location of the mobile device, a user identification, and a password; and
  
  the LTS server determining if the current location of the mobile device is within a threshold distance;
  
  if the LTS determines that the current location of the mobile device is within the threshold distance, the LTS server providing the mobile device with an LTS token used by the mobile device to permit the user to access the application;
  
  if the LTS determines that the current location of the mobile device is not within the threshold distance, the LTS server denying the user access to the application.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the authentication information further comprises a universal unique identifier (UUID) of the mobile device and a telephone number (TN) of the mobile device.
  - 16. The method of claim 15, further comprising the LTS server determining if the UUID and the TN are associated with an established user session.
  - 17. The method of claim 15, further comprising the mobile device receiving the UUID and the TN from a subscriber identity module (SIM) of the mobile device.
  - 18. The method of claim 14, further comprising the mobile device retrieving the current location from a location services application of the mobile device, the location services application using a location component of the mobile device to determine the current location.
  - 19. The method of claim 14, further comprising the LTS server determining if the current location of the mobile device is within the threshold distance within a predetermined time.
  - 20. The method of claim 14, further comprising:
    - the LTS server prompting the user of the mobile device for the user identification and the password;
      
      the LTS server prompting the mobile device for an UUID and a TN of the mobile device;
      
      the LTS server prompting the mobile device for a new location of the mobile device;
      
      the LTS server creating a new user session based upon the user identification, the password, the UUID, the TN, and the new location;
      
      the LTS assigning a new threshold distance from the new location and a new temporal threshold for the new user session, the new threshold distance defining a distance within which the LTS server will permit the user to access the application and the new temporal threshold defining a time period within which the user must access the application without having to re-authenticate the application to the LTS server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ServiceNow Incorporated
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Garskof, Robert

Granted Patent

US 8,437,742 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

G06F 21/35   communicating wirelessly

H04L 63/083   using passwords cryptograph...

H04L 63/107   wherein the security polici...

H04M 1/67   by electronic means

H04M 1/72412   using two-way short-range w...

H04M 1/72457   according to geographic loc...

H04M 2250/10   including a GPS signal rece...

H04W 12/065   Continuous authentication

H04W 4/02   Services making use of loca...

H04W 4/023   using mutual or relative lo...

H04W 4/027   using movement velocity, ac...

H04W 4/029   Location-based management o...

H04W 4/50   Service provisioning or rec...

Systems and Methods for Providing Location-Based Application Authentication Using a Location Token Service

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods for Providing Location-Based Application Authentication Using a Location Token Service

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links