Method and apparatus for authenticating a user at an access terminal

US 7,559,081 B2
Filed: 09/18/2003
Issued: 07/07/2009
Est. Priority Date: 09/18/2003
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user who is attempting access to a network resource or service on a computer or server through an access terminal, the method comprising:

determining an ID of the user attempting access,determining a current physical location of the access terminal;

determining a current physical location of an identified mobile terminal, the mobile terminal being unassociated with the access terminal, the identity of the mobile terminal being associated with an authorized user who has the determined ID;

comparing the current physical location of the access terminal with the current physical location of the mobile terminal to verify the location of the authorized user as being within a range of the access terminal; and

denying or granting access to the network resource or service based on the results of the comparing step.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure access to a network resource running on a computer or server, is provided by a method that compares the current physical location of a network access terminal through which a user is attempting to access the network resource, and the current physical location of a mobile terminal on the person of the user who is authorized to access the network resource. If the locations different, then access is denied.

Citations

24 Claims

1. A method for authenticating a user who is attempting access to a network resource or service on a computer or server through an access terminal, the method comprising:
- determining an ID of the user attempting access,determining a current physical location of the access terminal;
  
  determining a current physical location of an identified mobile terminal, the mobile terminal being unassociated with the access terminal, the identity of the mobile terminal being associated with an authorized user who has the determined ID;
  
  comparing the current physical location of the access terminal with the current physical location of the mobile terminal to verify the location of the authorized user as being within a range of the access terminal; and
  
  denying or granting access to the network resource or service based on the results of the comparing step.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein if the current physical location of the access terminal and the current physical location of the mobile terminal are within a predetermined range of one another, then access is granted.
  - 3. The method of claim 1 wherein the physical location of the access terminal is determined from a received response to a location query sent to the access terminal.
  - 4. The method of claim 1 wherein the access terminal is at a fixed location that is determined from an identity of that access terminal.
  - 5. The method of claim 1 wherein the physical location of the mobile terminal is determined from a received response to a location query sent to the mobile terminal.
  - 6. The method of claim 1 wherein the physical location of the mobile terminal is determined from a message received from the mobile terminal that is sent by the user.
  - 7. The method of claim 6 wherein the message received from the mobile terminal identifies the current location of the mobile terminal and identity of the mobile terminal.

8. A method at a mobile terminal comprising:
- in response to a request, determining a current physical location of the mobile terminal and sending the determined current physical location to a specified location for comparison with a current physical location of an access terminal from which a user is attempting access to a network resource or service and for which the mobile terminal has been identified as being associated with an authorized user of the network resource or service, and to verify the location of the authorized user as being within a range of the access terminal based on the comparison access to the network resource or service is granted or denied, the mobile terminal and the access terminal not being associated.
- View Dependent Claims (9, 10)
- - 9. The method of claim 8 wherein the request is received and the response sent over a wireless network.
  - 10. The method of claim 8 wherein the request is received on the access terminal and the response is sent over a wireless network.

11. Apparatus for authenticating a user who is attempting access to a network resource or service on a computer or server through an access terminal, the apparatus comprising:
- means for determining an ID of the user attempting access,means for determining a current physical location of the access terminal;
  
  means for determining a current physical location of an identified mobile terminal, the identity of the mobile terminal being associated with an authorized user who has the determined ID, the mobile terminal being unassociated with the access terminal;
  
  means for comparing the current physical location of the access terminal with the current physical location of the mobile terminal to verify the location of the authorized user as being within a range of the access terminal; and
  
  means for denying or granting access to the network resource or service based on the comparison.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The apparatus of claim 11 wherein access is denied if the current physical location of the access terminal and the current physical location of the mobile terminal are different or not within a predetermined range of one another.
  - 13. The apparatus of claim 11 wherein the physical location of the access terminal is determined from a received response to a location query sent to the access terminal.
  - 14. The apparatus of claim 11 wherein the access terminal is at a fixed location that is determined from the identity of that access terminal.
  - 15. The apparatus of claim 11 wherein the physical location of the mobile terminal is determined from a received response to a location query sent to the mobile terminal.
  - 16. The apparatus of claim 11 wherein the physical location of the mobile terminal is determined from a message received from the mobile terminal that is sent by the user.
  - 17. The apparatus of claim 16 wherein the message received from the mobile terminal identifies the current location of the mobile terminal and identity of the mobile terminal.

18. A computer readable medium tangibly embodying a program of instructions executable by a computer to perform a method for authenticating a user who is attempting access to a network resource or service on a computer or server through an access terminal, the method comprising:
- determining an ID of the user attempting access,determining a current physical location of the access terminal;
  
  determining a current physical location of an identified mobile terminal, the identity of the mobile terminal being associated with an authorized user who has the determined ID, the mobile terminal being unassociated with the access terminal;
  
  comparing the current physical location of the access terminal with the current physical location of the mobile terminal to verify the location of the authorized user as being within a range of the access terminal; and
  
  denying or granting access to the network resource or service based on the results of the comparing step.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The medium of claim 18 wherein the method if the current physical location of the access terminal and the current physical location of the mobile terminal are within a predetermined range of one another, then access is granted.
  - 20. The medium of claim 18 wherein in the method the physical location of the access terminal is determined from a received response to a location query sent to the access terminal.
  - 21. The medium of claim 18 wherein in the method the access terminal is at a fixed location that is determined from an identity of that access terminal.
  - 22. The medium of claim 18 wherein the method the physical location of the mobile terminal is determined from a received response to a location query sent to the mobile terminal.
  - 23. The medium of claim 18 wherein the method the physical location of the mobile terminal is determined from a message received from the mobile terminal that is sent by the user.
  - 24. The medium of claim 23 wherein the method the message received from the mobile terminal identifies the current location of the mobile terminal and identity of the mobile terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Original Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Inventors
Seidlein, Rupert
Primary Examiner(s)
Lipman; Jacob

Application Number

US10/665,763
Publication Number

US 20050066179A1
Time in Patent Office

2,119 Days
Field of Search

726/9
US Class Current

726/9
CPC Class Codes

G06Q 20/3224   Transactions dependent on l...

G06Q 20/4014   Identity check for transact...

G07C 2209/63   Comprising locating means f...

G07C 9/27   with central registration

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 12/63   Location-dependent; Proximi...

H04W 12/71   Hardware identity

H04W 64/00   Locating users or terminals...

Method and apparatus for authenticating a user at an access terminal

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for authenticating a user at an access terminal

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links