NETWORK SECURITY BASED ON PROXIMITY

US 20170171173A1
Filed: 12/09/2015
Published: 06/15/2017
Est. Priority Date: 12/09/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method to provide secure data access based on computing device proximity verification, comprising:

generating, by one or more computing devices, a first beacon device identifier code and a first random nonce;

associating, by the one or more computing devices, the first beacon device identifier code and the first random nonce with a first system location;

transmitting, by the one or more computing devices and to a beacon device at the first system location, the first beacon device identifier code and the first random nonce, wherein the beacon device broadcasts the first beacon device identifier code and the first random nonce at the first system location;

receiving, by the one or more computing devices and from each of one or more user computing devices at the first system location, data comprising the first beacon device identifier code received by the respective user computing device from the beacon device at the first system location, current location data, and a respective user account identifier associated with a user account associated with the respective user computing device;

receiving, by the one or more computing devices and from a computing device associated with the first system location, data comprising a request for user account information, and a random nonce received by the computing device associated with the first system location from the beacon device at the first system location;

comparing, by the one or more computing devices, the random nonce received from the computing device associated with the first system location to the random nonce associated with the first system location by the one or more computing devices;

in response to determining a correspondence between the received random nonce and the associated random nonce, identifying, by the one or more computing devices, one or more user account identifiers associated with the one or more user computing devices that retransmitted the first beacon device identifier code and that have current location data corresponding to the first system location; and

transmitting, by the one or more computing devices and to the computing device associated with the first system location, the one or more user account identifiers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processing system periodically configures a beacon code and random nonce to transmit to a beacon device at a location. Multiple users enter the location with associated user computing devices. The user computing devices retransmit the beacon code broadcasted by the beacon device to the processing system. A particular user initiates a transaction at a computing device at the location, which transmits to the processing system a request for account data and retransmits the beacon code and a random nonce. The processing system verifies the beacon code and random nonce and transmits, to the computing device at the location, user account identifiers associated with user computing devices that retransmitted the beacon code. The processing system receives a selection of the user identifier from the merchant point of sale device and transmits account information to the computing device at the location.

Citations

22 Claims

1. A computer-implemented method to provide secure data access based on computing device proximity verification, comprising:
- generating, by one or more computing devices, a first beacon device identifier code and a first random nonce;
  
  associating, by the one or more computing devices, the first beacon device identifier code and the first random nonce with a first system location;
  
  transmitting, by the one or more computing devices and to a beacon device at the first system location, the first beacon device identifier code and the first random nonce, wherein the beacon device broadcasts the first beacon device identifier code and the first random nonce at the first system location;
  
  receiving, by the one or more computing devices and from each of one or more user computing devices at the first system location, data comprising the first beacon device identifier code received by the respective user computing device from the beacon device at the first system location, current location data, and a respective user account identifier associated with a user account associated with the respective user computing device;
  
  receiving, by the one or more computing devices and from a computing device associated with the first system location, data comprising a request for user account information, and a random nonce received by the computing device associated with the first system location from the beacon device at the first system location;
  
  comparing, by the one or more computing devices, the random nonce received from the computing device associated with the first system location to the random nonce associated with the first system location by the one or more computing devices;
  
  in response to determining a correspondence between the received random nonce and the associated random nonce, identifying, by the one or more computing devices, one or more user account identifiers associated with the one or more user computing devices that retransmitted the first beacon device identifier code and that have current location data corresponding to the first system location; and
  
  transmitting, by the one or more computing devices and to the computing device associated with the first system location, the one or more user account identifiers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising encrypting, by the one or more computing devices, the first random nonce using a shared encryption key,wherein the first random nonce transmitted to the beacon device comprises the encrypted first random nonce,wherein the beacon device broadcasts the encrypted first random nonce at the first system location via a local wireless network,wherein the computing device associated with the first system location receives the encrypted first random nonce via the local wireless network, the computing device associated with the first system location comprising the shared encryption key,wherein the computing device associated with the first system location unencrypts the received first encrypted random nonce to determine the unencrypted first random nonce,wherein the random nonce received from the computing device associated with the first system location comprises the unencrypted first random nonce, andwherein the unencrypted first random nonce is compared against the associated random nonce.
  - 3. The method of claim 1, wherein the computing device of the first system location comprises a point of sale device, wherein the first system location comprises a merchant system location, and wherein the first system comprises a merchant system.
  - 4. The method of claim 2, further comprising transmitting, by the one or more computing devices, the shared encryption key to the computing device associated with the first system location.
  - 5. The method of claim 1, further comprising:
    - assigning, by the one or more computing devices, a username and password to the computing device associated with the first system location, wherein the data received from the computing device associated with the first system location further comprises the username and password; and
      
      comparing, by the one or more computing devices, the received username and password against the assigned username and password to determine an exact correspondence between the received username and password against the assigned username and password,wherein the user account identifiers associated with the one or more user computing devices that retransmitted the first beacon device identifier and having current location data corresponding to the first system location are only identified in response to determining an exact correspondence between the received username and password and the assigned username and password.
  - 6. The method of claim 1, further comprising:
    - at a time before receiving a request from the computing device associated with the first system location for user account information, generating, by the one or more computing devices, a second random nonce;
      
      in response to generating the second random nonce;
      
      associating, by the one or more computing devices, the first beacon device identifier code and the second random nonce with the computing device associated with the first system location and the first system location;
      
      disassociating, by the one or more computing devices, the first random nonce with the computing device associated with the first system location and the first system location;
      
      transmitting, by the one or more computing devices, the second random nonce to the beacon device, wherein the beacon device broadcasts the second random nonce at the first system location via the local wireless network instead of the first random nonce upon receiving the second random nonce;
      
      receiving, by the one or more computing devices and at a time after transmitting the second random nonce to the beacon device, the second random nonce from the computing device associated with the first system location instead of receiving the first random nonce,wherein the first beacon device identifier and the second random nonce are compared against the associated first beacon device identifier and the associated second random nonce, andwherein, in response to determining an exact correspondence between the received second random nonce and the associated second random nonce, the user account identifiers associated with the one or more user computing devices that retransmitted the first beacon device identifier code and having current location data corresponding to the first system location are identified and transmitted to the merchant point of sale device for display on the computing device associated with the first system location.
  - 7. The method of claim 1, further comprising:
    - at a time before receiving a request from the computing device associated with the first system location for user account information, generating, by the one or more computing devices, a second beacon device identifier code;
      
      in response to generating the second beacon device identifier code;
      
      associating, by the one or more computing devices, the second beacon device code and the first random nonce with the beacon device and the first system location;
      
      disassociating, by the one or more computing devices, the first beacon device identifier code with the beacon device and the first system location;
      
      transmitting, by the one or more computing devices, the second beacon device identifier code to the beacon device, wherein the beacon device broadcasts the second beacon device identifier code at the first system location via the local wireless network instead of the first beacon device identifier code upon receiving the second beacon device identifier code;
      
      receiving, by the one or more computing devices and at a time after transmitting the second beacon device identifier code to the beacon device, the second beacon device identifier code from each of one or more user computing devices at a time after receiving the first beacon device identifier code;
      
      wherein, in response to determining an exact correspondence between the received first random nonce and the associated first random nonce, the user account identifiers associated with the one or more user computing devices that retransmitted the second beacon device identifier code and having current location data corresponding to the first system location are identified and transmitted to the computing device associated with the first system location for display on the computing device associated with the first system location.
  - 8. The method of claim 1, wherein the one or more transmitted user account identifiers are displayed on the computing device associated with the first system location.
  - 9. The method of claim 1, further comprising:
    - receiving, by the one or more computing devices and from the computing device associated with the first system location, an indication of a selection of a particular user account identifier from the one or more displayed user account identifiers;
      
      retrieving, by the one or more computing devices and based on the user account identifier, payment account information associated with one or more payment accounts of the user account;
      
      transmitting, by the one or more computing devices and to the computing device associated with the first system location, the payment account information for display via the computing device associated with the first system location.
  - 10. The method of claim 9, further comprising:
    - receiving, by the one or more computing devices and from the computing device associated with the first system location, an indication of a selection of a particular payment account of the user account from the displayed payment account information for use in a transaction;
      
      receiving, by the one or more computing devices and from the computing device associated with the first system location, transaction information to process the transaction comprising a total amount of transaction and first system payment account information associated with a payment account of the first system;
      
      transmitting, by the one or more computing devices and to an issuer system associated with the selected particular payment account of the user account, a payment authorization request comprising the user payment account information, the first system payment account information, and the total amount of transaction;
      
      receiving, by the one or more computing devices and from the issuer system, an approval of the payment authorization request; and
      
      in response to receiving the approval of the payment authorization request, transmitting, by the one or more computing devices, notification, to the computing device associated with the first system location, of the approval of the payment authorization request, wherein the computing device associated with the first system location transmits a receipt to a user computing device associated with the user account.

11. A computer program product, comprising:
- a non-transitory computer-readable medium having computer-readable program instructions embodied thereon that when executed by a computer cause the computer to provide secure data access based on computing device proximity verification, the computer-readable program instructions comprising;
  
  computer-executable program instructions to generate a first beacon device identifier code;
  
  computer-executable program instructions to associate the first beacon device identifier code with a beacon device and a first system location;
  
  computer-executable program instructions to transmit, to the beacon device, the first beacon device identifier code, wherein the beacon device broadcasts the first beacon device identifier code at the merchant system location;
  
  computer-executable program instructions to receive, from each of one or more user computing devices at the merchant system location, data comprising the first beacon device identifier code, current location data, and a respective user account identifier;
  
  computer-executable program instructions to receive, from a computing device associated with the first system location, data comprising a request for user account information and the first beacon device identifier code;
  
  computer-executable program instructions to compare the first beacon device code received from the computing device associated with the first system location against the associated first beacon device identifier code associated with the first system location;
  
  in response to determining an exact correspondence between the received first beacon device identifier code and the associated first beacon device identifier code, computer-executable program instructions to identify user account identifiers associated with the one or more user computing devices that retransmitted the first beacon device identifier code and having current location data corresponding to the first system location; and
  
  computer-executable program instructions to transmit, to the computing device associated with the first system location, the one or more user account identifiers for display on the computing device associated with the first system location.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computer program product of claim 11, further comprising:
    - computer-executable program instructions to assign a username and password to the computing device associated with the first system location, wherein the data received from the computing device associated with the first system location further comprises the username and password; and
      
      computer-executable program instructions to compare the received username and password against the assigned username and password to determine an exact correspondence between the received username and password against the assigned username and password,wherein the user account identifiers associated with the one or more user computing devices that retransmitted the first beacon device identifier code and having current location data corresponding to the first system location are only identified in response to determining an exact correspondence between the received username and password and the assigned username and password.
  - 13. The computer program product of claim 12, further comprising:
    - computer-executable program instructions to receive from the computing device associated with the first system location, an indication of a selection of a particular user account identifier from the one or more displayed user account identifiers;
      
      computer-executable program instructions to retrieve, based on the user account identifier, payment account information associated with one or more payment accounts of the user account;
      
      computer-executable program instructions to transmit, to the computing device associated with the first system location, the payment account information for display via the computing device associated with the first system location.
  - 14. The computer program product of claim 13, further comprising:
    - computer-executable program instructions to receive, from the computing device associated with the first system location, an indication of a selection of a particular payment account of the user account from the displayed payment account information for use in a transaction;
      
      computer-executable program instructions to receive, from the computing device associated with the first system location, transaction information to process the transaction comprising a total amount of transaction and first system payment account information associated with a payment account of the first system;
      
      computer-executable program instructions to transmit, to an issuer system associated with the selected particular payment account of the user account, a payment authorization request comprising the user payment account information, the first system payment account information, and the total amount of transaction;
      
      computer-executable program instructions to receive, from the issuer system, an approval of the payment authorization request; and
      
      in response to receiving the approval of the payment authorization request, computer-executable program instructions to transmit notification, to the computing device associated with the first system location, of the approval of the payment authorization request, wherein the computing device associated with the first system location transmits a receipt to a user computing device associated with the user account.
  - 15. The computer program product of claim 12, further comprising:
    - at a time before receiving a request from the computing device associated with the first system location for user account information, computer-executable program instructions to generate a second beacon device identifier code;
      
      in response to generating the second beacon device identifier code;
      
      computer-executable program instructions to associate the second beacon device identifier code and the first random nonce with the beacon device and the first system location;
      
      computer-executable program instructions to disassociate the first beacon device identifier code with the beacon device and the first system location;
      
      computer-executable program instructions to transmit the second beacon device identifier code to the beacon device, wherein the beacon device broadcasts the second beacon device identifier code at the first system location via the local wireless network instead of the first beacon device identifier code upon receiving the second beacon device identifier code;
      
      computer-executable program instructions to receive, at a time after transmitting the second beacon device identifier code to the beacon device, the second beacon device identifier code from each of one or more user computing devices at a time after receiving the first beacon device identifier code;
      
      wherein, in response to determining an exact correspondence between the received first random nonce and the associated first random nonce, the user account identifiers associated with the one or more user computing devices that retransmitted the second beacon device identifier code and having current location data corresponding to the first system location are identified and transmitted to the computing device associated with the first system location for display via the computing device associated with the first system location.
  - 16. The computer program product of claim 11, wherein the computing device of the first system location comprises a point of sale device, wherein the first system location comprises a merchant system location, and wherein the first system comprises a merchant system.

17. A system to provide secure data access based on computing device proximity verification, comprising:
- a storage device; and
  
  a processor communicatively coupled to the storage device, wherein the processor executes application code instructions that are stored in the storage device to cause the system to;
  
  generate a first beacon device identifier code;
  
  associate the first beacon device identifier code with a beacon device and a first system location;
  
  transmit, to the beacon device, the first beacon device identifier code, wherein the beacon device broadcasts the first beacon device identifier code at the merchant system location;
  
  receive, from each of one or more user computing devices at the merchant system location, data comprising the first beacon device identifier code, current location data, and a respective user account identifier;
  
  receive, from a computing device associated with the first system location, data comprising a request for user account information and the first beacon device identifier code;
  
  compare the first beacon device code received from the computing device associated with the first system location against the associated first beacon device identifier code associated with the first system location;
  
  in response to determining an exact correspondence between the received first beacon device identifier code and the associated first beacon device identifier code, identify user account identifiers associated with the one or more user computing devices that retransmitted the first beacon device identifier code and having current location data corresponding to the first system location; and
  
  transmit, to the computing device associated with the first system location, the one or more user account identifiers for display on the computing device associated with the first system location.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The system of claim 17, wherein the processor is further configured to execute computer-readable program instructions stored on the storage device to cause the system to:
    - at a time before receiving a request from the computing device associated with the first system location for user account information, generate a second random nonce;
      
      in response to generating the second random nonce;
      
      associate the second random nonce with the beacon device and the first system location;
      
      disassociate the first random nonce with the beacon device and the first system location;
      
      transmit the second random nonce to the beacon device, wherein the beacon device broadcasts the second random nonce at the first system location via the local wireless network instead of the first random nonce upon receiving the second random nonce;
      
      receive the second random nonce from the computing device associated with the first system location in association with the data comprising the request for user account data instead of receiving the first random nonce,wherein the first beacon device identifier code and the second random nonce are compared against the associated first beacon device identifier code and the associated second random nonce, andwherein, in response to determining a first exact correspondence between the received first beacon device identifier code and the associated beacon device identifier code and a second exact correspondence between the received second random nonce and the associated second random nonce, user account identifiers associated with the one or more user computing devices that retransmitted the first beacon device identifier code and having current location data corresponding to the merchant system location are identified and retransmitted to the computing device associated with the first system location for display via the computing device associated with the first system location.
  - 19. The system of claim 17, wherein the processor is further configured to execute computer-readable program instructions stored on the storage device to cause the system to:
    - at a time before receiving a request from the computing device associated with the first system location for user account information, generate a second beacon device identifier code;
      
      in response to generating the second beacon device identifier code;
      
      associate the second beacon device identifier code with the beacon device and the first system location;
      
      disassociate the first beacon device identifier code with the beacon device and the first system location;
      
      transmit the second beacon device identifier code to the beacon device, wherein the beacon device broadcasts the second beacon device identifier code at the first system location via the local wireless network instead of the first beacon device identifier code upon receiving the second beacon device identifier code;
      
      receive the second beacon device identifier code from each of one or more user computing devices at a time after receiving the first beacon device identifier code; and
      
      receive the second beacon device identifier code from the computing device associated with the first system location in association with the data comprising the request for user account data instead of receiving the first beacon device identifier code,wherein the second beacon device identifier code and the first random nonce received from the computing device associated with the first system location are compared against the associated second beacon device identifier code and the associated first random nonce, andwherein, in response to determining a first exact correspondence between the received second beacon device identifier code and the associated second beacon device identifier code and a second exact correspondence between the received first random nonce and the associated first random nonce, the user account identifiers associated with the one or more user computing devices that retransmitted the second beacon device identifier code and having current location data corresponding to the first system location are identified and retransmitted to the computing device associated with the first system location for display via the computing device associated with the first system location.
  - 20. The system of claim 17, wherein the processor is further configured to execute computer-readable program instructions stored on the storage device to cause the system to:
    - receive from the computing device associated with the first system location, an indication of a selection of a particular user account identifier from the one or more displayed user account identifiers;
      
      retrieve, based on the user account identifier, payment account information associated with one or more payment accounts of the user account;
      
      transmit, to the computing device associated with the first system location, the payment account information for display via computing device associated with the first system location.
  - 21. The system of claim 20, wherein the processor is further configured to execute computer-readable program instructions stored on the storage device to cause the system to:
    - receive, from the computing device associated with the first system location, an indication of a selection of a particular payment account of the user account from the displayed payment account information for use in a transaction;
      
      receive, from the computing device associated with the first system location, transaction information to process the transaction comprising a total amount of transaction and first system payment account information associated with a payment account of the first system;
      
      transmit, to an issuer system associated with the selected particular payment account of the user account, a payment authorization request comprising the user payment account information, the first system payment account information, and the total amount of transaction;
      
      receive, from the issuer system, an approval of the payment authorization request; and
      
      in response to receiving the approval of the payment authorization request, transmit notification, to the computing device associated with the first system location, of the approval of the payment authorization request, wherein the computing device associated with the first system location transmits a receipt to a user computing device associated with the user account.
  - 22. The system of claim 17, wherein the computing device of the first system location comprises a point of sale device, wherein the first system location comprises a merchant system location, and wherein the first system comprises a merchant system

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Chandrasekaran, Sashikanth, Walfish, Sheldon Israel, Wang, Yilei, Xu, Zhihong

Granted Patent

US 10,033,712 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/202   Interconnection or interact...

G06Q 20/3224   Transactions dependent on l...

G06Q 20/36   using electronic wallets or...

H04L 63/0492   by using a location-limited...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0884   by delegation of authentica...

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

NETWORK SECURITY BASED ON PROXIMITY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK SECURITY BASED ON PROXIMITY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links