MOBILE NETWORK-BASED MULTI-FACTOR AUTHENTICATION

US 20150106900A1
Filed: 10/14/2014
Published: 04/16/2015
Est. Priority Date: 10/14/2013
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a user logging into a secure account using a mobile device, comprising the steps of:

verifying login credentials of the user;

verifying a hardware ID of the mobile device; and

verifying that a location of the mobile device determined using a global positioning system (GPS) component installed in the mobile device matches a location of a network element with which the mobile device is currently communicating.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Verification of a user login to a secure account from a mobile device occurs when the user provides login credentials and a hardware identifier (ID) corresponding to the mobile device. The provided login credentials and hardware ID are then verified against a registry. Further, the mobile device determines and provides a geographic location of the mobile device using a global positioning system (GPS) component installed therein. The location provided by the mobile devices is then matched with a location of a network element with which the mobile device is currently communicating.

Citations

20 Claims

1. A method of authenticating a user logging into a secure account using a mobile device, comprising the steps of:
- verifying login credentials of the user;
  
  verifying a hardware ID of the mobile device; and
  
  verifying that a location of the mobile device determined using a global positioning system (GPS) component installed in the mobile device matches a location of a network element with which the mobile device is currently communicating.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising registering the login credentials of the user with an application server, wherein verification of the login credentials is performed by the application server.
  - 3. The method of claim 1, further comprising:
    - transmitting, by the mobile device, the hardware ID of the mobile device to an application server;
      
      registering, by the application server, the hardware ID in a registry maintained by the application server; and
      
      responsive to a login request received from the mobile device, verifying, by the application server, that the hardware ID maintained in the registry matches a hardware ID associated with the login request.
  - 4. The method of claim 3, wherein the application server verifies the hardware ID associated with the login request based on a first network identifier associated with the mobile device.
  - 5. The method of claim 3, further comprising:
    - determining, by the mobile device, one or more geographic coordinates corresponding to the location of the mobile device;
      
      transmitting, by the mobile device, the one or more geographic coordinates to the device identification server;
      
      determining, by the device identification server, the network location corresponding to the network element with which the mobile device is currently communicating, the determining being based on the first network identifier for the mobile device;
      
      determining, by the device identification server, whether the one or more geographic coordinates transmitted by the mobile device correspond to the network location determined by the device identification server; and
      
      generating, by the device identification server, verification results that indicate whether the geographic coordinates transmitted by the mobile device correspond to the network location determined by the device identification server.
  - 6. The method of claim 5, further comprising:
    - transmitting, by the device identification server, the verification results to the application server; and
      
      if the verification results indicate that the geographic coordinates transmitted by the mobile device correspond to the network location determined by the device identification server, then authorizing, by the application server, the login request based on the verification results.
  - 7. The method of claim 6, further comprising:
    - if the verification results indicate that the geographic coordinates transmitted by the mobile device do not correspond to the network location determined by the device identification server, then;
      
      determining, by the application server, a second network identifier for the mobile device;
      
      transmitting, by the application server, the second network identifier to the device identification server; and
      
      re-determining, by the device identification server, the network location corresponding to the network element with which the mobile device is currently communicating, the determining being based on the second network identifier for the mobile device.

8. A non-transitory computer-readable medium that stores instructions, where the instructions, when executed, cause one or more computing devices to perform a method of authenticating a user logging into a secure account using a mobile device, the method comprising the steps of:
- verifying login credentials of the user;
  
  verifying a hardware ID of the mobile device; and
  
  verifying that a location of the mobile device determined using a global positioning system (GPS) component installed in the mobile device matches a location of a network element with which the mobile device is currently communicating.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable medium of claim 8, wherein the method further comprises registering the login credentials of the user with an application server, wherein verification of the login credentials is performed by the application server.
  - 10. The computer-readable medium of claim 8, wherein the method further comprises:
    - transmitting, by the mobile device, the hardware ID of the mobile device to an application server;
      
      registering, by the application server, the hardware ID in a registry maintained by the application server; and
      
      responsive to a login request received from the mobile device, verifying, by the application server, that the hardware ID maintained in the registry matches a hardware ID associated with the login request.
  - 11. The computer-readable medium of claim 10, wherein the application server verifies the hardware ID associated with the login request based on a first network identifier associated with the mobile device.
  - 12. The computer-readable medium of claim 10, wherein the method further comprises:
    - determining, by the mobile device, one or more geographic coordinates corresponding to the location of the mobile device;
      
      transmitting, by the mobile device, the one or more geographic coordinates to the device identification server;
      
      determining, by the device identification server, the network location corresponding to the network element with which the mobile device is currently communicating, the determining being based on the first network identifier for the mobile device;
      
      determining, by the device identification server, whether the one or more geographic coordinates transmitted by the mobile device correspond to the network location determined by the device identification server; and
      
      generating, by the device identification server, verification results that indicate whether the geographic coordinates transmitted by the mobile device correspond to the network location determined by the device identification server.
  - 13. The computer-readable medium of claim 12, wherein the method further comprises:
    - transmitting, by the device identification server, the verification results to the application server; and
      
      if the verification results indicate that the geographic coordinates transmitted by the mobile device correspond to the network location determined by the device identification server, then authorizing, by the application server, the login request based on the verification results.
  - 14. The computer-readable medium of claim 13, wherein the method further comprises:
    - if the verification results indicate that the geographic coordinates transmitted by the mobile device do not correspond to the network location determined by the device identification server, then;
      
      determining, by the application server, a second network identifier for the mobile device;
      
      transmitting, by the application server, the second network identifier to the device identification server; and
      
      re-determining, by the device identification server, the network location corresponding to the network element with which the mobile device is currently communicating, the determining being based on the second network identifier for the mobile device.

15. A system comprising:
- a mobile device;
  
  an application server;
  
  a device identification server; and
  
  a network over which the mobile device, the application server, and the device identification server communicate, wherein the mobile device, application server, and device identification server are programmed to carry out a method of authenticating a user logging into a secure account using a mobile device, the method comprising the steps of;
  
  verifying login credentials of the user;
  
  verifying a hardware ID of the mobile device; and
  
  verifying that a location of the mobile device determined using a global positioning system (GPS) component installed in the mobile device matches a location of a network element with which the mobile device is currently communicating.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the method further comprises registering the login credentials of the user with an application server, wherein verification of the login credentials is performed by the application server.
  - 17. The system of claim 15, wherein the method further comprises:
    - transmitting, by the mobile device, the hardware ID of the mobile device to an application server;
      
      registering, by the application server, the hardware ID in a registry maintained by the application server; and
      
      responsive to a login request received from the mobile device, verifying, by the application server, that the hardware ID maintained in the registry matches a hardware ID associated with the login request.
  - 18. The system of claim 17, wherein the application server verifies the hardware ID associated with the login request based on a first network identifier associated with the mobile device.
  - 19. The system of claim 18, wherein the method further comprises:
    - determining, by the mobile device, one or more geographic coordinates corresponding to the location of the mobile device;
      
      transmitting, by the mobile device, the one or more geographic coordinates to the device identification server;
      
      determining, by the device identification server, the network location corresponding to the network element with which the mobile device is currently communicating, the determining being based on the first network identifier for the mobile device;
      
      determining, by the device identification server, whether the one or more geographic coordinates transmitted by the mobile device correspond to the network location determined by the device identification server; and
      
      generating, by the device identification server, verification results that indicate whether the geographic coordinates transmitted by the mobile device correspond to the network location determined by the device identification server.
  - 20. The system of claim 19, wherein the method further comprises:
    - transmitting, by the device identification server, the verification results to the application server; and
      
      if the verification results indicate that the geographic coordinates transmitted by the mobile device correspond to the network location determined by the device identification server, then authorizing, by the application server, the login request based on the verification results.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zumigo, Inc.
Original Assignee
Zumigo, Inc.
Inventors
PINSKI, David Aaron, CHOWDHURY, Partha

Granted Patent

US 9,578,025 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04W 12/068   using credential vaults, e....

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

MOBILE NETWORK-BASED MULTI-FACTOR AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MOBILE NETWORK-BASED MULTI-FACTOR AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links