LOCATION DETERMINATION FOR USER AUTHENTICATION

US 20150365410A1
Filed: 08/24/2015
Published: 12/17/2015
Est. Priority Date: 06/24/2013
Status: Active Grant

First Claim

Patent Images

1. A method for user authentication, the method comprising:

receiving, by a processor, an authentication request from a client device;

acquiring, by the processor, a first geo-identifier and a past timestamp associated with a past geographical location where the client device has been successfully authenticated;

acquiring, by the processor, a second geo-identifier and a current timestamp associated with a current geographical location of the client device;

determining, by the processor, an estimated trip time between the past geographical location and current geographical location of the client device based at least in part on the past timestamp and current timestamp;

determining, by the processor, that the estimated trip time is less than a difference between the past timestamp when the client device was successfully authenticated and the current timestamp; and

in response to the authentication request, authenticating the client device, by the processor, based at least in part on the estimated trip time being less than a difference between the past timestamp when the client device was successfully authenticated and the current timestamp.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

User authentication techniques based on geographical locations associated with a client device is provided. A network connection can be established between two or more host machines and a client device. Upon a request received from the client device by one of these host machines, round trip times of test messages may be measured between the client device and each of the host machines. The round trip times can be utilized to determine the current geographical location of the client device. If the location is within a tolerance geographical area, the client device may be authenticated. Otherwise, the authentication may fail or additional security procedures may be implemented. In some examples, a travel time from a historical geographical location to current geographical location can be determined. This data may be also utilized in the user authentication process.

9 Citations

View as Search Results

20 Claims

1. A method for user authentication, the method comprising:
- receiving, by a processor, an authentication request from a client device;
  
  acquiring, by the processor, a first geo-identifier and a past timestamp associated with a past geographical location where the client device has been successfully authenticated;
  
  acquiring, by the processor, a second geo-identifier and a current timestamp associated with a current geographical location of the client device;
  
  determining, by the processor, an estimated trip time between the past geographical location and current geographical location of the client device based at least in part on the past timestamp and current timestamp;
  
  determining, by the processor, that the estimated trip time is less than a difference between the past timestamp when the client device was successfully authenticated and the current timestamp; and
  
  in response to the authentication request, authenticating the client device, by the processor, based at least in part on the estimated trip time being less than a difference between the past timestamp when the client device was successfully authenticated and the current timestamp.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the authentication request includes a request to access networked data or service.
  - 3. The method of claim 1, wherein the authentication request includes user credentials and wherein the authentication of the client device includes verifying a user identity based on the user credentials.
  - 4. The method of claim 1, wherein the geo-identifier of the client device includes at least one name associated with the geographical location.
  - 5. The method of claim 1, wherein the geo-identifier of the client device includes at least a city name associated with the geographical location.
  - 6. The method of claim 1, wherein the geo-identifier of the client device includes at least a state name associated with the geographical location.
  - 7. The method of claim 1, wherein the geo-identifier of the client device includes at least a street address associated with the geographical location.
  - 8. The method of claim 1, wherein the geo-identifier of the client device includes a postal code.
  - 9. The method of claim 1, wherein the geo-identifier of the client device includes absolute coordinates.
  - 10. The method of claim 1, further comprising:
    - receiving, by the processor, one or more HTTP (Hypertext Transfer Protocol) cookies from the client device, wherein the one or more HTTP cookies include metadata associated with one or more geographical locations where the client device has been successfully authenticated in the past; and
      
      wherein the authenticating of the client device is further based on the one or more HTTP cookies.
  - 11. The method of claim 1, wherein the estimated trip time between the past geographical location and current geographical location of the client device is based at least in part on calculating a distance between the geographical location associated with the first geo-identifier and the geographical location associated with the second geo-identifier.
  - 12. The method of claim 1, wherein the authentication is further based on the second geo-identifier being within a trusted tolerance geographical area for the client device.
  - 13. The method of claim 12, wherein the tolerance geographical area is defined based at least in part on historical data of past geographical locations of the client device.
  - 14. The method of claim 12, wherein the tolerance geographical area is dynamically updated based at least in part on the historical data of past geographical locations of the client device.
  - 15. The method of claim 14, wherein trusted historical data includes one or more geographical locations where the client device has been successfully authenticated in the past.
  - 16. The method of claim 12, wherein based on a determination that the geographical location is not within the tolerance geographical area, the client device is not authenticated.
  - 17. The method of claim 1, wherein the network connection includes a TCP (Transmission Control Protocol) connection.
  - 18. The method of claim 15, further comprising:
    - in response to determining the geographical location of the client device does not correspond to one or more geographical locations where the client device has been successfully authenticated in the past, acquiring, by the processor, user credentials; and
      
      performing, by the processor, authentication of the client device based on the user credentials.

19. A method for user authentication, the method comprising:
- establishing a network connection between a client device and a first host machine and between the client device and a second host machine;
  
  receiving, by one or more processors, an authentication request from the client device;
  
  measuring, by the one or more processors, a first round trip time (RTT) between the first host machine and the client device;
  
  measuring, by the one or more processors, a second RTT between the second host machine and the client device;
  
  determining, by the one or more processors, a geographical location of the client device based at least in part on the first RTT and the second RTT;
  
  determining, by the one or more processors, whether the geographical location of the client device is within a trusted tolerance geographical area; and
  
  in response to the authentication request, authenticating the client device, by the processor, based at least in part on the determination that the geographical location of the client device is within the trusted tolerance geographical area.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the tolerance geographical area is such that the geographical location is within the tolerance geographical area in response to the geographical location being a first distance from the first host machine and the tolerance geographical location is outside the tolerance geographical area in response to the geographical location being a second distance from the second host machine, the first distance being greater than the second distance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Thompson, Micheal

Granted Patent

US 9,398,011 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

H04L 67/02   based on web technology, e....

H04L 67/52   specially adapted for the l...

H04W 12/06   Authentication

H04W 12/61   Time-dependent

H04W 12/63   Location-dependent; Proximi...

H04W 12/64   using geofenced areas

H04W 4/02   Services making use of loca...

LOCATION DETERMINATION FOR USER AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

LOCATION DETERMINATION FOR USER AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others