Location determination for user authentication
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-021/00
H04L-029/06
G06F-021/31
H04W-004/02
H04L-029/08
H04W-012/06
출원번호
US-0814653
(2017-11-16)
등록번호
US-10158627
(2018-12-18)
발명자
/ 주소
Thompson, Micheal
출원인 / 주소
A10 Networks, Inc.
대리인 / 주소
Kline, Keith
인용정보
피인용 횟수 :
0인용 특허 :
54
초록▼
User authentication techniques based on geographical locations associated with a client device are provided. An example method for authentication of the client device includes receiving an authentication request from the client device. The method may include establishing current geographical locatio
User authentication techniques based on geographical locations associated with a client device are provided. An example method for authentication of the client device includes receiving an authentication request from the client device. The method may include establishing current geographical location of the client device based on metadata received from the client device. The method may further include establishing a trusted tolerance geographical area based on historical location area associated with the client device. After establishing the trusted tolerance geographical area, the method may proceed with determining whether the current geographical location of the client device is within the trusted tolerance geographical area. The method may further include authenticating the client device based on the determination that the current geographical location of the client device is within the trusted tolerance geographical area.
대표청구항▼
1. A method for authentication of a client device, the method comprising: receiving, by at least one processor of a host machine, an authentication request from the client device to access a resource provided by the host machine, the host machine being located remotely with respect to the client dev
1. A method for authentication of a client device, the method comprising: receiving, by at least one processor of a host machine, an authentication request from the client device to access a resource provided by the host machine, the host machine being located remotely with respect to the client device;determining, by the at least one processor of the host machine, a first distance between the host machine and the client device;based on the authentication request, instructing, by the at least one processor of the host machine, a further host machine of two or more host machines to determine a second distance between the further host machine and the client device, the further host machine providing data associated with the second distance to the host machine;establishing, by the at least one processor of the host machine, a current geographical location of the client device by a triangulation of the client device, the host machine, and the further host machine based on the first distance, the second distance, and a known distance between the host machine and the further host machine;establishing, by the at least one processor, a trusted tolerance geographical area based on at least a historical location area associated with the client device, the trusted tolerance geographical area being circumscribed by a plurality of points, the plurality of points being at varying respective distances from each of the first host machine and the second host machine;determining, by the at least one processor, whether the current geographical location of the client device is within the trusted tolerance geographical area; andauthenticating the client device, by the at least one processor, based on the determination that the current geographical location of the client device is within the trusted tolerance geographical area. 2. The method of claim 1, wherein a location of the host machine and a location of the further host machine are known. 3. The method of claim 2, wherein the triangulation includes: calculating trip times (RTTs) of test messages exchanged between the client device and the host machine and between the client device and the further host machine;determining the location of the client device by forming triangles between the client device, the host machine, and the further host machine. 4. The method of claim 1, wherein the trusted tolerance geographical area is based on historical locations of the client device. 5. The method of claim 4, wherein the authenticating the client device is further based on time stamps associated with the current geographical location and the historical locations of the client device. 6. The method of claim 5, wherein the time stamps are used to establish a likelihood of moving the client device between a historical location and the current geographical location within a period of time. 7. The method of claim 1, further comprising updating the trusted tolerance geographical area in response to the authentication of the client device. 8. The method of claim 1, wherein the trusted tolerance geographical area is defined based on the historical locations. 9. The method of claim 1, further comprising receiving metadata from the client device, wherein the metadata include an Internet Protocol version 4 (IPv4) address or an Internet Protocol version 6 (IPv6) address associated with the client device. 10. The method of claim 1, further comprising receiving user credentials, the user credentials including a user login and a password. 11. A system for authentication of a client device, the system comprising: a processor of a host machine, wherein the processor is a hardware processor configured to: receive an authentication request from the client device to access a resource provided by the host machine, the host machine being located remotely with respect to the client device;determine a first distance between the host machine and the client device;based on the authentication request, instruct a further host machine of two or more host machines to determine a second distance between the further host machine and the client device, the further host machine providing data associated with the second distance to the host machine;establish a current geographical location of the client device by a triangulation of the client device, the host machine, and the further host machine based on the first distance, the second distance, and a known distance between the host machine and the further host machine;establish a trusted tolerance geographical area based on at least a historical location area associated with the client device, the trusted tolerance geographical area being circumscribed by a plurality of points, the plurality of points being at varying respective distances from each of the first host machine and the second host machine;determine whether the current geographical location of the client device is within the trusted tolerance geographical area; andauthenticate the client device based on the determination that the current geographical location of the client device is within the trusted tolerance geographical area; anda database configured to store at least data associated with the client device. 12. The system of claim 11, wherein a location of the host machine and a location of the further host machine are known. 13. The system of claim 12, wherein the triangulation includes: calculating trip times (RTTs) of test messages exchanged between the client device and the host machine and between the client device and the further host machine;determining the location of the client device by forming triangles between the client device, the host machine and the further host machine. 14. The system of claim 11, wherein the trusted tolerance geographical area is based on historical locations of the client device. 15. The system of claim 14, wherein the authenticating the client device is further based on time stamps associated with the current geographical location and the historical locations of the client device. 16. The system of claim 15, wherein the time stamps are used to establish a likelihood of moving the client device between a historical location and the current geographical location within a period of time. 17. The system of claim 11, wherein the processor is further configured to update the trusted tolerance geographical area in response to the authentication of the client device. 18. The system of claim 11, wherein the trusted tolerance geographical area is defined based on the historical locations. 19. The system of claim 11, wherein the processor is further configured to receive metadata from the client device and wherein the metadata include an Internet Protocol version 4 (IPv4) address or Internet Protocol version 6 (IPv6) address associated with the client device. 20. A system for authentication of a client device, the system comprising: a processor of a host machine of two or more host machines, wherein the processor is a hardware processor configured to: receive an authentication request from the client device to access a resource provided by the host machine, the host machine being located remotely with respect to the client device;determine a first distance between the host machine and the client device;based on the authentication request, instruct a further host machine of two or more host machines to determine a second distance between the further host machine and the client device, the further host machine providing data associated with the second distance to the host machine;establish a current geographical location of the client device by a triangulation of the client device, the host machine, and the further host machine based on the first distance, the second distance, and a known distance between the host machine and the further host machine, wherein the triangulation includes: calculating trip times (RTTs) of test messages exchanged between the client device and the host machine and the further host machine; anddetermining the location of the client device by forming triangles between the client device, the host machine, and the further host machine;establish a trusted tolerance geographical area based on at least a historical location area associated with the client device, the trusted tolerance geographical area being circumscribed by a plurality of points, the plurality of points being at varying respective distances from each of the first host machine and the second host machine;determine whether the current geographical location of the client device is within the trusted tolerance geographical area;authenticate the client device based on the determination that the current geographical location of the client device is within the trusted tolerance geographical area; andupdate the trusted tolerance geographical area in response to the authentication of the client device; anda database configured to store at least data associated with the client device.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (54)
Chen, Lee; Chiong, John; Kwan, Phillip, Access record gateway.
Miura, Naoto; Kiyomizu, Harumi; Nagasaka, Akio; Miyatake, Takafumi; Matsuda, Yusuke, Authentication system using biometric information and authentication device.
Bohannon, Philip L.; Jakobsson, Bjorn Markus; Monrose, Fabian; Reiter, Michael Kendrick; Wetzel, Susanne Gudrun, Generation of repeatable cryptographic key based on varying parameters.
MacDoran Peter F. ; Mathews Michael B. ; Ziel Fred A. ; Gold Kenn L. ; Anderson Steven M. ; Coffey Mark A. ; Denning Dorothy E., Method and apparatus for authenticating the location of remote users of networked computing systems.
Peden, II, Jeffrey J.; Gray, Matthew K.; Parker, Coleman P., Method and apparatus for controlling wireless network access privileges based on wireless client location.
Papierniak, Karen A.; Thaisz, James E.; Chiang, Luo-Jen; Diwekar, Anjali M., Method and apparatus for forming user sessions and presenting internet data according to the user sessions.
Tomko George J.,CAX ; Stoianov Alexei,CAX, Method and apparatus for securely handling a personal identification number or cryptographic key using biometric techniq.
Qin, Xiangping; Shao, Huai-Rong; Singh, Harkirat; Ngo, Chiu, System and method for wireless communication network having proximity control based on authorization token.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.