Using trusted devices to augment location-based account protection
First Claim
1. A computer-implemented process performed by an authentication process for a service accessible over a computer network, comprising:
- receiving information identifying a user, a first device from which the user is currently accessing the service, and a geographic location in which the first device is currently being used, into memory;
determining whether the geographic location of the first device is among a set of authorized locations, from which the user has previously accessed the service, and stored for the user for the service;
determining whether the first device has a relationship previously established with the service being accessed, the relationship being a kind of relationship in which the service communicates with a device that is known and trusted by the service;
in response to a determination that the first device has the relationship established with the service being accessed, adding the geographic location in which the first device is currently being used to the stored set of authorized locations for the user and allowing the first device to access the service from the geographic location in which the first device is currently being used;
receiving information identifying a user, a second device, different from the first device, and a geographic location in which the second device is currently being used, into memory; and
determining whether the geographic location of the second device is among the set of authorized locations stored for the user for the service being accessed as updated according to the geographic location of the first device; and
in response to a determination that the geographic location of the second device is among the set of authorized locations stored for the user as updated according to the geographic location of the first device, allowing access to the service through the second device.
2 Assignments
0 Petitions
Accused Products
Abstract
An authentication process receives information identifying a user, a device used by the user and a location in which the device is being used. That authentication process determines whether the location is among a set of familiar locations stored about the user for a service being accessed. If the location is not among the set of familiar locations, then the user is not authenticated. A desirable user experience can be obtained by using information about any existing relationship, such as a synchronization relationship, between the device and the service established at a prior familiar location. Instead of challenging a user whose device is in an unfamiliar location, the authentication process determines whether the device has a relationship established with the service. If the device has a relationship established with the service, then the set of familiar locations is updated to include the location in which the device is being used.
-
Citations
17 Claims
-
1. A computer-implemented process performed by an authentication process for a service accessible over a computer network, comprising:
-
receiving information identifying a user, a first device from which the user is currently accessing the service, and a geographic location in which the first device is currently being used, into memory; determining whether the geographic location of the first device is among a set of authorized locations, from which the user has previously accessed the service, and stored for the user for the service; determining whether the first device has a relationship previously established with the service being accessed, the relationship being a kind of relationship in which the service communicates with a device that is known and trusted by the service; in response to a determination that the first device has the relationship established with the service being accessed, adding the geographic location in which the first device is currently being used to the stored set of authorized locations for the user and allowing the first device to access the service from the geographic location in which the first device is currently being used; receiving information identifying a user, a second device, different from the first device, and a geographic location in which the second device is currently being used, into memory; and determining whether the geographic location of the second device is among the set of authorized locations stored for the user for the service being accessed as updated according to the geographic location of the first device; and in response to a determination that the geographic location of the second device is among the set of authorized locations stored for the user as updated according to the geographic location of the first device, allowing access to the service through the second device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An article of manufacture comprising:
-
a computer storage medium including at least one of a memory and a storage device; computer program instructions stored on the computer storage medium which, when processed by a processing device, instruct the processing device to perform an authentication process for a service accessible over a computer network, comprising; receiving information identifying a user, a first device from which the user is currently accessing the service, and a geographic location in which the first device is currently being used, into memory; determining whether the geographic location of the first device is among a set of authorized locations, from which the user has previously accessed the service, and stored for the user for the service; determining whether the first device has a relationship previously established with the service being accessed, the relationship being a kind of relationship in which the service communicates with a device that is known and trusted by the service; in response to a determination that the first device has the relationship established with the service being accessed, adding the geographic location in which the first device is currently being used to the set of authorized locations for the user and allowing the first device to access the service from the geographic location in which the first device is currently being used; receiving information identifying a user, a second device, different from the first device, and a geographic location in which the second device is currently being used, into memory; and determining whether the geographic location of the second device is among the set of authorized locations stored for the user for the service being accessed as updated according to the geographic location of the first device; and in response to a determination that the geographic location of the second device is among the set of authorized locations stored for the user as updated according to the geographic location of the first device, allowing access to the service through the second device. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computing machine comprising:
-
an authentication process, executed on the computing machine, for a service accessible over a computer network, having inputs for receiving information identifying a user, a first device from which the user is currently accessing the service and a geographic location in which the first device is currently being used, into memory; storage in which data is stored about users for the service including data describing, for each user, a set of authorized locations from which the user has previously accessed the service; storage in which data is stored describing relationships between devices and the service, the data associating devices with user accounts with the service for a relationship in which the service communicates with a device that is known and trusted by the service; the authentication process determining whether the first device has the relationship previously established with the service being accessed; in response to a determination that the first device has the relationship previously established with the service being accessed, the authentication process adding the geographic location in which the first device is currently being used to the set of authorized locations for the user and allowing the first device to access the service from the geographic location in which the first device is currently being used; the authentication process further comprising an input configured to receive information identifying a user, a second device, different from the first device, and a geographic location in which the second device is currently being used, into memory; the authentication process configured to determine whether the geographic location of the second device is among the set of authorized locations stored for the user for the service being accessed as updated according to the geographic location of the first device, and, in response to a determination that the geographic location of the second device is among the set of authorized locations stored for the user as updated according to the geographic location of the first device, to allow access to the service through the second device. - View Dependent Claims (14, 15, 16, 17)
-
Specification