Location and device based student access control

US 9,565,183 B2
Filed: 03/13/2015
Issued: 02/07/2017
Est. Priority Date: 03/13/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

selectively restricting a particular user'"'"'s access to a service by;

when the particular user is using an access mechanism with which the particular user previously performed two levels of authentication, allowing the particular user to access the service using a single level of authentication; and

when the particular user is using an access mechanism with which the particular user did not previously perform two levels of authentication, allowing the particular user to access the service only after the particular user performs two levels of authentication using the access mechanism;

wherein selectively restricting the particular user'"'"'s access to the service comprises;

maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for the particular user;

receiving, from a first access mechanism, a first request to access the service;

receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user;

in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user;

receiving from a second access mechanism, a second request to access the service;

receiving, in association with the second request, the first level of authentication for the particular user;

in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;

determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated access mechanism for the particular user;

responsive to the second access mechanism being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user; and

responsive to the second access mechanism not being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service only after the second level of authentication for the particular user is provided in association with the second request;

wherein the first and second access mechanisms are one of;

first and second devices;

a first combination of device and browser and a second combination of device and browser;

ora first combination of device, browser and location and a second combination of device, browser and location.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for controlling access to an online service by a one or more authentication mechanisms based on device, browser, or location, or a combination of the three. A method comprises receiving a request to access a service, receiving, in association with the request, a first access mechanism, receiving a first and second level of authentication associated with the user requesting the service, updating authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user, receiving a second request to access the service, in response to receiving a second request, determining whether the second access mechanism is an authenticated access mechanism for the particular user, upon determining that the second access mechanism is not an authenticated mechanism, requesting a second level of authentication for the particular user, otherwise granting access.

15 Citations

View as Search Results

18 Claims

1. A method comprising:
- selectively restricting a particular user'"'"'s access to a service by;
  
  when the particular user is using an access mechanism with which the particular user previously performed two levels of authentication, allowing the particular user to access the service using a single level of authentication; and
  
  when the particular user is using an access mechanism with which the particular user did not previously perform two levels of authentication, allowing the particular user to access the service only after the particular user performs two levels of authentication using the access mechanism;
  
  wherein selectively restricting the particular user'"'"'s access to the service comprises;
  
  maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for the particular user;
  
  receiving, from a first access mechanism, a first request to access the service;
  
  receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user;
  
  in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user;
  
  receiving from a second access mechanism, a second request to access the service;
  
  receiving, in association with the second request, the first level of authentication for the particular user;
  
  in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;
  
  determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated access mechanism for the particular user;
  
  responsive to the second access mechanism being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user; and
  
  responsive to the second access mechanism not being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service only after the second level of authentication for the particular user is provided in association with the second request;
  
  wherein the first and second access mechanisms are one of;
  
  first and second devices;
  
  a first combination of device and browser and a second combination of device and browser;
  
  ora first combination of device, browser and location and a second combination of device, browser and location.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the first and second access mechanisms are first and second devices.
  - 3. The method of claim 1 wherein the first and second access mechanisms are first combination of device and browser and second combination of device and browser.
  - 4. The method of claim 1 wherein the first and second access mechanisms are first combination of device, browser and location and second combination of device, browser and location.
  - 5. The method of claim 1 further comprising:
    - receiving the second level of authentication for the particular user in association with the second request; and
      
      in response to receiving the second level of authentication for the particular user in association with the second request, updating the authenticated-mechanism data to indicate that the second access mechanism is an authenticated access mechanism for the particular user.

6. A method comprising:
- maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for a particular user;
  
  receiving, from a first access mechanism, a first request to access a service;
  
  receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user;
  
  in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user;
  
  receiving from a second access mechanism, a second request to access the service;
  
  receiving, in association with the second request, the first level of authentication for the particular user;
  
  in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;
  
  determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated access mechanism for the particular user;
  
  responsive to the second access mechanism being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user, wherein allowing the second access mechanism to access the service comprises allowing the second access mechanism to be used to participate in a particular activity;
  
  while the second access mechanism is being used to participate in the particular activity, receiving from a third access mechanism, a third request to participate in the particular activity;
  
  receiving, in association with the second request, the first level of authentication for the particular user;
  
  in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;
  
  detecting that the particular user is already participating in the particular activity using the second access mechanism;
  
  in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, performing one of;
  
  preventing the particular user from participating in the particular activity using the third access mechanism;
  
  orrequiring the particular user to select which access mechanism, of the second access mechanism and the third access mechanism, the particular user is to use to participate in the particular activity; and
  
  responsive to the second access mechanism not being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service only after the second level of authentication for the particular user is provided in association with the second request;
  
  wherein the first and second access mechanisms are one of;
  
  first and second devices;
  
  a first combination of device and browser and a second combination of device and browser;
  
  ora first combination of device, browser and location and a second combination of device, browser and location.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6 wherein, in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, the particular user is prevented from participating in the particular activity using the third access mechanism.
  - 8. The method of claim 6 wherein, in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, the particular user is required to select which access mechanism, of the second access mechanism and the third access mechanism, the particular user is to use to participate in the particular activity.
  - 9. The method of claim 6 wherein:
    - the service makes available a first set of activities for which simultaneous access by a single user is permitted, and a second set of activities for which simultaneous access by a single user is not permitted; and
      
      the particular activity belongs to the second set of activities.

10. A system comprising:
- one or more processors; and
  
  a storage storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  selectively restricting a particular user'"'"'s access to a service by;
  
  when the particular user is using an access mechanism with which the particular user previously performed two levels of authentication allowing the particular user to access the service using a single level of authentication; and
  
  when the particular user is using an access mechanism with which the particular user did not previously perform two levels of authentication, allowing the particular user to access the service only after the particular user performs two levels of authentication using the access mechanism;
  
  wherein selectively restricting the particular user'"'"'s access to the service comprises;
  
  maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for the particular user;
  
  receiving, from a first access mechanism, a first request to access the service;
  
  receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user;
  
  in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user;
  
  receiving from a second access mechanism, a second request to access the service;
  
  receiving, in association with the second request, the first level of authentication for the particular user;
  
  in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;
  
  determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated access mechanism for the particular user;
  
  responsive to the second access mechanism being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user; and
  
  responsive to the second access mechanism not being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service only after the second level of authentication for the particular user is provided in association with the second request;
  
  wherein the first and second access mechanisms are one of;
  
  first and second devices;
  
  a first combination of device and browser and a second combination of device and browser;
  
  ora first combination of device, browser and location and a second combination of device, browser and location.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system of claim 10 wherein the first and second access mechanisms are first and second devices.
  - 12. The system of claim 10 wherein the first and second access mechanisms are first combination of device and browser and second combination of device and browser.
  - 13. The system of claim 10 wherein the first and second access mechanisms are first combination of device, browser and location and second combination of device, browser and location.
  - 14. The system of claim 10 wherein the storage storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations further comprising:
    - receiving the second level of authentication for the particular user in association with the second request; and
      
      in response to receiving the second level of authentication for the particular user in association with the second request, updating the authenticated-mechanism data to indicate that the second access mechanism is an authenticated access mechanism for the particular user.

15. A system comprising:
- one or more processors; and
  
  a storage storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  maintaining, on a storage device, authenticated-mechanism data that indicates which access mechanisms are authenticated access mechanisms for a particular user;
  
  receiving, from a first access mechanism, a first request to access a service;
  
  receiving, in association with the first request, both a first level of authentication for the particular user and a second level of authentication for the particular user;
  
  in response to receiving, in association with the first request, both the first level of authentication for the particular user and the second level of authentication for the particular user, updating the authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user;
  
  receiving from a second access mechanism, a second request to access the service;
  
  receiving, in association with the second request, the first level of authentication for the particular user;
  
  in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;
  
  determining, based on the authenticated-mechanism data, whether the second access mechanism is an authenticated access mechanism for the particular user;
  
  responsive to the second access mechanism being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service without receiving, in association with the second request, the second level of authentication for the particular user, wherein allowing the second access mechanism to access the service comprises allowing the second access mechanism to be used to participate in a particular activity;
  
  while the second access mechanism is being used to participate in the particular activity, receiving from a third access mechanism, a third request to participate in the particular activity;
  
  receiving, in association with the second request, the first level of authentication for the particular user;
  
  in response to receiving the second request and, in association with the second request, the first level of authentication for the particular user, performing the steps of;
  
  detecting that the particular user is already participating in the particular activity using the second access mechanism;
  
  in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, performing one of;
  
  preventing the particular user from participating in the particular activity using the third access mechanism;
  
  orrequiring the particular user to select which access mechanism, of the second access mechanism and the third access mechanism, the particular user is to use to participate in the particular activity; and
  
  responsive to the second access mechanism not being an authenticated access mechanism for the particular user, allowing the second access mechanism to access the service only after the second level of authentication for the particular user is provided in association with the second request;
  
  wherein the first and second access mechanisms are one of;
  
  first and second devices;
  
  a first combination of device and browser and a second combination of device and browser;
  
  ora first combination of device, browser and location and a second combination of device, browser and location.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15 wherein, in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, the particular user is prevented from participating in the particular activity using the third access mechanism.
  - 17. The system of claim 15 wherein, in response to detecting that the particular user is already participating in the particular activity using the second access mechanism, the particular user is required to select which access mechanism, of the second access mechanism and the third access mechanism, the particular user is to use to participate in the particular activity.
  - 18. The system of claim 15 wherein:
    - the service makes available a first set of activities for which simultaneous access by a single user is permitted, and a second set of activities for which simultaneous access by a single user is not permitted; and
      
      the particular activity belongs to the second set of activities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
University of Phoenix Incorporated
Original Assignee
Apollo Education Group, Inc.
Inventors
Razack, Rajaa Mohamad Abdul, Venkata, Pavan Aripirala, Gupta, Sharad, Konda, Raghunadha, Nidadavolu, Balaji
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
BUCKNOR, OLANREWAJU J

Application Number

US14/657,936
Publication Number

US 20160269387A1
Time in Patent Office

697 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04W 12/065   Continuous authentication

H04W 12/082   using revocation of authori...

H04W 4/021   Services related to particu...

Location and device based student access control

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Location and device based student access control

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links