Authentication based on proximity to mobile device

US 9,075,979 B1
Filed: 06/04/2012
Issued: 07/07/2015
Est. Priority Date: 08/11/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-readable storage medium storing computer software instructions executable by one or more data processing apparatus which, upon such execution, cause the one or more data processing apparatus to perform operations comprising:

receiving, at a computer system, user input entered by a user through a user interface of the computer system;

determining, based on the user input, that the user has successfully completed an authentication factor for gaining access to the computer system;

receiving position data that includes (i) first GPS position data that specifies a position of a mobile computing device associated with the user, and (ii) second GPS position data that specifies a position of the computer system;

determining a distance between the position of the mobile computing device specified by the first GPS position data and the position of the computer system specified by the second GPS position data;

determining that the distance does not exceed a maximum threshold distance;

authenticating, by the computer system, the user for the access to the computer system based at least on determining that;

(i) the user has successfully completed the authentication factor, and(ii) the determined distance does not exceed the maximum threshold distance; and

in response to authenticating the user, providing the user access to a second user interface of the computer system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for performing multi-factor authentication. In one aspect, a method includes determining that a user has successfully completed an authentication factor, determining whether a mobile device associated with the user is proximate to a computer; and authenticating the user based on determining that the user has successfully completed the authentication factor, and that the mobile device is proximate to the computer.

245 Citations

27 Claims

1. A computer-readable storage medium storing computer software instructions executable by one or more data processing apparatus which, upon such execution, cause the one or more data processing apparatus to perform operations comprising:
- receiving, at a computer system, user input entered by a user through a user interface of the computer system;
  
  determining, based on the user input, that the user has successfully completed an authentication factor for gaining access to the computer system;
  
  receiving position data that includes (i) first GPS position data that specifies a position of a mobile computing device associated with the user, and (ii) second GPS position data that specifies a position of the computer system;
  
  determining a distance between the position of the mobile computing device specified by the first GPS position data and the position of the computer system specified by the second GPS position data;
  
  determining that the distance does not exceed a maximum threshold distance;
  
  authenticating, by the computer system, the user for the access to the computer system based at least on determining that;
  
  (i) the user has successfully completed the authentication factor, and(ii) the determined distance does not exceed the maximum threshold distance; and
  
  in response to authenticating the user, providing the user access to a second user interface of the computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The medium of claim 1, wherein authenticating the user is further based on determining the existence of a connection between the mobile computing device and the computer system.
  - 3. The medium of claim 1, comprising forming an association between the mobile computing device and the user prior to determining that the user has successfully completed the authentication factor for gaining access to the computer system.
  - 4. The medium of claim 3, wherein the association is formed through user interaction with the computer system.
  - 5. The medium of claim 3, further comprising:
    - determining that the mobile computing device is no longer to be used to authenticate the user for access to the computer system; and
      
      eliminating the association between the mobile computing device and the user based on determining that the mobile computing device is no longer to be used to authenticate the user for access to the computer system.
  - 6. The medium of claim 5, wherein determining that the mobile computing device is no longer to be used to authenticate the user for access to the computer system comprises determining that the mobile computing device has been reported lost.
  - 7. The medium of claim 3, comprising:
    - establishing a short-range wireless connection between the mobile computing device and the computer system,communicating with the mobile computing device over the short-range wireless connection to determine an identity of the mobile computing device, andconfirming the association between the mobile computing device and the user based on the identity of the mobile computing device.
  - 8. The medium of claim 7, wherein authenticating the user is further based on determining that a short-range wireless connection exists between the mobile computing device and the computer system;
    - andwherein determining that the short-range wireless connection exists between the mobile computing device and the computer system is performed in response to receiving the user input.
  - 9. The medium of claim 1, wherein the user input is a username and password associated with a user account belonging to the user.

10. A system comprising:
- one or more computers; and
  
  a computer-readable storage medium storing computer software instructions executable by the one or more computers which, upon such execution, cause the one or more computers to perform operations comprising;
  
  receiving, at a computer system, user input entered by a user through a user interface of the computer system;
  
  determining, based on the user input, that the user has successfully completed an authentication factor for gaining access to the computer system;
  
  accessing data specifying predetermined days or times when a mobile computing device is permitted to be used in authenticating the user;
  
  determining that a current day or a current time is within one of the predetermined days or times when the mobile computing device is permitted to be used to authenticate the user;
  
  receiving position data that specifies (i) a position of the mobile computing device associated with the user, and (ii) a position of the computer system;
  
  determining a distance between the position of the mobile computing device and the position of the computer system;
  
  determining that the distance does not exceed a maximum threshold distance; and
  
  authenticating, by the computer system, the user for the access to the computer system based at least on determining that;
  
  (i) the user has successfully completed the authentication factor,(ii) the current day or the current time is within one of the predetermined days or times when the mobile computing device is permitted to be used to authenticate the user, and(iii) the determined distance does not exceed the maximum threshold distance.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, wherein authenticating the user is further based on determining the existence of a connection between the mobile computing device and the computer system.
  - 12. The system of claim 10, comprising forming an association between the mobile computing device and the user prior to determining that the user has successfully completed the authentication factor for gaining access to the computer system.
  - 13. The system of claim 12, wherein the association is formed through user interaction with the computer system.
  - 14. The system of claim 12, further comprising:
    - determining that the mobile computing device is no longer to be used to authenticate the user for access to the computer system; and
      
      eliminating the association between the mobile computing device and the user based on determining that the mobile computing device is no longer to be used to authenticate the user for access to the computer system.
  - 15. The system of claim 12, comprising:
    - establishing a short-range wireless connection between the mobile computing device and the computer system,communicating with the mobile computing device over the short-range wireless connection to determine an identity of the mobile computing device, andconfirming the association between the mobile computing device and the user based on the identity of the mobile computing device.

16. A computer-implemented method comprising:
- receiving, at a computer system, user input entered by a user through a user interface of the computer system;
  
  determining, based on the user input, that the user has successfully completed an authentication factor for gaining access to the computer system;
  
  receiving position data that includes (i) first GPS position data that specifies a position of a mobile computing device associated with the user, and (ii) second GPS position data that specifies a position of the computer system;
  
  determining a distance between the position of the mobile computing device specified by the first GPS position data and the position of the computer system specified by the second GPS position data;
  
  determining that the distance does not exceed a maximum threshold distance;
  
  authenticating, by the computer system, the user for the access to the computer system based at least on determining that;
  
  (i) the user has successfully completed the authentication factor, and(ii) the determined distance does not exceed the maximum threshold distance; and
  
  in response to authenticating the user, providing the user access to a second user interface of the computer system.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein authenticating the user is further based on determining the existence of a connection between the mobile computing device and the computer system.
  - 18. The method of claim 16, comprising forming an association between the mobile computing device and the user, the association being formed prior to determining that the user has successfully completed the authentication factor for gaining access to the computer system.

19. A system comprising:
- one or more computers; and
  
  a computer-readable storage medium storing computer software instructions executable by the one or more computers which, upon such execution, cause the one or more computers to perform operations comprising;
  
  receiving, at a computer system, user input entered by a user through a user interface of the computer system;
  
  determining, based on the user input, that the user has successfully completed an authentication factor for gaining access to the computer system;
  
  receiving position data that includes (i) first GPS position data that specifies a position of a mobile computing device associated with the user, and (ii) second GPS position data that specifies a position of the computer system;
  
  determining a distance between the position of the mobile computing device specified by the first GPS position data and the position of the computer system specified by the second GPS position data;
  
  determining that the distance does not exceed a maximum threshold distance;
  
  authenticating, by the computer system, the user for the access to the computer system based at least on determining that;
  
  (i) the user has successfully completed the authentication factor, and(ii) the determined distance does not exceed the maximum threshold distance; and
  
  in response to authenticating the user, providing the user access to a second user interface of the computer system.
- View Dependent Claims (20, 21)
- - 20. The system of claim 19, wherein authenticating the user is further based on determining the existence of a connection between the mobile computing device and the computer system.
  - 21. The system of claim 19, comprising forming an association between the mobile computing device and the user, the association being formed prior to determining that the user has successfully completed the authentication factor for gaining access to the computer system.

22. A computer-implemented method comprising:
- receiving, at a computer system, user input entered by a user through a user interface of the computer system;
  
  determining, based on the user input, that the user has successfully completed an authentication factor for gaining access to the computer system;
  
  accessing data specifying predetermined days or times when a mobile computing device is permitted to be used in authenticating the user;
  
  determining that a current day or a current time is within one of the predetermined days or times when the mobile computing device is permitted to be used to authenticate the user;
  
  receiving position data that specifies (i) a position of the mobile computing device associated with the user, and (ii) a position of the computer system;
  
  determining a distance between the position of the mobile computing device and the position of the computer system;
  
  determining that the distance does not exceed a maximum threshold distance; and
  
  authenticating, by the computer system, the user for the access to the computer system based at least on determining that;
  
  (i) the user has successfully completed the authentication factor,(ii) the current day or the current time is within one of the predetermined days or times when the mobile computing device is permitted to be used to authenticate the user, and(iii) the determined distance does not exceed the maximum threshold distance.
- View Dependent Claims (23, 24)
- - 23. The method of claim 22, wherein authenticating the user is further based on determining the existence of a connection between the mobile computing device and the computer system.
  - 24. The method of claim 22, comprising forming an association between the mobile computing device and the user based on user input that designates the specific mobile computing device as belonging to the user, the association being formed prior to determining that the user has successfully completed the authentication factor for gaining access to the computer system.

25. A computer-readable storage medium storing computer software instructions executable by one or more data processing apparatus which, upon such execution, cause the one or more data processing apparatus to perform operations comprising:
- receiving, at a computer system, user input entered by a user through a user interface of the computer system;
  
  determining, based on the user input, that the user has successfully completed an authentication factor for gaining access to the computer system;
  
  accessing data specifying predetermined days or times when a mobile computing device is permitted to be used in authenticating the user;
  
  determining that a current day or a current time is within one of the predetermined days or times when the mobile computing device is permitted to be used to authenticate the user;
  
  receiving position data that specifies (i) a position of the mobile computing device associated with the user, and (ii) a position of the computer system;
  
  determining a distance between the position of the mobile computing device and the position of the computer system;
  
  determining that the distance does not exceed a maximum threshold distance; and
  
  authenticating, by the computer system, the user for the access to the computer system based at least on determining that;
  
  (i) the user has successfully completed the authentication factor,(ii) the current day or the current time is within one of the predetermined days or times when the mobile computing device is permitted to be used to authenticate the user, and(iii) the determined distance does not exceed the maximum threshold distance.
- View Dependent Claims (26, 27)
- - 26. The medium of claim 25, wherein authenticating the user is further based on determining the existence of a connection between the mobile computing device and the computer system.
  - 27. The medium of claim 25, comprising forming an association between the mobile computing device and the user, the association being formed prior to determining that the user has successfully completed the authentication factor for gaining access to the computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Queru, Jean Baptiste Maurice
Primary Examiner(s)
GOODCHILD, WILLIAM J

Application Number

US13/487,745
Time in Patent Office

1,128 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/105   Multiple levels of security

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

H04W 4/80   Services using short range ...

H04W 64/00   Locating users or terminals...

Authentication based on proximity to mobile device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

245 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication based on proximity to mobile device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

245 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links