Location based authentication

US 8,321,913 B2
Filed: 03/10/2006
Issued: 11/27/2012
Est. Priority Date: 03/31/2005
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a mobile wireless user device, the method comprising:

the user device identifying other devices detected as being within the proximity of the user device using at least one mode of wireless access technology communications between the user device and the other devices to generate a current location signature comprising a plurality of weighted device identifiers;

transmitting the current location signature to a server arranged to;

compare the weighted identifier of each of said other devices listed in the current location signature with earlier listed reference weighted device identifiers comprising an authenticated reference signature;

whereby said user device is authenticated when the identifier comparison of the device identifiers listed in the current location signature with earlier reference device identifiers listed in the authenticated reference signature meets a matching threshold comparison condition for authentication,wherein each said weighted device identifier comprises a device identifier which is weighted differently in dependence on each different wireless access technology communications mode used to identify at least one of the other devices in said location signature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to authenticating a mobile device using logical location information associated with the device which provides an indication of the proximity of the device to other devices. The present invention provides a mechanism for authenticating a mobile device based on location related information or a “logical location”, but without requiring an actual location. The mobile user device identifies or discovers other devices, using direct wireless communication, within its vicinity and forwards this information to the authenticating authority. If this information matches previous or otherwise predetermined information, then the device is authenticated.

Citations

30 Claims

1. A method of authenticating a mobile wireless user device, the method comprising:
- the user device identifying other devices detected as being within the proximity of the user device using at least one mode of wireless access technology communications between the user device and the other devices to generate a current location signature comprising a plurality of weighted device identifiers;
  
  transmitting the current location signature to a server arranged to;
  
  compare the weighted identifier of each of said other devices listed in the current location signature with earlier listed reference weighted device identifiers comprising an authenticated reference signature;
  
  whereby said user device is authenticated when the identifier comparison of the device identifiers listed in the current location signature with earlier reference device identifiers listed in the authenticated reference signature meets a matching threshold comparison condition for authentication,wherein each said weighted device identifier comprises a device identifier which is weighted differently in dependence on each different wireless access technology communications mode used to identify at least one of the other devices in said location signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. A method as claimed in claim 1, wherein the method further comprises:
    - determining for at least one identified other device a proximity range value indicating the proximity of the device to the user device;
      
      comparing said range value with a reference range value for said identified other device; and
      
      ,authenticating said user device if said proximity comparison indicates said proximity range value is an acceptable proximity range being a proximity range value less or equal to said reference proximity range value.
  - 3. A method as claimed in claim 2, wherein said proximity range value is determined by said user device detecting a physical characteristic of a communications signal between at least one of said other wireless devices and said user device.
  - 4. A method as claimed in claim 2, wherein said authenticating requires all proximity comparisons to indicate that said user device is within a range of proximity less or equal to a reference range for each of said other wireless devices.
  - 5. A method as claimed in claim 2, wherein said authentication is performed automatically as soon as said user device enters a proximity range sufficient for authentication.
  - 6. A method according to claim 2, wherein in said comparing a proximity range value to a reference value, the comparison threshold comprises having at least a predetermined percentage of the same identifiers of the other devices as the reference identifiers.
  - 7. A method as claimed in claim 1, wherein said user device is further identified by its spatial location, wherein the spatial location is determined by the proximity of the device to a plurality of fixed spatial reference points associated with said other wireless devices.
  - 8. A method according to claim 1, wherein the modes of wireless access technology communications comprises using one or more wireless access technologies to directly communicate with one or more of said other devices in order to request respective identifiers.
  - 9. A method according to claim 8 wherein one or more said wireless access technologies are used to communicate with all said other devices having said wireless access technology capability within respective ranges of said user device.
  - 10. A method according to claim 8 wherein the wireless access technology comprises one or more of the following group:
    - IEEE802.11a;
      
      IEEE802.11b;
      
      IEEE802.11g;
      
      Bluetooth.
  - 11. A method according to claim 1, wherein the identifiers comprise the MAC addresses of the other devices.
  - 12. A method according to claim 1, wherein the reference identifiers comprise the identifiers of the other devices compared on a previous successful authentication attempt.
  - 13. A method according to claim 1, wherein the comparison threshold comprises having at least a predetermined percentage of the same identifiers of the other devices as the reference identifiers.
  - 14. A method according to claim 1 wherein, for each other device identifier, the weighting is dependent on the range of mobility of at least one of the respective other devices.
  - 15. A method according to claim 1, wherein in response to an authentication challenge received from a server, the user device performs said identifying said other wireless devices and forwards said identifiers to said server for use in said comparing.
  - 16. A method as claimed in claim 1, wherein the threshold comparison condition for authentication comprises a threshold percentage of current location signature device identifiers matching reference identifiers comprising an authenticated reference signature.
  - 17. A method as claimed in claim 16, wherein an authenticated reference signature comprising device identifiers received from the user device when in a different geographic location from a current geographic location of the user device is used to authenticate the user device at the current location.
  - 18. A method as claimed in claim 1, wherein an identifier for another device is tagged in the location signature file with the wireless access technology used to determine the identifier.

19. A method of authenticating a mobile wireless user device, the method comprising steps of:
- identifying other devices detected as being within the proximity of the user device using at least one mode of wireless access technology communications between the user device and the other devices to generate a current location signature comprising respective weighted device identifiers for each identified other device;
  
  comparing the identifier of each of said other devices listed in the current location signature with earlier listed reference device identifiers comprising an authenticated reference signature;
  
  authenticating said user device when the identifier comparison of the listed device identifiers of the current location signature with the earlier listed reference device identifiers comprising the authenticated reference signature meets a threshold comparison condition for authentication,determining for at least one of the identified other devices a proximity range value indicating the proximity of the device to the user device;
  
  comparing said range value with a reference range value for at least one of said identified other devices andauthenticating said user device if said proximity comparison indicates said proximity range value is an acceptable proximity range being a proximity range value less or equal to said reference proximity range value,wherein said device sends an updated proximity range value at subsequent points of time following said initial authentication, and if an updated proximity range values exceeds said acceptable proximity range, a server issues an authentication challenge, and wherein in response to an authentication challenge received from a server, repeating the above steps to authenticate the device, andwherein each said weighted device identifier comprises a device identifier which is weighted differently in dependence on each different wireless access technology communications mode used to identify at least one of the other devices in said location signature.

20. A method of authenticating a mobile wireless user device, the method comprising the user device performing:
- receiving an authentication challenge from a server;
  
  identifying other wireless devices as being in its proximity using a mode of wireless access technology communication with said other devices; and
  
  forwarding a current location signature comprising said identifiers to said server in response to said challenge, whereby if said current location signature when compared with an authenticated reference signature meets a threshold condition for authentication, said user device is authenticated,wherein said current location signature comprises at least one weighted device identifier comprising a device identifier for at least one of said other devices which is weighted differently, based on different wireless access technology communications modes, than a device identifier used to identify another one of said other devices.
- View Dependent Claims (21, 22)
- - 21. A method as claimed in claim 20, further comprising the user device performing:
    - determining a proximity range value for at least one identified device indicating the proximity range of said at least one identified device to said user device; and
      
      forwarding said proximity range value to said server in response to said challenge.
  - 22. A method as claimed in claim 21, further comprising:
    - receiving the proximity range value in association with an identifier for one or more of said other devices, each proximity range value indicating the proximity of one or more of said other devices to said user device;
      
      comparing each said received proximity range value with a stored proximity range value;
      
      authenticating said user device when each received proximity range value is less than or equal to said stored proximity range value associated with said device identifier.

23. A method of authenticating a wireless user device, the method comprising a server performing:
- forwarding an authentication challenge to said user device;
  
  receiving a current location signature from said user device, the current location signature comprising a list of weighted identifiers for a plurality of other devices determined by said user device as being in the proximity of the user device in response to said challenge using a wireless access technology communications mode;
  
  comparing said identifiers in said current location signature with reference identifiers comprising an authenticated reference signature for said user device; and
  
  authenticating said user device when the comparison meets a threshold condition for authentication, andwherein each said weighted device identifier comprises a device identifier which is weighted differently in dependence on each different wireless access technology communications mode used to identify at least one of the other devices in said location signature.
- View Dependent Claims (24)
- - 24. A method as claim 23, wherein the server further performs:
    - receiving at least one proximity range value in association with a device identifier, said proximity range value indicating the range of said identified device to said user device;
      
      comparing said received proximity range value with a stored proximity range value;
      
      authenticating said user device when said received proximity range value is less than or equal to said stored proximity range value.

25. A system for authenticating a wireless user device, the system comprising:
- a processor;
  
  a module which, when executed, identifies other devices as being in the proximity of the user device using wireless communication between the user device and the other devices to generate a current location signature comprising a list of weighted identifiers for said other devices;
  
  a module which, when executed, compares a plurality of said weighted identifiers for said other devices in said current location signature with reference weighted identifiers, comprising an authenticated reference signature; and
  
  a module which, when executed, authenticates said user device when the comparison between said current location signature and said authenticated reference signature meets a threshold condition for authentication,wherein each said weighted device identifier comprises a device identifier which is weighted differently in dependence on each different wireless access technology communications mode used to identify at least one of the other devices in said location signature.
- View Dependent Claims (26)
- - 26. A system as claimed in claim 25, wherein the system further comprises:
    - a module which, when executed, receives a proximity range value for each identified one of the other devices said value indicating the proximity range of said identified device to said user device;
      
      a module which, when executed, compares said received proximity range value with a stored proximity range value;
      
      a module which, when executed, authenticates said user device when said received proximity range value is less than or equal to said stored proximity range value.

27. A wireless user device arranged to be authenticated according to a method comprising:
- the user device identifying other devices detected as being within the proximity of the user device using at least one mode of wireless access technology communications between the user device and the other devices to generate a current location signature comprising a plurality of weighted device identifiers;
  
  transmitting the current location signature to a server arranged to;
  
  compare the weighted identifier of each of said other devices listed in the current location signature with earlier listed reference weighted device identifiers comprising an authenticated reference signature;
  
  whereby said user device is authenticated when the identifier comparison of the device identifiers listed in the current location signature with earlier reference device identifiers listed in the authenticated reference signature meets a matching threshold comparison condition for authentication,wherein each said weighted device identifier comprises a device identifier which is weighted differently in dependence on each different wireless access technology communications mode used to identify the other devices in said location signaturethe device having a processing system which, when executed;
  
  receives an authentication challenge from a server;
  
  identifies other wireless devices as being in the proximity of the device using the at least one mode of wireless access technology communications with the other devices;
  
  weights each said device identifier differently in dependence on the wireless access technology communications mode used to identify at least one of the other devices;
  
  generates a current location signature comprising a list of said weighted identifiers for said other wireless devices identified by the user device; and
  
  forwards said current location signature comprising said weighted identifiers to said server in response to said challenge.
- View Dependent Claims (28)
- - 28. A wireless user device as claimed in claim 27, wherein the wireless user device has a further configuration to:
    - determine a proximity range value for each identified other device said value indicating the proximity range of said identified device to said user device;
      
      forward said proximity range to said server in response to said challenge in association with said other device identifier.

29. A server for authenticating a wireless user device, the server comprising:
- a processing system which, when executed;
  
  forwards an authentication challenge to said user device;
  
  receives a current location signature comprising a list of weighted identifiers for other devices in the proximity of the user device in response to said challenge;
  
  compares current location signature listed identifiers with reference identifiers comprising an authenticated reference signature for said user device; and
  
  authenticates said user device when the comparison meets a threshold for authentication,wherein each said device identifier is weighted in said location signature in dependence on which wireless access technology communications mode was used to identify at least one of the other devices in said location signature.

30. A method of authenticating a mobile wireless user device, the method comprising:
- the user device identifying other trusted devices detected as being within the proximity of the user device using wireless communication between the user device and the other trusted devices to generate a current location signature;
  
  transmitting the current location signature to a server arranged to;
  
  compare the identifier of each of said other devices listed in the current location signature with earlier listed reference device identifier comprising an authenticated reference signature;
  
  whereby said user device is authenticated when the identifier comparison of the listed device identifiers of the current location signature with the earlier listed reference device identifiers comprising the authenticated reference signature meets a matching threshold comparison condition for authentication,wherein each said other trusted device identifier is weighted in dependence on the wireless communications access technology used to identify at least one of the other devices in said location signature and wherein different wireless communications access technologies have different matching thresholds allocated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
British Telecommunications PLC (BT Group PLC)
Original Assignee
British Telecommunications PLC (BT Group PLC)
Inventors
Turnbull, Rory S., Gedge, Richard
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
LEWIS, LISA C

Application Number

US11/887,405
Publication Number

US 20090254975A1
Time in Patent Office

2,454 Days
Field of Search

726 2- 4
US Class Current

726/4
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04W 12/06   Authentication

H04W 12/63   Location-dependent; Proximi...

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

H04W 84/12   WLAN [Wireless Local Area N...

Location based authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Location based authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links