Location as a second factor for authentication

US 8,793,776 B1
Filed: 09/12/2011
Issued: 07/29/2014
Est. Priority Date: 09/12/2011
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a log-in request based on location, the method comprising:

receiving, with one or more processors, a log-in request from a first user device;

determining, with the one or more processors, a first location and a time of the log-in request received from the first user device;

determining, with the one or more processors, a current location of a registered mobile user device;

computing, with the one or more processors, a distance between the first location of the log-in request and the current location of the registered mobile user device;

determining, with the one or more processors, whether the computed distance exceeds a threshold;

authenticating, with the one or more processors, the log-in request responsive to determining that the computed distance is within or less than the threshold; and

transmitting, with the one or more processors, a warning notification to the registered mobile user device, the warning notification including the first location and the time of the log-in request received from the first user device responsive to determining that the computed distance exceeds the threshold.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authenticating a log-in request based on location using an authentication application. The authentication application includes a processing unit, a location module, an authentication module, a user interface engine, and a notification module. The processing unit receives a log-in request from a third party application. The processing unit also receives a location of the log-in request and a location of a registered user device. The location module computes a distance between the location of the log-in request and the location of the registered user device. The authentication module determines whether the computed distance exceeds a threshold. The authentication module authenticates the log-in request responsive to determining that the computed distance is within or less than the threshold. The authentication module denies authentication to the log-in request responsive to determining that the computed distance exceeds the threshold.

61 Citations

View as Search Results

27 Claims

1. A method for authenticating a log-in request based on location, the method comprising:
- receiving, with one or more processors, a log-in request from a first user device;
  
  determining, with the one or more processors, a first location and a time of the log-in request received from the first user device;
  
  determining, with the one or more processors, a current location of a registered mobile user device;
  
  computing, with the one or more processors, a distance between the first location of the log-in request and the current location of the registered mobile user device;
  
  determining, with the one or more processors, whether the computed distance exceeds a threshold;
  
  authenticating, with the one or more processors, the log-in request responsive to determining that the computed distance is within or less than the threshold; and
  
  transmitting, with the one or more processors, a warning notification to the registered mobile user device, the warning notification including the first location and the time of the log-in request received from the first user device responsive to determining that the computed distance exceeds the threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising denying authentication to the log-in request responsive to determining that the computed distance exceeds the threshold.
  - 3. The method of claim 2, wherein the warning notification to the registered mobile user device includes a link to modify a setting of a third party application for which the log-in request was received.
  - 4. The method of claim 1, wherein the first location of the log-in request is determined based at least in part on an internet protocol address of a browser running on the first user device.
  - 5. The method of claim 1, further comprising generating a user interface that requests a response from a user that submitted the log-in request.
  - 6. The method of claim 5, wherein the response is at least one of a biometric response, a response to a question, and a code.
  - 7. The method of claim 5 further comprising:
    - receiving the response from the user;
      
      authenticating the log-in request responsive to determining that the response from the user matches a response stored on a user-profile of the user; and
      
      denying authentication to the log-in request responsive to determining that the response from the user does not match the response stored on the user-profile of the user.
  - 8. The method of claim 1, wherein the current location of the registered mobile user device is at least one from the group of an Internet Protocol (IP) address, a media access control (MAC) address, a location determined using a geo-location application, a location determined using global positioning system (GPS) and a location determined using radio frequency identification (RFID).
  - 9. The method of claim 1, further comprising transmitting a request for the current location of the registered mobile user device and an access token to the registered mobile user device.
  - 10. The method of claim 1, wherein the first location of the log-in request is the first location of the first user device with which a user submits the log-in request.
  - 11. The method of claim 1, further comprising receiving a log-in request for a financial transaction.
  - 12. The method of claim 1, wherein the distance is a geographical distance.

13. A system for authenticating a log-in request based on location, the system comprising:
- one or more processors;
  
  a processing unit stored on a memory and executable by the one or more processors, the processing unit for receiving a log-in request from a first user device, determining a first location and a time of the log-in request received from the first user device and determining a current location of a registered mobile user device;
  
  a location module stored on the memory and executable by the one or more processors, the location module coupled to the processing unit for computing a distance between the first location of the log-in request and the current location of the registered mobile user device; and
  
  an authentication module stored on the memory and executable by the one or more processors, the authentication module coupled to the location module for determining whether the computed distance exceeds a threshold and authenticating the log-in request responsive to determining that the distance is within or less than the threshold; and
  
  a notification module stored on the memory and executable by the one or more processors, the notification module coupled to the authentication module for transmitting a warning notification to the registered mobile user device, the warning notification including the first location and the time of the log-in request received from the first user device responsive to determining that the computed distance exceeds the threshold.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The system of claim 13, wherein the authentication module denies authentication to the log-in request responsive to determining that the computed distance exceeds the threshold.
  - 15. The system of claim 13, wherein the warning notification to the registered mobile user device includes a link to modify a setting of a third party application for which the log-in request was received.
  - 16. The system of claim 13, wherein the processing unit determines the current location of the log-in request based at least in part on an internet protocol address of a browser running on the first user device.
  - 17. The system of claim 13, further comprising a user interface engine for generating a user interface that requests a response from a user that submitted the log-in request.
  - 18. The system of claim 17, wherein the response is at least one of a biometric response, a response to a question, and a code.
  - 19. The system of claim 17, wherein the authentication module further authenticates the log-in request responsive to determining that the response from the user matches a response stored on a user-profile of the user and denies authentication to the log-in request responsive to determining that the response from the user does not match the response stored on the user-profile of the user.
  - 20. The system of claim 19, further comprising a storage for storing the user-profile.
  - 21. The system of claim 13, wherein the current location of the registered mobile user device is at least one from the group of an Internet Protocol (IP) address, a media access control (MAC) address, a location determined using a geo-location application, a location determined using global positioning system (GPS) and a location determined using radio frequency identification (RFID).
  - 22. The system of claim 13, wherein the processing unit transmits a request for the registered mobile user device'"'"'s current location and an access token to the registered mobile user device.

23. A computer program product comprising a non-transitory computer useable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- receive a log-in request from a first user device;
  
  determine a first location and a time of the log-in request received from the first user device;
  
  determine a current location of a registered mobile user device;
  
  compute a distance between the first location of the log-in request and the current location of the registered mobile user device;
  
  determine whether the computed distance exceeds a threshold; and
  
  authenticate the log-in request responsive to determining that the computed distance is within or less than the threshold; and
  
  transmitting a warning notification to the registered mobile user device, the warning notification including the first location and the time of the log-in request received from the first user device responsive to determining that the computed distance exceeds the threshold.
- View Dependent Claims (24)
- - 24. The computer program product of claim 23, further causing the computer to deny authentication to the log-in request responsive to determining that the computed distance exceeds the threshold.

25. A method for automatically logging-out a user based on location, the method comprising:
- determining a first location where the user is logged-in to a third-party application, the first location being associated with a first device;
  
  determining a current location of a registered mobile user device;
  
  computing a distance between the first location where the user is logged-in to the third party application and the current location of the registered mobile user device;
  
  determining whether the computed distance exceeds a threshold; and
  
  logging-out the user from the third-party application responsive to determining that the computed distance exceeds the threshold.

26. A system for automatically logging-out a user based on location, the system comprising:
- one or more processors;
  
  a processing unit stored on a memory and executable by the one or more processors, the processing unit for determining a first location where the user is logged-in to a third party application, the first location being associated with a first device and determining a current location of a registered mobile user device;
  
  a location module stored on the memory and executable by the one or more processors, the location module coupled to the processing unit for computing a distance between the first location where the user is logged-in to the third party application and the current location of the registered mobile user device; and
  
  an authentication module stored on the memory and executable by the one or more processors, the authentication module coupled to the location module for determining whether the computed distance exceeds a threshold and logging-out the user from the third party application responsive to determining that the computed distance exceeds the threshold.

27. A computer program product comprising a non-transitory computer useable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- determine a first location where a user is logged-in to a third party application, the first location being associated with a first device;
  
  determine a current location of a registered mobile user device;
  
  compute a distance between the first location where the user is logged-in to the third party application and the current location of the registered mobile user device;
  
  determine whether the computed distance exceeds a threshold; and
  
  log-out the user from the third-party application responsive to determining that the computed distance exceeds the threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Jackson, Dean K.
Primary Examiner(s)
Gergiso, Techane

Application Number

US13/230,545
Time in Patent Office

1,051 Days
Field of Search

726/7
US Class Current

726/7
CPC Class Codes

G06F 21/31   User authentication

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

H04W 4/021   Services related to particu...

H04W 4/023   using mutual or relative lo...

Location as a second factor for authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

61 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Location as a second factor for authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links