Systems and methods for geolocation-based authentication and authorization

US 9,622,077 B2
Filed: 10/30/2015
Issued: 04/11/2017
Est. Priority Date: 10/29/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for controlling authorization of mobile device users based on geographic location on a network, the method comprising:

responsive to receiving a request for a first data access session from a first mobile device, requesting a current geographic location of the first mobile device;

upon receiving a response including the requested current geographic location of the first mobile device, dynamically generating a predetermined authorization zone based on the current geographic location of the first mobile device;

responsive to receiving a second request for a second data access session from a second mobile device of a user, requesting a second current geographic location of the second mobile device;

upon receiving a response including the requested second current geographic location of the second mobile device, determining whether the second current geographic location of the second mobile device is within the predetermined authorization zone; and

upon determining that the second current geographic location of the second mobile device is within the predetermined authorization zone, automatically authorizing the user of the second mobile device for data access in accordance with the second request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for controlling the authentication or authorization of a mobile device user for enabling access to the resources or functionality associated with an application or service executable at the user'"'"'s mobile device. The user or user'"'"'s mobile device may be automatically authenticated or authorized to access application or system resources at the device when the current geographic location of the user'"'"'s mobile device is determined to be within a preauthorized zone, e.g., based on a predetermined geo-fence corresponding to the preauthorized zone. A security level or amount of authorization credentials required to authorize a user for data access may be varied according any of a plurality of security levels, when the current or last known geographic location of the user'"'"'s mobile device is determined to be outside the preauthorized zone.

18 Citations

View as Search Results

19 Claims

1. A computer-implemented method for controlling authorization of mobile device users based on geographic location on a network, the method comprising:
- responsive to receiving a request for a first data access session from a first mobile device, requesting a current geographic location of the first mobile device;
  
  upon receiving a response including the requested current geographic location of the first mobile device, dynamically generating a predetermined authorization zone based on the current geographic location of the first mobile device;
  
  responsive to receiving a second request for a second data access session from a second mobile device of a user, requesting a second current geographic location of the second mobile device;
  
  upon receiving a response including the requested second current geographic location of the second mobile device, determining whether the second current geographic location of the second mobile device is within the predetermined authorization zone; and
  
  upon determining that the second current geographic location of the second mobile device is within the predetermined authorization zone, automatically authorizing the user of the second mobile device for data access in accordance with the second request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - when the current geographic location of the second mobile device is determined to not be within the predetermined authorization zone;
      
      determining a security level, from a plurality of security levels, for the user based on the second current geographic location of the second mobile device, wherein the security level for the user is based at least in part on a determination of whether the second current geographic location is within a predetermined restriction zone, the predetermined restriction zone corresponding to at least one of the plurality of security levels;
      
      when the second current geographic location of the second mobile device is determined to be within the predetermined restriction zone and also not within the predetermined authorization zone, prohibiting data access on the network for the user while the current geographic location remains in the predetermined restriction zone;
      
      when the current geographic location of the second mobile device is determined to be not within the predetermined restriction zone, requesting authorization information for selective authorization of the user based on the determined security level; and
      
      upon receiving the requested authorization information for selective authorization from the second mobile device, authorizing the user of the second mobile device for data access on the network in accordance with the second request based on the received authorization information.
  - 3. The method of claim 1, wherein automatically authorizing the user of the second mobile device for data access further comprises:
    - receiving authorization information associated with the user and the second mobile device;
      
      determining a time of prior successful authorization, associated with the predetermined authorization zone, based on the received authorization information associated with the user and the second mobile device;
      
      determining an access time period corresponding to a predetermined duration of time after the time of prior successful authorization during which the predetermined authorization zone remains valid for the user for purposes of automatic authorization; and
      
      if the access time period has not yet expired, automatically authorizing the user of the second mobile device for data access while the second mobile device of the user is within the predetermined authorization zone.
  - 4. The method of claim 1, further comprising:
    - responsive to receiving a third request for data access from the second mobile device following authorization of the user for data access in accordance with the second request, requesting an updated current geographic location for the second mobile device via the network;
      
      upon receiving the updated current geographic location of the second mobile device, determining whether the updated current geographic location of the second mobile device is within the predetermined authorization zone;
      
      when the updated current geographic location of the second mobile device is determined to not be within the predetermined authorization zone;
      
      revoking the user'"'"'s authorization for data access; and
      
      requesting authorization information for selective authorization of the user for data access.
  - 5. The method of claim 2, wherein the authorization information requested for selective authorization of the user varies between each of the plurality of security levels.
  - 6. The method of claim 5, wherein the plurality of security levels requires a multi-phase authorization procedure when the current geographic location of the second mobile device is determined to not be within the predetermined restriction zone, and requesting authorization information for selective authorization of the user comprises:
    - requesting authorization information for selective authorization of the user in accordance with the multi-phase authorization procedure involved in the security level.
  - 7. The method of claim 1, wherein automatically authorizing the user of the second mobile device for data access comprises:
    - identifying the authorization information associated with the user of the second mobile device based on the device identifier; and
      
      automatically authorizing the user of the second mobile device for data access based on the identified authorization information.
  - 8. The method of claim 7, wherein automatically authorizing the user of the second mobile device further comprises:
    - determining whether the predetermined authorization zone is currently valid for automatic authorization based on the authorization information identified for the user of the second mobile device; and
      
      automatically authorizing the user of the second mobile device for data access only when the predetermined authorization zone is determined to be currently valid for automatic authorization.
  - 9. The method of claim 8, wherein the authorization information includes authorization credentials associated with the user and a timestamp associated with a prior successful authorization of the user using the authorization credentials, and the determination of whether the predetermined authorization zone is still valid includes determining whether the prior successful authorization occurred within a predetermined time period based on the timestamp.

10. A computer-implemented method for controlling authorization for mobile device users based on geographic location on a network, the method comprising:
- responsive to receiving a request for a first data access session from a first mobile device, requesting a current geographic location of the first mobile device;
  
  upon receiving a response including the requested current geographic location of the first mobile device, dynamically generating a predetermined authorization zone based on the current geographic location of the first mobile device;
  
  responsive to receiving second input from a user requesting access to an application executable at a second mobile device, determining a second current geographic location of the second mobile device;
  
  determining whether the second current geographic location of the second mobile device is within the predetermined authorization zone; and
  
  upon determining that the second current geographic location of the second mobile device is within the predetermined authorization zone, automatically authorizing the user of the second mobile device for access to the application executable at the second mobile device in accordance with the input received from the user.
- View Dependent Claims (11)
- - 11. The method of claim 10, further comprising:
    - when the current geographic location of the second mobile device is determined to not be within the predetermined authorization zone;
      
      determining a security level, from a plurality of security levels, for authorization of the user for access based on the second current geographic location of the second mobile device, wherein the security level for the user is based at least in part on a determination of whether the second current geographic location is within a predetermined restriction zone, the predetermined restriction zone corresponding to at least one of the plurality of security levels;
      
      when the second current geographic location of the second mobile device is determined to be within the predetermined restriction zone, prohibiting access to the application executable at the second mobile device for the user while the current geographic location remains in the predetermined restriction zone;
      
      when the current geographic location of the second mobile device is determined to not be within the predetermined restriction zone and also not within the predetermined authorization zone, requesting authorization information from the user for selective authorization of the user based on the determined security level; and
      
      upon receiving input from the user including the requested authorization information for selective authorization, authorizing the user for access based on the received authorization information.

12. A system for automatic authorization of mobile device users based on geographic location, the system comprising:
- a memory having processor-readable instructions stored therein; and
  
  a processor configured to access the memory and execute the processor-readable instructions, which when executed by the processor configures the processor to perform a plurality of functions, including functions to;
  
  receive a request for a first data access session from a first mobile device;
  
  request a current geographic location of the first mobile device;
  
  upon receiving a response including the requested current geographic location of the first mobile device, dynamically generating a predetermined authorization zone based on the current geographic location of the first mobile device;
  
  receive a second request for a second data access session from a second mobile device of a user;
  
  request a second current geographic location of the second mobile device;
  
  determine whether the second current geographic location of the mobile device is within a predetermined authorization zone based on a received response including the requested current geographic location of the second mobile device; and
  
  upon determining that the second current geographic location of the second mobile device is within the predetermined authorization zone, automatically authorize the user of the second mobile device for data access in accordance with the second request.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the processor is further configured to perform functions to:
    - when the current geographic location of the second mobile device is determined to not be within the predetermined authorization zone;
      
      determine a security level, from a plurality of security levels, for the user based on the second current geographic location of the second mobile device, wherein the security level for the user is based at least in part on a determination of whether the second current geographic location is within a predetermined restriction zone, the predetermined restriction zone corresponding to at least one of the plurality of security levels;
      
      when the second current geographic location of the mobile device is determined to be within the predetermined restriction zone, prohibit data access on the network for the user while the current geographic location remains in the predetermined restriction zone;
      
      when the current geographic location of the second mobile device is determined to not be within the predetermined restriction zone and also not within the predetermined authorization zone, request authorization information for selective authorization of the user based on the determined security level; and
      
      authorize the user of the second mobile device for data access on the network in accordance with the second request based on authorization information received from the mobile device.
  - 14. The system of claim 12, wherein the processor including functions to automatically authorize the user of the second mobile device for data access further includes functions to:
    - receive authorization information associated with the user and the second mobile device;
      
      determine a time of prior successful authorization, associated with the predetermined authorization zone, based on the received authorization information associated with the user and the second mobile device;
      
      determine an access time period corresponding to a predetermined duration of time after the time of prior successful authorization during which the predetermined authorization zone remains valid for the user for purposes of automatic authorization; and
      
      if the access time period has not yet expired, automatically authorizing the user of the second mobile device for data access while the second mobile device of the user is within the predetermined authorization zone.
  - 15. The system of claim 12, wherein the second request for data access includes a device identifier associated with the second mobile device, and the processor is further configured to perform functions to:
    - identify the second mobile device based on the device identifier; and
      
      send, to the identified mobile device via the network, a second request for the current geographic location of the mobile device.
  - 16. The system of claim 12, wherein the processor is further configured to perform functions to:
    - receive a third request for data access from the second mobile device following authorization of the user for data access in accordance with the second request;
      
      request an updated current geographic location for the second mobile device via the network based on the received third request;
      
      receive the updated current geographic location from the second mobile device in response;
      
      determine whether the updated current geographic location of the second mobile device is still within the predetermined authorization zone based on the received updated current geographic location of the second mobile device; and
      
      when the updated current geographic location of the second mobile device is determined to not be within the predetermined authorization zone;
      
      revoke the user'"'"'s authorization for data access; and
      
      request authorization information for selective authorization of the user for data access.
  - 17. The system of claim 12, wherein the authorization information includes authorization credentials associated with the user and a timestamp associated with a prior successful authorization of the user using the authorization credentials, and the processor is configured to perform functions to:
    - determine whether the prior successful authorization occurred within a predetermined time period based on the timestamp; and
      
      determine whether the predetermined authorization zone is still valid upon a determination that the prior successful authorization occurred within the predetermined time period.
  - 18. The system of claim 13, wherein the authorization information requested for selective authorization of the user varies between each of the plurality of security levels.
  - 19. The system of claim 18, wherein the security level includes a multi-phase authorization procedure when the current geographic location of the mobile device is determined to not be within the predetermined restriction zone, and the processor is configured to perform functions to:
    - request authorization information for selective authorization of the user in accordance with the multi-phase authorization procedure required by the security level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
MapQuest, Inc. (Apollo Global Management, Inc.)
Inventors
Hughes, Joseph D., McDevitt, Patrick, Barbara, Joseph
Primary Examiner(s)
Rahman, Shawnchoy

Application Number

US14/928,553
Publication Number

US 20160073261A1
Time in Patent Office

529 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2151   Time stamp

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04W 12/065   Continuous authentication

H04W 4/021   Services related to particu...

Systems and methods for geolocation-based authentication and authorization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for geolocation-based authentication and authorization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links