Location And Device Based Student Access Control

US 20160269387A1
Filed: 03/13/2015
Published: 09/15/2016
Est. Priority Date: 03/13/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for a particular user;

receiving, from a first access mechanism, a first request to access a service;

receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user;

in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user;

receiving from a second access mechanism, a second request to access the service;

receiving, in association with the second request, the first level of authentication for the particular user;

in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;

determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated mechanism for the particular user;

responsive to the second access mechanism being an authenticated mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user; and

responsive to the second access mechanism not being an authenticated mechanism for the first user, preventing the second access mechanism from accessing the service until the second level of authentication for the particular user is provided in association with the second request;

wherein the first and second access mechanisms are one of;

first and second devices;

first and second device/browser combinations;

orfirst and second device/browser/location combinations.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for controlling access to an online service by a one or more authentication mechanisms based on device, browser, or location, or a combination of the three. A method comprises receiving a request to access a service, receiving, in association with the request, a first access mechanism, receiving a first and second level of authentication associated with the user requesting the service, updating authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user, receiving a second request to access the service, in response to receiving a second request, determining whether the second access mechanism is an authenticated access mechanism for the particular user, upon determining that the second access mechanism is not an authenticated mechanism, requesting a second level of authentication for the particular user, otherwise granting access.

Citations

21 Claims

1. A method comprising:
- maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for a particular user;
  
  receiving, from a first access mechanism, a first request to access a service;
  
  receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user;
  
  in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user;
  
  receiving from a second access mechanism, a second request to access the service;
  
  receiving, in association with the second request, the first level of authentication for the particular user;
  
  in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;
  
  determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated mechanism for the particular user;
  
  responsive to the second access mechanism being an authenticated mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user; and
  
  responsive to the second access mechanism not being an authenticated mechanism for the first user, preventing the second access mechanism from accessing the service until the second level of authentication for the particular user is provided in association with the second request;
  
  wherein the first and second access mechanisms are one of;
  
  first and second devices;
  
  first and second device/browser combinations;
  
  orfirst and second device/browser/location combinations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the first and second access mechanisms are first and second devices.
  - 3. The method of claim 1 wherein the first and second access mechanisms are first and second device/browser combinations.
  - 4. The method of claim 1 wherein the first and second access mechanisms are first and second device/browser/location combinations.
  - 5. The method of claim 1 further comprising:
    - receiving the second level of authentication for the particular user in association with the second request; and
      
      in response to receiving the second level of authentication for the particular user in association with the second request, updating the authenticated-mechanism data to indicate that the second access mechanism is an authenticated access mechanism for the particular user.
  - 6. The method of claim 1, wherein:
    - allowing the second access mechanism to access the service comprises allowing the second access mechanism to be used to participate in a particular activity;
      
      while the second access mechanism is being used to participate in the particular activity, receiving from a third access mechanism, a third request to participate in the particular activity;
      
      receiving, in association with the second request, the first level of authentication for the particular user;
      
      in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;
      
      detecting that the particular user is already participating in the particular activity using the second access mechanism;
      
      in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, performing one of;
      
      preventing the particular user from participating in the particular activity using the third access mechanism;
      
      orrequiring the particular user to select which access mechanism, of the second access mechanism and the third access mechanism, the particular user is to use to participate in the particular activity.
  - 7. The method of claim 6 wherein, in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, the particular user is prevented from participating in the particular activity using the third access mechanism.
  - 8. The method of claim 6 wherein, in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, the particular user is required to select which access mechanism, of the second access mechanism and the third access mechanism, the particular user is to use to participate in the particular activity.
  - 9. The method of claim 6, wherein:
    - the service makes available a first set of activities for which simultaneous access by a single user is permitted, and a second set of activities for which simultaneous access by a single user is not permitted; and
      
      the particular activity belongs to the second set of activities.

10. A method comprising:
- maintaining, on a storage device, first time information and first location information of a most recent access to a service by a particular user;
  
  receiving a subsequent request to access the service;
  
  receiving, in association with the subsequent request, authentication information for the particular user;
  
  in response to receiving the subsequent request;
  
  determining second time information and second location information associated with the subsequent request;
  
  determining, based on the first time information, the second time information, the first location information, and the second location information, whether it is feasible for the particular user to have travelled from a first location associated with the first location information to a second location associated with the second location information in an amount of time that lapsed between the first time information and the second time information; and
  
  responsive to determining that it is not feasible for the particular user to have travelled from the first location to the second location in the amount of time, performing at least one of;
  
  denying the subsequent request;
  
  granting the subsequent request only after receiving additional authentication information in association with the second request.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10 wherein the subsequent request is denied.
  - 12. The method of claim 10, wherein the subsequent request is granted after receiving additional authentication information in association with the second request.

13. A system comprising:
- one or more processors; and
  
  a storage storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for a particular user;
  
  receiving, from a first access mechanism, a first request to access a service;
  
  receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user;
  
  in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user;
  
  receiving from a second access mechanism, a second request to access the service;
  
  receiving, in association with the second request, the first level of authentication for the particular user;
  
  in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;
  
  determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated mechanism for the particular user;
  
  responsive to the second access mechanism being an authenticated mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user; and
  
  responsive to the second access mechanism not being an authenticated mechanism for the first user, preventing the second access mechanism from accessing the service until the second level of authentication for the particular user is provided in association with the second request;
  
  wherein the first and second access mechanisms are one of;
  
  first and second devices;
  
  first and second device/browser combinations;
  
  orfirst and second device/browser/location combinations.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The system of claim 13 wherein the first and second access mechanisms are first and second devices.
  - 15. The system of claim 13 wherein the first and second access mechanisms are first and second device/browser combinations.
  - 16. The system of claim 13 wherein the first and second access mechanisms are first and second device/browser/location combinations.
  - 17. The system of claim 13 further comprising:
    - receiving the second level of authentication for the particular user in association with the second request; and
      
      in response to receiving the second level of authentication for the particular user in association with the second request, updating the authenticated-mechanism data to indicate that the second access mechanism is an authenticated access mechanism for the particular user.
  - 18. The system of claim 13, wherein:
    - allowing the second access mechanism to access the service comprises allowing the second access mechanism to be used to participate in a particular activity;
      
      while the second access mechanism is being used to participate in the particular activity, receiving from a third access mechanism, a third request to participate in the particular activity;
      
      receiving, in association with the second request, the first level of authentication for the particular user;
      
      in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;
      
      detecting that the particular user is already participating in the particular activity using the second access mechanism;
      
      in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, performing one of;
      
      preventing the particular user from participating in the particular activity using the third access mechanism;
      
      orrequiring the particular user to select which access mechanism, of the second access mechanism and the third access mechanism, the particular user is to use to participate in the particular activity.
  - 19. The method of claim 18 wherein, in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, the particular user is prevented from participating in the particular activity using the third access mechanism.
  - 20. The method of claim 18 wherein, in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, the particular user is required to select which access mechanism, of the second access mechanism and the third access mechanism, the particular user is to use to participate in the particular activity.
  - 21. The method of claim 18, wherein:
    - the service makes available a first set of activities for which simultaneous access by a single user is permitted, and a second set of activities for which simultaneous access by a single user is not permitted; and
      
      the particular activity belongs to the second set of activities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
University of Phoenix Incorporated
Original Assignee
Apollo Education Group, Inc.
Inventors
Gupta, Sharad, Konda, Raghunadha, Nidadavolu, Balaji, Razack, Rajaa Mohamad Abdul, Venkata, Pavan Aripirala

Granted Patent

US 9,565,183 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04W 12/065   Continuous authentication

H04W 12/082   using revocation of authori...

H04W 4/021   Services related to particu...

Location And Device Based Student Access Control

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Location And Device Based Student Access Control

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links