Systems and methods for providing location-based application authentication using a location token service

US 8,437,742 B2
Filed: 10/16/2009
Issued: 05/07/2013
Est. Priority Date: 10/16/2009
Status: Active Grant

First Claim

Patent Images

1. A method, for authenticating a mobile device associated with a user to permit the mobile device to access an application, comprising:

determining, by the mobile device, a location of the mobile device;

receiving, by the mobile device, via an input interface of the mobile device, a user identification and a password;

retrieving, from a subscriber identity system of the mobile device, a universal unique identifier and a telephone number;

generating, by the mobile device, a first message including the location, the universal unique identifier, the telephone number of the mobile device, the user identification, and the password;

sending the first message to a location token service server;

recording, by the location token service server, the location, the universal unique identifier the telephone number, the user identification, and the password;

authenticating, by the location token service server, the user identification and the password;

creating, by the location token service server, a user session associated with the mobile device based upon the location, the universal unique identifier, the telephone number, the user identification, and the password;

determining, subsequent to the user session being created, in response to an application being initiated on the mobile device, a current location of the mobile device and generating a second message including the current location, the universal unique identifier, the telephone number, the user identification, and the password;

sending the second message to the location token service server;

determining, by the location token service server, whether the current location is within a threshold distance of the location for a temporal threshold; and

returning, by the location token service server, if the location token service server determines that the current location is within the threshold distance of the location for the temporal threshold, a token to the mobile device, the token being used by the mobile device to permit access to the application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for implementing a location token service (LTS) to enhance the security of mobile device identity tokens by using the location of the mobile device to augment the tokens. The LTS enforces re-authentication (login) of the mobile device to one or more applications if the mobile device moves beyond a threshold distance from the location of the last use of the token within a time period defined in a temporal threshold. The LTS increases authentication strength and drastically reduces the potential for spoofing or otherwise permitting unauthorized access to one or more applications on the mobile device.

Citations

19 Claims

1. A method, for authenticating a mobile device associated with a user to permit the mobile device to access an application, comprising:
- determining, by the mobile device, a location of the mobile device;
  
  receiving, by the mobile device, via an input interface of the mobile device, a user identification and a password;
  
  retrieving, from a subscriber identity system of the mobile device, a universal unique identifier and a telephone number;
  
  generating, by the mobile device, a first message including the location, the universal unique identifier, the telephone number of the mobile device, the user identification, and the password;
  
  sending the first message to a location token service server;
  
  recording, by the location token service server, the location, the universal unique identifier the telephone number, the user identification, and the password;
  
  authenticating, by the location token service server, the user identification and the password;
  
  creating, by the location token service server, a user session associated with the mobile device based upon the location, the universal unique identifier, the telephone number, the user identification, and the password;
  
  determining, subsequent to the user session being created, in response to an application being initiated on the mobile device, a current location of the mobile device and generating a second message including the current location, the universal unique identifier, the telephone number, the user identification, and the password;
  
  sending the second message to the location token service server;
  
  determining, by the location token service server, whether the current location is within a threshold distance of the location for a temporal threshold; and
  
  returning, by the location token service server, if the location token service server determines that the current location is within the threshold distance of the location for the temporal threshold, a token to the mobile device, the token being used by the mobile device to permit access to the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising, if the location token service server determines that the current location is not within the threshold distance of the location for the temporal threshold:
    - notifying, by the location token service server, the mobile device that the user is not logged in thereby triggering the application to prompt the user for the user identification and the password to re-authenticate the user to the application;
      
      determining, by the mobile device, a new location of the mobile device;
      
      generating, by the mobile device, a third message including the new location, the universal unique identifier, the telephone number, the user identification, and the password;
      
      sending the third message to the location token service server;
      
      logging in, by the location token service server, the user with the user identification and the password;
      
      creating, by the location token service server, a new user session for the mobile device;
      
      returning, by the location token service server, a new token to the mobile device, the token being used by the mobile device to permit access to the application.
  - 3. The method of claim 2, wherein determining the location, the current location, and the new location comprises determining the location and the current location using a location component of the mobile device, the location component using at least one location determining technique to determine the location, the current location, and the new location.
  - 4. The method of claim 1, wherein determining the location and the current location comprises determining the location and the current location using a location component of the mobile device, the location component using at least one location determining technique to determine the location and the current location.
  - 5. The method of claim 1, wherein retrieving, from the subscriber identity system of the mobile device, the universal unique identifier and the telephone number comprises retrieving, from a subscriber identity module, the universal unique identifier and the telephone number.
  - 6. The method of claim 1, wherein retrieving, from the subscriber identity system of the mobile device, the universal unique identifier and the telephone number comprises retrieving, from a memory of the mobile device, the universal unique identifier and the telephone number.
  - 7. The method of claim 1, further comprising authenticating the mobile device associated with the user to permit the mobile device to access the application residing on the mobile device.
  - 8. The method of claim 1, further comprising authenticating the mobile device associated with the user to permit the mobile device to access the application residing on a server in a network.
  - 9. The method of claim 8, wherein returning, by the location token service server, the token to the mobile device comprises returning, by the location token service server, the token comprising the user identification and the password.

10. A method, for authenticating a mobile device associated with a user to permit the mobile device to access an application, comprising:
- receiving, by a location token service library of the mobile device, a request to initiate a location token service in response to the application being initiated on the mobile device;
  
  requesting, by the location token service library, a current location of the mobile device from a location services application of the mobile device, the location services application using a location component of the mobile device to determine the current location of the mobile device;
  
  receiving, by the location token service library, the current location from the location services application;
  
  requesting, by the location token service library, a universal unique identifier and a telephone number from a subscriber identity system of the mobile device;
  
  receiving, by the location token service library, the universal unique identifier and the telephone number from the subscriber identity system;
  
  generating, by the location token service library, a message comprising the current location, the universal unique identifier, and the telephone number;
  
  communicating, by the location token service library, communicating with an location token service server to transmit the message;
  
  receiving, by the location token service library, user login information from the location token service server;
  
  providing, by the location token service library, the user login information to the application, permitting a user to access the application on the mobile device; and
  
  receiving, by the location token service library, a notification from the location token service server indicating that the user is not logged in and therefore unable to access the application, the notification being triggered at the location token service server in response to the current location of the mobile device being outside of a predetermined location in which access to the application is permitted.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10, wherein retrieving, by the location token service library, the user login information from the location token service server and providing the user login information to the application comprises receiving, by the location token service library, a token from the location token service server and providing the token to the application.
  - 12. The method of claim 10, further comprising receiving, by the location token service library, a current location token service key from the location token service server, wherein generating, by the location token service library, the message comprises generating the message further including the current location token service key.

13. A method, for selectively permitting user access to an application stored on a mobile device, comprising:
- providing, by the mobile device, upon the application being initiated at the mobile device, authentication information to a location token service server to authenticate a user of the mobile device to access the application, the authentication information comprises a current location of the mobile device, a user identification, and a password; and
  
  determining, by the location token service server, whether the current location of the mobile device is within a threshold distance;
  
  providing, by the location token service server, if the location token service determines that the current location of the mobile device is within the threshold distance, the mobile device with a location token service token used by the mobile device to permit the user to access the application; and
  
  denying, by the location token server server, if the location token service determines that the current location of the mobile device is not within the threshold distance, the user access to the application.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, wherein the authentication information further comprises a universal unique identifier of the mobile device and a telephone number of the mobile device.
  - 15. The method of claim 14, further comprising determining, by the location token service server, whether the universal unique identifier and the telephone number are associated with an established user session.
  - 16. The method of claim 14, further comprising retrieving, by the mobile device, the universal unique identifier and the telephone number from a subscriber identity module of the mobile device.
  - 17. The method of claim 13, further comprising retrieving, by the mobile device, the current location from a location services application of the mobile device, the location services application using a location component of the mobile device to determine the current location.
  - 18. The method of claim 13, further comprising determining, by the location token service server, if the current location of the mobile device is within the threshold distance within a predetermined time.
  - 19. The method of claim 13, further comprising:
    - prompting, by the location token service server, the user of the mobile device for the user identification and the password;
      
      prompting, by the location token service server, the mobile device for a universal unique identifier and a telephone number of the mobile device;
      
      prompting, by the location token service server, the mobile device for a new location of the mobile device;
      
      creating, by the location token service server, a new user session based upon the user identification, the password, the universal unique identifier, the telephone number, and the new location; and
      
      assigning, by the location token service, a new threshold distance from the new location and a new temporal threshold for the new user session, the new threshold distance defining a distance within which the location token service server will permit the user to access the application and the new temporal threshold defining a time period within which the user must access the application without having to re-authenticate the application to the location token service server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ServiceNow Incorporated
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Garskof, Robert
Primary Examiner(s)
Beamer, Temica M

Application Number

US12/580,543
Publication Number

US 20110092185A1
Time in Patent Office

1,299 Days
Field of Search

455/410, 455/411, 455/456.1, 455/456.2, 380/247, 380/258, 380/259, 380/270, 380/279, 380/44, 726/3, 726/4, 726/5, 726/6, 726/8, 726/9
US Class Current

455/411
CPC Class Codes

G06F 21/35   communicating wirelessly

H04L 63/083   using passwords cryptograph...

H04L 63/107   wherein the security polici...

H04M 1/67   by electronic means

H04M 1/72412   using two-way short-range w...

H04M 1/72457   according to geographic loc...

H04M 2250/10   including a GPS signal rece...

H04W 12/065   Continuous authentication

H04W 4/02   Services making use of loca...

H04W 4/023   using mutual or relative lo...

H04W 4/027   using movement velocity, ac...

H04W 4/029   Location-based management o...

H04W 4/50   Service provisioning or rec...

Systems and methods for providing location-based application authentication using a location token service

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing location-based application authentication using a location token service

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links