LOCATION AND DEVICE BASED STUDENT ACCESS CONTROL

US 20170134391A1
Filed: 01/20/2017
Published: 05/11/2017
Est. Priority Date: 03/13/2015
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

maintaining, on a storage device, first time information and first location information of a most recent access to a service by a particular user;

receiving a subsequent request to access the service;

receiving, in association with the subsequent request, authentication information for the particular user;

in response to receiving the subsequent request;

determining second time information and second location information associated with the subsequent request;

determining, based on the first time information, the second time information, the first location information, and the second location information, whether it is feasible for the particular user to have travelled from a first location associated with the first location information to a second location associated with the second location information in an amount of time that lapsed between the first time information and the second time information; and

responsive to determining that it is not feasible for the particular user to have travelled from the first location to the second location in the amount of time, performing at least one of;

denying the subsequent request;

granting the subsequent request only after receiving additional authentication information in association with the subsequent request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for controlling access to an online service by a one or more authentication mechanisms based on device, browser, or location, or a combination of the three. A method comprises receiving a request to access a service, receiving, in association with the request, a first access mechanism, receiving a first and second level of authentication associated with the user requesting the service, updating authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user, receiving a second request to access the service, in response to receiving a second request, determining whether the second access mechanism is an authenticated access mechanism for the particular user, upon determining that the second access mechanism is not an authenticated mechanism, requesting a second level of authentication for the particular user, otherwise granting access.

Citations

20 Claims

1. A method comprising:
- maintaining, on a storage device, first time information and first location information of a most recent access to a service by a particular user;
  
  receiving a subsequent request to access the service;
  
  receiving, in association with the subsequent request, authentication information for the particular user;
  
  in response to receiving the subsequent request;
  
  determining second time information and second location information associated with the subsequent request;
  
  determining, based on the first time information, the second time information, the first location information, and the second location information, whether it is feasible for the particular user to have travelled from a first location associated with the first location information to a second location associated with the second location information in an amount of time that lapsed between the first time information and the second time information; and
  
  responsive to determining that it is not feasible for the particular user to have travelled from the first location to the second location in the amount of time, performing at least one of;
  
  denying the subsequent request;
  
  granting the subsequent request only after receiving additional authentication information in association with the subsequent request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the subsequent request is denied.
  - 3. The method of claim 1, wherein the subsequent request is granted after receiving additional authentication information in association with the second request.
  - 4. The method of claim 1, wherein the most recent access to the service has concluded before receiving the subsequent request to access the service.
  - 5. The method of claim 1, wherein the most recent access to the service is accessing the service when the subsequent request is received and the method further comprises:
    - receiving, in association with the subsequent request, an indication to grant the subsequent request and conclude the most accent access.
  - 6. The method of claim 1, wherein determining whether it is feasible for the particular user to have travelled from the first location to the second location comprises determining the second location, at least in part, using HTML, location data associated with the particular user'"'"'s computing device.
  - 7. The method of claim 1, wherein determining whether it is feasible for the particular user to have travelled from the first location to the second location comprises determining the second location, at least in part, from known locations of one or more WiFi hotspots associated with the particular user'"'"'s computing device.
  - 8. The method of claim 1, wherein determining whether it is feasible for the particular user to have travelled from the first location to the second location comprises determining the second location, at least in part, from known locations of one or more cellular towers associated with the particular user'"'"'s computing device.
  - 9. The method of claim 1, wherein determining whether it is feasible for the particular user to have travelled from the first location to the second location comprises:
    - determining, based on the first time information, the second time information, the first location information, and the second location information, an average speed value;
      
      comparing the average speed value with a pre-defined average speed value;
      
      if the average speed value is lower than the pre-defined average speed value, determining that it is feasible for the particular user to have travelled from the first location to the second location; and
      
      if the average speed value is higher than the pre-defined average speed value, determining that it is not feasible for the particular user to have travelled from the first location to the second location.
  - 10. The method of claim 1, wherein determining whether it is feasible for the particular user to have travelled from the first location to the second location comprises:
    - determining a travel time between the first location information and the second location information;
      
      determining, based on the first time information and the second time information, whether the travel time may be satisfied;
      
      if the travel time may be satisfied, determining that it is feasible for the particular user to have travelled from the first location to the second location; and
      
      if the travel time may not be satisfied, determining that it is not feasible for the particular user to have travelled from the first location to the second location.
  - 11. The method of claim 1, further comprising:
    - before determining whether it is feasible for the particular user to have travelled from the first location to the second location and in response to receiving the subsequent request;
      
      determining whether the subsequent request originates from a computing device corresponding to an authenticated access mechanism, wherein the authenticated access mechanism comprises a particular computing device that previously satisfied a first level of authentication and a second level of authentication;
      
      responsive to the subsequent request originating from the authenticated access mechanism, allowing the subsequent request to proceed without receiving, in association with the subsequent request, the second level of authentication; and
      
      responsive to the subsequent request not originating from the authenticated access mechanism, allowing the computing device to access the service only after the second level of authentication is provided in association with the subsequent request.
  - 12. The method of claim 11, wherein the authenticated access mechanism includes information identifying:
    - a device;
      
      a combination of device and browser;
      
      ora combination of device, browser and location.

13. A system comprising:
- one or more processors; and
  
  a storage storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  maintaining, on a storage device, first time information and first location information of a most recent access to a service by a particular user;
  
  receiving a subsequent request to access the service;
  
  receiving, in association with the subsequent request, authentication information for the particular user;
  
  in response to receiving the subsequent request;
  
  determining second time information and second location information associated with the subsequent request;
  
  determining, based on the first time information, the second time information, the first location information, and the second location information, whether it is feasible for the particular user to have travelled from a first location associated with the first location information to a second location associated with the second location information in an amount of time that lapsed between the first time information and the second time information; and
  
  responsive to determining that it is not feasible for the particular user to have travelled from the first location to the second location in the amount of time, performing at least one of;
  
  denying the subsequent request;
  
  granting the subsequent request only after receiving additional authentication information in association with the subsequent request.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, wherein the most recent access to the service has concluded before receiving the subsequent request to access the service.
  - 15. The system of claim 13, wherein the most recent access to the service is accessing the service when the subsequent request is received and the method further comprises:
    - receiving, in association with the subsequent request, an indication to grant the subsequent request and conclude the most accent access.
  - 16. The system of claim 13, wherein determining whether it is feasible for the particular user to have travelled from the first location to the second location comprises determining the second location, at least in part, using HTML, location data associated with the particular user'"'"'s computing device.
  - 17. The system of claim 13, wherein determining whether it is feasible for the particular user to have travelled from the first location to the second location comprises determining the second location, at least in part, from known locations of one or more WiFi hotspots associated with the particular user'"'"'s computing device.
  - 18. The system of claim 13, wherein determining whether it is feasible for the particular user to have travelled from the first location to the second location comprises determining the second location, at least in part, from known locations of one or more cellular towers associated with the particular user'"'"'s computing device.
  - 19. The system of claim 13, wherein determining whether it is feasible for the particular user to have travelled from the first location to the second location comprises:
    - determining, based on the first time information, the second time information, the first location information, and the second location information, an average speed value;
      
      comparing the average speed value with a pre-defined average speed value;
      
      if the average speed value is lower than the pre-defined average speed value, determining that it is feasible for the particular user to have travelled from the first location to the second location; and
      
      if the average speed value is higher than the pre-defined average speed value, determining that it is not feasible for the particular user to have travelled from the first location to the second location.
  - 20. The system of claim 13, wherein determining whether it is feasible for the particular user to have travelled from the first location to the second location comprises:
    - determining a travel time between the first location information and the second location information;
      
      determining, based on the first time information and the second time information, whether the travel time may be satisfied;
      
      if the travel time may be satisfied, determining that it is feasible for the particular user to have travelled from the first location to the second location; and
      
      if the travel time may not be satisfied, determining that it is not feasible for the particular user to have travelled from the first location to the second location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
University of Phoenix Incorporated
Original Assignee
Apollo Education Group, Inc.
Inventors
Razack, Rajaa Mohamad Abdul, Venkata, Pavan Aripirala, Gupta, Sharad, Konda, Raghunadha, Nidadavolu, Balaji

Application Number

US15/411,699
Publication Number

US 20170134391A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04W 12/065   Continuous authentication

H04W 12/082   using revocation of authori...

H04W 4/021   Services related to particu...

LOCATION AND DEVICE BASED STUDENT ACCESS CONTROL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

LOCATION AND DEVICE BASED STUDENT ACCESS CONTROL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links