Patent Grant
11936803
The invention relates to the geographic location (geolocation) of Internet users, to the authentication of the identity of Internet users in connection with access to computer systems, servers, and web sites, and to the authorization of Internet transactions.
The use of the Internet has become a common a popular arena for the sale of goods and services. Such sales require the transmission of personal and confidential data belonging to the buyer of such goods and services. Such information is often the target of identity theft. In response to the increase in the opportunity for the commission of fraud through identity theft, sellers and providers of goods and services through the Internet require a method whereby such fraud can be reduced.
It is preferred to keep the Internet user's experience simple while the Internet user is shopping online or accessing their online bank account. On the other hand, the Internet fraud causes online banks and ecommerce providers to lose significant amounts of money to fraudulent transactions. In addition, for privacy reasons, it is preferable to acquire the Internet user's consent before locating the Internet user's wireless geographical location. Therefore, it is preferable to be able to authenticate the Internet user automatically without user intervention or with very little user intervention.
Present technologies that authenticate the Internet user or acquire the Internet user's consent to be located are using ‘Out of Band’ technologies that require user intervention and involve at least one action with a communication voice device. For example, in a method referred to as phone authentication, when a transaction is initiated over the Internet, an automated phone call or text message can be sent to the user's registered phone number. The user is asked to verify the specific transaction, for example via the following hypothetical text or voice dialogue:
“This is phone verification calling to verify the transfer of $10,000 to account 77356 at Bank of Canada. Please click ‘1’ to approve or click ‘2’ to talk with our representative.”
If the transaction is valid, the user presses “1” or replies to the text message to approve the transaction. If the user does not answer the call or respond to the text message with “2”, the transaction is denied or flagged for further review. In addition, the user can report fraudulent transactions by entering “2” during the call or in the text message reply. This locks the account and sends an alert to the bank's anti-fraud team.
Internet commerce is not the only activity where methods for user authentication are desirable. Owners of Internet web sites, web hosts, and other proprietors of Internet-accessible computer systems and servers usually wish to limit access to authorized users.
With respect to Internet usage, upon accessing the Internet, an Internet user's computer is identified with an IP address, a numeric identifier formatted according to the Internet protocol in use at the time. Whenever an Internet user enters an Internet site, the Internet user's IP address is identified to the Internet site owner. In parent applications to the present invention, the present inventor has described systems in which such an identified IP address can be traceable geographically to its source so as to determine the location (state and city) of the Internet user; in some cases the IP address can be traced to within a radius of a few miles from its source. The comparison of the geographical location of the Internet user IP address, with the geographical location of said Internet user communication voice device can provide the seller or provider a means to authenticate the identity of the Internet user.
U.S. patent application Pub. No. 2001/0034718 of Shaked et al. discloses a method of controlling access to a service over a network, including the steps of automatically identifying a service user and acquiring user information, thereby to control access. Additionally, a method of providing service over a network, in which the service requires identification of a user, including the steps of automatically identifying the user and associating the user with user information, thus enabling the service, is disclosed.
U.S. Pat. No. 6,466,779 to Moles et al. discloses a security apparatus for use in a wireless network including base stations communicating with mobile stations for preventing unprovisioned mobile stations from accessing an Internet protocol (IP) data network via the wireless network.
U.S. patent application Pub. No. 2002/0188712 of Caslin et al. discloses a fraud monitoring system for a communications system. The fraud monitoring system analyzes records of usage activity in the system and applies fraud pattern detection algorithms to detect patterns indicative of fraud. The fraud monitoring system accommodates both transaction records resulting from control of a packet-switched network and those from a circuit-switched network gateway.
U.S. patent application Pub. No. 2003/0056096 of Albert et al. discloses a method to securely authenticate user credentials. The method includes encrypting a user credential with a public key at an access device. The public key is part of a public/private key pair suitable for use with encryption algorithm. The decrypted user credential is then transmitted from the decryption server to an authentication server for verification. The decryption server typically forms part of a multi-party service access environment including a plurality of access providers. This method can be used in legacy protocols, such as Point-to-Point Protocol (PPP), Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), Remote Authentication Dial in User Server (RADIUS) protocol, Terminal Access Controller Access Control System (TACAS) protocol, Lightweight. Directory Access Protocol (LDAP), NT Domain authentication protocol, Unix password authentication protocol, Hypertext Transfer Protocol (HTTP), Hypertext Transfer Protocol over Secure sockets layer (HTTPS), Extended Authentication Protocol (EAP), Transport Layer Security (TLS) protocol, Token Ring protocol, and/or Secure Remote Password protocol (SRP).
U.S. patent application Publication Number US 2003/0101134 of Liu et al. teaches a method for transaction approval, including submitting a transaction approval request from a transaction site to a clearing agency; submitting a user authorization request from the clearing agency to a user device; receiving a response to the user authorization request; and sending a response to the transaction approval request from the clearing agency to the transaction site. Another method for transaction approval includes: submitting a transaction approval request from a transaction site to a clearing agency; determining whether a trusted transaction is elected; submitting a user authorization request from the clearing agency to a user device if a trusted transaction is determined to be elected; receiving a response to the user authorization request from the user device if the user authentication request was submitted; and sending a response to the transaction approval request from the clearing agency to the transaction site. A system for transaction approval includes a clearing agency for the transaction approval wherein the clearing agency having a function to request for user authorization, a network operatively coupled to the clearing agency, and a user device adapted to be operatively coupled to the network for trusted transaction approval.
U.S. patent application Publication Number US 2003/0187800 of Moore et al. teaches systems, methods, and program products for determining billable usage of a communications system wherein services are provided via instant communications. In some embodiments, there is provision for authorizing the fulfillment of service requests based upon information pertaining to a billable account.
U.S. patent application Publication Number US 2004/0111640 of Baum teaches methods and apparatus for determining, in a reliable manner, a port, physical location, and/or device identifier, such as a MAC address, associated with a device using an IP address and for using such information, e.g., to support one or more security applications. Supported security applications include restricting access to services based on the location of a device seeking access to a service, determining the location of stolen devices, and authenticating the location of the source of a message or other IP signal, e.g., to determine if a user is contacting a monitoring service from a predetermined location.
U.S. patent application Publication Number US 2005/0159173 of Dowling teaches methods, apparatus, and business techniques for use in mobile network communication systems. A mobile unit, such as a smart phone, is preferably equipped with a wireless local area network connection and a wireless wide area network connection. The local area network connection is used to establish a position-dependent, e-commerce network connection with a wireless peripheral supplied by a vendor. The mobile unit is then temporarily augmented with the added peripheral services supplied by the negotiated wireless peripheral. Systems and methods allow the mobile unit to communicate securely with a remote server, even when the negotiated wireless peripheral is not fully trusted. Also included are mobile units, wireless user peripherals, and negotiated wireless peripherals projecting a non-area constrained user interface image on a display surface.
U.S. patent application Publication Number US 2005/0160280 of Caslin et al. teaches providing fraud detection in support of data communication services. A usage pattern associated with a particular account for remote access to a data network is monitored. The usage pattern is compared with a reference pattern specified for the account. A fraud alert is selectively generated based on the comparison.
U.S. patent application Publication Number US 2005/0180395 of Moore et al. teaches an approach for supporting a plurality of communication modes through universal identification. A core identifier is generated for uniquely identifying a user among a plurality of users within the communication system. One or more specific identifiers are derived based upon the core identifier. The specific identifiers serve as addressing information to the respective communication modes. The specific identifiers and the core identifier are designated as a suite of identifiers allocated to the user.
While these systems may be suitable for the particular purpose employed, or for general use, there remains a need for methods of user identification and authentication on computer networks.
It is an object of the invention to acquire the Internet user's consent over the Internet to be geographically located via at least two separate and independent sources of information while at least one independent source of information is the wireless location of the Internet user's communication voice device. The invention will verify the Internet user's identity from at least two independent sources of information related to the Internet user while at least one of the independent sources is the user's communication voice device wireless location and the user's interaction is only with the Internet site.
It is another object of the invention to acquire, via one single user click using the Internet user's browser, the Internet user's consent to be geographically located, and to be authenticated via at least two separate and independent sources of information while at least one independent source of information is the Internet user's communication voice device wireless geographical location.
It is an object of the invention to acquire the Internet user's consent, over the Internet user's browser, to be geographically located via at least two separate and independent sources of information while at least one independent source of information is the wireless location of the Internet user's communication voice device. The proposed invention will verify the Internet user's identity from at least two independent sources of information related to the Internet user where at least one source of independent information is the user's communication voice device wireless location and where the user's interaction is only with the browser and one communication voice device.
It is another object of the invention to acquire a communication voice device user's single consent, via a single interaction with the communication voice device (a button press or mouse click), to be geographically located via at least two sources of geographical information where at least one source of information is the wireless location of said communication voice device user. Accordingly, this method receives the consent of a communication voice device user or the Internet user, which is the same user to be geographically located and for authenticating the identity of the Internet user.
It is another object of the invention to produce a means to decrease the Internet user's intervention with the communication voice device while authenticating the Internet user and to identify said Internet user from at least two independent sources of information.
A further objective of this invention is to acquire an Internet user's consent, via one communication voice device, to be geographically located via wireless technology using a second communication voice device without any user interaction with the second communication voice device. The first and second communication voice device can be the same communication voice device or two separate communication voice devices. In addition, the first and second sources of information can be of the same communication voice device or two separate communication voice devices.
It is another object of the invention to provide a means for providing an accurate geographical location of the Internet user and the Internet user's IP address. Accordingly, this method includes identifying the IP address and tracing it geographically using any one of the existing software programs that can trace IP addresses.
It is another object of the invention to provide a convenient means for determining the location of Internet users at both mobile and non-mobile communication voice devices and terminals. Accordingly, this method includes the utilization systems and software that are used to locate the geographical location of people or communication voice devices, such as, but not limited to Global Positioning System (GPS), Galileo™, WiMAX™, Wi-Fi™, RFID and external positioning apparatus, such as, but not limited to, cellular base stations and antennas.
It is another object of the invention to provide a convenient means for determining a more accurate geographical location of routers using the Internet user communication voice device's geographical location and the said user IP address.
It is an object and feature of the present invention to provide a monitoring system in place to constantly monitor the existing sessions or connections and flag the connections or sessions automatically after the authentication. It is another object and feature of the present invention to include a cross check of the prospective user's mobile voice device number and location to assist in discriminating between authorized and unauthorized users.
The invention includes a method and system for obtaining the consent of an Internet user and communication voice device user or purchaser (hereinafter “Internet user”) to be geo-located and then to authenticate the user through cross-referencing and comparison of at least two independent sources of information, such as, but not limited to, the IP address of the Internet user's computer, geographical location of the Internet user, router geographical location or the geographical location of number of a communication voice device associated with said Internet user.
This invention also includes a method and system for authenticating an Internet user identity by cross-referencing and comparing at least two independent sources of information. A first IP address of an Internet user is identified. The geographical location of the IP address is traced geographically to determine a first location. The geographical address of a communications device of said Internet user is traced to determine a second location. The first and second locations are compared for geographical proximity to confirm the identity of the Internet user. Additionally, depending on the geographical proximity of the first and second location, a positive or negative score may be assigned to the Internet user, and access to the Internet site and the ability to conduct transactions may be allowed or limited based on the assigned score. Alternatively, additional authentication information may be required of the Internet user in order to proceed with the online transaction, or access by the Internet user may be terminated.
This invention is a method and system for getting the communication voice device user's consent to be geographically located using wireless technology with little or no intervention via the mobile phone.
The Internet user can be identified over the Internet by identifying private information known to the Internet user only. Example: credit card information, bank account information, username and password and other private information such as past loans, apartments addresses the Internet user used to live in, past merchandise purchased by the Internet user etc. Online verification of the Internet user's identity may be accomplished by correlating the billing information of the credit card or bank account and the communication voice device owner's information. If the information above matches, it is known that the user that is visiting the business Internet site is also the owner of the communication voice device and, therefore, the user has provided his consent online. At this point we can use that consent to locate the user communication voice device wireless geographical location.
Using the computerized method of the present invention it will be possible to determine which connection is authorized; block unauthorized access, sessions, and connections in real time; report breaches to the security administrator about unauthorized access in real time or near real time; identify files that were uploaded into the server via unauthorized sessions and connections, and possibly remove these files automatically; block IP addresses that try to get unauthorized access into the server; and to identify the attack pattern and learn how to block future attacks using the identified patterns. The computerized method of the present invention will make it possible to identify files that open unauthorized connections from the server into another remote computer, such as viruses and Trojans; identify potential security vulnerability that may allow a hacker to get unauthorized access into the server, and to automatically identify security holes that allow Internet fraudsters and hackers access into the server.
To the accomplishment of the above and related objects, the invention may be embodied in the forms illustrated in the accompanying drawings. It should be appreciated that the drawings are intended to be examples, and are illustrative only. Variations of the illustrated examples are contemplated as being part of the invention, which is limited only by the scope of the claims.
The term “session” or “connection”, as used in the context of the present invention, applies to any communication between two computers, such as, without limitation, the connection, communication, or session that is between client and server in an internal network; the connection, session or communication open between an Internet computer and an Internet server; and the session open by Internet computer to a web site using a browser program, where the web site can be an online bank or an ecommerce site. The term “session” in the present invention is equal to “communication”. “Sessions” and “communications” are also the same.
The term “server”, as used in the context of the present invention, applies to any device that uses this method, such as, without limitation, any device with an operating system having computing and communication capabilities, such as Windows™, Unix™ and Linux™; installed on any firewall; workstation, laptop, PDA or mobile phone. The method can be implemented on the server to monitor the server's internal activity and can also be implemented on an external device to monitor at least one other different device.
It should be understood that the term “mobile voice phone”, as used in the context of the present invention, applies to any mobile device modified or designed for voice or text communication, such as a mobile phone, capable of communicating with another device via wireless networks and associated telecommunication protocols, such as, but not limited to, cellular systems, radio systems, Wi-Fi™, WiMAX™, RFID, Bluetooth™, MIMO, UWB, satellite systems, or any other such wireless network known now or in the future. Other non-limiting examples include any device that has been modified or designed to communicate with a web-ready PDA, a Blackberry™, or a tablet or laptop computer with cellular connect capabilities.
It should be understood that the term “communication voice device”, as used in the context of the present invention, applies to any voice device capable of communicating with another voice device such as, but not limited to, phone, mobile voice device, laptop computer, desktop computer, server, VoIP phone or personal digital assistant (hereinafter PDA). Other non-limiting examples include any device that has been modified or designed for voice or text communication.
It should be understood that the term “mobile voice device”, as used in the context of the present invention, applies to any mobile device modified or designed for voice or text communication and capable of communicating with another device via wireless network such as but not limited to cellular system, radio system, Wi-Fi™, WiMAX™, RFID, Bluetooth™ MIMO, UWB (Ultra Wide Band), satellite system or any other such wireless networks known now or in the future. Other non-limiting examples include any device that has been modified or designed to communicate with an Internet-ready PDA, a Blackberry, a laptop computer with cellular connect capability, or a notification server, such as email server.
Wi-Fi™ is a trademark of the non-profit Wi-Fi Alliance. WiMAX™ is a trademark of WiMAX Forum. Bluetooth™ is a trademark of the Bluetooth Special Interest Group.
It should be understood that IP Address means an Internet protocol address according to the specifications of any Internet communication protocol, including but not limited to IPV4 and IPV6. “Foreign IP address” refers to an IP address that is assigned to a device not on the local or proprietary network.
It should be understood that where the present description, figures, and claims make reference to the process of “correlating” a location with an IP address, the process comprises comparing the specified location (e.g., the location of a device, home, or office) with a geographical location associated with the specified IP address, and estimating or determining the physical proximity of the two locations.
This invention relates to a method and system for acquiring an Internet user's consent over the Internet to be geographically located via at least two independent sources of wireless information while at least one independent source of wireless information is the Internet user's communication voice device. The proposed method does not require any user intervention outside the user's interaction at the Internet site or with the Internet user's browser.
However, that Internet site is not enabled to know if the Internet user is authorized to consent to the release of the location of the communication voice device. For example, a minor may be the Internet user and have the communication voice device. At step 308, the Internet site may check if the Internet user's identity at step 107 matches with the external or internal database. If the information matches such as user/password, billing information, credit card, token number or other secret or private information that the Internet user knows, like private information of the communication voice device owner. Therefore, when the Internet user has provided his/her consent to be located via the browser in step 306, that consent can also be utilized when locating 109 that Internet user via their communication voice device. Should (a) the information not match external or internal databases at Step 107 or (b) when the Internet user did not release his consent at step 306, step 110 is executed and authentication of the transaction can be processed using a different authentication method.
Another example employs two separate devices with two separate sources of wireless locations, such as a laptop computer and a communication voice device such as a mobile phone. One source of information is the wireless location of the laptop's Wi-Fi, provided by the browser, and the second source of wireless location is the mobile phone's location according to GPS, Cell site or antenna triangulation. Additionally, there could be one device with two separate sources of wireless location, such as a smart phone such as a PDA or iPhone™. Here, it is a single device with the source of information being the Wi-Fi location provided by the browser and the second and separate source of wireless location being the cellular carrier tower triangulation or GPS location provided by the mobile phone carrier.
Many online users with online accounts, such as bank accounts, online gaming and gambling accounts, and e-commerce accounts, and other online users who have Internet accounts protected by a username and password, have provided the institutions and corporations who manage those accounts with contact information that includes a mobile phone number. For these individuals, it is possible to get their consent to be located via their mobile phone by verifying how long their mobile phone has been on record as being associated with that account. If for example, if the mobile phone number has been recorded on a bank's databases and online records for longer than a predetermined time, it is virtually certain that the number does in fact correspond to the user's cell phone, making it unnecessary to verify the association. It is then possible to request the user's consent to be located, without any interaction with the mobile phone during the request and consent processes. Requesting the user's authorization can be done during a user's Internet session, via e-mail, or by otherwise contacting the user and receiving consent. If the mobile phone has been recorded in the bank's databases for less than the predetermined time, then the online bank can verify the mobile phone ownership by using the user's mailing address and mobile phone ownership information, as already mentioned.
Adding geographical locations to the Internet user's information, such as the Internet user's mobile voice device number, mobile voice device location, home address, client locations, etc., will allow verification that the session or connection of the Internet user is authorized. The session or connection IP address origin is matched with the geographical location of the mobile voice device or other geographical location of the user such as the user's home address.
At step 504 the system will correlate between the username and the user's mobile phone number and check if the user gave his consent or not, if the phone number requires user consent, or if it's a company phone number that does not require user consent. If the phone number is not a company phone number and requires consent then the system will start initiating a consent using one of the methods mentioned above or a different method acceptable by the company employing this method. At step 505 the system locates the user's mobile voice device. It is also possible to install software at the user's mobile voice device, such as a mobile laptop, and that software can transfer using an agent or the computer's browser the laptop location. In addition, the system may locate a second independent source of information, such as another independent mobile voice device, to provide additional location information from the independent source. The system can correlate two sources of location information such as Geo IP and mobile voice device, or two independent sources of mobile voice device from two sources. For example, one source can be the Wi-Fi location and the other source can be the carrier information.
At step 506 the system will check if the locations of two sources of information are proximate, within a predetermined degree of separation. (In the example shown in
One way of doing this is by programming a computer to implement the following steps (see
There are alternative ways of implementing this method. Suitable embodiments include, without limitation:
Employing a programmed external device which will have access to local or remote username and password databases like the domain server. In addition to the username and password database, the programmed external device will have access to local or remote database of mobile phone numbers associated with the username and password database. Additional databases having geographical locations like clients' locations, home etc. can be associated in the user level or the group level. For example, one may allow user access from the user's home address and/or zip code area (e.g., 375 South End Ave., New York NY 10280) and have a mobile phone associated with that user. When that user tries to access the system, the programmed external device will determine if the request arrives from the correct corresponding home address location (or zip code) and, if not, the system will determine if the request arrived from an IP address and then determine if the user's mobile phone is proximate to (i.e., near or at) the location of that IP address.
The allowable degree of separation between the two locations, beyond which a connection is denied or a session is terminated, is at the discretion of the practitioner, and may be specified any manner that can be implemented on the system (e.g., “no more than x miles”, “same or adjacent zip code”, “same city”, etc.) Group access can be implemented via a client address and/or zip code, i.e., any request from a given address and/or zip code can be allowed. This may be advantageous where authorized users are located within a proprietary building or secure premises.
Additional functions of the programmed external device can be checking that the mobile phone is near or at the allowed address, and/or determining that the mobile phone is near or at the allowed address while the IP address is allowed. The functionality of the programmed external device may be implemented on the server being protected.
There may be various methods for determining distances between the home address, mobile phone location, and IP location. Examples include, without limitation, the following:
Preferably, both a white list and a black list of foreign IP addresses is generated automatically by the system, enabling a determination that the user's mobile phone is near a white list IP address at the time of the transaction. In an alternate embodiment, the white list and black list may be created and entered by a system administrator. In another alternate embodiment, the automatically generated black list or white list may be edited by the system administrator to add or delete foreign IP addresses.
Using the “Process ID” it is possible to know which file opens a session or a connection to a remote computer. Since the foreign IP Address is known, the system can determine if the connection is authorized or not authorized. For example, if the foreign IP address is located in Texas while no authorized user is there, access is unauthorized. The present method will be able to flag the connection, inform the system administrator, and allow him to block the connection or allow the connection. In addition, since it's possible to know which file opened the new session or connection, the method of the present invention can remove the breach-initiating file if it is found to be security hole, Trojan, or Virus. Other options are also possible, such as blocking the outside connection to that IP address, and automatically “black listing” the foreign IP address since that foreign IP address is not near an authorized user's mobile phone device.
Since the system of the present invention can to get the complete communication between the server and the client using tools like sniffers, logs, DLL, etc., and since the system can determine if the connection between the client and the server is authorized based on the foreign IP address and the mobile voice device location, the system can determine which commands the hacker or fraudster sent to the server that gave him unauthorized access into the server. Once the system has determined what commands gave the hacker or fraudster access into the server, the system can block these commands the next time any fraudster or hacker tries to use them. The system blocks these commands by providing a filter on the open service like IIS or in the firewall to automatically block these commands and possibly add the IP address that sent the commands to a “black list”.
Each request to connect to the server will pass via the programmed external device or the programmed external device will have the option to monitor existing connections and sessions to the server. In an alternate embodiment, the programmed external device may perform both functions.
In certain embodiments of the invention, additional functionality may be incorporated into the system, including but not limited to the following:
Systems implementing the methods of the invention can be installed on a server, workstation, laptop, mobile phone, or function as an additional programmed external device between the clients and the server.
In the case that Client A is connected to Client B via messenger, has sent emails, is transferring a file between two computers etc., the system can verify that communication into the server is coming from a computer that is physically near the owner or the user of that computer, or that the user is at the location that the communication is coming from.
By using the methods of the invention, a server can be open to the Internet, and allow authorized users use the server, while providing the server administrator with additional layers of supervision that enable him to stop attacks, from the Internet or locally, as the attack starts or in near time.
A system employing the methods of the invention can work in two main modes, and combinations of the two are possible:
The difference between monitoring and authentication is that in authentication mode, a system implementing the present invention will not allow access to the server if the request originated from a location where the user's mobile phone is not nearby. Monitoring scans existing connections and sessions to the server after the authentication processes have been passed. In addition, in the monitoring mode, a system implementing the present invention can raise a red flag and/or disconnect an existing connection and the unauthorized connection/session will not be allowed to enter.
In conclusion, herein is presented a method for acquiring an Internet user's consent over the Internet to be geographically located via at least two separate and independent sources of information, wherein at least one independent source of information is the location of said Internet user's wireless communication voice device. The invention is illustrated by examples in the illustrative drawings and in the written description. It should be understood that while adhering to the spirit of the inventive concept, numerous variations exist for the practice of the invention described herein, and that such variations are contemplated as being a part of the present invention.
This application is a continuation of U.S. patent application Ser. No. 17/871,935, filed on Jul. 24, 2022, which is a continuation U.S. patent application Ser. No. 17/592,528, filed on Feb. 4, 2022, which is a continuation-in-part of U.S. patent application Ser. No. 16/724,361, filed Dec. 22, 2019, now U.S. Pat. No. 11,308,477. Application Ser. No. 16/724,361 is a continuation-in-part of U.S. patent application Ser. No. 15/787,805, filed Oct. 19, 2017, now U.S. Pat. No. 10,521,786, which is a continuation-in-part of U.S. patent application Ser. No. 15/606,270, filed May 26, 2017, now U.S. Pat. No. 10,289,833, which is a continuation-in-part of U.S. patent application Ser. No. 15/134,545, filed Apr. 21, 2016, now U.S. Pat. No. 9,727,867, which is a continuation-in-part of U.S. patent application Ser. No. 14/835,707, filed Aug. 25, 2015, now U.S. Pat. No. 9,391,985, which is a continuation-in-part of U.S. patent application Ser. No. 14/479,266, filed Sep. 5, 2014 and now abandoned, which is a continuation-in-part of U.S. patent application Ser. No. 14/145,862, filed Dec. 31, 2013, now U.S. Pat. No. 9,033,225, which is a continuation-in-part of U.S. patent application Ser. No. 13/479,235, filed May 23, 2012, now U.S. Pat. No. 8,770,477, which is a continuation-in-part of U.S. patent application Ser. No. 13/065,691 filed Mar. 28, 2011, now U.S. Pat. No. 8,640,197, which in turn claims priority of U.S. provisional application No. 61/445,860 filed on Feb. 23, 2011 and U.S. provisional application No. 61/318,329 filed on Mar. 28, 2010. U.S. application Ser. No. 13/479,235 is also a continuation-in-part of U.S. patent application Ser. No. 13/290,988, filed on Nov. 7, 2011, now U.S. Pat. No. 8,413,898. The contents of each one of the above prior applications is incorporated herein by reference in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5327144 | Stilp | Jul 1994 | A |
| 5335278 | Matchett et al. | Aug 1994 | A |
| 5365451 | Wang et al. | Nov 1994 | A |
| 5535431 | Grube et al. | Jul 1996 | A |
| 5754657 | Schipper et al. | May 1998 | A |
| 5757916 | MacDoran | May 1998 | A |
| 5790074 | Rangedahl | Aug 1998 | A |
| 5945944 | Krasner | Aug 1999 | A |
| 6012144 | Pickett | Jan 2000 | A |
| 6097938 | Paxson | Aug 2000 | A |
| 6236365 | LeBlanc et al. | May 2001 | B1 |
| 6466779 | Moles | Oct 2002 | B1 |
| 6612488 | Suzuki | Sep 2003 | B2 |
| 6625456 | Busso et al. | Sep 2003 | B1 |
| 6771969 | Chinoy | Aug 2004 | B1 |
| 6882313 | Fan | Apr 2005 | B1 |
| 6975941 | Lau et al. | Dec 2005 | B1 |
| 6978023 | Dacosta | Dec 2005 | B2 |
| 7013149 | Vetro | Mar 2006 | B2 |
| 7080402 | Bates | Jul 2006 | B2 |
| 7212806 | Karaoguz | May 2007 | B2 |
| 7305245 | Alizadeh-Shabdiz | Dec 2007 | B2 |
| 7321775 | Maanoja | Jan 2008 | B2 |
| 7376431 | Niedermeyer | May 2008 | B2 |
| 7418267 | Karaoguz | Aug 2008 | B2 |
| 7450930 | Williams et al. | Nov 2008 | B2 |
| 7497374 | Helsper | Mar 2009 | B2 |
| 7503489 | Heffez | Mar 2009 | B2 |
| 7577665 | Ramer | Aug 2009 | B2 |
| 7591020 | Kammer | Sep 2009 | B2 |
| 7594605 | Aaron | Sep 2009 | B2 |
| 7598855 | Scalisi et al. | Oct 2009 | B2 |
| 7647164 | Reeves | Jan 2010 | B2 |
| 7669759 | Zettner | Mar 2010 | B1 |
| 7673032 | Augart | Mar 2010 | B1 |
| 7673793 | Greene | Mar 2010 | B2 |
| 7751829 | Masuoka | Jul 2010 | B2 |
| 7764231 | Karr et al. | Jul 2010 | B1 |
| 7769396 | Alizadeh-Shabdiz | Aug 2010 | B2 |
| 7788134 | Manber | Aug 2010 | B1 |
| 7832636 | Heffez | Nov 2010 | B2 |
| 7848760 | Caspi | Dec 2010 | B2 |
| 7865181 | Macaluso | Jan 2011 | B1 |
| 7907529 | Wisely | Mar 2011 | B2 |
| 7908645 | Varghese et al. | Mar 2011 | B2 |
| 8006190 | Quoc et al. | Aug 2011 | B2 |
| 8006289 | Hinton | Aug 2011 | B2 |
| 8285639 | Eden | Oct 2012 | B2 |
| 8295898 | Ashfield | Oct 2012 | B2 |
| 8321913 | Turnbull | Nov 2012 | B2 |
| 8370340 | Yu et al. | Feb 2013 | B1 |
| 8370909 | Heffez | Feb 2013 | B2 |
| 8374634 | Dankar | Feb 2013 | B2 |
| 8572391 | Golan et al. | Oct 2013 | B2 |
| 8606299 | Fok et al. | Dec 2013 | B2 |
| 8611919 | Barnes, Jr. | Dec 2013 | B2 |
| 8640197 | Heffez | Jan 2014 | B2 |
| 8668568 | Denker et al. | Mar 2014 | B2 |
| 8676684 | Newman | Mar 2014 | B2 |
| 8739278 | Varghese | May 2014 | B2 |
| 8770477 | Hefetz | Jul 2014 | B2 |
| 8793776 | Jackson | Jul 2014 | B1 |
| 8904496 | Bailey | Dec 2014 | B1 |
| 9014666 | Bentley et al. | Apr 2015 | B2 |
| 9033225 | Hefetz | May 2015 | B2 |
| 9391985 | Hefetz | Jul 2016 | B2 |
| 9413805 | Sainsbury | Aug 2016 | B2 |
| 9473511 | Arunkumar et al. | Oct 2016 | B1 |
| 9576119 | McGeehan et al. | Feb 2017 | B2 |
| 9654477 | Kotamraju | May 2017 | B1 |
| 9727867 | Heffez | Aug 2017 | B2 |
| 10289833 | Hefetz | May 2019 | B2 |
| 10521786 | Hefetz | Dec 2019 | B2 |
| 10552583 | Piccionelli | Feb 2020 | B2 |
| 10554645 | Hefetz | Feb 2020 | B2 |
| 10645072 | Heffez | May 2020 | B2 |
| 11792314 | Hefetz | Oct 2023 | B2 |
| 20010034718 | Shaked | Oct 2001 | A1 |
| 20020016831 | Peled | Feb 2002 | A1 |
| 20020019699 | McCarty | Feb 2002 | A1 |
| 20020035622 | Barber | Mar 2002 | A1 |
| 20020053018 | Ota | May 2002 | A1 |
| 20020073044 | Singhal | Jun 2002 | A1 |
| 20020089960 | Shuster | Jul 2002 | A1 |
| 20020188712 | Caslin | Dec 2002 | A1 |
| 20030009594 | McElligott | Jan 2003 | A1 |
| 20030056096 | Albert | Mar 2003 | A1 |
| 20030061163 | Durfield | Mar 2003 | A1 |
| 20030065805 | Barnes | Apr 2003 | A1 |
| 20030101134 | Liu | May 2003 | A1 |
| 20030134648 | Reed | Jul 2003 | A1 |
| 20030135463 | Brown | Jul 2003 | A1 |
| 20030144952 | Brown | Jul 2003 | A1 |
| 20030187800 | Moore | Oct 2003 | A1 |
| 20030190921 | Stewart | Oct 2003 | A1 |
| 20030191568 | Breed | Oct 2003 | A1 |
| 20040073519 | Fast | Apr 2004 | A1 |
| 20040081109 | Oishi | Apr 2004 | A1 |
| 20040088551 | Dor | May 2004 | A1 |
| 20040111640 | Baum | Jun 2004 | A1 |
| 20040219904 | De Petris | Nov 2004 | A1 |
| 20040230811 | Siegel | Nov 2004 | A1 |
| 20040234117 | Tibor | Nov 2004 | A1 |
| 20040242201 | Sasakura | Dec 2004 | A1 |
| 20040254868 | Kirkland | Dec 2004 | A1 |
| 20040259572 | Aoki | Dec 2004 | A1 |
| 20050021738 | Goeller | Jan 2005 | A1 |
| 20050022119 | Kraemer | Jan 2005 | A1 |
| 20050027543 | Yannis | Feb 2005 | A1 |
| 20050027667 | Kroll | Feb 2005 | A1 |
| 20050065875 | Beard | Mar 2005 | A1 |
| 20050066179 | Seidlein | Mar 2005 | A1 |
| 20050075985 | Cartmell | Apr 2005 | A1 |
| 20050086164 | Kim | Apr 2005 | A1 |
| 20050143916 | Kim | Jun 2005 | A1 |
| 20050159173 | Dowling | Jul 2005 | A1 |
| 20050160280 | Caslin | Jul 2005 | A1 |
| 20050180395 | Moore | Aug 2005 | A1 |
| 20050198218 | Tasker | Sep 2005 | A1 |
| 20060020812 | Steinberg | Jan 2006 | A1 |
| 20060031830 | Chu | Feb 2006 | A1 |
| 20060064374 | Helsper | Mar 2006 | A1 |
| 20060085310 | Mylet | Apr 2006 | A1 |
| 20060085357 | Pizarro | Apr 2006 | A1 |
| 20060090073 | Steinberg | Apr 2006 | A1 |
| 20060107307 | Knox | May 2006 | A1 |
| 20060128397 | Choti | Jun 2006 | A1 |
| 20060194592 | Ian | Aug 2006 | A1 |
| 20060217131 | Farshid | Sep 2006 | A1 |
| 20060277312 | Hirsch | Dec 2006 | A1 |
| 20060282285 | Helsper | Dec 2006 | A1 |
| 20070053306 | Stevens | Mar 2007 | A1 |
| 20070055672 | Stevens | Mar 2007 | A1 |
| 20070055684 | Stevens | Mar 2007 | A1 |
| 20070055732 | Stevens | Mar 2007 | A1 |
| 20070055785 | Stevens | Mar 2007 | A1 |
| 20070061301 | Ramer | Mar 2007 | A1 |
| 20070084913 | Weston | Apr 2007 | A1 |
| 20070133487 | Wang | Jun 2007 | A1 |
| 20070136573 | Steinberg | Jun 2007 | A1 |
| 20070174082 | Singh | Jul 2007 | A1 |
| 20080046367 | Billmaier | Feb 2008 | A1 |
| 20080046988 | Baharis | Feb 2008 | A1 |
| 20080146193 | Bentley | May 2008 | A1 |
| 20080132170 | Farshid | Jun 2008 | A1 |
| 20080189776 | Constable | Aug 2008 | A1 |
| 20080222038 | Eden | Sep 2008 | A1 |
| 20080248892 | Walworth | Oct 2008 | A1 |
| 20080249939 | Veenstra | Oct 2008 | A1 |
| 20090260075 | Gedge | Oct 2009 | A1 |
| 20090276321 | Krikorian | Nov 2009 | A1 |
| 20100051684 | Powers | Mar 2010 | A1 |
| 20110211494 | Rhodes | May 2011 | A1 |
| 20130091544 | Oberheide | Apr 2013 | A1 |
| 20130104198 | Grim | Apr 2013 | A1 |
| 20130197998 | Buhrmann | Aug 2013 | A1 |
| 20130312078 | Oberheide | Nov 2013 | A1 |
| 20140068723 | Grim | Mar 2014 | A1 |
| 20140245379 | Oberheide | Aug 2014 | A1 |
| 20140245389 | Oberheide | Aug 2014 | A1 |
| 20140245450 | Oberheide | Aug 2014 | A1 |
| 20150040190 | Oberheide | Feb 2015 | A1 |
| 20150046989 | Oberheide | Feb 2015 | A1 |
| 20150046990 | Oberheide | Feb 2015 | A1 |
| 20150074408 | Oberheide | Mar 2015 | A1 |
| 20150074644 | Oberheide | Mar 2015 | A1 |
| 20150161378 | Oberheide | Jun 2015 | A1 |
| Number | Date | Country |
|---|---|---|
| 1469368 | Oct 2004 | EP |
| 1696626 | Aug 2006 | EP |
| 1708527 | Oct 2006 | EP |
| 1875653 | Jan 2008 | EP |
| 2383497 | Jun 2003 | GB |
| 2402792 | Dec 2004 | GB |
| 1020030043886 | Jun 2003 | KR |
| WO1996041488 | Dec 1996 | WO |
| WO2000075760 | Dec 2000 | WO |
| WO2001028272 | Apr 2001 | WO |
| WO2001054091 | Jul 2001 | WO |
| WO2002093502 | Nov 2002 | WO |
| WO2004079499 | Sep 2004 | WO |
| WO2004095857 | Nov 2004 | WO |
| 2005071988 | Aug 2005 | WO |
| WO2007004224 | Jan 2007 | WO |
| Entry |
|---|
| K. Charlton, N. Taylor, 2004, “Online Credit Card Fraud against Small Businesses”, Australian Institute of Criminology Research and Public Policy Series, No. 60; pp. 14-20. https://www.aic.gov.au/publications/rpp/rpp60. |
| Dorothy E.Denning, Peter F.MacDoran, Feb. 1966, “Location-based authentication: grounding cyberspace for better security”, Computer Fraud and Security, vol. 1996 No. 2 12-16. https://www.sciencedirect.com/science/article/abs/pii/S1361372397826139. |
| Hideyuki Takamizawa and Noriko Tanaka, Apr. 2012, “Authentication System Using Location Information on iPad or Smartphone” International Journal of Computer Theory and Engineering, vol. 4, No. 2,153-157. http://www.ijcte.org/papers/441-A075.pdf. |
| Terry Sweeney, Mar. 5, 2008, “SIS Taps Mobiles to Reduce Credit Fraud”, Information Week Mar. 5, 2008. https://www.informationweek.com/sis-taps-mobiles-to-reduce-credit-fraud/d/d-id/1065356. |
| Newbury Networks, WiFi Workplace, Jun. 19, 2004, “Enterprise WLAN Management & Security”, pp. 3-4. http://www.newburynetworks.com/downloads/WiFiWorkplace.pdf (via archive.org). |
| Newbury Networks, Jun. 18, 2004, “WiFiWatchdog”, pp. 2-3. http://www.newburynetworks.com:80/downloads/WifiWatchDog_DataSeet.PDF via archive.org. |
| Thomas Mundt, “Two Methods of Authenticated Positioning” Oct. 2, 2006, Q2SWinet '06: Proceedings of the 2nd ACM international workshop on Quality of service & security for wireless and mobile networks, pp. 25-32. |
| Bill N. Schilit et al., 2003, “Challenge: Ubiquitous Location-Aware Computing and the “Place Lab” Initiative”, Proceedings of the 1st ACM International Workshop on Wireless Mobile Applications and Service Hotspots; Sep. 19, 2003, San Diego CA; pp. 29-35. |
| Sybren A. Stuvel, “Sadako—Securing a building using IEEE 802.11”, Jun. 2006, B.S. Thesis, Universiteit van Amsterdam; pp. 7, 10, 16, 23. |
| Cyota, Cyota Esphinx, 2006 http://www.cyota.com/product_7.asp; http://www.cyota.com/product_11_26.asp; http://www.cyota.com/product_11_25. asp (via archive.org). |
| Debopam Acharya, Nitin Prabhu, and Vijay Kumar, 2005, “Discovering and Using Web Services in M-Commerce”, Technologies for E-Services, 5th International Workshop, TES 2004, Toronto, Canada, Aug. 29-30, 2004, 136-151; pp. 148-149. |
| Jeyanthi Hall: “Detection of Rogue Devices in Wireless Networks”, Aug. 2006, Ph.D. Thesis, School of Computer Science, Carleton University Ottawa, Ontario; pp. 10, 91, 92, 98-100, 143, 203, 205, 208. |
| Jakob E. Bardram, Rasmus E. Kjær, and Michael Ø. Pedersen, 2003, “Context-Aware User Authentication—Supporting Proximity-Based Login in Pervasive Computing”, UbiComp 2003: Ubiquitous Computing 5th International Conference, Seattle, WA, Oct. 12-15, 2003, Proceedings; pp. 111-113, 119. |
| Adelstein et al., “Physically Locating Wireless Intruders”, 2005, Journal of Universal Computer Science, vol. 11, No. 1, 4-19; pp. 6-9, 17. |
| Cyberangel, “CyberAngel Security Software White Paper”, Feb. 17, 2006; pp. 5, 7, 17, 18, 31. http://www.thecyberangel.com/pdfs/CyberAngelWhitePaper.pdf (via archive.org). |
| Kenya Nishiki and Erika Tanaka: “Authentication and Access Control Agent Framework for Context-Aware Services”, 2005, Proceedings of the 2005 Symposium on Applications and the Internet Workshops, Jan. 31, 2005-Feb. 4, 2005. |
| Business Wire: “Newbury Networks Introduces RF Firewall for Location-Based Access Control and Policy Enforcement”, May 21, 2007; pp. 1-2. |
| Wayne Jansen, Serban Gavrila and Vlad Korolev: “Proximity Beacons and Mobile Device Authentication: An Overview and Implementation.” Jun. 2005, National Institute of Standards and Technology Interagency Report No. 7200; pp. 1-2, 7, 19. |
| PR Newswire: “Interlink Networks and Bluesoft Partner to Deliver Wi-Fi Location-Based Security Solutions” Apr. 24, 2003.; p. 1. |
| Paul C. Van Oorschot, S. Stubblebine: “Countering Identity Theft through Digital Uniqueness, Location Cross-Checking, and Funneling” Feb. 28-Mar. 3, 2005 Financial Cryptography and Data Security, 9th International Conference, FC 2005, Roseau, Commonwealth of Dominica, 1-16. |
| Shashwat V. Bhavsar, 2005, “Wireless Application Environments and Location-Aware Push Services”, Thesis, University of New Brunswick; pp. 119, 123, 138-142, 150, 152, 153. |
| Simon G. M. Koo et al., “Location-based E-campus Web Services: From Design to Deployment”, 2003, Proceedings of the First IEEE International Conference on Pervasive Computing and Communications, Mar. 26, 2003; pp. 4-5, 7. |
| Maxmind LLC, “Skyhook Wireless and MaxMind Announce Partnership”, Jan. 30, 2006, p. 1. http://www.maxmind.com/app/news_20060130 (via archive.org). |
| Maxmind LLC, “Maxmind minFraud”, Jan. 8, 2007; pp. 1-2. https://www.maxmind.com/MaxMind_minFraud_Overview.pdf (via archive.org). |
| Cyberangel, “CyberAngel Security Solutions and Skyhook Wireless Announce Groundbreaking New Laptop Recovery System”, Jun. 20, 2005; pp. 1-2. http://www.thecyberangel.com/pr/TheCA_SkyhookPart.pdf (via archive.org). |
| RSA Security, “Rsa Adaptive Authentication” Mar. 14, 2006; p. 2 http://www.rsasecurity.com/solutions/consumer_authentication/ADAPT_SB_0106.pdf (via archive.org). |
| RSA Security, “RSA Adaptive Authentication for Web”, 2006. https://web.archive.org/web/20061230232715/http://www.rsasecurity.com/node.asp?id=3018 (via archive.org). |
| Cyota, “Cyota eSphinx—How does it work?”, 2006. http://www.cyota.com//product_7_19.asp (via archive.org). |
| RSA Security, “RSA eFraudNetwork” 2006. http://www.rsasecurity.com/node.asp?id=3071 (via Archive.org). |
| Seema R. Sharma, “Location based authentication”, M.S. Thesis, Univ.of New Orleans, May 20, 2005; pp. 17-25. |
| Lenders, V. et al., “Location-Based Trust for Mobile User-granted Content: Applications, Challenges and Implementations”, HotMobile '08:Proceedings of the 9th workshop on Mobile computing systems and applications, Napa Valley, CA Feb. 25-26, 2008, pp. 60-64. |
| Help Net Security, “Details on the new anti card fraud mobile phone technology”, Mar. 6, 2008 https://www.helpnetsecurity.com/2008/03/06/details-on-the-new-anti-card-fraud-mobile-phone-technology. |
| Yu Chen et al., “Cache Management Techniques for Privacy Preserving Location-based Services”, 2008, Proceedings of the Ninth International Conference on Mobile Data Management Workshops, MDMW, Beijing, China, Apr. 27-30, 2008; § 3. |
| Maxmind LLC, “Online Guidelines for Preventing Online Credit Card Fraud”, May 2005. http://www.maxmind.com/app/prevent_credit_card_fraud (via archive.org). |
| Number | Date | Country | |
|---|---|---|---|
| 20230421689 A1 | Dec 2023 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 17871935 | Jul 2022 | US |
| Child | 18464199 | US | |
| Parent | 17592528 | Feb 2022 | US |
| Child | 17871935 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 16724361 | Dec 2019 | US |
| Child | 17592528 | US |
