Location Determination for User Authentication

US 20160323261A1
Filed: 07/11/2016
Published: 11/03/2016
Est. Priority Date: 06/24/2013
Status: Active Grant

First Claim

Patent Images

1. A method for user authentication, the method comprising:

receiving, by at least one processor, an authentication request from a client device;

acquiring, by the at least one processor, at least one HTTP (Hypertext Transfer Protocol) cookie from the client device, wherein the HTTP cookie includes metadata associated with a current geographical location;

acquiring, by the at least one processor, at least one HTTP cookie from the client device, wherein the HTTP cookie includes metadata associated with a trusted tolerance geographical area;

determining, by the at least one processor, whether the current geographical location of the client device is within the trusted tolerance geographical area; and

in response to the authentication request, authenticating the client device, by the at least one processor, based at least in part on a determination that the current geographical location of the client device is within the trusted tolerance geographical area.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

User authentication techniques based on geographical locations associated with a client device is provided. A network connection can be established between two or more host machines and a client device. Upon a request received from the client device by one of these host machines, round trip times of test messages may be measured between the client device and each of the host machines. The round trip times can be utilized to determine the current geographical location of the client device. If the location is within a tolerance geographical area, the client device may be authenticated. Otherwise, the authentication may fail or additional security procedures may be implemented. In some examples, a travel time from a historical geographical location to current geographical location can be determined. This data may be also utilized in the user authentication process.

1 Citation

20 Claims

1. A method for user authentication, the method comprising:
- receiving, by at least one processor, an authentication request from a client device;
  
  acquiring, by the at least one processor, at least one HTTP (Hypertext Transfer Protocol) cookie from the client device, wherein the HTTP cookie includes metadata associated with a current geographical location;
  
  acquiring, by the at least one processor, at least one HTTP cookie from the client device, wherein the HTTP cookie includes metadata associated with a trusted tolerance geographical area;
  
  determining, by the at least one processor, whether the current geographical location of the client device is within the trusted tolerance geographical area; and
  
  in response to the authentication request, authenticating the client device, by the at least one processor, based at least in part on a determination that the current geographical location of the client device is within the trusted tolerance geographical area.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the authentication request includes a request to access networked data or services.
  - 3. The method of claim 1, wherein the authentication request includes user credentials and wherein the authentication of the client device includes verifying a user identity based on the user credentials.
  - 4. The method of claim 1, wherein the trusted tolerance geographical area is defined based at least in part on historical data of past geographical locations where the client device has been successfully authenticated.
  - 5. The method of claim 1, wherein the metadata comprises at least one geographical location based on a network.
  - 6. The method of claim 1, wherein the metadata comprises at least one geographical location based on at least one mobile address.
  - 7. The method of claim 6, wherein the at least one mobile address comprises Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) addresses.
  - 8. The method of claim 1, wherein the metadata comprises at least one geographical location based on absolute coordinates.
  - 9. The method of claim 1, further comprising:
    - in response to HTTP cookies including metadata associated with the trusted tolerance geographical area being absent or including misleading metadata, requesting, by the at least one processor, authentication of the client device based on user credentials.
  - 10. The method of claim 9, wherein user credentials comprise a user login and password.
  - 11. The method of claim 10, wherein in response to the user login and password not being successfully authenticated, further requesting, by the at least one processor, an answer to a security question.
  - 12. The method of claim 1, wherein the metadata associated with the trusted geographical area is dynamically updated at least in part each time the client device is successfully authenticated.
  - 13. The method of claim 4, wherein the determining, by the at least one processor, whether the current geographical location of the client device is within the trusted tolerance geographical area comprises calculating at least one of a distance between the current geographical location of the client device and a past geographical location.
  - 14. The method of claim 1, wherein based on a determination that the current geographical location of the client device is not within the tolerance geographical area, the client device is not authenticated.

15. A method for user authentication, the method comprising:
- receiving, by at least one processor, an authentication request from a client device;
  
  acquiring, by the at least one processor, at least one HTTP (Hypertext Transfer Protocol) cookie from the client device, wherein the HTTP cookie includes metadata associated with a current geographical location;
  
  acquiring, by the at least one processor, at least one HTTP cookie from the client device, wherein the HTTP cookie includes metadata associated with one or more previous geographical locations where the client device has been successfully authenticated;
  
  determining, by the at least one processor, whether the current geographical location of the client device is within a predetermined distance from the one or more previous geographical locations where the client device has been successfully authenticated; and
  
  in response to the authentication request, authenticating the client device, by the at least one processor, based at least in part on a determination that the current geographical location of the client device is within a predetermined distance from the one or more previous geographical locations where the client device has been successfully authenticated.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the authentication request includes a request to access networked data or service.
  - 17. The method of claim 15, wherein the authentication request includes user credentials and wherein the authentication of the client device includes verifying a user identity based on the user credentials.
  - 18. The method of claim 15, wherein the metadata comprises at least one geographical location based on a network.
  - 19. The method of claim 15, wherein the metadata comprises at least one geographical location based on at least one mobile address, wherein the at least one mobile address comprises Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) addresses.
  - 20. The method of claim 15, further comprising:
    - in response to HTTP cookies including metadata associated with one or more previous geographical locations where the client device has been successfully authenticated being absent or including misleading metadata, requesting, by the at least one processor, authentication of the client device based on user credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Thompson, Micheal

Granted Patent

US 9,825,943 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

H04L 67/02   based on web technology, e....

H04L 67/52   specially adapted for the l...

H04W 12/06   Authentication

H04W 12/61   Time-dependent

H04W 12/63   Location-dependent; Proximi...

H04W 12/64   using geofenced areas

H04W 4/02   Services making use of loca...

Location Determination for User Authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

1 Citation

20 Claims

Specification

Solutions

Use Cases

Quick Links

Location Determination for User Authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1 Citation

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links