System and method for location-based authentication

US 9,305,298 B2
Filed: 12/31/2013
Issued: 04/05/2016
Est. Priority Date: 03/22/2013
Status: Active Grant

First Claim

Patent Images

1. A location-aware method for user authentication comprising:

determining a current location of a mobile device, wherein determining a current location of a mobile device comprises;

detecting, by a device proximity detection module, the presence of one or more peer or network infrastructure devices; and

performing, by the device proximity detection module, a correlation against historical presence data for the peer or network infrastructure devices, wherein a relatively higher correlation indicates that the mobile device is at a known location and a relatively lower correlation indicates that the mobile device is not at a known location;

identifying, by a location class determination module, a location class corresponding to the current location;

receiving, by an authentication policy engine, an authentication policy associated with a particular relying party, the authentication policy defining a set of one or more authentication techniques to provide a sufficient level of user authentication for a current transaction based on the identified location class; and

selecting, by the authentication policy engine, from the set of one or more authentication techniques to authenticate the user for the current transaction based on the identified location class.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, apparatus, method, and machine readable medium are described for location-aware authentication. For example, one embodiment of a location-aware method for user authentication comprises: determining a current location of a mobile device; identifying a location class corresponding to the current location; selecting a set of one or more authentication techniques to provide a sufficient level of user authentication for a current transaction based on the identified location class.

159 Citations

24 Claims

1. A location-aware method for user authentication comprising:
- determining a current location of a mobile device, wherein determining a current location of a mobile device comprises;
  
  detecting, by a device proximity detection module, the presence of one or more peer or network infrastructure devices; and
  
  performing, by the device proximity detection module, a correlation against historical presence data for the peer or network infrastructure devices, wherein a relatively higher correlation indicates that the mobile device is at a known location and a relatively lower correlation indicates that the mobile device is not at a known location;
  
  identifying, by a location class determination module, a location class corresponding to the current location;
  
  receiving, by an authentication policy engine, an authentication policy associated with a particular relying party, the authentication policy defining a set of one or more authentication techniques to provide a sufficient level of user authentication for a current transaction based on the identified location class; and
  
  selecting, by the authentication policy engine, from the set of one or more authentication techniques to authenticate the user for the current transaction based on the identified location class.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as in claim 1 wherein determining a current location further comprises using a global positioning system (GPS) device.
  - 3. The method as in claim 1 wherein determining a current location further comprises performing a reverse lookup of the mobile device'"'"'s IP address.
  - 4. The method as in claim 1 wherein determining a current location further comprises performing cell tower triangulation and/or Wifi access point triangulation.
  - 5. The method as in claim 1 wherein determining a current location further comprises performing an approximation by noting a change in the mobile device'"'"'s position relative to a starting point with a known location.
  - 6. The method as in claim 1 wherein at least one location class is defined as the mobile device being within a given radius of a known specified location.
  - 7. The method as in claim 1 wherein at least one location class is defined as the mobile device being within a specified boundary region or outside of a specified boundary region.
  - 8. The method as in claim 1 wherein the authentication techniques include explicit authentication techniques and non-intrusive authentication techniques.
  - 9. The method as in claim 8 wherein the explicit authentication techniques include one or more of fingerprint authentication, voice or facial recognition, retinal scanning, and PIN entry by the end user.
  - 10. The method as in claim 8 wherein the non-intrusive authentication techniques include authentication based on data collected from one or more user behavior sensors.
  - 11. The method as in claim 10 wherein the user behavior sensors measure a gait of the user, wherein the user is non-intrusively authenticated based on the user'"'"'s gait being detected.
  - 12. The method as in claim 8 wherein the non-intrusive authentication techniques include detecting presence of one or more peer or network infrastructure devices known to be present at a particular location.

13. A location-aware system for user authentication comprising:
- a memory device for storing program code comprising a plurality of instructions;
  
  at least one processor to execute the instructions to implement a plurality of different functional modules including;
  
  a location detection module to determine a current location of a mobile device,wherein determining a current location of the mobile device comprises a device proximity detection module to detect the presence of one or more peer or network infrastructure devices and to perform a correlation against historical presence data for the peer or network infrastructure devices, wherein a relatively higher correlation indicates that the mobile device is at a known location and a relatively lower correlation indicates that the mobile device is not at a known location;
  
  a location class determination module to identify a location class corresponding to the current location;
  
  an authentication policy engine to receive an authentication policy associated with a particular relying party, the authentication policy defining a set of one or more authentication techniques to provide a sufficient level of user authentication for a current transaction based on the identified location class, the authentication policy engine to select from the set of one or more authentication techniques to authenticate the user for the current transaction based on the identified location class.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system as in claim 13 wherein the location detection module further comprises a global positioning system (GPS) device.
  - 15. The system as in claim 13 wherein determining a current location further comprises performing a reverse lookup of the mobile device'"'"'s IP address.
  - 16. The system as in claim 13 wherein determining a current location further comprises performing cell tower triangulation and/or Wifi access point triangulation.
  - 17. The system as in claim 13 wherein determining a current location further comprises performing an approximation by noting a change in the mobile device'"'"'s position relative to a starting point with a known location.
  - 18. The system as in claim 13 wherein at least one location class is defined as the mobile device being within a given radius of a known specified location.
  - 19. The system as in claim 13 wherein at least one location class is defined as the mobile device being within a specified boundary region or outside of a specified boundary region.
  - 20. The system as in claim 13 wherein the authentication techniques include explicit authentication techniques and non-intrusive authentication techniques.
  - 21. The system as in claim 20 wherein the explicit authentication techniques include one or more of fingerprint authentication, voice or facial recognition, retinal scanning, and PIN entry by the end user.
  - 22. The system as in claim 20 wherein the non-intrusive authentication techniques include authentication based on data collected from one or more user behavior sensors.
  - 23. The system as in claim 22 wherein the user behavior sensors measure a gait of the user, wherein the user is non-intrusively authenticated based on the user'"'"'s gait being detected.
  - 24. The system as in claim 20 wherein the non-intrusive authentication techniques include detecting presence of one or more peer or network infrastructure devices known to be present at a particular location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nok Nok Labs Incorporated
Original Assignee
Nok Nok Labs Incorporated
Inventors
Wilson, Brendon J.
Primary Examiner(s)
Paliwal, Yogesh

Application Number

US14/145,533
Publication Number

US 20140289821A1
Time in Patent Office

826 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2115   Third party

G06Q 20/204   comprising interface for re...

G06Q 20/3224   Transactions dependent on l...

G06Q 20/3274   using a pictured code, e.g....

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/40145   Biometric identity checks

G06Q 20/42   Confirmation, e.g. check or...

G06Q 20/425   using two different network...

G07F 19/20   Automatic teller machines [...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/102   applying security measure f...

H04L 63/0492   by using a location-limited...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/20   for managing network securi...

H04L 9/0819   Key transport or distributi...

H04L 9/0822 : using key encryption key

H04L 9/0841 : involving Diffie-Hellman or...

H04L 9/3231 : Biological data, e.g. finge...

H04L 9/3247 : involving digital signatures

H04L 9/3297 : involving time stamps, e.g....

H04W 12/06 : Authentication

H04W 12/065 : Continuous authentication

View All

System and method for location-based authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

159 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for location-based authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links