Systems and methods for restricting access to network resources via in-location access point protocol

US 9,363,670 B2
Filed: 08/27/2013
Issued: 06/07/2016
Est. Priority Date: 08/27/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method of restricting access to web content based on location, the method comprising:

communicating first, second, and third authentication data via short-range wireless signals between a mobile device and an in-location access point device, wherein at least a portion of the second authentication data sent from the mobile device is a first cryptographic transformation of at least a portion of the first authentication data sent from the in-location access point device and at least a portion of the third authentication data sent from the in-location access point device is a second cryptographic transformation of at least a portion of the second authentication data, wherein the second authentication data ensures that the mobile device is within proximity to the in-location access point device;

communicating a fourth authentication data between the mobile device and a web-based information system, wherein the fourth authentication data comprises at least a portion of the third authentication data;

authenticating access to network accessible web content by the mobile device with the web-based information system based on the validity of the fourth authentication data, wherein validity is determined based on whether the fourth authentication data is evidence of the physical presence of the mobile device in the location in which the in-location access point device is located;

wherein communicating the first, second, third, and fourth authentication data and authenticating access to network accessible web content are performed repeatedly to maintain the continuous evidence of physical presence and at least one of the method steps is implemented by a hardware processor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems described herein relate to enhancing security on a mobile device. Systems and methods for mobile device security include restricting access to network resources via an in-location access point device, based on whether the mobile device is in proximity of the in-location access point device.

55 Citations

View as Search Results

17 Claims

1. A method of restricting access to web content based on location, the method comprising:
- communicating first, second, and third authentication data via short-range wireless signals between a mobile device and an in-location access point device, wherein at least a portion of the second authentication data sent from the mobile device is a first cryptographic transformation of at least a portion of the first authentication data sent from the in-location access point device and at least a portion of the third authentication data sent from the in-location access point device is a second cryptographic transformation of at least a portion of the second authentication data, wherein the second authentication data ensures that the mobile device is within proximity to the in-location access point device;
  
  communicating a fourth authentication data between the mobile device and a web-based information system, wherein the fourth authentication data comprises at least a portion of the third authentication data;
  
  authenticating access to network accessible web content by the mobile device with the web-based information system based on the validity of the fourth authentication data, wherein validity is determined based on whether the fourth authentication data is evidence of the physical presence of the mobile device in the location in which the in-location access point device is located;
  
  wherein communicating the first, second, third, and fourth authentication data and authenticating access to network accessible web content are performed repeatedly to maintain the continuous evidence of physical presence and at least one of the method steps is implemented by a hardware processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the short-range wireless signals comprise one or more Bluetooth messages.
  - 3. The method of claim 1, wherein the short-range wireless signals comprise one or more near-field communications signals.
  - 4. The method of claim 1, wherein the short-range wireless signals comprise one or more Wi-Fi signals.
  - 5. The method of claim 1, wherein the short-range wireless signals comprise one or more high frequency sound signals.
  - 6. The method of claim 1, wherein the first and second authentication data comprise time data to limit the first and second authentication data'"'"'s validity to specific time periods.
  - 7. The method of claim 1, wherein the short-range wireless signals comprise Bluetooth LE signals.
  - 8. The method of claim 1, wherein communicating the first, second, third, and fourth authentication data is repeated at a regular time interval.
  - 9. The method of claim 1, wherein the third authentication data comprises one or more of cryptographic signatures, encrypted data, certificates, sensor data, mobile device data, and identity data.
  - 10. The method of claim 1, wherein the fourth authentication data further comprises an HTTP GET/POST request.
  - 11. The method of claim 1, wherein the web-based information system comprises one or more of a proxy, a gateway, a reverse proxy, a forwarding service, a firewall, a web server, a database and cache.
  - 12. The method of claim 1, wherein the method further comprises communicating, by the web-based information system, configuration data to configure the mobile device.
  - 13. The method of claim 12, wherein communicating configuration data to configure the mobile device comprises communicating mobile device security data to configure security governing the mobile device.

14. A method for providing secure location-based remote access to web content, the method comprising:
- transmitting a short-range wireless first authentication communication by an in-location access point device to a mobile device at a predetermined location;
  
  receiving a short-range wireless second authentication communication by the in-location access point device from the mobile device in response to the first authentication communication, wherein the second authentication communication ensures that the mobile device is within proximity to the in-location access point device by verifying that at least a portion of the second authentication communication is a first cryptographic transformation of at least a portion of the first authentication communication;
  
  transmitting a short-range wireless third authentication communication by the in-location access point to the mobile device in response to the second authentication communication, wherein at least a portion of the third authentication communication is a second cryptographic transformation of at least a portion of the second authentication communication;
  
  receiving a fourth authentication communication by a web-based information system from a mobile device, wherein the fourth authentication communication comprises at least a portion of the first, second, and third authentication communications; and
  
  evaluating the fourth authentication communication by the web-based information system and allowing access to network accessible web content by the mobile device if the fourth authentication communication is valid and prohibiting access to the network accessible web content by the mobile device if the fourth authentication communication is not valid, wherein validity is determined based on whether the fourth authentication data is evidence of the physical presence of the mobile device in the location in which the in-location access point device is located;
  
  wherein receiving a fourth authentication communication and evaluating the fourth authentication communication is performed repeatedly to maintain continuous evidence of physical presence and at least one of the method steps is implemented by a hardware processor.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein the short-range wireless communication comprises at least one of a Bluetooth message, a near-field communications signal, a Wi-Fi signal, and a high frequency sound signal.
  - 16. The method of claim 14, wherein the validity of the authentication data is limited to a predetermined time period.
  - 17. The method of claim 14, wherein the short-range wireless communication comprises a Bluetooth LE signal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Optio Labs
Original Assignee
Optio Labs, Inc.
Inventors
Dougherty, Brian, Clancy, Thomas Charles III, White, Christopher Jules, Hamrick, David Alexander, Sharpe, Grayson Gates, Hanlin, Robert Austin, Zienkiewicz, Krzysztof Kamil, Thompson, Christopher Michael
Primary Examiner(s)
Lemma, Samson

Application Number

US14/010,835
Publication Number

US 20140059347A1
Time in Patent Office

1,015 Days
Field of Search

713/168, 380/270
US Class Current

1/1
CPC Class Codes

H04L 63/0846   using time-dependent-passwo...

H04W 12/02   Protecting privacy or anony...

H04W 12/06   Authentication

H04W 12/63   Location-dependent; Proximi...

Systems and methods for restricting access to network resources via in-location access point protocol

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

55 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for restricting access to network resources via in-location access point protocol

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links