Communication method and communication system
US-2024422539-A1 · Dec 19, 2024 · US
Anchored device fingerprinting for risk-based authentication
US2025392911A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2025392911-A1 |
| Application number | US-202519314118-A |
| Country | US |
| Kind code | A1 |
| Filing date | Aug 29, 2025 |
| Priority date | Mar 17, 2023 |
| Publication date | Dec 25, 2025 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
This disclosure describes techniques for using an anchored endpoint to enhance MFA authentication of a client device. A method performed at least in part by a security service includes determining a fingerprint of a client device connected to a secure resource. The method also includes determining that the client device is within a threshold proximity of an anchor device. The method also includes detecting a change to the fingerprint of the client device. Based at least in part on the client device staying within the threshold proximity of the anchor device, the method also includes continuing to allow the client device to access the secure resource. Based at least in part on detecting that the client device is no longer within the threshold proximity of the anchor device, the method also includes triggering a reauthentication of the client device.
First claim
Opening claim text (preview).
1 . A method performed at least in part by a security service, the method comprising: determining a fingerprint of a client device connected to a secure resource; determining that the client device is within a threshold proximity of an anchor device; detecting a change to the fingerprint of the client device; based at least in part on the client device staying within the threshold proximity of the anchor device, continuing to allow the client device to access the secure resource; and based at least in part on detecting that the client device is no longer within the threshold proximity of the anchor device, triggering a reauthentication of the client device. 2 . The method of claim 1 , wherein determining whether the client device is within the threshold proximity of the anchor device further comprises receiving, from the client device, information including an indication that the client device and the anchor device are paired. 3 . The method of claim 1 , further comprising determining whether the client device is at a trusted location based at least in part on historical network associations including a network name and a service set identifier. 4 . The method of claim 1 , wherein the anchor device is a first anchor device and further comprising: determining the client device is within the threshold proximity of a second anchor device; detecting the change to the fingerprint of the client device; determining whether the client device is within the threshold proximity of at least one of the first anchor device or the second anchor device; in response to the client device being within the threshold proximity of at least one of the first anchor device of the second anchor device, continuing to allow access to the secure resource; and in response to the client device not being within the threshold proximity of at least one of the first anchor device or the second anchor device, triggering a reauthentication of the client device. 5 . The method of claim 1 , wherein the anchor device is a stationary device associated with a video conferencing platform. 6 . The method of claim 5 , further comprising periodically receiving, from the video conferencing platform, a network map generated for the anchor device. 7 . The method of claim 1 , further comprising storing the fingerprint of the client device in a fingerprint repository associated with the security service. 8 . A system, comprising: at least one processor; and one or more non-transitory media storing instructions that, when executed by the system, cause the system to perform operations comprising: determining a fingerprint of a client device connected to a secure resource; determining that the client device is within a threshold proximity of an anchor device; detecting a change to the fingerprint of the client device; based at least in part on the client device staying within the threshold proximity of the anchor device, continuing to allow the client device to access the secure resource; and based at least in part on detecting that the client device is no longer within the threshold proximity of the anchor device, triggering a reauthentication of the client device. 9 . The system of claim 8 , wherein determining whether the client device is within the threshold proximity of the anchor device further comprises receiving, from the client device, information including an indication that the client device and the anchor device are paired. 10 . The system of claim 8 , the operations further comprising determining whether the client device is at a trusted location based at least in part on historical network associations including a network name and a service set identifier. 11 . The system of claim 8 , wherein the anchor device is a first anchor device and the operations further comprising: determining the client device is within the threshold proximity of a second anchor device; detecting the change to the fingerprint of the client device; determining whether the client device is within the threshold proximity of at least one of the first anchor device or the second anchor device; in response to the client device being within the threshold proximity of at least one of the first anchor device of the second anchor device, continuing to allow access to the secure resource; and in response to the client device not being within the threshold proximity of at least one of the first anchor device or the second anchor device, triggering a reauthentication of the client device. 12 . The system of claim 8 , wherein the anchor device is a stationary device associated with a video conferencing platform. 13 . The system of claim 12 , the operations further comprising periodically receiving, from the video conferencing platform, a network map generated for the anchor device. 14 . The system of claim 8 , the operations further comprising storing the fingerprint of the client device in a fingerprint repository associated with a security service. 15 . One or more non-transitory computer-readable media storing instructions that, when executed, cause one or more processors to perform operations comprising: determining a fingerprint of a client device connected to a secure resource; determining that the client device is within a threshold proximity of an anchor device; detecting a change to the fingerprint of the client device; based at least in part on the client device staying within the threshold proximity of the anchor device, continuing to allow the client device to access the secure resource; and based at least in part on detecting that the client device is no longer within the threshold proximity of the anchor device, triggering a reauthentication of the client device. 16 . The one or more non-transitory computer-readable media of claim 15 , wherein determining whether the client device is within the threshold proximity of the anchor device further comprises receiving, from the client device, information including an indication that the client device and the anchor device are paired. 17 . The one or more non-transitory computer-readable media of claim 15 , the operations further comprising determining whether the client device is at a trusted location based at least in part on historical network associations including a network name and a service set identifier. 18 . The one or more non-transitory computer-readable media of claim 15 , wherein the anchor device is a first anchor device and the operations further comprising: determining the client device is within the threshold proximity of a second anchor device; detecting the change to the fingerprint of the client device; determining whether the client device is within the threshold proximity of at least one of the first anchor device or the second anchor device; in response to the client device being within the threshold proximity of at least one of the first anchor device of the second anchor device, continuing to allow access to the secure resource; and in response to the client device not being within the threshold proximity of at least one of the first anchor device or the second anchor device, triggering a reauthentication of the client device. 19 . The one or more non-transitory computer-readable media of claim 15 , wherein the anchor device is a stationary device associated with a video conferencing platform. 20 . The one or more non-transitory computer-readable media of claim 19 , the operations further comprising periodically receiving, from the video conferenc
Assignees
Inventors
Classifications
WLAN [Wireless Local Area Networks] · CPC title
Radio fingerprint · CPC title
applying multi-factor authentication · CPC title
wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals · CPC title
Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2025392911A1 cover?
- This disclosure describes techniques for using an anchored endpoint to enhance MFA authentication of a client device. A method performed at least in part by a security service includes determining a fingerprint of a client device connected to a secure resource. The method also includes determining that the client device is within a threshold proximity of an anchor device. The method also includ…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04W12/06. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Dec 25 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).