Systems and methods for geolocation-based authentication and authorization
US-9622077-B2 · Apr 11, 2017 · US
Systems and methods for geolocation-based authentication and authorization
US9961088B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9961088-B2 |
| Application number | US-201715483616-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 10, 2017 |
| Priority date | Oct 29, 2013 |
| Publication date | May 1, 2018 |
| Grant date | May 1, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods are provided for controlling the authentication or authorization of a mobile device user for enabling access to the resources or functionality associated with an application or service executable at the user's mobile device. The user or user's mobile device may be automatically authenticated or authorized to access application or system resources at the device when the current geographic location of the user's mobile device is determined to be within a preauthorized zone, e.g., based on a predetermined geo-fence corresponding to the preauthorized zone. A security level or amount of authorization credentials required to authorize a user for data access may be varied according any of a plurality of security levels, when the current or last known geographic location of the user's mobile device is determined to be outside the preauthorized zone.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: determining, by a device and based on receiving a first request for a first data access session from a mobile device, a first geographic location of the mobile device, the first geographic location of the mobile device being determined by one or more of: cell identification, cellular tower triangulation, Wi-Fi, or GPS; authorizing, by the device and based on the first geographic location being within an authorization zone, the first data access session for the mobile device based on the first request; determining, by the device and based on receiving a second request for a second data access session from the mobile device, a second geographic location of the mobile device, the second geographic location of the mobile device being determined by one or more of: cell identification, cellular tower triangulation, Wi-Fi, or GPS; determining, by the device, a first security level for authorization based on the second geographic location not being within the authorization zone, the first security level for authorization corresponding to a predetermined restriction zone; denying, by the device, the second request for the second data access session based on determining that the first security level corresponds to the predetermined restriction zone, the predetermined restriction zone comprising a geo-fenced area in which access by the mobile device to application resources or functionality is restricted; determining, by the device and based on receiving a third request for a third data access session from the mobile device, a third geographic location of the mobile device, the third geographic location of the mobile device being determined by one or more of: cell identification, cellular tower triangulation, Wi-Fi, or GPS; determining, by the device, a second security level for authorization based on the third geographic location not being within the authorization zone, the second security level for authorization corresponding to a multi-phase authorization zone; requesting authorization information from the mobile device based on determining that the second security level corresponds to the multi-phase authorization zone. 2. The method of claim 1 , where requesting the authorization information from the mobile device comprises: requesting the authorization information from at least one of a web browser or a client application of the mobile device. 3. The method of claim 1 , where the authorization zone comprises a geo-fenced area dynamically generated around a geographic location of the mobile device at a particular time. 4. The method of claim 1 , where the first request comprises a login credential; where, prior to authorizing the first data access session, the method comprises: validating the login credential based on the first geographic location being within the authorization zone; and where authorizing the first data access session for the mobile device comprises: authorizing the first data access session for the mobile device based on validating the login credential. 5. A non-transitory computer-readable medium storing instructions, the instructions comprising: one or more instructions that, when executed by one or more processors of a device, cause the one or more processors to: determine, based on receiving a first request for a first data access session from a mobile device, a first geographic location of the mobile device, the first geographic location of the mobile device being determined by one or more of: cell identification, cellular tower triangulation, Wi-Fi, or GPS; authorize, based on the first geographic location being within an authorization zone, the first data access session for the mobile device based on the first request; determine, based on receiving a second request for a second data access session from the mobile device, a second geographic location of the mobile device, the second geographic location of the mobile device being determined by one or more of: cell identification, cellular tower triangulation, Wi-Fi, or GPS; determine a first security level for authorization based on the second geographic location not being within the authorization zone, the first security level for authorization corresponding to a predetermined restriction zone; deny the second request for the second data access session based on determining that the first security level corresponds to a restriction zone, the restriction zone comprising a geo-fenced area in which access by the mobile device to application resources or functionality is restricted; determine, based on receiving a third request for a third data access session from the mobile device, a third geographic location of the mobile device, the third geographic location of the mobile device being determined by one or more of: cell identification, cellular tower triangulation, Wi-Fi, or GPS; determine a second security level for authorization based on the third geographic location not being within the authorization zone, the second security level for authorization corresponding to a multi-phase authorization zone; and request authorization information from the mobile device based on determining that the second security level corresponds to the multi-phase authorization zone. 6. The non-transitory computer-readable medium of claim 5 , where the one or more instructions, that cause the one or more processors to request the authorization information from the mobile device, are to: request the authorization information from at least one of a web browser or a client application of the mobile device. 7. The non-transitory computer-readable medium of claim 5 , where the authorization zone comprises a geo-fenced area dynamically generated around a geographic location of the mobile device at a particular time. 8. The non-transitory computer-readable medium of claim 5 , where the first request comprises a login credential; where the one or more instructions, prior to causing the one or more processors to authorize the first data access session, are to: validate the login credential based on the first geographic location being within the authorization zone; and where the one or more instructions, that cause the one or more processors to authorize the first data access session for the mobile device, are to: authorize the first data access session for the mobile device based on validating the login credential. 9. A device, comprising: one or more memories; and one or more processors, communicatively coupled to the one or more memories, to: request, based on receiving a first request for a first data access session from a mobile device, a first geographic location of the mobile device, the first geographic location of the mobile device being determined by one or more of: cell identification, cellular tower triangulation, Wi-Fi, or GPS; authorize, based on the first geographic location being within an authorization zone, the first data access session for the mobile device based on the first request; request, based on receiving a second request for a second data access session from the mobile device, a second geographic location of the mobile device, the second geographic location of the mobile device being determined by one or more of: cell identification, cellular tower triangulation, Wi-Fi, or GPS; determine a first security level for authorization based on the second geographic location not being within the authorization zone, the first security level for authorization corresponding to a predetermined restriction zone; determine the second request for the second data access session based on deter
Assignees
Inventors
Classifications
Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences · CPC title
Location-sensitive, e.g. geographical location, GPS · CPC title
Multi-level security, e.g. mandatory access control · CPC title
Time stamp · CPC title
Multiple levels of security · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9961088B2 cover?
- Systems and methods are provided for controlling the authentication or authorization of a mobile device user for enabling access to the resources or functionality associated with an application or service executable at the user's mobile device. The user or user's mobile device may be automatically authenticated or authorized to access application or system resources at the device when the curre…
- Who is the assignee on this patent?
- Mapquest Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/107. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 01 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).