TREA

Location-based mobile device authentication

Follow

Information

  • Patent Grant
  • 12041041
  • Patent Number
    12,041,041
  • Date Filed
    Friday, October 14, 2022
    3 years ago
  • Date Issued
    Tuesday, July 16, 2024
    a year ago
Information
Abstract
A computer server may receive location data from a mobile client device and may compare the location data to predefined secure location definitions, which may be trusted or private locations. The computer server may receive a request from the mobile client device to access network resources or services, and the computer server may determine, using a result of comparing the location data and the one or more predefined secure location definitions, an authentication process for providing the mobile client device with access to the network resources or services. The computer server may execute the authentication process and may provide the mobile client device with access to the network resources or services.
Description
TECHNICAL FIELD

The present disclosure relates generally to user and device authentication within computer systems, and more particularly, to mobile device location tracking and location-based authentication techniques for providing access to secure server resources and applications.


BACKGROUND

Authentication is a function of modern-day computer systems that can be used for a wide variety of applications. For example, users may request to access bank accounts, tax records, or other secure, confidential information from mobile computing devices. Due to the confidential nature of the information requested, the user may be authenticated before being granted access to the information. Authentication may involve determining the user is an owner of the information or is entitled to access the information.


Authentication has historically involved passwords. The owner of the information may set up a password-protected account that may include confidential information with a service provider. The user may, at a later point, attempt to access the account to view the confidential information, and the service provider may authenticate the user, based on a successful password input from the user, and allow the user to view the confidential information. Two-factor authentication, in which two authentication methods are involved, can provide extra security for confidential information. But, in our modern world, users may desire authentication methods that may be quicker and more secure than existing technologies.


SUMMARY

In some examples, a computer server is disclosed that may include a processing unit and a computer-readable memory that may store computer-executable instructions that are executable by the processing unit to cause the computer server to perform various operations. The computer server may receive location data from a mobile client device and may compare the location data to predefined secure location definitions, which may be trusted or private locations. The computer server may receive a request from the mobile client device to access network resources or services, and the computer server may determine, using a result of comparing the location data and the one or more predefined secure location definitions, an authentication process for providing the mobile client device with access to the network resources or services. The computer server may execute the authentication process and may provide the mobile client device with access to the network resources or services.


In other examples, a method is disclosed for authenticating a user with location-based authentication. Location data may be received from a mobile client device, and the location data may be compared to one or more predefined secure location definitions associated with the mobile client device. The one or more predefined secure location definitions may include locations that are private or trusted for the mobile client device. A request from the mobile client device may be received to access network resources or services provided by a computer server. In response to receiving the request, an authentication process may be selected, using a result of comparing the location data and the one or more predefined secure location definitions associated with the mobile client device, from among a plurality of authentication processes for providing the mobile client device with access to the network resources or services. The authentication process for providing the mobile client device with access to the network resources or services may be executed, and the mobile client device may be provided with access to the network resources or services in response to successfully authenticating the mobile client device.


In other examples, a non-transitory computer-readable medium is disclosed that may include instructions that are executable by a processing device for causing the processing device to perform various operations. The processing device may receive location data from a mobile client device. The processing device may compare the location data to one or more predefined secure location definitions associated with the mobile client device. The one or more predefined secure location definitions may include locations that are private or trusted for the mobile client device. The processing device may receive a request from the mobile client device to access one or more network resources or services provided by a computer server. In response to the request from the mobile client device, the processing device may determine, using a result of comparing the location data and the one or more predefined secure location definitions associated with the mobile client device, an authentication process for providing the mobile client device with access to the network resources or services. The processing device may execute the authentication process for providing the mobile client device with access to the network resources or services and may, in response to successfully authenticating the mobile client device, provide the mobile client device with access to the network resources or services.





BRIEF DESCRIPTION OF DRAWINGS


FIG. 1 is a schematic of a network environment in which locations can be used to authenticate users and automatically navigate to desired pages for the users, according to one aspect of the present disclosure.



FIG. 2 is a block diagram of an example of a server device configured to execute programming code to authenticate users and provide direct and targeted access to specific pages using locations, according to one example of the present disclosure.



FIG. 3 is a block diagram of a user device usable in a system for authenticating users and providing direct access to pages using locations, according to one example of the present disclosure.



FIG. 4 is a flowchart of a process for performing location-based user authentication or direct access to a specific page or feature within an application or a web site, according to one aspect of the present disclosure.



FIG. 5 is a flowchart of a process for performing location-based user authentication or direct access to a specific page or feature within an application or a web site, according to one aspect of the present disclosure.





DETAILED DESCRIPTION

Certain aspects and features described herein relate to location tracking and location-based authentication of mobile devices by authentication systems providing access to various network resources or services. One or more secure location definitions may be predefined for a particular mobile device and stored by an authentication system. These predefined location definitions for a mobile device may correspond to locations that may be considered private, secure, safe, or trusted for that particular mobile device, such as the home, workplace, or vehicle of the mobile device's owner, or any other locations considered trusted, secure, private, or safe for that mobile device. Secure location definitions for a mobile device may, for example, correspond to predefined geofences defining a virtual boundary based on geographic coordinates of the mobile device, or may correspond to a predefined trusted wireless access point or other network identifiers that indicate that the mobile device is being operated at a safe and trusted location.


An authentication system associated with one or more mobile applications (or web-based resources or services) may receive and store location data from a mobile device, for example, the device's GPS coordinates, network component identifiers through which the mobile device is connecting to the system, or identifiers of computing devices nearby to the mobile device. In some embodiments, a mobile device's location may be continuously (or periodically) tracked and stored by the authentication system. When the mobile device attempts to open a particular mobile application (or other web-based resources or services), the authentication system may compare the mobile device's location data to the predefined secure location definitions associated with the mobile device. Based on the results of the comparison, the authentication may determine and execute an authentication process for the mobile device before permitting the mobile device to access the requested mobile application (or other web-based resources or services). For example, if a mobile device attempts to open a secure mobile application (or other web-based resources or services) while the mobile device is located within one of the predefined secure locations associated with the mobile device, then the authentication system may immediately authenticate the mobile device to open and access the secure mobile application (or other web-based resources or services) without requiring any additional authentication techniques. In contrast, if the mobile device is located outside of the predefined secure locations when attempting to open the secure mobile application (or other web-based resources or services), the authentication system may require the mobile device to complete additional authentication steps before accessing the secure mobile application (or other web-based resources or services).


In some examples, a user of the mobile device may request access to a mobile application (or other web-based resources or services) from a computer server via the mobile device. The computer server may include a set of locations that may be designated as predefined secure locations. The predefined secure locations may be previously received from the user via the mobile device, and the computer server can provide to the user recommendations or suggestions of predefined secure locations. The recommendations or suggestions may be locations frequented by the user or any suitable location that may be considered safe, secure, trusted, or private. Locations may be designated as predefined secure locations by the user of the mobile device, and the computer server may receive the locations from the user.


In other examples, the computer server or the mobile device may store a predefined list of secure wireless access points. The secure wireless access points may be associated with the mobile device and may be considered safe, secure, trusted, or private. If the user requests access to a mobile application (or other web-based resources or services) via a secure wireless access point that is included in the predefined list of secure wireless access points, the user may be immediately authenticated and may avoid subsequent authentication steps.


In the following description, for the purposes of explanation, specific details are set forth in order to provide a thorough understanding of various implementations and examples. Various implementations may be practiced without these specific details. For example, circuits, systems, algorithms, structures, techniques, networks, processes, and other components may be shown as components in block diagram form in order not to obscure the implementations in unnecessary detail. The figures and description are not intended to be restrictive.


In some examples, each process in the figures of this disclosure can be performed by one or more processing units. A processing unit may include one or more processors, including single core or multicore processors, one or more cores of processors, or combinations thereof. In some examples, a processing unit can include one or more special purpose co-processors such as graphics processors, Digital Signal Processors (DSPs), or the like. In some examples, some or all of the processing units can be implemented using customized circuits, such as Application Specific Integrated Circuits (ASICs), or Field programmable gate arrays (FPGAs).



FIG. 1 is a schematic of a network environment 100 in which locations of mobile devices can be tracked and used to authenticate the devices and provide the devices with access to secure network resources according to aspects of the present disclosure. Included in the network environment 100 are mobile devices 130, one or more communication networks 140, and a server system 110. The mobile devices 130 may request and access resources within the server system 110, over one or more communications networks 140, via wireless access points 145 or other network components. The network environment 100 may correspond to a Wide Area Network (“WAN”) environment, such as the Internet, through which mobile devices 130 may communicate with servers via web browsers or client-side applications, to establish communication sessions, request and receive web-based resources, and access other features (e.g., applications or services) provided by one or more backend server systems 110.


The server system 110 may be communicatively coupled to a data store 120 through one or more networks. Server system 110 may be or include any type of server including, for example, a rack server, a tower server, a miniature server, a blade server, a mini rack server, a mobile server, an ultra-dense server, a super server, or the like. The server system 110 also may include various hardware components, for example, a motherboard, a processing units, memory systems, hard drives, network interfaces, power supplies, etc. Server system 110 may include one or more server farms, clusters, or any other appropriate arrangement or combination of computer servers. Additionally, server system 110 may act according to stored instructions located in a memory subsystem of the server system 110, and may execute an operating system or other applications.


The server system 110 may implement several different applications and services, and perform additional server-side functionality, including by an authentication server 112, web server 114, application server 116, and a backend transaction processor 118. For example, in implementations of banking or financial services systems, electronic commerce systems, and the like, the web-based resources provided by web server 114 or applications supported by application server 116 may be used by mobile devices 130 to access account information and perform application functions related to multiple accounts. The data store 120 may store any information necessary for the server system 110 to implement any functions of an application in relation to account access and permissions. In some examples, the server system 110 and data store 120 can be a single computing device that implements an application and stores user account information.


The data store 120 can include a profile of the known devices and behaviors of each user for each account provided by a certain application. For example, a single user may have two accounts for a particular application. The user may typically use a desktop computer to access information related to a first account, while more often use a mobile device 130 to access information related to the second account. The data store 120 may record these user activity observations over time as a user profile for the server system 110 to use in determining if any anomalous behavior occurs during further login attempts. For example, if the user attempts to access the first account using the mobile device, the confidence score of the successful login, as determined by the server system 110, may be of a lower score than what would typically be given to the user. The data store 120 also may include a set of defined rules configurable by the user or entity providing the account services. As another example, an entity maintaining the server system 110 and data store 120 may establish broad rules across user accounts that involve additional user verification when a confidence score is below a threshold value.


The mobile devices 130, which can be any number, can be capable of accessing and establishing communication sessions with the server system 110 and the data store 120 through the communication networks 140. As shown in this example, mobile devices 130a-130d correspond computing devices such as laptops 130a, tablet computers 130b, smartphones 130c, and smart watches 130d. Mobile devices 130 may access the server system 110 via one or more wireless access points 145 or other communication network components. Wireless access points 145 can include devices such as wireless routers, modems, switches, mobile hotspots, set-top boxes, and the like, which allow mobile devices 130 to connect and communicate wirelessly to Local Area Networks (“LANs”), Wide Area Networks (WANs), as well as mobile telecommunication networks, short-range wireless networks, or various other communication network types (e.g., cable or satellite networks). A mobile device 130 may connect to a wireless access point 145 using radio frequency (RF) signals transmitted between the wireless communication antenna(s) on both devices, or other wireless communication technologies. Additionally, as shown in FIG. 1, certain mobile devices 130 need not use a wireless access point 145 to access the server system 110, but may access the server system via a cellular telecommunications network having one or more wireless base stations 142. In other examples, mobile devices 130 may be configured to access the server system 110 though cable networks, satellite networks, or other communication networks using separate network components and technologies.


Users operating various mobile devices 130 may attempt to gain access to the various resources provided by server system 110, including the server-side data, features, and functionality provided by secure mobile applications executing on mobile devices 130. A user also may use a browser application on a mobile device 130 to access secure web-based resources and services from the server system 110, as well as data from the underlying data stores 120 maintained by the server system 110. In response to requests from mobile devices 130, the authentication server 112 may attempt with verify the current user of the mobile device 130 with a sufficient degree of confidence, and that the current user has sufficient authorization credentials to retrieve the requested resources or perform the requested functionality.


Although certain network components are shown in FIG. 1, any number of compatible network hardware components and network architecture designs may be implemented in various embodiments to support communication between the server system 110, data store 120, and various mobile devices 130. Such communication network(s) may be any type of network that can support data communications using any of a variety of commercially-available protocols, including, without limitation, TCP/IP (transmission control protocol/Internet protocol), SNA (systems network architecture), IPX (Internet packet exchange), Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols, Hyper Text Transfer Protocol (HTTP) and Secure Hyper Text Transfer Protocol (HTTPS), Bluetooth™, Near Field Communication (NFC), and the like. By way of example, the network(s) connecting the mobile devices 130 and server system 110 in FIG. 1 may be local area networks (LANs), such as one based on Ethernet, Token-Ring or the like. Such network(s) also may be wide-area networks, such as the Internet, or may include financial/banking networks, telecommunication networks such as a public switched telephone networks (PSTNs), cellular or other wireless networks, satellite networks, television/cable networks, or virtual networks such as an intranet or an extranet. Infrared and wireless networks (e.g., using the Institute of Electrical and Electronics (IEEE) 802.11 protocol suite or other wireless protocols) also may be included in these communication networks.



FIG. 2 is a block diagram of an example of a server device 200 configured to receive location data and track locations of mobile devices 130, and to provide location-based authentication of the mobile devices 130 for providing access to secure resources or services, according to one example of the present disclosure. Authenticating user requests from mobile devices 130, and providing access to requested secure resources or services, can be based on tracking or determining the location of the mobile device 130 from which a request was received, and comparing the location to location-based authentication data stored in the server device 200. In this example, the server device 200 may be used as the entire server system 110, the authentication server 112, or any combination of servers, systems, and data stores 112-120 from FIG. 1.


The server device 200 may be a network device and may include a processor 202, a bus 204, a communications interface 206, and a memory 208. In some examples, the components shown in FIG. 2 may be integrated into a single structure. For example, the components can be within a single housing. In other examples, the components shown in FIG. 2 can be distributed (e.g., in separate housings) and in electrical communication with each other.


The processor 202 may execute one or more operations for implementing some various examples and embodiments described herein. The processor 202 can execute instructions stored in the memory 208 to perform the operations. The processor 202 can include one processing device or multiple processing devices. Non-limiting examples of the processor 202 include a Field-Programmable Gate Array (“FPGA”), an application-specific integrated circuit (“ASIC”), a microprocessor, etc.


The processor 202 may be communicatively coupled to the memory 208 via the bus 204. The non-volatile memory 208 may include any type of memory device that retains stored information when powered off. Non-limiting examples of the memory 208 include electrically erasable and programmable read-only memory (“EEPROM”), flash memory, or any other type of non-volatile memory. In some examples, at least some of the memory 208 may include a medium from which the processor 202 can read instructions. A computer-readable medium may include electronic, optical, magnetic, or other storage devices capable of providing the processor 202 with computer-readable instructions or other program code. Non-limiting examples of a computer-readable medium include (but are not limited to) magnetic disk(s), memory chip(s), ROM, random-access remora (“RAM”), an ASIC, a configured processor, optical storage, or any other medium from which a computer processor may read instructions. The instructions may include processor-specific instructions generated by a compiler or an interpreter from code written in any suitable computer-programming language, including, for example, C, C++, C#, etc.


The communications interface 206 may interface other network devices or network-capable devices to analyze and receive information related to accessing functions of an application. Information received from the communications interface 206 may be sent to the memory 208 via the bus 204. The memory 208 can store any information received from the communications interface 206.


The memory 208 may include program code for authenticating user requests from mobile devices 130, and providing users with access to the various server resources (e.g., application features or functionality, web pages, services, etc.), based on the location of the mobile devices in comparison to one or more predefined secure location definitions. The memory 208 may include program code for a data store module 210, and a control access module 212 including a location-based authentication data store 214. The location-based authentication data 214 may include data defining the one or more secure locations from which a mobile device 130 can more quickly and easily access certain server resources (e.g., with fewer additional authentication steps required). Also included in the memory 208 is one or more applications or services 216 that may be used to access data from backend data stores (e.g., data store 120 in FIG. 1) and perform various transactions and system functions. In the example of server device 200 that is a financial services server, the server-side applications or services 216 may perform functions including retrieving and modifying financial account information, transferring information or funds between accounts, etc. The data store module 210 may store user account information (e.g., username and password, security information) for a number of users and mobile devices 130, including originating IP addresses of login attempts, browser settings of login attempts, etc. The control access module 212 may validate whether a user access attempt has been successfully authenticated after a user has entered the correct account login information. As discussed above, authentication via the control access module 212 may include tracking and analyzing the current location of a mobile device 130 from which a request is received, and then comparing the location to one or more predefined secure location definitions that may be specific to the particular combination of the mobile device, user, mobile application used (or web domain requested), and the specific features, pages, or functionality requested. In some cases, the control access module 212 may determine that a lower level of authentication (or none at all) should be applied to an access attempt when the current location of the mobile device 130 is within a predefined secure location, where increased levels of authentication may be required when the mobile device 130 is not within a predefined secure location. The results from the control access module 212 may be used to control the permissions and functions available to the user from the applications or services 216.



FIG. 3 is a block diagram of a mobile device 130 usable in a system for authenticating user requests and providing access to resources and services based on device location according to one example of the present disclosure. As discussed above, mobile device 130 may include, for example, a smartphone, smartwatch, laptop, tablet computer, as well as other various types of user computing devices (e.g., personal computers, wearable computing devices, vehicle-based computing devices, etc.). Because mobile devices 130 may vary widely in functionality, any particular mobile device 130 may include a subset of the components shown in FIG. 3. Additionally, in some cases, components illustrated in FIG. 3 may be localized to a single physical device or distributed among various networked devices, which may be disposed at different physical locations.


The mobile device 130 includes hardware elements that can be electrically coupled via a bus 302 (or may otherwise be in communication, as appropriate). The hardware elements may include a processing unit(s) 304, which may comprise, without limitation, one or more general-purpose processors, one or more special-purpose processors (such as digital signal processing (DSP) chips, graphics acceleration processors, application specific integrated circuits (ASICs), or the like), or other processing structure, which can be configured to perform one or more of the methods described herein. As shown in FIG. 3, some embodiments may have a separate DSP 306, depending on desired functionality. The mobile device 130 also may include one or more input devices 326, which may be, without limitation, one or more keyboards, mouse, touch screens, touch pads, microphones, buttons, dials, switches, or the like. Input devices 326 may include one or more compatible input components that allow the user to provide various authentication data that may be required when requesting resources or services from a server system 110, including input components such as cameras or optical sensors, infrared (IR) sensors, signature pads and digital pens, voice or facial recognition components, fingerprint scanners, retina scanners, or various other biometric input components. Mobile device 130 also may include one or more output devices 328, which may comprise without limitation, one or more display screens, light emitting diodes (LEDs), projectors, speakers, or the like.


Mobile device 130 may also include a wireless communication interface 370, which may comprise without limitation a modem, a network card, an infrared communication device, a wireless communication device, or a chipset (such as a Bluetooth™ device, an IEEE 802.11 device, an IEEE 802.15.4 device, a Wi-Fi™ device, a WiMax™ device cellular communication facilities, etc.), or the like, which may enable the mobile device 130 to communicate via the networks and servers described above with regard to FIGS. 1-2. The wireless communication interface 370 may permit data to be communicated with a network, wireless access points 145, wireless base stations 142, other computer systems, or any other electronic devices described herein. The communication can be carried out via one or more wireless communication antenna(s) 372 that send or receive wireless signals 374.


Depending on desired functionality, the wireless communication interface 370 may comprise separate transceivers to communicate with base stations (e.g., eNBs) and other terrestrial transceivers, such as wireless devices and access points, belonging to or associated with one or more wireless networks. These wireless networks may comprise various network types. For example, a WWAN may be a CDMA network, a Time Division Multiple Access (TDMA) network, a Frequency Division Multiple Access (FDMA) network, an Orthogonal Frequency Division Multiple Access (OFDMA) network, a Single-Carrier Frequency Division Multiple Access (SC-FDMA) network, a WiMax™ (IEEE 802.16) network, and so on. A CDMA network may implement one or more radio access technologies (RATs) such as cdma2000, Wideband CDMA (WCDMA), and so on. Cdma2000 includes IS-95, IS-2000, or IS-856 standards. A TDMA network may implement GSM, Digital Advanced Mobile Phone System (D-AMPS), or some other RAT. An OFDMA network may employ LTE, LTE Advanced, NR and so on. LTE, LTE Advanced, NR, GSM, and WCDMA are described (or being described) in documents from 3GPP. Cdma2000 is described in documents from a consortium named “3rd Generation Partnership Project 2” (3GPP2). 3GPP and 3GPP2 documents are publicly available. A WLAN may also be an IEEE 802.11x network, and a WPAN may be a Bluetooth™ network, an IEEE 802.15x, or some other type of network. The techniques described herein may also be used for any combination of WWAN, WLAN or WPAN.


The mobile device 130 may further include sensor(s) 330. Such sensors may comprise, without limitation, one or more accelerometer(s), gyroscope(s), camera(s), magnetometer(s), altimeter(s), microphone(s), proximity sensor(s), light sensor(s), and the like. Some or all of the sensors 330 can be utilized, among other things, for detecting various environmental/contextual data (e.g., sights, sounds, smells, substances, temperatures, etc.) at the location of the mobile device 130, for obtaining operational status of an appliance or electrical device, or for obtaining other types of data that may be communicated to a backend server.


Certain embodiments of mobile devices 130 may also include a Standard Positioning Services (SPS) receiver 380 capable of receiving signals 384 from one or more SPS satellites using an SPS antenna 382, which may be combined with antenna(s) 372 in some implementations. Positioning of mobile devices 130 using SPS receivers 380 may be utilized to complement or incorporate the techniques described herein, and may be used to obtain sensor data by the mobile device 130. The SPS receiver 380 may support measurement of signals from SPS SVs of an SPS system, such as a GNSS (e.g., Global Positioning System (GPS)), Galileo, GLONASS, Quasi-Zenith Satellite System (QZSS) over Japan, Indian Regional Navigational Satellite System (IRNSS) over India, Beidou over China, or the like. Moreover, the SPS receiver 380 may be used with various augmentation systems (e.g., a Satellite Based Augmentation System (SBAS)) that may be associated with or otherwise enabled for use with one or more global or regional navigation satellite systems. By way of example but not limitation, an SBA S may include an augmentation system(s) that provides integrity information, differential corrections, etc., such as, e.g., Wide Area Augmentation System (WAAS), European Geostationary Navigation Overlay Service (EGNOS), Multi-functional Satellite Augmentation System (MSAS), GPS Aided Geo Augmented Navigation or GPS and Geo Augmented Navigation system (GAGAN), or the like. Thus, as used herein an SPS may include any combination of one or more global or regional navigation satellite systems or augmentation systems, and SPS signals may include SPS, SPS-like, or other signals associated with such one or more SPS.


Additionally, in some embodiments the mobile device 130 may include a cryptocurrency wallet 362. Cryptocurrency wallet 362 may include one or more executable software components configured to store private and public keys, and to interact with one or more cryptocurrency blockchains, to enable the mobile device 130 to send and receive digital currency. In some embodiments, one or more types of cryptocurrency may be loaded onto the mobile device 130, along with predefined instructions or rules specifying when and how the cryptocurrency may be exchanged over time. Additionally or alternatively, a mobile device 130 may request and receive transfers of cryptocurrency via communication networks 140 from other mobile devices 130 or remote systems, via a network service provider or other third-party system.


The mobile device 130 may further include or be in communication with a memory 310. The memory 310 may comprise, without limitation, local or network accessible storage, a disk drive, a drive array, an optical storage device, a solid-state storage device, such as a random-n access memory (“RAM”), or a read-only memory (“ROM”), which can be programmable, flash-updateable, or the like. Such storage devices may be configured to implement any appropriate data stores, including without limitation, various file systems, database structures, or the like. The memory 310 may be used, among other things, to store sensor data received from sensors 330 using a database, linked list, or any other type of data structure. In some embodiments, wireless communication interface 370 may additionally or alternatively comprise memory.


The memory 310 of mobile device 130 also may comprise software elements (not shown), including an operating system, device drivers, executable libraries, or other code, such as one or more application programs, which may comprise computer programs provided by various embodiments, or may be designed to implement methods, or configure systems, provided by other embodiments, as described herein. Merely by way of example, one or more procedures described with respect to the functionality for mobile device 130 discussed above might be implemented as code or instructions executable by mobile device 130 (or a processing unit 304 within the mobile device 130). Such code or instructions may be used to configure or adapt a general-purpose computer (or other device) to perform one or more operations in accordance with the techniques described herein.



FIG. 4 is a flowchart of a process for determining and storing a set of secure location definitions to be used by an authentication system to provide access to requested network resources or services, according to one aspect of the present disclosure. As described below, location-based authentication of mobile devices 130 may be performed by a server system 110 to more quickly and efficiently authenticate user requests for secure mobile application features or websites. Thus, the examples of determining and storing secure location definitions to be used for location-based authentication may be described in terms of the same computing environments and devices/systems described above in FIGS. 1-3. However, it should be understood that the techniques and steps described below are not limited to the particular computing systems and hardware components described above in reference to FIGS. 1-3 but may be implemented using various other combinations of devices and systems to perform the various features and functionality described below.


In block 401, a user operating a mobile device 130 may request to access certain secure resources or services from a server system 110. For example, a user may select a secure mobile application installed on the mobile device to be opened/instantiated. A secure mobile application may include any mobile application that requires any additional authentication steps or techniques (e.g., beyond the user logging into the mobile device 130 itself) in order to access certain features of the mobile application. For instance, mobile applications provided by banking or financial services institutions, mobile applications that allow the user to make in-app purchases, that allow the user to access personal or confidential data, or that allows the user to control other computing devices/systems (e.g., home security systems) that may be configured as secure mobile applications to require user authentication within the application to access some or all of certain application features. Thus, the request in block 401 may correspond to the user selecting and opening a secure mobile application or selecting a link within a previously opened mobile application that provides new secure functionality (e.g., logging into a secure user account or client portal, etc.). In response to the user attempting to access the secure mobile application or feature, the mobile application may transmit a corresponding access request to the server device 200, which may be an authentication server 112 or application server 116. Additionally, the request in block 401 need not involve mobile applications, but may instead correspond to a user attempting to access a secure website from a web server 114 via a web browser application installed on the mobile device 130.


In block 402, the server system 110 may request and receive authentication credentials from the user and may verify the authentication credentials to permit the user to access the requested server resources or services. For instance, in response to the access request received from the mobile device 130 in block 401, the server device 200 (e.g., the authentication server 112 or the application server 116 of FIG. 1) may determine and initiate an authentication process to be used for authenticating the access request. In some embodiments, the authentication process may including transmitting a login screen (e.g., username and password) to the mobile device 130 via a secure network protocol, and then receive and verify the credentials from the user. Additionally or alternatively, the server device 200 may use a multi-factor authentication technique, challenge questions, various biometric authentication (e.g. fingerprint identification, retina scanning, iris scanning, facial recognition, ear-recognition technology, voice analysis, etc.), or verify data from an RFID token associated with the user. In this example, it is assumed that the user authentication process in block 402 is successful.


In block 403, the server device 200 may determine whether or not the current location of the mobile device 130 is to be designated as a predefined secure location (or “safe location”) for the mobile device 130 to access the secure mobile application. As described below, users may designate physical locations such as their homes, workplaces, vehicles, or other trusted or private locations as safe locations for accessing the secure mobile application in the future. The determination of these safe locations may be used by the server device 200 during future access requests by the mobile device 130 from the same location to automatically authenticate the user (e.g., for full or partial authentication), thereby providing quicker and more efficient user authentication techniques by taking into account the current location of the mobile device 130.


In some embodiments, designating the current location as a “safe location” in block 403 may require a confirmation from the user of the mobile device 130. For example, after a successful login to a secure mobile application (or a secure website) in block 402, the user may access an account settings page, configuration page, etc., of the application or website from which the user may select an option indicating that their current location is a “safe,” “secure,” “private,” or “trusted” location.


Even when a designation of a “safe location” requires an express user confirmation, the server device 200 may be configured to provide recommendations or suggestions to the user, via the secure mobile application or website, that certain locations be designated as safe or trusted locations at block 403. In some cases, after any successful user authentication process in block 402, the secure mobile application or website may prompt the user to indicate whether or not the current physical location of the user is a safe or trusted location for future secure access requests. In other cases, the server device 200 may provide the user with suggestions or recommendations of safe locations based on the previous usage data of the mobile device 130 or application or based on contextual data that may be detected at the mobile device 130 during the user's session with the secure mobile application or website. For example, the server device 200 may suggest the current location as a safe location after a threshold number of successful logins from the location. As another example, the server device 200 may suggest the current location as a safe location in response to detecting certain known or trusted computing devices at the current location such as a mobile device of a family member, a vehicle-based system associated with the user, a home virtual assistant device associated with the user, etc. In contrast, if the server device 200 detects a threshold number of untrusted computing devices at the current location of the mobile device 130, indicating a busy public location, then the server device 200 may not suggest the current location as a safe location at block 403 or may require an additional confirmation from the user before allowing the current location to be designated as safe or trusted.


Additionally or alternatively, in some embodiments, block 403 need not be preceded by blocks 401 and 402. That is, a user may designate one or more safe locations to expedite authentication of future access requests by the mobile device 130, without be required to successfully authenticate with the mobile device 130 from the safe locations. For example, the user may login from a separate location, such as from a desktop computer at their home or work, to setup their predefined secure locations in block 403.


If the current location is not to be designated as a safe location for future access requests from the mobile device 130 (403:No), then at block 404, the server device 200 may provide the mobile device 130 with access to the secure application or website in a normal manner. But, if the user (or the automated processes executing within the server device 200) determines that the current location of the mobile device 130 is to be designated as a safe location (403:Yes), then at block 405, the server device 200 may receive the specific boundaries or characteristics that may be used to define the safe location.


At block 405, the server device 200 may receive data identifying the boundaries of the location to be designated as a safe (or secure) location for future access requests from the mobile device 130. In various embodiments, the server device 200 may support multiple different types of secure location definitions, including geofence locations which are defined by the geographic coordinates of their boundaries, or network connection locations which are defined by the networks or devices used by the mobile device 130 to connect to the server device 200. Thus, if user designates the current location (or selects another location) as a safe location at block 404, then at block 405 a user interface may be presented via the mobile application or website that allows the user to define the type of safe location (e.g., a geofence, a wireless access point, etc.) as well as other suitable characteristics of the safe location.


In such embodiments, if the user indicates that the safe location is a geofenced area, a customized user interface may allow the user to define the geographic coordinates for the geofenced area to be designated as a secure location. For instance, the user may be prompted with an option to define a new geofenced area as a circle within N distance of the current location of the mobile device 130 (e.g., “Designate the area within —————— feet of my current location (e.g., 50 feet, 100 feet, etc.) as a safe location”). As another option, the user interface may present a satellite or street view map of the user's current location, and allow the user to draw the geofence boundaries to be designated as a safe location. For example, a user-defined geofence 150 that is a secure location is shown in FIG. 1. Using such techniques, the user may define a geofenced secure location having any desired size or shape for future access requests from the mobile device 130 to the server device 200.


In other examples, rather than a geofenced secure location, the user can indicate that the safe location is to be defined based on the networks or network devices through which the mobile device 130 connects to the server device 200. For example, a user interface at block 405 may allow the user to select one or more wireless access points 145, wireless networks, or other networks or network components, to define the secure location for future access requests from the mobile device 130. For instance, referring to FIG. 1, if a user of mobile device 130d selects the current wireless access point 145b as a secure location, then the server device 200 may expedite authentication for future access requests from the mobile device 130d that are transmitted via the wireless access point 145b regardless of the geographic location of the mobile device 130. Secure locations may be similarly defined for other wireless access points 145, or for particular wireless networks or access networks. In such cases, the hardware address (e.g. MAC address), network address (e.g. IP address), or other network identifiers may be identified to define the network 1s devices or networks that correspond to the secure location. Additionally or alternatively, in some embodiments, a secure location may be defined based on the proximity of the mobile device 130 to one or more other known computing devices. For example, a secure location may be defined as any location where the mobile device 130 is within a range of a wireless connection (e.g. via Bluetooth™) to another specified device, or when the mobile device is within a particular distance of another specified device, etc.


In addition to receiving data defining the secure location (e.g. geofence boundaries, specific access points or networks, etc.), the server device 200 also may receive additional data at block 405 to define additional characteristics of the newly designated secure location. For example, when defining a secure location via the mobile device 130, the user may specify whether the secure location applies to the mobile device 130, to one or more other mobile devices 130 associated with the user, or a combination thereof. Additionally or alternatively, the user may specify whether the secure location applies to the user, to one or more other users that may have a separate profile or separate access credentials on the same mobile device 130, or a combination thereof. In some cases, users may be prompted to identify a list of secure mobile applications or websites to which the secure location applies and may be prompted to identify a list of the specific pages, features, or functionality within the secure mobile application(s) or website(s) to which the secure location applies. For instance, when defining the characteristics of a new secure location at block 405, the user may indicate that the secure location applies to the secure mobile application or website to which the user logged in in block 402, or may identify one or more other related mobile applications or websites to which the secure location also applies. Similarly, the user may select one or more specific features, pages, or functionality supported by the selected mobile application(s) or website(s) for which the secure location applies. A secure location, thus, may apply to certain application pages or features within a mobile application or website but not to others. For instance, a server device 200 may expedite authentication for a future request from a secure location to access an account balance of the user but would not expedite authentication for future requests to transfer funds using the same secure mobile application, etc. Additionally or alternatively, time and date characteristics, as well as other context data characteristics, may be defined for a new secure location at block 405. For instance, a date or time characteristic may temporally limit the secure location, so the server device 200 may expedite authentication of future access requests from the mobile device 130, but only for requests during the date and time characteristics defined for the secure location.


At block 406, the data defining the secure location and any characteristics of the secure location may be stored by the server device 200. In various embodiments, the secure location definition data may be stored within an authentication server 112, or within a web server 114 or application server 116. In some cases, the secure location definition data may be stored as a listing or table within a location-based authentication data store 214. Table 1, shown below, illustrates the data fields of a secure location definition according to one example of the present disclosure.









TABLE 1





Listing of Secure Location Definitions





















Secure
Geofence
Applies to
Applies to
Applies to
Applies to
Applies to


Location ID
Boundaries or
Users
Mobile
Mobile
Features or
Dates and



Devices/Networks

Devices
Apps/Sites
Pages
Times










FIG. 5 is a flowchart of a process for location-based authentication to provide access to requested network resources or services, according to one aspect of the present disclosure. As described below, one or more server devices 200 within server system 110 may track a mobile device 130 using received location data, and may expedite the authentication processes for the mobile device 130 by comparing the location of the mobile device 130 to a list of predefined secure location definitions. Thus, the examples of location-based authentication using predefined secure location definitions may be described in terms of the same computing environments and devices/systems described above in FIGS. 1-3. However, it should be understood that the techniques and steps described below or are not limited to the particular computing systems and hardware components described above in reference to FIGS. 1-3, but may be implemented using various other combinations devices and systems to perform the various features and functionality described below.


At block 501, a server device 200 (e.g., authentication server 112, web server 114, or application server 116 of FIG. 1) may receive and store location data for mobile device 130. In various embodiments, the location data received in block 501 may correspond to any of the various types of location data discussed above that may be used to for secure (or safe) location definitions. Thus, the location data received in block 501 may correspond to geographic coordinates from a GPS receiver or other positioning system of the mobile device 130. Additionally or alternatively, the received location data may identify one or more network devices or access networks through which the mobile device 130 is connected to the communication networks 140 and server device 200. For instance, the received location data may be a hardware identifier (e.g. MAC address) of a wireless access point 145, or an IP address of a network appliance, or network name or identifier of a wireless network, access network, etc. In other embodiments, the location data may correspond to a relative location between the mobile device 130 and another specified device, such as an indication that the mobile device 130 detects the other device via Bluetooth™ or other short-range wireless protocol.


In some cases, the mobile device 130 may be configured to continuously (or periodically, at various different time intervals) transmit current location data of the mobile device 130 to the server device 200. A location transmission routine within the mobile device 130, configured to detect and transmit updated location data, may be managed by a secure mobile application, a browser application, or by an operating system of the mobile device 130. In some cases, the movement sensors of the mobile device 130 (e.g. accelerometer, gyroscope, etc.) may be used to determine when the mobile device 130 is stationary, and the location transmission routine may be configured not to detect or transmit updated location when the mobile device 130 is stationary.


In other cases, the transmission of location data to the server device 200 may be initiated by the server device 200, or by a separate third-party device in some embodiments. For example, the server device 200 may transmit periodic requests to the mobile device 130 to receive updated location data. In other examples, the separate third-party device (e.g. intermediary network device) may track the location of the mobile device 130 and periodically transmit location data to the server device 200.


The location data received by the server device 200 at block 501 may be stored and used to track the location of the mobile device 130. In some embodiments, the server device 200 may implement a location recency threshold corresponding to a duration of time. The location recency threshold may be used to determine, based on calculating a difference between a first time and a second time, whether or not the most recent location data received from a mobile device 130 is too old (or stale) to be reliable for the purposes of location-based authentication and that new location data should be requested from the mobile device 130. If the difference between the first time and the second time is larger than the recency threshold, a request for new location data from the mobile device 130 may be transmitted to the mobile device 130.


Additionally or alternatively, though this example shows the receiving of location data in block 501 occurring before receiving the request for resources or services in block 502, in other examples the location data for the mobile device 130 may be received after (e.g. responsive to) the request from the mobile device 130 at block 502.


At block 502, the server device 200 may receive a request from a mobile device 130 to access certain secure resources or services within the server system 110. Thus, block 502 may be similar or identical to block 401, described above. In some cases, a user operating a mobile device 130 may select a secure mobile application installed on the mobile device 130 to be opened or may select a link within a previously opened mobile application that provides new secure functionality (e.g. logging into a secure user account or client portal, etc.). In other cases, the request in block 502 need not involve mobile applications but may correspond to a user attempting to access a secure website from a web server 114 via a web browser application installed on the mobile device 130.


At block 503, the server device 200 may compare the location data received for the mobile device 130 to one or more predefined secure location definitions associated with the mobile device 130. As discussed above in reference to FIG. 4, a mobile device 130 may have one or more associated secure location definitions that may be predefined for the mobile device 130 and used to expedite authentication of requests from the mobile device 130. Thus, the comparison in block 503 may correspond to a comparison of the current geographic coordinates of the mobile device 130 to the geofence boundary coordinates of one or more predefined secure location definitions. Alternatively or additionally, the comparison in block 503 may correspond to a comparison of the current wireless access point 145, wireless network, access network, or other network components, to the corresponding network/device data within one or more predefined secure location definitions.


Referring again briefly to FIG. 1, an example of a geofence 150 is shown corresponding to a secure location that has been predefined for one or more mobile devices 130. In this example, the geofence is based on the geographic coordinates of the mobile devices 130 rather than on wireless access points, network identifiers or types, etc. If the geofence 150 has been predefined as a secure location for all mobile devices 130a-130e in FIG. 1, then the comparison in block 503 may be successful for access requests from mobile devices 130b and 130c, which are inside the geofence 150, but would not be successful for access requests from mobile devices 130a, 130d, and 130e, which are outside of the geofence 150.


As another example, a secure location definition corresponding to the use of wireless access point 145b may be predefined for all mobile devices 130a-130e in FIG. 1. In this example, the comparison at block 503 may be successful for access requests from mobile devices 130d and 130e, which are currently communicating via WAP 145b but would not be successful for access requests from mobile devices 130a, 130b, and 130c, which are not communicating via WAP 145b.


Additionally or alternatively, as noted above, a predefined secure location definition also may include additional criteria besides the location of the mobile device 130, including any of the criteria discussed above in FIG. 4 or shown in Table 1. For instance, a predefined secure location definition may include one or more of: a particular set of users to which the secure location applies, a particular set of mobile applications (or websites) to which the secure location applies, a particular set of features or pages within the mobile applications (or websites) to which the secure location applies, or specified dates, time, or other contextual data that may be used to determine when and if the secure location is applicable to the request received at block 502. Thus, at block 503, the available data associated with the mobile device 130 and the access request received at block 502 may be compared to any additional criteria to determine whether or not a predefined secure location may be applied to expedite authentication of the access request. Using these additional criteria, the server device 200 may determine whether or not the secure location may be applied to expedite authentication based on, for example, the current user of the mobile device 130, the secure mobile application or website being accessed, the specific pages or features of the mobile application or website being requested, the date and time of the access request, etc. Any or all of these criteria may be used in combination to determine whether the predefined secure location may be applied to expedite authentication of the request (503:Yes), or whether one or more criteria do not match and the predefined secure location is not applicable (503:No).


The comparisons at block 503 may be performed in response to receiving the access request at block 502 or, alternatively, may be performed before receiving the access request at block 502. For example, in some embodiments, the comparisons at block 503 may be performed in a continuous or periodic loop for a mobile device 130, corresponding to the receiving of location data for the mobile device 130. The server device 200 may store the most recent results of the comparisons, and thus may determine immediately for an incoming access request at block 502 whether or not the access request was transmitted from a predefined secure location.


If the current location of the mobile device 130 matches a predefined secure location (or safe location) associated with the mobile device 130, then at block 504, the server device 200 may provide the mobile device 130 with access to the requested secure mobile application or secure website in the normal manner, avoiding additional authentication processes. In this example, other than the location-based authentication performed via the comparison at block 503, the server device 200 performs no further user authentication or device authentication techniques before providing access to the secure mobile application at block 504. In other examples, matching predefined secure locations may result in an expedited authentication process performed by the server device 200 but the expedited authentication may include one or more additional authentication steps or techniques. For instance, matching a predefined secure location may be paired with one other form of user authentication (e.g. facial recognition, biometrics, username/password, etc.).


In contrast, if the current location of the mobile device 130 does not match one of the predefined secure locations (or safe locations), then an authentication process with additional authentication steps or techniques (i.e. non-expedited process) may be performed at blocks 505 and 506. Blocks 505 and 506 may include similar or identical authentication processes to those discussed above in block 402. Within blocks 505 and 506, the server device 200 may request and receive additional authentication credential data from the user, and attempt to verify the authentication credentials to permit user access the secure mobile application. Various authentication techniques may be used at blocks 505 and 506, including login screens (e.g. username and password), multi-factor authentication techniques, challenge questions, various biometric authentication (e.g. fingerprint identification, retina scanning, iris scanning, facial recognition, ear-recognition technology, voice analysis, etc.), or verifying data from an RFID token associated with the user. The non-expedited authentication process determined and executed by the server device 200 at blocks 505 and 506 may include different or additional authentication techniques from those performed within the expedited authentication process (if any) performed at blocks 503 or 504.


If the non-expedited authentication process determined and executed by the server device 200 at blocks 505 and 506 is successful and the user is successfully authenticated (506:Yes), then at block 504, the server device 200 may provide the mobile device 130 with access to the requested secure mobile application or secure website in a normal manner. In contrast, if the non-expedited authentication process determined and executed by the server device 200 at blocks 505 and 506 is unsuccessful and the user cannot be authenticated (506: No), then at block 507 the server device 200 may deny the mobile device 130 access to the requested secure mobile application or secure website.


Although the subject matter has been described in language specific to structural features or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims
  • 1. A computer server comprising: a processing unit including one or more processors;a computer-readable memory storing thereon instructions that are executable by the processing unit to cause the computer server to: receive location data from a mobile client device, the location data comprising a set of geographic coordinates of the mobile client device;compare the location data to one or more predefined secure location definitions associated with the mobile client device by: comparing the set of geographic coordinates of the mobile client device to a set of boundaries of a predefined geofence associated with the mobile client device, wherein the one or more predefined secure location definitions comprise the set of boundaries that indicate one or more locations that are private or trusted for the mobile client device, wherein the set of boundaries of the predefined geofence are definable as an updated secure location via user input that indicates that the predefined geofence is secure within a first particular distance from the set of geographic coordinates of the mobile client device; andcomparing the location data to the one or more predefined secure location definitions by comparing an identifier of a wireless access point to a predefined list of secure wireless access points associated with the mobile client device;receive a request from the mobile client device to access one or more network resources or services provided by the computer server;in response to the request from the mobile client device: determine, using a result of comparing the location data and the one or more predefined secure location definitions associated with the mobile client device, an authentication process from among a plurality of authentication processes for providing the mobile client device with access to the network resources or services;execute the authentication process for providing the mobile client device with access to the network resources or services;execute, based on matching the location data to at least one predefined location definitions associated with the mobile client device, a first additional authentication process from among the plurality of authentication processes, and successfully authenticate the mobile client device, prior to providing access to requested network resources or services, wherein the first additional authentication process is different than the authentication process;execute, based on not matching the location data to at least one predefined location definitions associated with the mobile client device, a second additional authentication process from among the plurality of authentication processes that is different than the first additional authentication process and the authentication process;allow, based on matching the location data to at least one predefined location definitions associated with the mobile client device, the mobile client device to access requested network resources or services and avoid additional authentication processes for the mobile client device; andin response to successfully authenticating the mobile client device, provide the mobile client device with access to the network resources or services.
  • 2. The computer server of claim 1, wherein the instructions that are executable by the processing unit to cause the computer server to execute the authentication process comprise instructions that are executable to: determine a first time associated with the location data received from the mobile client device;determine a second time associated with the request from the mobile client device;compare a difference between the second time and the first time to a location recency threshold, wherein the location recency threshold is a duration of time; andin response to the computer server determining the difference between the second time and the first time is greater than the location recency threshold, request new location data from the mobile client device.
  • 3. The computer server of claim 1, wherein an operation of comparing the location data to one or more predefined secure location definitions includes determining that the mobile client device is not within the one or more locations that are private or trusted for the mobile client device, and wherein the instructions are further executable to: in response to determining that the mobile client device is at a first location that is not within the one or more locations that are private or trusted for the mobile client device, and in response to successfully authenticating the mobile client device: providing a recommendation to a user of the mobile client device for storing the first location as a private or trusted location for the mobile client device;receiving confirmation from the user of the mobile client device indicating that the first location is the private or trusted location for the mobile client device; andreceiving data that includes a set of boundaries of the first location for use in providing access in response to future access requests from the mobile client device.
  • 4. The computer server of claim 1, wherein the instructions that are executable by the processing unit to cause the computer server to execute the authentication process comprise instructions that are executable to: successfully authenticate the mobile client device using the second additional authentication process prior to providing access to requested network resources or services.
  • 5. The computer server of claim 1, wherein the instructions that are executable by the processing unit to cause the computer server to execute the authentication process comprise instructions that are executable to: access a financial services server to execute the authentication process for providing the mobile client device with access to the network resources or services.
  • 6. The computer server of claim 1, wherein the computer server is configured to receive the request from the mobile client device to access one or more network resources or services provided by receiving the request from a mobile application installed on the mobile client device.
  • 7. The computer server of claim 1, wherein the computer server is configured to provide recommendations or suggestions to a user of the mobile client device that certain locations be designated as predefined secure locations, and wherein the computer server is configured to receive one or more predefined secure location definitions from a user of the mobile client device.
  • 8. The computer server of claim 1, wherein the identifier of the wireless access point is definable as an updated secure wireless access point via user input that indicates that a location corresponding to the wireless access point within a second particular distance is secure.
  • 9. A method comprising: receiving location data from a mobile client device, the location data comprising a set of geographic coordinates of the mobile client device;comparing the location data to one or more predefined secure location definitions associated with the mobile client device by: comparing the set of geographic coordinates of the mobile client device to a set of boundaries of a predefined geofence associated with the mobile client device, wherein the one or more predefined secure location definitions comprise the set of boundaries that indicate one or more locations that are private or trusted for the mobile client device, wherein the set of boundaries of the predefined geofence are defined as an updated secure location via user input that indicates that the predefined geofence is secure within a first particular distance from the set of geographic coordinates of the mobile client device; andcomparing the location data to the one or more predefined secure location definitions by comparing an identifier of a wireless access point to a predefined list of secure wireless access points associated with the mobile client device;receiving one or more requests from the mobile client device to access one or more network resources or services provided by a computer server;in response to receiving the one or more requests from the mobile client device: selecting, using a result of comparing the location data and the one or more predefined secure location definitions associated with the mobile client device, an authentication process from among a plurality of authentication processes for providing the mobile client device with access to the network resources or services;executing the authentication process for providing the mobile client device with access to the network resources or services;executing, based on matching the location data to at least one predefined location definitions associated with the mobile client device for at least a first request of the one or more requests, a first additional authentication process from among the plurality of authentication processes, and successfully authenticate the mobile client device, prior to providing access to requested network resources or services, wherein the first additional authentication process is different than the authentication process;executing, based on not matching the location data to at least one predefined location definitions associated with the mobile client device for at least a second request of the one or more requests, a second additional authentication process from among the plurality of authentication processes that is different than the first additional authentication process and the authentication process;allowing, based on matching the location data to at least one predefined location definitions associated with the mobile client device, the mobile client device to access requested network resources or services and avoid additional authentication processes for the mobile client device; andproviding, in response to successfully authenticating the mobile client device, the mobile client device with access to the network resources or services.
  • 10. The method of claim 9, further comprising: determining a first time associated with the location data received from the mobile client device;determining a second time associated with the request from the mobile client device;comparing a difference between the second time and the first time to a location recency threshold, wherein the location recency threshold is a duration of time; andin response to the computer server determining the difference between the second time and the first time is greater than the location recency threshold, requesting new location data from the mobile client device.
  • 11. The method of claim 9, wherein comparing the location data to one or more predefined secure location definitions includes determining that the mobile client device is not within the one or more locations that are private or trusted for the mobile client device, and wherein the method further comprises: in response to determining that the mobile client device is at a first location that is not within the one or more locations that are private or trusted for the mobile client device, and in response to successfully authenticating the mobile client device: providing a recommendation to a user of the mobile client device for storing the first location as a private or trusted location for the mobile client device;receiving confirmation from the user of the mobile client device indicating that the first location is the private or trusted location for the mobile client device; andreceiving data that includes a set of boundaries of the first location for use in providing access in response to future access requests from the mobile client device.
  • 12. The method of claim 9, further comprising: successfully authenticating the mobile client device using the second additional authentication process, prior to providing access to requested network resources or services.
  • 13. The method of claim 9, wherein executing the authentication process for providing the mobile client device with access to the network resources or services includes accessing a financial services server to execute the authentication process.
  • 14. A non-transitory computer-readable medium comprising instructions that are executable by a processing device for causing the processing device to perform operations comprising: receive location data from a mobile client device, the location data comprising a set of geographic coordinates of the mobile client device;compare the location data to one or more predefined secure location definitions associated with the mobile client device by: comparing the set of geographic coordinates of the mobile client device to a set of boundaries of a predefined geofence associated with the mobile client device, wherein the one or more predefined secure location definitions comprise the set of boundaries that indicate one or more locations that are private or trusted for the mobile client device, wherein the set of boundaries of the predefined geofence are definable as an updated secure location via user input that indicates that the predefined geofence is secure within a first particular distance from the set of geographic coordinates of the mobile client device; andcomparing the location data to the one or more predefined secure location definitions by comparing an identifier of a wireless access point to a predefined list of secure wireless access points associated with the mobile client device;receive a request from the mobile client device to access one or more network resources or services provided by a computer server;in response to the request from the mobile client device: determine, using a result of comparing the location data and the one or more predefined secure location definitions associated with the mobile client device, an authentication process for providing the mobile client device with access to the network resources or services;execute the authentication process for providing the mobile client device with access to the network resources or services;execute, based on matching the location data to at least one predefined location definitions associated with the mobile client device, a first additional authentication process among a plurality of authentication processes, and successfully authenticate the mobile client device, prior to providing access to requested network resources or services, wherein the first additional authentication process is different than the authentication process;execute, based on not matching the location data to at least one predefined location definitions associated with the mobile client device, a second additional authentication process from among the plurality of authentication processes that is different than the first additional authentication process and the authentication process;allow, based on matching the location data to at least one predefined location definitions associated with the mobile client device, the mobile client device to access requested network resources or services and avoid additional authentication processes for the mobile client device; andin response to successfully authenticating the mobile client device, provide the mobile client device with access to the network resources or services.
  • 15. The non-transitory computer-readable medium of claim 14, wherein the instructions that are executable by the processing device to cause the processing device to execute the authentication process comprise instructions that are executable to: determine a first time associated with the location data received from the mobile client device;determine a second time associated with the request from the mobile client device;compare a difference between the second time and the first time to a location recency threshold, wherein the location recency threshold is a duration of time; andin response to the computer server determining the difference between the second time and the first time is greater than the location recency threshold, request new location data from the mobile client device.
  • 16. The non-transitory computer-readable medium of claim 14, wherein an operation of comparing the location data to one or more predefined secure location definitions includes determining that the mobile client device is not within the one or more locations that are private or trusted for the mobile client device, and wherein the instructions are further executable to: in response to determining that the mobile client device is at a first location that is not within the one or more locations that are private or trusted for the mobile client device, and in response to successfully authenticating the mobile client device: providing a recommendation to a user of the mobile client device for storing the first location as a private or trusted location for the mobile client device;receiving confirmation from the user of the mobile client device indicating that the first location is the private or trusted location for the mobile client device; andreceiving data that includes a set of boundaries of the first location for use in providing access in response to future access requests from the mobile client device.
  • 17. The non-transitory computer-readable medium of claim 14, wherein the instructions that are executable by the processing device to cause the computer server to execute the authentication process comprise instructions that are executable to: successfully authenticate the mobile client device using the second additional authentication process, prior to providing access to requested network resources or services.
CROSS-REFERENCE TO RELATED APPLICATION

This is a continuation of U.S. Ser. No. 16/998,030 (allowed), filed Aug. 20, 2020 and titled “Location-Based Mobile Device Authentication,” which claims priority to U.S. Provisional Ser. No. 62/889,731, filed Aug. 21, 2019 and titled “Location-Based Mobile Device Authentication,” each of which is hereby incorporated by reference in its entirety for all purposes.

US Referenced Citations (514)
Number Name Date Kind
6385312 Shaffer May 2002 B1
7841513 Katzer Nov 2010 B1
8195198 Shaw Jun 2012 B1
8438066 Yuen May 2013 B1
8442527 Machiraju May 2013 B1
8577731 Cope Nov 2013 B1
8584200 Frank Nov 2013 B2
8625796 Ben Ayed Jan 2014 B1
8646060 Ben Ayed Feb 2014 B1
8668568 Denker Mar 2014 B2
8775059 Heed Jul 2014 B2
8850050 Qureshi Sep 2014 B1
8893293 Schmoyer Nov 2014 B1
8905303 Ben Ayed Dec 2014 B1
8955069 Dotan Feb 2015 B1
9032498 Ben Ayed May 2015 B1
9038015 Allsbrook May 2015 B1
9075979 Queru Jul 2015 B1
9119068 Hubble Aug 2015 B1
9140552 Pereira Sep 2015 B2
9160726 Kaufman Oct 2015 B1
9218432 Miasnik Dec 2015 B2
9264419 Johansson Feb 2016 B1
9271110 Fultz Feb 2016 B1
9305149 Grigg Apr 2016 B2
9323912 Schultz Apr 2016 B2
9332434 Dotan May 2016 B1
9350717 Siddiqui May 2016 B1
9407754 Benoit Aug 2016 B1
9412278 Gong Aug 2016 B1
9438604 Addala Sep 2016 B1
9465582 Whelan Oct 2016 B1
9544306 Brannon Jan 2017 B2
9557807 Mick Jan 2017 B2
9578596 Rodoper Feb 2017 B1
9619852 Dutt Apr 2017 B2
9641489 Kaufman May 2017 B1
9642005 Fosmark May 2017 B2
9667584 Archibong May 2017 B2
9712978 Stewart Jul 2017 B2
9769604 Lyman Sep 2017 B2
9779418 Hardin Oct 2017 B2
9781106 Vitus Oct 2017 B1
9786145 Oppenheimer Oct 2017 B2
9854397 Melson Dec 2017 B1
9973514 Hu May 2018 B2
10033540 Lea Jul 2018 B2
10057227 Hess Aug 2018 B1
10169937 Zwink Jan 2019 B1
10206099 Trinh Feb 2019 B1
10225737 Mulders Mar 2019 B1
10277586 Yau Apr 2019 B1
10282574 Tyagi May 2019 B1
10332104 Prakash Jun 2019 B2
10354246 Janiga Jul 2019 B1
10387825 Canavor Aug 2019 B1
10397208 Eramian Aug 2019 B2
10405366 Liu Sep 2019 B1
10430786 Camacho Oct 2019 B1
10489827 Adinarayan Nov 2019 B2
10496988 Sivashanmugam Dec 2019 B2
10521241 Ha Dec 2019 B1
10567253 O'Toole Feb 2020 B1
10575138 Klinkner Feb 2020 B1
10637872 Solow Apr 2020 B2
10657806 Burcham May 2020 B1
10708722 Klinkner Jul 2020 B1
10735909 Klinkner Aug 2020 B1
10764752 Avetisov Sep 2020 B1
10771458 Xia Sep 2020 B1
10825038 Walz Nov 2020 B2
10841801 Balasingh Nov 2020 B1
10986082 Singleton, IV Apr 2021 B2
11005839 Shahidzadeh May 2021 B1
11087011 Xu Aug 2021 B2
11106806 Lyons Aug 2021 B1
11216830 Bobe Jan 2022 B1
11263617 Hurley Mar 2022 B2
11406196 Canfield Aug 2022 B2
11425639 Baltar Aug 2022 B2
11431838 Avula Aug 2022 B1
11455641 Shahidzadeh Sep 2022 B1
11562342 Goodrich Jan 2023 B1
11570737 Wallace Jan 2023 B1
11797706 Whitkin Oct 2023 B2
20020125886 Bates Sep 2002 A1
20020165910 Brown Nov 2002 A1
20030041125 Salomon Feb 2003 A1
20030046273 Deshpande Mar 2003 A1
20040081206 Allison Apr 2004 A1
20040193368 Sanqunetti Sep 2004 A1
20040203771 Chang Oct 2004 A1
20040224664 Guo Nov 2004 A1
20050101297 Delaney May 2005 A1
20050135624 Tsai Jun 2005 A1
20060069914 Rupp Mar 2006 A1
20060069916 Jenisch Mar 2006 A1
20060105744 Frank May 2006 A1
20060189382 Muir Aug 2006 A1
20060221900 Zhang Oct 2006 A1
20060282671 Burton Dec 2006 A1
20070011022 Wright Jan 2007 A1
20070014259 Fajardo Jan 2007 A1
20070021198 Muir Jan 2007 A1
20070030826 Zhang Feb 2007 A1
20070041344 Yaqub Feb 2007 A1
20070109119 Zhang May 2007 A1
20070136573 Steinberg Jun 2007 A1
20070140256 Yaqub Jun 2007 A1
20070248049 Fajardo Oct 2007 A1
20080031227 Wang Feb 2008 A1
20080072300 Garbow Mar 2008 A1
20080098464 Mizrah Apr 2008 A1
20080109446 Wang May 2008 A1
20080117451 Wang May 2008 A1
20080130647 Ohba Jun 2008 A1
20080151847 Abujbara Jun 2008 A1
20080163372 Wang Jul 2008 A1
20080276068 Ashraf Nov 2008 A1
20080299959 Geyer Dec 2008 A1
20080307515 Drokov Dec 2008 A1
20090006199 Wang Jan 2009 A1
20090187983 Zerfos Jul 2009 A1
20090221265 Liu Sep 2009 A1
20090249405 Karaoguz Oct 2009 A1
20090249406 Gordon Oct 2009 A1
20090249413 Karaoguz Oct 2009 A1
20090249422 Chen Oct 2009 A1
20090249424 Gordon Oct 2009 A1
20090254975 Turnbull Oct 2009 A1
20090322890 Bocking Dec 2009 A1
20100022254 Ashfield Jan 2010 A1
20100024017 Ashfield Jan 2010 A1
20100073229 Pattabiraman Mar 2010 A1
20100082486 Lee Apr 2010 A1
20100131304 Collopy May 2010 A1
20100136956 Drachev Jun 2010 A1
20100159879 Salkini Jun 2010 A1
20100182145 Ungari Jul 2010 A1
20100246468 Santhanam Sep 2010 A1
20110063138 Berkobin Mar 2011 A1
20110086611 Klein Apr 2011 A1
20110096354 Liu Apr 2011 A1
20110137804 Peterson Jun 2011 A1
20110201305 Buer Aug 2011 A1
20110202466 Carter Aug 2011 A1
20110212735 Buer Sep 2011 A1
20110222471 Abraham Sep 2011 A1
20110227788 Lundgren Sep 2011 A1
20110314515 Hernoud Dec 2011 A1
20120046110 Amaitis Feb 2012 A1
20120058826 Amaitis Mar 2012 A1
20120079567 Van De Groenendaal Mar 2012 A1
20120113971 Giaretta May 2012 A1
20120115505 Miyake May 2012 A1
20120130632 Bandyopadhyay May 2012 A1
20120131167 Shen May 2012 A1
20120131650 Gutt May 2012 A1
20120144461 Rathbun Jun 2012 A1
20120149330 Watson Jun 2012 A1
20120180110 Jarman Jul 2012 A1
20120182180 Wolf Jul 2012 A1
20120222089 Whelan Aug 2012 A1
20120223830 Tyler Sep 2012 A1
20120238247 Wen Sep 2012 A1
20120246074 Annamalai Sep 2012 A1
20120252411 Johnsgard Oct 2012 A1
20120268241 Hanna Oct 2012 A1
20120309416 Whelan Dec 2012 A1
20120314625 Bruce Dec 2012 A1
20120316963 Moshfeghi Dec 2012 A1
20120330769 Arceo Dec 2012 A1
20130012205 Noonan Jan 2013 A1
20130019317 Whelan Jan 2013 A1
20130031598 Whelan Jan 2013 A1
20130067552 Hawkes Mar 2013 A1
20130073388 Heath Mar 2013 A1
20130081119 Sampas Mar 2013 A1
20130091452 Sorden Apr 2013 A1
20130104198 Grim Apr 2013 A1
20130121321 Backes May 2013 A1
20130139196 Sokolov May 2013 A1
20130143586 Williams Jun 2013 A1
20130145420 Ting Jun 2013 A1
20130152155 Donfried Jun 2013 A1
20130159195 Kirillin Jun 2013 A1
20130173470 Nuzzi Jul 2013 A1
20130183935 Holostov Jul 2013 A1
20130197998 Buhrmann Aug 2013 A1
20130204690 Liebmann Aug 2013 A1
20130208703 Sugimoto Aug 2013 A1
20130225282 Williams Aug 2013 A1
20130227711 MacPherson Aug 2013 A1
20130232543 Cheng Sep 2013 A1
20130232565 O'Connor Sep 2013 A1
20130247159 Hall Sep 2013 A1
20130263211 Neuman Oct 2013 A1
20130268437 Desai Oct 2013 A1
20130269013 Parry Oct 2013 A1
20130275308 Paraskeva Oct 2013 A1
20130288647 Turgeman Oct 2013 A1
20130291056 Gaudet Oct 2013 A1
20130305325 Headley Nov 2013 A1
20130305357 Ayyagari Nov 2013 A1
20130311372 Ramaci Nov 2013 A1
20130331027 Rose Dec 2013 A1
20130339185 Johnson Dec 2013 A1
20130340052 Jakobsson Dec 2013 A1
20140006129 Heath Jan 2014 A1
20140020068 Desai Jan 2014 A1
20140031003 Shugart Jan 2014 A1
20140031011 West Jan 2014 A1
20140031057 Brassil Jan 2014 A1
20140033273 Rathbun Jan 2014 A1
20140057648 Lyman Feb 2014 A1
20140059347 Dougherty Feb 2014 A1
20140066101 Lyman Mar 2014 A1
20140067704 Abhyanker Mar 2014 A1
20140068723 Grim Mar 2014 A1
20140073355 Ward Mar 2014 A1
20140082713 Markel Mar 2014 A1
20140089185 Desai Mar 2014 A1
20140109200 Tootill Apr 2014 A1
20140115341 Robertson Apr 2014 A1
20140141812 Cho May 2014 A1
20140143004 Abhyanker May 2014 A1
20140155094 Zises Jun 2014 A1
20140157381 Disraeli Jun 2014 A1
20140162598 Villa-Real Jun 2014 A1
20140164154 Ramaci Jun 2014 A1
20140187200 Reitter Jul 2014 A1
20140189804 Lehmann Jul 2014 A1
20140195629 Abhyanker Jul 2014 A1
20140207672 Kelley Jul 2014 A1
20140208440 Kelley Jul 2014 A1
20140222577 Abhyanker Aug 2014 A1
20140229099 Garrett Aug 2014 A1
20140259129 Copsey Sep 2014 A1
20140274367 Nguyen Sep 2014 A1
20140279713 Calman Sep 2014 A1
20140283136 Dougherty Sep 2014 A1
20140289821 Wilson Sep 2014 A1
20140289833 Briceno Sep 2014 A1
20140331060 Hayton Nov 2014 A1
20140348062 Anwar Nov 2014 A1
20140366128 Venkateswaran Dec 2014 A1
20150004934 Qian Jan 2015 A1
20150024711 Stob Jan 2015 A1
20150039327 Pal Feb 2015 A1
20150065172 Do Mar 2015 A1
20150094860 Finnerty Apr 2015 A1
20150095223 Jimenez Alamo Apr 2015 A1
20150103165 Logvinov Apr 2015 A1
20150111524 South Apr 2015 A1
20150111600 Liu Apr 2015 A1
20150121464 Hughes, Jr. Apr 2015 A1
20150141005 Suryavanshi May 2015 A1
20150142621 Gray May 2015 A1
20150154597 Bacastow Jun 2015 A1
20150156601 Donnellan Jun 2015 A1
20150161586 Bailey Jun 2015 A1
20150163533 Donnellan Jun 2015 A1
20150181382 McDonald Jun 2015 A1
20150199684 Maus Jul 2015 A1
20150227727 Grigg Aug 2015 A1
20150227728 Grigg Aug 2015 A1
20150229623 Grigg Aug 2015 A1
20150229650 Grigg Aug 2015 A1
20150234767 Tatge Aug 2015 A1
20150237475 Henson Aug 2015 A1
20150242605 Du Aug 2015 A1
20150244699 Hessler Aug 2015 A1
20150257004 Shanmugam Sep 2015 A1
20150264572 Turgeman Sep 2015 A1
20150264573 Giordano Sep 2015 A1
20150281955 Zhang Oct 2015 A1
20150302398 Desai Oct 2015 A1
20150304920 Cootey Oct 2015 A1
20150319174 Hayton Nov 2015 A1
20150324943 Han Nov 2015 A1
20150334245 Lin Nov 2015 A1
20150350140 Garcia Dec 2015 A1
20150358790 Nasserbakht Dec 2015 A1
20150371303 Suri Dec 2015 A1
20150379284 Stuntebeck Dec 2015 A1
20150381598 Koved Dec 2015 A1
20150381602 Grim Dec 2015 A1
20150381621 Innes Dec 2015 A1
20150381633 Grim Dec 2015 A1
20150382195 Grim Dec 2015 A1
20160005126 Ghosh Jan 2016 A1
20160019547 Gurnani Jan 2016 A1
20160019574 Herkert Jan 2016 A1
20160021081 Caceres Jan 2016 A1
20160027013 Modi Jan 2016 A1
20160035159 Ganapathy Achari Feb 2016 A1
20160042485 Kopel Feb 2016 A1
20160048846 Douglas Feb 2016 A1
20160055690 Raina Feb 2016 A1
20160056964 Andiappan Feb 2016 A1
20160063235 Tussy Mar 2016 A1
20160063503 Kobres Mar 2016 A1
20160073261 Hughes, Jr. Mar 2016 A1
20160080486 Ram Mar 2016 A1
20160087952 Tartz Mar 2016 A1
20160092875 Howe Mar 2016 A1
20160110744 Nicholson Apr 2016 A1
20160112397 Mankovskii Apr 2016 A1
20160112871 White Apr 2016 A1
20160132851 Desai May 2016 A1
20160132879 Howe May 2016 A1
20160134596 Kovacs May 2016 A1
20160134624 Jacobson May 2016 A1
20160135046 John Archibald May 2016 A1
20160148092 Chauhan May 2016 A1
20160171499 Meredith Jun 2016 A1
20160183166 Chen Jun 2016 A1
20160188602 Glover Jun 2016 A1
20160189147 Vanczak Jun 2016 A1
20160189151 He Jun 2016 A1
20160197909 Innes Jul 2016 A1
20160205094 Harthattu Jul 2016 A1
20160212113 Banerjee Jul 2016 A1
20160212132 Banerjee Jul 2016 A1
20160223998 Songkakul Aug 2016 A1
20160231014 Ro Aug 2016 A1
20160232878 Chen Aug 2016 A1
20160255097 Smith Sep 2016 A1
20160261658 Taylor Sep 2016 A1
20160262681 Patterson Sep 2016 A1
20160306813 Meredith Oct 2016 A1
20160307447 Johnson Oct 2016 A1
20160308858 Nordstrom Oct 2016 A1
20160337346 Momchilov Nov 2016 A1
20160337403 Stoops Nov 2016 A1
20160345148 Johnson Nov 2016 A1
20160345176 DeWitt Nov 2016 A1
20160350818 Saeed Dec 2016 A1
20160358145 Montgomery Dec 2016 A1
20160364790 Lanpher Dec 2016 A1
20160366199 Shaw Dec 2016 A1
20160366589 Jean Dec 2016 A1
20160371683 Maus Dec 2016 A1
20160381552 Jakobsson Dec 2016 A1
20170003938 Gulkis Jan 2017 A1
20170006013 Mande Jan 2017 A1
20170006114 Mande Jan 2017 A1
20170017810 Bolotin Jan 2017 A1
20170032114 Turgeman Feb 2017 A1
20170041296 Ford Feb 2017 A1
20170076265 Royyuru Mar 2017 A1
20170078851 Agrawal Mar 2017 A1
20170078877 Chudy Mar 2017 A1
20170085563 Royyuru Mar 2017 A1
20170094509 Mistry Mar 2017 A1
20170098065 Vaughn Apr 2017 A1
20170126649 Votaw May 2017 A1
20170126672 Jang May 2017 A1
20170140663 Sadeh-Koniecpol May 2017 A1
20170141925 Camenisch May 2017 A1
20170148009 Perez Lafuente May 2017 A1
20170171717 Shulman Jun 2017 A1
20170180339 Cheng Jun 2017 A1
20170180361 Sampas Jun 2017 A1
20170187210 Cogill Jun 2017 A1
20170193501 Cole Jul 2017 A1
20170195307 Jones-McFadden Jul 2017 A1
20170199046 Lee Jul 2017 A1
20170208435 Jordan Jul 2017 A1
20170213050 Ramaci Jul 2017 A1
20170250979 Benson Aug 2017 A1
20170279733 Marshall Sep 2017 A1
20170289813 Pashkov Oct 2017 A1
20170316677 Messier Nov 2017 A1
20170317824 Brown Nov 2017 A1
20170330460 Massey Nov 2017 A1
20170347388 Cai Nov 2017 A1
20170364871 Kurian Dec 2017 A1
20180007059 Innes Jan 2018 A1
20180007060 Leblang Jan 2018 A1
20180007553 Dutt Jan 2018 A1
20180012222 Berger Jan 2018 A1
20180019986 Manohar Jan 2018 A1
20180027411 Taneja Jan 2018 A1
20180041518 Jacobs Feb 2018 A1
20180063125 Bryant Mar 2018 A1
20180068567 Gong Mar 2018 A1
20180083981 Arunkumar Mar 2018 A1
20180089916 Drako Mar 2018 A1
20180103025 Lyman Apr 2018 A1
20180103341 Moiyallah, Jr. Apr 2018 A1
20180115897 Einberg Apr 2018 A1
20180121150 Lin May 2018 A1
20180139206 Ezell May 2018 A1
20180158061 Edelstein Jun 2018 A1
20180173933 Gousev Jun 2018 A1
20180173948 Gousev Jun 2018 A1
20180173986 Gousev Jun 2018 A1
20180176880 Kummetz Jun 2018 A1
20180199200 Wang Jul 2018 A1
20180206083 Kumar Jul 2018 A1
20180225671 Brown Aug 2018 A1
20180232718 Brown Aug 2018 A1
20180232740 Brown Aug 2018 A1
20180248892 Hefetz Aug 2018 A1
20180262907 Alanis Sep 2018 A1
20180268476 Brown Sep 2018 A1
20180270611 Jones Sep 2018 A1
20180295514 Brown Oct 2018 A1
20180330597 Burke Nov 2018 A1
20180330599 Burke Nov 2018 A1
20180336327 Wallace Nov 2018 A1
20180350144 Rathod Dec 2018 A1
20180351956 Verma Dec 2018 A1
20180352386 Gunasekara Dec 2018 A1
20180357406 Bolotin Dec 2018 A1
20180357407 Yous Dec 2018 A1
20180357848 Mclellan Dec 2018 A1
20180359369 Golshenas Dec 2018 A1
20180372878 Syrjarinne Dec 2018 A1
20190007203 Bolotin Jan 2019 A1
20190026991 Torres Jan 2019 A1
20190035190 Szczygiel Jan 2019 A1
20190041822 Burke Feb 2019 A1
20190043281 Aman Feb 2019 A1
20190058700 Kurian Feb 2019 A1
20190058706 Feijoo Feb 2019 A1
20190065724 Dudley Feb 2019 A1
20190068373 Konduru Feb 2019 A1
20190082293 Rifkin Mar 2019 A1
20190096266 Liu Mar 2019 A1
20190109840 Thompson Apr 2019 A1
20190110198 LeCun Apr 2019 A1
20190114404 Nowak Apr 2019 A1
20190132306 Avni May 2019 A1
20190139024 Bakshi May 2019 A1
20190141031 Devdas May 2019 A1
20190149539 Scruby May 2019 A1
20190171178 Burke Jun 2019 A1
20190188961 Higgins Jun 2019 A1
20190205716 Moshkovitz Jul 2019 A1
20190213311 Tussy Jul 2019 A1
20190213312 Tussy Jul 2019 A1
20190222570 Krishan Jul 2019 A1
20190238532 Alexander Aug 2019 A1
20190251544 D'Agostino Aug 2019 A1
20190253836 Sinha Aug 2019 A1
20190272025 Turgeman Sep 2019 A1
20190274086 Cui Sep 2019 A1
20190281053 Brown Sep 2019 A1
20190281573 Tyagi Sep 2019 A1
20190302221 Sheng Oct 2019 A1
20190306781 Do Oct 2019 A1
20190311102 Tussy Oct 2019 A1
20190311472 Harrup Oct 2019 A1
20190319987 Levy Oct 2019 A1
20190327217 Leon Oct 2019 A1
20190327227 Tobkes Oct 2019 A1
20190340876 Northrup Nov 2019 A1
20190342329 Turgeman Nov 2019 A1
20190361430 Nelson Nov 2019 A1
20190364043 Nelson Nov 2019 A1
20190372989 Shultz Dec 2019 A1
20200004939 Streit Jan 2020 A1
20200026840 Pathak Jan 2020 A1
20200034521 Teng Jan 2020 A1
20200042685 Tussy Feb 2020 A1
20200053075 Eramian Feb 2020 A1
20200065459 Himabindu Feb 2020 A1
20200067907 Avetisov Feb 2020 A1
20200148348 Bradley May 2020 A1
20200169834 Dromerhauser May 2020 A1
20200178075 Daniel Jun 2020 A1
20200193368 Bhatia Jun 2020 A1
20200204999 Daniel Jun 2020 A1
20200205000 Daniel Jun 2020 A1
20200211358 Burke Jul 2020 A1
20200242222 Machani Jul 2020 A1
20200244464 McLean Jul 2020 A1
20200275271 Saripalle Aug 2020 A1
20200288308 Jimenez Sep 2020 A1
20200296590 Soryal Sep 2020 A1
20200329334 Kurian Oct 2020 A1
20200347643 Burke Nov 2020 A1
20200360826 Schmidt Nov 2020 A1
20200402052 Sloane Dec 2020 A1
20200403992 Huffman Dec 2020 A1
20200410832 Szczygiel Dec 2020 A1
20210029546 Maufort Jan 2021 A1
20210037010 Koshy Feb 2021 A1
20210044976 Avetisov Feb 2021 A1
20210058383 Colon Feb 2021 A1
20210182440 Singh Jun 2021 A1
20210243782 Miao Aug 2021 A1
20210274412 Dowlatkhah Sep 2021 A1
20210302167 Crolley Sep 2021 A1
20210342784 Soldo Nov 2021 A1
20210357907 Shpak Nov 2021 A1
20220012740 Bacastow Jan 2022 A1
20220024494 Bonanni Jan 2022 A1
20220131871 Huang Apr 2022 A1
20220139167 Weaver May 2022 A1
20220141620 Sullivan May 2022 A1
20220158997 Guinard May 2022 A1
20220188443 Shaw Jun 2022 A1
20220255931 Avetisov Aug 2022 A1
20220292543 Henderson Sep 2022 A1
20220296999 Amaitis Sep 2022 A1
20230051473 Wallace Feb 2023 A1
20230123475 Johnson Apr 2023 A1
20230232217 Rosencrantz Jul 2023 A1
20230285852 Amaitis Sep 2023 A1
20230308460 Thomas Sep 2023 A1
20230353977 Griesmer Nov 2023 A1
Non-Patent Literature Citations (8)
Entry
Avdyushkin et al “Secure Location Validation with Wi-Fi Geo-Fencing and NFC,” 2015 IEEE Trustcom/BigDataSE/ISPA, IEEE Computer Society, pp. 890-896 (Year: 2015).
Zhang et al “Location-based Authentication and Authorization Using Smart Phones,” 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE Computer Society, pp. 1285-1292 (Year: 2012).
El-Sobhy et al “Proximity-basd Services in Mobile Cloud Scenarios Using Extended Communications Models,” 2015 IEEE 4th International Conference on Cloud Networking (CloudNet), pp. 125-131 (Year: 2015).
Park et al “TGVisor: A Tiny Hypervisor-Based Trusted Geolocation Framework for Mobile Cloud Clients,” 2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, IEEE Computer Society, pp. 99-108 (Year: 2015).
Shivhare et al “A Study on Geo-Location Authentication Techniques,” 2014 Sixth International Conference on Computational Intelligence and Communication Networks, IEEE Computer Society, pp. 744-748 (Year: 2014).
Zhang et al “Location-Based Authentication and Authorization Using Smart Phones,” 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communication, IEEE Computer Society, pp. 1285-1292 (Year: 2012).
Ghogare et al “Location Based Authentication: A New Approach towards Providing Security,” International Journal of Scientific and Research Publications, vol. 2, Issue 4, Apr. 2012, pp. 1-5 (Year: 2012).
Fridman et al Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing and GPS Location, pp. 1-10 (Year: 2015).
Related Publications (1)
Number Date Country
20230034319 A1 Feb 2023 US
Provisional Applications (1)
Number Date Country
62889731 Aug 2019 US
Continuations (1)
Number Date Country
Parent 16998030 Aug 2020 US
Child 17966274 US