Location and device based student access control
First Claim
1. A method comprising:
- selectively restricting a particular user'"'"'s access to a service by;
when the particular user is using an access mechanism with which the particular user previously performed two levels of authentication, allowing the particular user to access the service using a single level of authentication; and
when the particular user is using an access mechanism with which the particular user did not previously perform two levels of authentication, allowing the particular user to access the service only after the particular user performs two levels of authentication using the access mechanism;
wherein selectively restricting the particular user'"'"'s access to the service comprises;
maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for the particular user;
receiving, from a first access mechanism, a first request to access the service;
receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user;
in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user;
receiving from a second access mechanism, a second request to access the service;
receiving, in association with the second request, the first level of authentication for the particular user;
in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;
determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated access mechanism for the particular user;
responsive to the second access mechanism being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user; and
responsive to the second access mechanism not being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service only after the second level of authentication for the particular user is provided in association with the second request;
wherein the first and second access mechanisms are one of;
first and second devices;
a first combination of device and browser and a second combination of device and browser;
ora first combination of device, browser and location and a second combination of device, browser and location.
4 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for controlling access to an online service by a one or more authentication mechanisms based on device, browser, or location, or a combination of the three. A method comprises receiving a request to access a service, receiving, in association with the request, a first access mechanism, receiving a first and second level of authentication associated with the user requesting the service, updating authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user, receiving a second request to access the service, in response to receiving a second request, determining whether the second access mechanism is an authenticated access mechanism for the particular user, upon determining that the second access mechanism is not an authenticated mechanism, requesting a second level of authentication for the particular user, otherwise granting access.
15 Citations
18 Claims
-
1. A method comprising:
-
selectively restricting a particular user'"'"'s access to a service by; when the particular user is using an access mechanism with which the particular user previously performed two levels of authentication, allowing the particular user to access the service using a single level of authentication; and when the particular user is using an access mechanism with which the particular user did not previously perform two levels of authentication, allowing the particular user to access the service only after the particular user performs two levels of authentication using the access mechanism; wherein selectively restricting the particular user'"'"'s access to the service comprises; maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for the particular user; receiving, from a first access mechanism, a first request to access the service; receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user; in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user; receiving from a second access mechanism, a second request to access the service; receiving, in association with the second request, the first level of authentication for the particular user; in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of; determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated access mechanism for the particular user; responsive to the second access mechanism being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user; and responsive to the second access mechanism not being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service only after the second level of authentication for the particular user is provided in association with the second request; wherein the first and second access mechanisms are one of; first and second devices; a first combination of device and browser and a second combination of device and browser;
ora first combination of device, browser and location and a second combination of device, browser and location. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for a particular user; receiving, from a first access mechanism, a first request to access a service; receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user; in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user; receiving from a second access mechanism, a second request to access the service; receiving, in association with the second request, the first level of authentication for the particular user; in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of; determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated access mechanism for the particular user; responsive to the second access mechanism being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user, wherein allowing the second access mechanism to access the service comprises allowing the second access mechanism to be used to participate in a particular activity; while the second access mechanism is being used to participate in the particular activity, receiving from a third access mechanism, a third request to participate in the particular activity; receiving, in association with the second request, the first level of authentication for the particular user; in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of; detecting that the particular user is already participating in the particular activity using the second access mechanism; in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, performing one of; preventing the particular user from participating in the particular activity using the third access mechanism;
orrequiring the particular user to select which access mechanism, of the second access mechanism and the third access mechanism, the particular user is to use to participate in the particular activity; and responsive to the second access mechanism not being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service only after the second level of authentication for the particular user is provided in association with the second request; wherein the first and second access mechanisms are one of; first and second devices; a first combination of device and browser and a second combination of device and browser;
ora first combination of device, browser and location and a second combination of device, browser and location. - View Dependent Claims (7, 8, 9)
-
-
10. A system comprising:
-
one or more processors; and a storage storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising; selectively restricting a particular user'"'"'s access to a service by; when the particular user is using an access mechanism with which the particular user previously performed two levels of authentication allowing the particular user to access the service using a single level of authentication; and when the particular user is using an access mechanism with which the particular user did not previously perform two levels of authentication, allowing the particular user to access the service only after the particular user performs two levels of authentication using the access mechanism; wherein selectively restricting the particular user'"'"'s access to the service comprises; maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for the particular user; receiving, from a first access mechanism, a first request to access the service; receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user; in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user; receiving from a second access mechanism, a second request to access the service; receiving, in association with the second request, the first level of authentication for the particular user; in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of; determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated access mechanism for the particular user; responsive to the second access mechanism being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user; and responsive to the second access mechanism not being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service only after the second level of authentication for the particular user is provided in association with the second request; wherein the first and second access mechanisms are one of; first and second devices; a first combination of device and browser and a second combination of device and browser;
ora first combination of device, browser and location and a second combination of device, browser and location. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system comprising:
-
one or more processors; and a storage storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising; maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for a particular user; receiving, from a first access mechanism, a first request to access a service; receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user; in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user; receiving from a second access mechanism, a second request to access the service; receiving, in association with the second request, the first level of authentication for the particular user; in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of; determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated access mechanism for the particular user; responsive to the second access mechanism being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user, wherein allowing the second access mechanism to access the service comprises allowing the second access mechanism to be used to participate in a particular activity; while the second access mechanism is being used to participate in the particular activity, receiving from a third access mechanism, a third request to participate in the particular activity; receiving, in association with the second request, the first level of authentication for the particular user; in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of; detecting that the particular user is already participating in the particular activity using the second access mechanism; in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, performing one of; preventing the particular user from participating in the particular activity using the third access mechanism;
orrequiring the particular user to select which access mechanism, of the second access mechanism and the third access mechanism, the particular user is to use to participate in the particular activity; and responsive to the second access mechanism not being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service only after the second level of authentication for the particular user is provided in association with the second request; wherein the first and second access mechanisms are one of; first and second devices; a first combination of device and browser and a second combination of device and browser;
ora first combination of device, browser and location and a second combination of device, browser and location. - View Dependent Claims (16, 17, 18)
-
Specification