Systems and methods for restricting access to network resources via in-location access point protocol
First Claim
Patent Images
1. A method of restricting access to web content based on location, the method comprising:
- communicating first, second, and third authentication data via short-range wireless signals between a mobile device and an in-location access point device, wherein at least a portion of the second authentication data sent from the mobile device is a first cryptographic transformation of at least a portion of the first authentication data sent from the in-location access point device and at least a portion of the third authentication data sent from the in-location access point device is a second cryptographic transformation of at least a portion of the second authentication data, wherein the second authentication data ensures that the mobile device is within proximity to the in-location access point device;
communicating a fourth authentication data between the mobile device and a web-based information system, wherein the fourth authentication data comprises at least a portion of the third authentication data;
authenticating access to network accessible web content by the mobile device with the web-based information system based on the validity of the fourth authentication data, wherein validity is determined based on whether the fourth authentication data is evidence of the physical presence of the mobile device in the location in which the in-location access point device is located;
wherein communicating the first, second, third, and fourth authentication data and authenticating access to network accessible web content are performed repeatedly to maintain the continuous evidence of physical presence and at least one of the method steps is implemented by a hardware processor.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems described herein relate to enhancing security on a mobile device. Systems and methods for mobile device security include restricting access to network resources via an in-location access point device, based on whether the mobile device is in proximity of the in-location access point device.
55 Citations
17 Claims
-
1. A method of restricting access to web content based on location, the method comprising:
-
communicating first, second, and third authentication data via short-range wireless signals between a mobile device and an in-location access point device, wherein at least a portion of the second authentication data sent from the mobile device is a first cryptographic transformation of at least a portion of the first authentication data sent from the in-location access point device and at least a portion of the third authentication data sent from the in-location access point device is a second cryptographic transformation of at least a portion of the second authentication data, wherein the second authentication data ensures that the mobile device is within proximity to the in-location access point device; communicating a fourth authentication data between the mobile device and a web-based information system, wherein the fourth authentication data comprises at least a portion of the third authentication data; authenticating access to network accessible web content by the mobile device with the web-based information system based on the validity of the fourth authentication data, wherein validity is determined based on whether the fourth authentication data is evidence of the physical presence of the mobile device in the location in which the in-location access point device is located; wherein communicating the first, second, third, and fourth authentication data and authenticating access to network accessible web content are performed repeatedly to maintain the continuous evidence of physical presence and at least one of the method steps is implemented by a hardware processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for providing secure location-based remote access to web content, the method comprising:
-
transmitting a short-range wireless first authentication communication by an in-location access point device to a mobile device at a predetermined location; receiving a short-range wireless second authentication communication by the in-location access point device from the mobile device in response to the first authentication communication, wherein the second authentication communication ensures that the mobile device is within proximity to the in-location access point device by verifying that at least a portion of the second authentication communication is a first cryptographic transformation of at least a portion of the first authentication communication; transmitting a short-range wireless third authentication communication by the in-location access point to the mobile device in response to the second authentication communication, wherein at least a portion of the third authentication communication is a second cryptographic transformation of at least a portion of the second authentication communication; receiving a fourth authentication communication by a web-based information system from a mobile device, wherein the fourth authentication communication comprises at least a portion of the first, second, and third authentication communications; and evaluating the fourth authentication communication by the web-based information system and allowing access to network accessible web content by the mobile device if the fourth authentication communication is valid and prohibiting access to the network accessible web content by the mobile device if the fourth authentication communication is not valid, wherein validity is determined based on whether the fourth authentication data is evidence of the physical presence of the mobile device in the location in which the in-location access point device is located; wherein receiving a fourth authentication communication and evaluating the fourth authentication communication is performed repeatedly to maintain continuous evidence of physical presence and at least one of the method steps is implemented by a hardware processor. - View Dependent Claims (15, 16, 17)
-
Specification