Systems and methods for geolocation-based authentication and authorization

US 9,961,088 B2
Filed: 04/10/2017
Issued: 05/01/2018
Est. Priority Date: 10/29/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

determining, by a device and based on receiving a first request for a first data access session from a mobile device, a first geographic location of the mobile device,the first geographic location of the mobile device being determined by one or more of;

cell identification,cellular tower triangulation,Wi-Fi, orGPS;

authorizing, by the device and based on the first geographic location being within an authorization zone, the first data access session for the mobile device based on the first request;

determining, by the device and based on receiving a second request for a second data access session from the mobile device, a second geographic location of the mobile device,the second geographic location of the mobile device being determined by one or more of;

cell identification,cellular tower triangulation,Wi-Fi, orGPS;

determining, by the device, a first security level for authorization based on the second geographic location not being within the authorization zone,the first security level for authorization corresponding to a predetermined restriction zone;

denying, by the device, the second request for the second data access session based on determining that the first security level corresponds to the predetermined restriction zone,the predetermined restriction zone comprising a geo-fenced area in which access by the mobile device to application resources or functionality is restricted;

determining, by the device and based on receiving a third request for a third data access session from the mobile device, a third geographic location of the mobile device,the third geographic location of the mobile device being determined by one or more of;

cell identification,cellular tower triangulation,Wi-Fi, orGPS;

determining, by the device, a second security level for authorization based on the third geographic location not being within the authorization zone,the second security level for authorization corresponding to a multi-phase authorization zone;

requesting authorization information from the mobile device based on determining that the second security level corresponds to the multi-phase authorization zone.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for controlling the authentication or authorization of a mobile device user for enabling access to the resources or functionality associated with an application or service executable at the user'"'"'s mobile device. The user or user'"'"'s mobile device may be automatically authenticated or authorized to access application or system resources at the device when the current geographic location of the user'"'"'s mobile device is determined to be within a preauthorized zone, e.g., based on a predetermined geo-fence corresponding to the preauthorized zone. A security level or amount of authorization credentials required to authorize a user for data access may be varied according any of a plurality of security levels, when the current or last known geographic location of the user'"'"'s mobile device is determined to be outside the preauthorized zone.

Citations

17 Claims

1. A method, comprising:
- determining, by a device and based on receiving a first request for a first data access session from a mobile device, a first geographic location of the mobile device,the first geographic location of the mobile device being determined by one or more of;
  
  cell identification,cellular tower triangulation,Wi-Fi, orGPS;
  
  authorizing, by the device and based on the first geographic location being within an authorization zone, the first data access session for the mobile device based on the first request;
  
  determining, by the device and based on receiving a second request for a second data access session from the mobile device, a second geographic location of the mobile device,the second geographic location of the mobile device being determined by one or more of;
  
  cell identification,cellular tower triangulation,Wi-Fi, orGPS;
  
  determining, by the device, a first security level for authorization based on the second geographic location not being within the authorization zone,the first security level for authorization corresponding to a predetermined restriction zone;
  
  denying, by the device, the second request for the second data access session based on determining that the first security level corresponds to the predetermined restriction zone,the predetermined restriction zone comprising a geo-fenced area in which access by the mobile device to application resources or functionality is restricted;
  
  determining, by the device and based on receiving a third request for a third data access session from the mobile device, a third geographic location of the mobile device,the third geographic location of the mobile device being determined by one or more of;
  
  cell identification,cellular tower triangulation,Wi-Fi, orGPS;
  
  determining, by the device, a second security level for authorization based on the third geographic location not being within the authorization zone,the second security level for authorization corresponding to a multi-phase authorization zone;
  
  requesting authorization information from the mobile device based on determining that the second security level corresponds to the multi-phase authorization zone.
- View Dependent Claims (2, 3, 4, 12, 13)
- - 2. The method of claim 1, where requesting the authorization information from the mobile device comprises:
    - requesting the authorization information from at least one of a web browser or a client application of the mobile device.
  - 3. The method of claim 1, where the authorization zone comprises a geo-fenced area dynamically generated around a geographic location of the mobile device at a particular time.
  - 4. The method of claim 1, where the first request comprises a login credential;
    - where, prior to authorizing the first data access session, the method comprises;
      
      validating the login credential based on the first geographic location being within the authorization zone; and
      
      where authorizing the first data access session for the mobile device comprises;
      
      authorizing the first data access session for the mobile device based on validating the login credential.
  - 12. The method of claim 1, further comprising:
    - receiving GPS information from the mobile device, andreceiving one or more of;
      
      cell identification information,cellular tower triangulation information,multilateral information, orWi-Fi information, andwhere the determining the first geographic location of the mobile device includes;
      
      determining the first geographic location of the mobile device based on the received GPS information and the received one or more of the cell identification information, the cellular tower triangulation information, multilateral information, or WiFi information.
  - 13. The method of claim 1, where requesting authorization information from the mobile device based on determining that the second security level corresponds to the multi-phase authorization zone comprises:
    - requesting information related to one or more personalized security questions associated with a user of the mobile device.

5. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- one or more instructions that, when executed by one or more processors of a device, cause the one or more processors to;
  
  determine, based on receiving a first request for a first data access session from a mobile device, a first geographic location of the mobile device,the first geographic location of the mobile device being determined by one or more of;
  
  cell identification,cellular tower triangulation,Wi-Fi, orGPS;
  
  authorize, based on the first geographic location being within an authorization zone, the first data access session for the mobile device based on the first request;
  
  determine, based on receiving a second request for a second data access session from the mobile device, a second geographic location of the mobile device,the second geographic location of the mobile device being determined by one or more of;
  
  cell identification,cellular tower triangulation,Wi-Fi, orGPS;
  
  determine a first security level for authorization based on the second geographic location not being within the authorization zone,the first security level for authorization corresponding to a predetermined restriction zone;
  
  deny the second request for the second data access session based on determining that the first security level corresponds to a restriction zone,the restriction zone comprising a geo-fenced area in which access by the mobile device to application resources or functionality is restricted;
  
  determine, based on receiving a third request for a third data access session from the mobile device, a third geographic location of the mobile device,the third geographic location of the mobile device being determined by one or more of;
  
  cell identification,cellular tower triangulation,Wi-Fi, orGPS;
  
  determine a second security level for authorization based on the third geographic location not being within the authorization zone,the second security level for authorization corresponding to a multi-phase authorization zone; and
  
  request authorization information from the mobile device based on determining that the second security level corresponds to the multi-phase authorization zone.
- View Dependent Claims (6, 7, 8, 14, 15)
- - 6. The non-transitory computer-readable medium of claim 5, where the one or more instructions, that cause the one or more processors to request the authorization information from the mobile device, are to:
    - request the authorization information from at least one of a web browser or a client application of the mobile device.
  - 7. The non-transitory computer-readable medium of claim 5, where the authorization zone comprises a geo-fenced area dynamically generated around a geographic location of the mobile device at a particular time.
  - 8. The non-transitory computer-readable medium of claim 5, where the first request comprises a login credential;
    - where the one or more instructions, prior to causing the one or more processors to authorize the first data access session, are to;
      
      validate the login credential based on the first geographic location being within the authorization zone; and
      
      where the one or more instructions, that cause the one or more processors to authorize the first data access session for the mobile device, are to;
      
      authorize the first data access session for the mobile device based on validating the login credential.
  - 14. The non-transitory computer-readable medium of claim 5, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - receive GPS information from the mobile device,receive one or more of;
      
      cell identification information,cellular tower triangulation information,multilateral information, orWi-Fi information, andwhere the one or more instructions, that cause the one or more processors to determine the first geographic location of the mobile device, are to;
      
      determine the first geographic location of the mobile device based on the received GPS information and the received one or more of the cell identification information, the cellular tower triangulation information, multilateral information, or WiFi information.
  - 15. The non-transitory computer-readable medium of claim 5, where the one or more instructions, that cause the one or more processors to request authorization information from the mobile device based on determining that the second security level corresponds to the multi-phase authorization zone, cause the one or more processors:
    - request information related to one or more personalized security questions associated with a user of the mobile device.

9. A device, comprising:
- one or more memories; and
  
  one or more processors, communicatively coupled to the one or more memories, to;
  
  request, based on receiving a first request for a first data access session from a mobile device, a first geographic location of the mobile device,the first geographic location of the mobile device being determined by one or more of;
  
  cell identification,cellular tower triangulation,Wi-Fi, orGPS;
  
  authorize, based on the first geographic location being within an authorization zone, the first data access session for the mobile device based on the first request;
  
  request, based on receiving a second request for a second data access session from the mobile device, a second geographic location of the mobile device,the second geographic location of the mobile device being determined by one or more of;
  
  cell identification,cellular tower triangulation,Wi-Fi, orGPS;
  
  determine a first security level for authorization based on the second geographic location not being within the authorization zone,the first security level for authorization corresponding to a predetermined restriction zone;
  
  determine the second request for the second data access session based on determining that the first security level corresponds to a restriction zone,the restriction zone comprising a geo-fenced area in which access by the mobile device to application resources or functionality is restricted;
  
  determine, based on receiving a third request for a third data access session from the mobile device, a third geographic location of the mobile device,the third geographic location of the mobile device being determined by one or more of;
  
  cell identification,cellular tower triangulation,Wi-Fi, orGPS;
  
  determine a second security level for authorization based on the third geographic location not being within the authorization zone,the second security level for authorization corresponding to a multi-phase authorization zone; and
  
  request authorization information from the mobile device based on determining that the second security level corresponds to the multi-phase authorization zone.
- View Dependent Claims (10, 11, 16, 17)
- - 10. The device of claim 9, where the one or more processors, when requesting the authorization information from the mobile device, are to:
    - request the authorization information from at least one of a web browser or a client application of the mobile device.
  - 11. The device of claim 9, where the first request comprises a login credential;
    - where the one or more processors, prior to authorizing the first data access session, are to;
      
      validate the login credential based on the first geographic location being within the authorization zone; and
      
      where the one or more processors, when authorizing the first data access session for the mobile device, are to;
      
      authorize the first data access session for the mobile device based on validating the login credential.
  - 16. The device of claim 9, where the one or more processors are further to:
    - receive GPS information from the mobile device,receive one or more of;
      
      cell identification information,cellular tower triangulation information,multilateral information, orWi-Fi information, andwhere the one or more processors, when determining the first geographic location of the mobile device, are to;
      
      determine the first geographical location of the mobile device based on the received GPS information and the received one or more of the cell identification information, the cellular tower triangulation information, multilateral information, or WiFi information.
  - 17. The device of claim 9, where the one or more processors, when requesting authorization information from the mobile device based on determining that the second security level corresponds to the multi-phase authorization zone, are to:
    - request information related to one or more personalized security questions associated with a user of the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
MapQuest, Inc. (System1 LLC)
Inventors
Hughes, Jr., Joseph D., McDevitt, Patrick, Barbara, Joseph
Primary Examiner(s)
Rahman, Shawnchoy

Application Number

US15/483,616
Publication Number

US 20170214698A1
Time in Patent Office

386 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2151   Time stamp

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04W 12/065   Continuous authentication

H04W 4/021   Services related to particu...

Systems and methods for geolocation-based authentication and authorization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for geolocation-based authentication and authorization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links