MOBILE AUTHENTICATION IN MOBILE VIRTUAL NETWORK

US 20160134624A1
Filed: 11/05/2015
Published: 05/12/2016
Est. Priority Date: 11/07/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium storing instructions that, when executed by one or more computer processors of a server, cause the server to:

receive, from a mobile device, an access request to access an enterprise'"'"'s network that is managed by the server;

inspect a network identifier of the mobile device making the request;

examine a database of network identifiers assigned to mobile devices for members of the enterprise network to determine that the mobile device is used by a member of the enterprise, wherein the network identifier is assigned to the mobile device based on one or more mobile authentication factors for the mobile device;

receive, from the mobile device, a resource request to access a resource through the enterprise'"'"'s network;

extract, from the resource request, one or more resource request factors; and

authenticate the mobile device when the one or more mobile authentication factors respectively correspond with the one or more resource request factors.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and non-transitory computer-readable storage media for using mobile network authentication factors to authenticate a mobile device.

30 Citations

View as Search Results

16 Claims

1. A non-transitory computer-readable medium storing instructions that, when executed by one or more computer processors of a server, cause the server to:
- receive, from a mobile device, an access request to access an enterprise'"'"'s network that is managed by the server;
  
  inspect a network identifier of the mobile device making the request;
  
  examine a database of network identifiers assigned to mobile devices for members of the enterprise network to determine that the mobile device is used by a member of the enterprise, wherein the network identifier is assigned to the mobile device based on one or more mobile authentication factors for the mobile device;
  
  receive, from the mobile device, a resource request to access a resource through the enterprise'"'"'s network;
  
  extract, from the resource request, one or more resource request factors; and
  
  authenticate the mobile device when the one or more mobile authentication factors respectively correspond with the one or more resource request factors.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The non-transitory computer-readable medium of claim 1, wherein an operator of a mobile virtual network manages the server.
  - 3. The non-transitory computer-readable medium of claim 1, wherein the one or more mobile authentication factors at least include a unique subscriber identification module (SIM) number, and wherein server authenticates the mobile device when resource request factor is the SIM number.
  - 4. The non-transitory computer-readable medium of claim 1, wherein the one or more mobile authentication factors at least include an application layer-derived device location identification, and wherein server authenticates the mobile device when resource request factor is a baseband-derived location identification that matches the application layer-derived device location identification.
  - 5. The non-transitory computer-readable medium of claim 1, wherein the one or more mobile authentication factors at least include a location identifier based derived using a location of one or more mobile towers in the proximity of the device, and wherein server authenticates the mobile device when resource request factor is a cellular tower triangulated location identification that matches the location identifier based derived using a location of one or more mobile towers in the proximity of the device.
  - 6. The non-transitory computer-readable medium of claim 1, wherein the instructions further cause the server to:
    - request that a user of a mobile device opt-in to allowing the server to access personal location data on the user'"'"'s mobile device;
      
      receive confirmation that the user agrees to opt-in to allowing the server to access personal location data on the user'"'"'s mobile device; and
      
      upon receiving a resource request to access a resource through the enterprise'"'"'s network, accessing the user'"'"'s personal location data as the resource request factor,wherein the one or more mobile authentication factors at least include an application layer-derived device location identification, and wherein the server authenticates the mobile device when the application layer-derived device location identification matches the user'"'"'s personal location data.
  - 7. The non-transitory computer-readable medium of claim 6, wherein the user'"'"'s personal location data includes one or more of a user'"'"'s residence, a user'"'"'s frequent location, a location in the user'"'"'s calendar, a location learned from a travel application on the mobile device, and a location determined based on contextual data in the mobile device.
  - 8. The non-transitory computer-readable medium of claim 1, wherein the instructions further cause the server to:
    - determine, based on the network identifier of the mobile device, an enterprise identification information that describes one or more permission given to a user of the mobile device for accessing resources in the enterprise network;
      
      retrieve the requested resource when the network identifier indicates the user of the mobile device has permission to access the access-restricted resource.

9. A computer-implemented method comprising:
- receiving, in a server from a mobile device, an access request to access an enterprise'"'"'s network that is managed by the server;
  
  inspecting a network identifier of the mobile device making the request;
  
  examining a database of network identifiers assigned to mobile devices for members of the enterprise network to determine that the mobile device is used by a member of the enterprise, wherein the network identifier is assigned to the mobile device based on one or more mobile authentication factors for the mobile device;
  
  receiving, from the mobile device, a resource request to access a resource through the enterprise'"'"'s network;
  
  extracting, from the resource request, one or more resource request factors; and
  
  authenticating the mobile device when the one or more mobile authentication factors respectively correspond with the one or more resource request factors.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computer-implemented method of claim 9, wherein an operator of a mobile virtual network manages the server.
  - 11. The computer-implemented method of claim 9, wherein the one or more mobile authentication factors at least include a unique subscriber identification module (SIM) number, and wherein authenticating the mobile device comprises determining that the resource request factor is the SIM number.
  - 12. The computer-implemented method of claim 9, wherein the one or more mobile authentication factors at least include an application layer-derived device location identification, and wherein authenticating the mobile device comprises determining that the resource request factor is a baseband-derived location identification that matches the application layer-derived device location identification.
  - 13. The computer-implemented method of claim 9, wherein the one or more mobile authentication factors at least include a location identifier based derived using a location of one or more mobile towers in the proximity of the device, and wherein authenticating the mobile device comprises determining that the resource request factor is a cellular tower triangulated location identification that matches the location identifier based derived using a location of one or more mobile towers in the proximity of the device.
  - 14. The computer-implemented method of claim 9, further comprising:
    - requesting that a user of a mobile device opt-in to allowing the server to access personal location data on the user'"'"'s mobile device;
      
      receiving confirmation that the user agrees to opt-in to allowing the server to access personal location data on the user'"'"'s mobile device; and
      
      upon receiving a resource request to access a resource through the enterprise'"'"'s network, accessing the user'"'"'s personal location data as the resource request factor,wherein the one or more mobile authentication factors at least include an application layer-derived device location identification, and wherein authenticating the mobile device comprises determining that the application layer-derived device location identification matches the user'"'"'s personal location data.
  - 15. The computer-implemented method of claim 14, wherein the user'"'"'s personal location data includes one or more of a user'"'"'s residence, a user'"'"'s frequent location, a location in the user'"'"'s calendar, a location learned from a travel application on the mobile device, and a location determined based on contextual data in the mobile device.

16. A system comprising:
- one or more servers configured to host a mobile virtual network for an enterprise for providing a dedicated connection between a plurality of mobile devices and enterprise resources;
  
  a non-transitory computer-readable medium storing instructions that, when executed by one or more computer processors of a server, cause the one or more servers to;
  
  receive, from a mobile device, an access request to access an enterprise'"'"'s network that is managed by the server;
  
  inspect a network identifier of the mobile device making the request;
  
  examine a database of network identifiers assigned to mobile devices for members of the enterprise network to determine that the mobile device is used by a member of the enterprise, wherein the network identifier is assigned to the mobile device based on one or more mobile authentication factors for the mobile device;
  
  receive, from the mobile device, a resource request to access a resource through the enterprise'"'"'s network;
  
  extract, from the resource request, one or more resource request factors; and
  
  authenticate the mobile device when the one or more mobile authentication factors respectively correspond with the one or more resource request factors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tevnos LLC
Original Assignee
Tevnos LLC
Inventors
Goldbard, Joshua, Jacobson, Stuart Alexander

Granted Patent

US 10,063,998 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/168   above the transport layer

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/30   Security of mobile devices;...

H04W 12/63   Location-dependent; Proximi...

H04W 12/68   Gesture-dependent or behavi...

H04W 4/02   Services making use of loca...

MOBILE AUTHENTICATION IN MOBILE VIRTUAL NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

MOBILE AUTHENTICATION IN MOBILE VIRTUAL NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links