Location And Device Based Student Access Control
First Claim
1. A method comprising:
- maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for a particular user;
receiving, from a first access mechanism, a first request to access a service;
receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user;
in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user;
receiving from a second access mechanism, a second request to access the service;
receiving, in association with the second request, the first level of authentication for the particular user;
in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;
determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated mechanism for the particular user;
responsive to the second access mechanism being an authenticated mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user; and
responsive to the second access mechanism not being an authenticated mechanism for the first user, preventing the second access mechanism from accessing the service until the second level of authentication for the particular user is provided in association with the second request;
wherein the first and second access mechanisms are one of;
first and second devices;
first and second device/browser combinations;
orfirst and second device/browser/location combinations.
4 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for controlling access to an online service by a one or more authentication mechanisms based on device, browser, or location, or a combination of the three. A method comprises receiving a request to access a service, receiving, in association with the request, a first access mechanism, receiving a first and second level of authentication associated with the user requesting the service, updating authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user, receiving a second request to access the service, in response to receiving a second request, determining whether the second access mechanism is an authenticated access mechanism for the particular user, upon determining that the second access mechanism is not an authenticated mechanism, requesting a second level of authentication for the particular user, otherwise granting access.
-
Citations
21 Claims
-
1. A method comprising:
-
maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for a particular user; receiving, from a first access mechanism, a first request to access a service; receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user; in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user; receiving from a second access mechanism, a second request to access the service; receiving, in association with the second request, the first level of authentication for the particular user; in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of; determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated mechanism for the particular user; responsive to the second access mechanism being an authenticated mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user; and responsive to the second access mechanism not being an authenticated mechanism for the first user, preventing the second access mechanism from accessing the service until the second level of authentication for the particular user is provided in association with the second request; wherein the first and second access mechanisms are one of; first and second devices; first and second device/browser combinations;
orfirst and second device/browser/location combinations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
maintaining, on a storage device, first time information and first location information of a most recent access to a service by a particular user; receiving a subsequent request to access the service; receiving, in association with the subsequent request, authentication information for the particular user; in response to receiving the subsequent request; determining second time information and second location information associated with the subsequent request; determining, based on the first time information, the second time information, the first location information, and the second location information, whether it is feasible for the particular user to have travelled from a first location associated with the first location information to a second location associated with the second location information in an amount of time that lapsed between the first time information and the second time information; and responsive to determining that it is not feasible for the particular user to have travelled from the first location to the second location in the amount of time, performing at least one of; denying the subsequent request; granting the subsequent request only after receiving additional authentication information in association with the second request. - View Dependent Claims (11, 12)
-
-
13. A system comprising:
-
one or more processors; and a storage storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising; maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for a particular user; receiving, from a first access mechanism, a first request to access a service; receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user; in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user; receiving from a second access mechanism, a second request to access the service; receiving, in association with the second request, the first level of authentication for the particular user; in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of; determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated mechanism for the particular user; responsive to the second access mechanism being an authenticated mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user; and responsive to the second access mechanism not being an authenticated mechanism for the first user, preventing the second access mechanism from accessing the service until the second level of authentication for the particular user is provided in association with the second request; wherein the first and second access mechanisms are one of; first and second devices; first and second device/browser combinations;
orfirst and second device/browser/location combinations. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
Specification