Location as a second factor for authentication

US 9,098,688 B1
Filed: 07/11/2014
Issued: 08/04/2015
Est. Priority Date: 09/12/2011
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a log-in request based on location, the method comprising:

receiving, with one or more processors, a log-in request from a first user device;

determining, with the one or more processors, a first location of the log-in request received from the first user device;

determining, with the one or more processors, a current location of a registered mobile user device;

computing, with the one or more processors, a distance between the first location of the log-in request and the current location of the registered mobile user device;

determining, with the one or more processors, whether the computed distance exceeds a threshold; and

transmitting, with the one or more processors, a warning notification to the registered mobile user device, the warning notification including the first location of the log-in request received from the first user device responsive to determining that the computed distance exceeds the threshold;

authenticating the log-in request and permitting log-in responsive to determining that the computed distance is within the threshold;

after authenticating the log-in request and permitting log-in, determining a new current location of a registered mobile user device;

computing a second distance between a location where the user logged in and the new current location of the registered mobile user device;

determining that the second distance exceeds a threshold; and

logging-out the user responsive to determining that the second distance exceeds a threshold.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authenticating a log-in request based on location using an authentication application. The authentication application includes a processing unit, a location module, an authentication module, a user interface engine, and a notification module. The processing unit receives a log-in request from a third party application. The processing unit also receives a location of the log-in request and a location of a registered user device. The location module computes a distance between the location of the log-in request and the location of the registered user device. The authentication module determines whether the computed distance exceeds a threshold. The authentication module authenticates the log-in request responsive to determining that the computed distance is within or less than the threshold. The authentication module denies authentication to the log-in request responsive to determining that the computed distance exceeds the threshold.

Citations

20 Claims

1. A method for authenticating a log-in request based on location, the method comprising:
- receiving, with one or more processors, a log-in request from a first user device;
  
  determining, with the one or more processors, a first location of the log-in request received from the first user device;
  
  determining, with the one or more processors, a current location of a registered mobile user device;
  
  computing, with the one or more processors, a distance between the first location of the log-in request and the current location of the registered mobile user device;
  
  determining, with the one or more processors, whether the computed distance exceeds a threshold; and
  
  transmitting, with the one or more processors, a warning notification to the registered mobile user device, the warning notification including the first location of the log-in request received from the first user device responsive to determining that the computed distance exceeds the threshold;
  
  authenticating the log-in request and permitting log-in responsive to determining that the computed distance is within the threshold;
  
  after authenticating the log-in request and permitting log-in, determining a new current location of a registered mobile user device;
  
  computing a second distance between a location where the user logged in and the new current location of the registered mobile user device;
  
  determining that the second distance exceeds a threshold; and
  
  logging-out the user responsive to determining that the second distance exceeds a threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the warning notification to the registered mobile user device, includes a link to modify a setting of a third party application for which the log-in request was received.
  - 3. The method of claim 1, wherein the first location of the log-in request is determined based at least in part on an internet protocol address of a browser running on the first user device.
  - 4. The method of claim 1, wherein authenticating the log-in request comprises generating a user interface that requests a response from a user that submitted the log-in request responsive to determining that the computed distance is within the threshold.
  - 5. The method of claim 4, wherein the response is at least one of a biometric response, a response to a question, and a code.
  - 6. The method of claim 4 comprising:
    - receiving the response from the user;
      
      authenticating the log-in request responsive to determining that the response from the user matches a response stored on a user-profile of the user; and
      
      denying authentication to the log-in request responsive to determining that the response from the user does not match the response stored on the user-profile of the user.
  - 7. The method of claim 1, wherein the current location of the registered mobile user device is at least one from the group consisting of an Internet Protocol address, a media access control address, a location determined using a geo-location application, a location determined using global positioning system and a location determined using radio frequency identification.
  - 8. The method of claim 1, comprising transmitting a request for the current location of the registered mobile user device and an access token to the registered mobile user device.

9. A system for authenticating a log-in request based on location, the system comprising:
- one or more processing devices;
  
  a memory coupled to the processing devices;
  
  a processing unit stored on the memory and executable by the one or more processing devices, the processing unit for receiving a log-in request from a first user device, determining a first location of the log-in request received from the first user device and determining a current location of a registered mobile user device and determining a new current location of a registered mobile user device;
  
  a location module stored on the memory and executable by the one or more processing devices, the location module coupled to the processing unit for computing a distance between the first location of the log-in request and the current location of the registered mobile user device, and computing a second distance between a location where the user logged in and the new current location of the registered mobile user device; and
  
  an authentication module stored on the memory and executable by the one or more processing devices, the authentication module coupled to the location module for determining whether the computed distance exceeds a threshold, the authentication module authenticating the log-in request and permitting log-in responsive to determining that the computed distance is within the threshold, determining that the second distance exceeds a threshold; and
  
  logging-out the user responsive to determining that the second distance exceeds a threshold; and
  
  a notification module stored on the memory and executable by the one or more processing devices, the notification module coupled to the authentication module for transmitting a warning notification to the registered mobile user device, the warning notification including the first location of the log-in request received from the first user device responsive to determining that the computed distance exceeds the threshold.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the warning notification to the registered mobile user device, includes a link to modify a setting of a third party application for which the log-in request was received.
  - 11. The system of claim 9, wherein the processing unit determines the current location of the log-in request based at least in part on an internet protocol address of a browser running on the first user device.
  - 12. The system of claim 9, comprising a user interface engine for generating a user interface that requests a response from a user that submitted the log-in request.
  - 13. The system of claim 9, wherein the authentication module authenticates the log-in request responsive to determining that the response from the user matches a response stored on a user-profile of the user and denies authentication to the log-in request responsive to determining that the response from the user does not match the response stored on the user-profile of the user.
  - 14. The system of claim 9, wherein the current location of the registered mobile user device is at least one from the group consisting of an Internet Protocol address, a media access control address, a location determined using a geo-location application, a location determined using global positioning system and a location determined using radio frequency identification.
  - 15. The system of claim 9, wherein the processing unit transmits a request for the registered mobile user device'"'"'s current location and an access token to the registered mobile user device.

16. A computer program product comprising a non-transitory computer useable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- receive a log-in request from a first user device;
  
  determine a first location of the log-in request received from the first user device;
  
  determine a current location of a registered mobile user device;
  
  compute a distance between the first location of the log-in request and the current location of the registered mobile user device;
  
  determine whether the computed distance exceeds a threshold; and
  
  transmitting a warning notification to the registered mobile user device, the warning notification including the first location of the log-in request received from the first user device responsive to determining that the computed distance exceeds the threshold;
  
  authenticate the log-in request and permitting log-in responsive to determining that the computed distance is within the threshold;
  
  after authentication of the log-in request and log-in, determine a new current location of a registered mobile user device;
  
  compute a second distance between a location where the user logged in and the new current location of the registered mobile user device;
  
  determine that the second distance exceeds a threshold; and
  
  log-out the user responsive to determining that the second distance exceeds a threshold.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, wherein the warning notification to the registered mobile user device, includes a link to modify a setting of a third party application for which the log-in request was received.
  - 18. The computer program product of claim 16, wherein the first location of the log-in request is determined based at least in part on an internet protocol address of a browser running on the first user device.
  - 19. The computer program product of claim 16, wherein the computer readable program when executed on the computer causes the computer to generate a user interface that requests a response from a user that submitted the log-in request responsive to determining that the computed distance is within the threshold.
  - 20. The computer program product of claim 16, wherein the response is at least one of a biometric response, a response to a question, and a code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Jackson, Dean K.
Primary Examiner(s)
Gergiso, Techane

Application Number

US14/329,550
Time in Patent Office

389 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

H04W 4/021   Services related to particu...

H04W 4/023   using mutual or relative lo...

Location as a second factor for authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Location as a second factor for authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links