Internet – Jonathan Greenfield, CSC Holdings LLC
Abstract for “Enhanced subscriber authentication via location tracking”
“Tracking and analysis may be used to verify that a user or device is authorized to access telecommunications services. Based on user information and data previously collected, a service provider can determine whether a user’s access pattern establishes a requirement pattern of access. For example, access on a minimum basis from the home or authorized subscriber.
Background for “Enhanced subscriber authentication via location tracking”
“Field of Invention”
“The invention generally refers to telecommunications, and more specifically to telecommunications authentication.”
“Related Art”
Telecommunications services are often delivered to a household rather than on an individual basis. Telephone, television, internet access, and other services are traditionally delivered to subscriber households. All members enjoy these services. These services are usually delivered on an uncapped basis. This means that each household subscriber can use all or part of these services at flat-rate pricing.
“As traditional home-based services are extended beyond the household, it is becoming more difficult to deliver them. There are difficulties in ensuring that services are only available to the members of the household. As internet service providers allowed multiple email addresses per subscriber account to support multiple household members, and cell phone providers introduced family plans that support families with multiple cell phones users, they had to ensure that these users were members of the household associated to a particular “account.”
“Users have always been authenticated using credentials such as username and password or possession of an authorized device like a cell phone with a particular EIN. There has never been a way to verify that the user is actually part of a household. It is important to provide additional authentication, as usernames and passwords can be shared with other subscribers or compromised.
“Some service providers have placed a limit on how many sub-accounts can be linked to a subscriber household. Internet service providers restrict the number and type of email addresses that can be created. Cell phone providers limit the amount of phones that can be added to a family sharing account. This may make it impossible for a family of six to get a phone for every family member under a cellular family plan that limits them to five phones. This approach could also be too permissive. For example, a three-person family might secretly add ‘family share’ to their account. phone to the account for friends that are not household members.”
“Some service providers try to prevent multiple simultaneous logins in order to prevent sharing of services. This approach does not prevent multiple users from sharing their credentials. As mobile and mobile video and data services increase in popularity, the problem will only get worse.
“Existing methods lack a mechanism that validates actual membership within a subscribing households. Instead, they impose arbitrary limits meant to limit the impact on inappropriate service sharing while still adequately serving the majority. It is necessary to have a method that validates that the user is actually part of the household with which their service is associated.
“This section summarizes some aspects of the invention and briefly introduces some of the preferred embodiments. To avoid confusing the purpose of the section, simplifications and omissions can be made. These simplifications and omissions do not limit the scope or usefulness of the invention.
Modern telecommunications systems can identify at least a rough geographical location for a user (such as a town) and are often capable of identifying a specific geographic location (such as an address). Requests for services can be identified as coming from a particular address if they originate from a home that is accessed by a wireline. A request for services can be identified from a portable device that is accessed through a wireless basestation directly operated by a telecommunications provider. This portable device can often be located more precisely using established techniques like triangulation and assisted GPS. Services requested via intermediary networks that are not operated directly by the telecommunications provider (e.g. access via the internet via an office or hotel) can usually be located at least roughly. This is possible using well-known methods such as mapping IP addresses to approximate geographical locations such as towns.
“Identification is more than just the initial request for services. Systems can typically recognize an ongoing session of service usage after the initial request or just ongoing connectivity of a user access devices between periods of active use. Mobile services are an example of this. A portable device can change its location after a request to start a session. However, most systems can continue to track the device’s location as it moves.
“Members can expect to display certain location-related behavior, such as frequent and extended presence at a service address associated with an accounts or regular and extended periods in the same place as other household members. The location history of a human or user device can be used, in accordance with the principles of this invention, to verify or challenge whether the user is a member of an account household. The invention provides methods and systems that can be used to determine whether a user of a service belongs to an account household. This is done in part using the user’s geographical location history. A preferred embodiment also incorporates a location-based validation step into user device authentication.
“In one embodiment, a request for access to a service is received by a user. This request could be to access the service provider’s services or to receive services from them. In some cases, the request may initiate a session with a service provider. Other embodiments do not initiate a session. Requests may include a password or identifiers such as user device identifiers, user identifiers and/or user account identifiers. Alternately, the identifiers can be found by asking the user device for access to the service. Any of these identifiers can be used to track user data, including information about the user’s access time and/or the location from which they accessed it. To determine whether the user identifier and/or user device should have access to the service, the tracked user data can be evaluated. This evaluation could be done by determining whether the user identifier has established a minimum period presence in a geographical location associated with a subscriber’s account. For example, the home of the subscriber household. One embodiment specifies the criteria to determine if the user identifier has established a minimum period presence.
According to another aspect, it is possible to access a subscriber profile associated the account identifier. The subscriber profile could contain location history data for various identifiers associated to the subscriber account. A separate process may analyze this historical information to determine if the location history is compatible with account household members. The service provider might flag the user ID or device as potentially unauthorized if the analysis shows that the location history does not match expectations. This flag can be used in one embodiment to prevent any further access by the user ID or device. This flag could be used in another embodiment to alert service provider personnel to investigate any unauthorized access. Another embodiment uses the flag to send a warning message or request additional information to the subscriber or user.
With reference to the accompanying illustrations, “Further features, advantages, and the structure and operation for various embodiments are described below. The invention does not limit itself to the particular embodiments that are described. These embodiments are only for illustration purposes. Persons skilled in the relevant art(s), based on the teachings contained therein, will be able to see additional embodiments.
“1. Overview”
“Systems, methods and tools are provided to enhance authentication processes for telecommunications services using location tracking to validate a subscriber’s membership in a household. As used herein, ?user? The term?user? can refer to both a human user (or a device) and the term?user identifier?. could refer to a human identifier or a device identification. One example method assumes that subscribers to telecommunications services are expected to live within their household. It doesn’t matter if access and authentication are credential-based (e.g. authenticated using a user ID), or device-based; users associated with a subscriber household to telecommunications services may be expected regularly to access the telecommunications services within the subscriber premises.
An email user can access his or her email from both within their home and from any other location. An email user who is actually a member of a subscriber household might be expected to be able to access their email account from that household. This access could be detected. Services accessed via device can be accessed both within and outside the home. Even if the device isn’t used extensively within the home it is still likely to be used minimally. A cell phone user may, for example, turn on his/her phone before leaving the house and then turn it off when he/she arrives home.
“FIG. “FIG. 1 illustrates an example of a system. A service provider 100 offers a telecommunications services to a user through a user device such as a laptop computer. Through a network 104, the user device 106 connects to service provider 100. One embodiment of the invention allows the user to connect to the service provider via a provider-operated WiFi connection point 102. Another embodiment may involve a mobile phone 112, which connects to the network via a cell tower. 114 To access a subscriber’s service, the user device 106 transmits a request 110 through the network 100 to the service provider 106.
“In an embodiment, the request contains user information such as a user ID. In an internet service system, for example, the user identifier could be a username and/or password that allows access to the user account. Another embodiment of the request includes information about user devices, such as a device identifier. In an internet service system, for example, the device identifier could be a MAC adress. The service provider may also be able to query the device identifier rather than sending a request. The service provider may continue to track the location after receiving the initial request. For example, it might monitor the continued connection to the network by following the device’s 108 ongoing association with access point 102. Another embodiment of the service provider monitors the user’s location after they have made their initial request. This includes tracking packets sent and received from the device 106 that are marked with a network address, such as an IP address, to help the user device address 106.
“In one embodiment, the service provider uses user information and/or device information to determine, based upon information gathered during previous requests, access sessions and/or periods, if the user/user device has established a minimum presence within the subscribing households associated with the user account ID. This is done in an exemplary manner by comparing the pattern of usage that the user has been using with the required pattern as defined by the service provider policy. The policy may allow the user to access the service if the user meets the requirements. The evaluation can be done in real-time, during authentication, or before authentication. The authentication process can check the results of an evaluation performed before the authentication of the user. A maximum periodic presence can be used by some service providers to determine whether a user has authorization or not. Other embodiments may require that access be restricted to the household authorized, in order to determine if the access is authorized.
“1.1 Establishing Presence within the Subscribing Family”
One embodiment states that a service provider might require the user or device establish presence at a location associated to a subscribing family on a minimum of two weeks to validate their association with the household. A subscribing house may be located at the primary residence. Subscribers may also be asked for this information when they sign up for the service. If the customer is a commercial customer, then the address of the subscriber may be the location of the household. One location may be associated with the subscribing household, while other locations could be used.
The service provider might track user identifiers such as usernames, email addresses and passwords or device identifiers such as MAC addresses and account identifiers. They may also track times of request, access, and/or connection and the locations from which they were made. The service provider can use this information to determine whether the user/device requesting access may have established a consistent or inconsistent pattern of usage with an authorized user. This is true for every user id/device id that is part of the household. One embodiment may only require that the user or device requesting access to the service be present on a periodic basis in order to validate membership in the household. In another embodiment, the service provider might require membership verification on a more stringent and complex basis. The service provider may require that users who request access to the service be present in the household for a minimum of 30 days per year.
A service provider may expect to not only see that a user/device has been present in a subscriber’s home periodically, but also that they were present for a substantial time period, even overnight. A service provider might expect to see a pattern of access that indicates that a user has been sleeping at a specific location. New vendors may add more advanced geo-location analysis capabilities to their validation systems. Location tracking that confirms multiple subscribers together at certain times and for specific durations can be used to verify a family relationship validating common membership in a subscribing home, even though it cannot be determined where the subscriber is located. Location tracking can also be used to confirm that a user or device is legitimate or suspect. This is true even if the usage pattern is not clear.
“1.2 Locating Cell Phones and Other Devices in the Area”
“Assisted-GPS tracking and cell tower triangulation can be used to determine the location of modern cell phones. Access point association or triangulation can also identify the approximate location of WIFI-enabled gadgets. If the subscriber household does not have access to a cell tower, access point or other method of locating their location, it may be verified by another means. One example is that cell phones may be expected to have access to one or more of the nearest cell towers as soon as the subscriber returns to their home. WIFI device users might expect to have their own access points at home. Web cookies and other mechanisms may be used to identify a particular device that is accessing the network via a gateway. A lot of hardware devices can be set up to authenticate periodically (e.g. via “docking?”). You can either connect wirelessly or physically to another IP-connected device from the comfort of your home.
“1.3 Exceptions”
“Exceptions to the rules may also be included. A household member could be on extended vacation or an adult child may be at college. A service provider might implement a manual exception mechanism to support these situations. Location tracking can be used to verify that an exception has been granted for a user. It will also confirm that the exception was created using a location pattern that is consistent with the explanation. The explanation for an exception could be stored with it. For example, a subscriber profile may contain a list of all exceptions, and each explanation can be stored with each subscriber profile. An embodiment may include an explanation that describes an alternative location. For example, the location of a college campus where the user is enrolled. The system can validate that the user’s access pattern matches that of the location. Another embodiment may contain information that identifies the nature of the explanation. The system might store information indicating that the exception is for college students. This system has been designed to validate college student exceptions by determining that the user’s access pattern matches that of a student who resides at or near a campus location during fall semester and spring semesters and then returns to the subscriber’s household during winter holidays and summer.
“1.4 The Consequences Of Failed Validation”
“Location tracking can be integrated into authentication processes in many ways. The service provider might deny access to a user/device if it is determined that location technology fails to verify membership. This would force the user to contact customer service to resolve the problem. The system might flag a user/device as potentially unauthorised. Service provider personnel or systems may review flagged users and devices later to decide if they should be denied access. The data may also be used for research purposes and to improve the system’s ability to recognize when a user is authorized or flagged as potentially unauthorised. If a user is flagged by a service provider, they may review the user’s use patterns and decide whether to remove the flag (or not) from the user. This is even if the user has not used service from their home. Service providers may keep track of the user’s validation status (e.g. flagged or not) for each username and device. This information could be saved in a subscriber profile in certain embodiments.
“Location analysis can also be used to detect improper sharing of credentials by multiple user, for example by geo-locating IP addresses used in accessing services and determining that there is an established pattern of use at different locations. This cannot be explained simply by one user roaming from one location to another.”
This basic approach can also be used to disallow content stored on a portable device. For example, if location track shows that the device is not within a subscriber household or an authorized device (such a Mac or iTunes-authorized PC), this could be used. A service provider may have an expiration date associated with content loaded onto portable media devices. The expiration date can be modified or renewed every time the device connects to the service provider. The portable media device can update its entitlements for content, which may be downloaded from the service providers or loaded onto the device. This happens whenever the device connects to the service providers or to an authorized device. If the device connects to the service providers or to an authorized device, either the authorized device or the portable device will update the content’s expiration date. A portable media device can be configured to disable content once the expiration date is reached. This could happen, for example, if it goes too long without contacting the service provider, or another authorized device.
“2. Embodiments”
“The system described herein can be implemented in many embodiments, including cable TV, internet and telephone services.”
“2.1 Cable Television Service”
“In one embodiment, cable TV service providers may use location based validation to verify that the user who requested access to the cable TV service with the provided user ID(s), such as a username or password, is actually a member the subscribing households. A cable TV subscriber can access the cable television service via the internet by using a computer. The subscriber will need to provide a username and password that are associated with the household account. The username and password are associated with the email account of the service provider in an embodiment. This embodiment makes it less likely that the username and password will be shared with unauthorised users (such family or friends). Because a customer is less likely than others to have access to his or her private email account, they may not be as likely to share this information.
The cable provider may keep records of times and geographical locations where the service was requested or accessed. The service provider might require that the service be requested and/or accessed at a minimum frequency (for example, once per week) within the household. A service provider policy may specify the minimum frequency that is required. A preferred embodiment may establish a default policy that applies to all subscribers to cable services. Policy exceptions can be recorded in a subscriber profile linked with an account. Other embodiments may have policies that are unique to each subscriber or different depending on the group of subscribers they belong to.
“One embodiment may recognize that the user has accessed the cable services via a device provided to the household. The service provider might deliver services to the household through a cable modem, for example. Practitioners skilled in the art know that a user device using the internet to access services may be provided with an IP address via the DHCP protocol. An element of the network may tag the device’s request for an IP address by claiming that it has entered the network via the subscriber’s cable modem. This allows the DHCP to identify the subscriber house in which the device is located and log the IP address assigned. These techniques can be used to create audit trails, as is well-known to anyone skilled in the art. The subsequent access to authenticated services such as email and internet-based TV can be tracked, and the subscriber’s household can be confirmed.
“2.2 Internet Service with Username Based Authentication”
“In an alternative embodiment, internet service providers might use location-based verification to verify that the user who requests access to internet services with a provided user ID is actually a member in good standing of the household. An internet service subscriber might log on to the network with a username and password that are associated with an account in their household. An internet service provider may keep records of times and geographical locations from which internet service was requested or accessed. An internet service provider might require that internet service is requested and/or accessed at a minimum frequency (e.g., once per week) from the subscribing house. An internet service provider policy may establish the minimum period required. This policy can be applied to all internet service subscribers. It may not be specific to each subscriber or be different depending on the group that they belong to. A default policy is applied to subscriber accounts in a preferred embodiment, except where exceptions are made.
“In one embodiment, access may be confirmed from within the subscriber’s household, as described above, by verifying access via a provider-provisioned cable modem. A provider may also use other technologies such as Digital Subscriber Line or Fiber to the Home (FTTH), to confirm access from the subscriber’s household.
“In another embodiment, access may be validated from within the house by geolocation of a wireless device that allows for access to services within the home. This embodiment may establish the subscriber’s address when they sign up for the internet service. The subscriber’s home can then be used to verify access by using a WiFi basestation that is connected to the subscriber’s location. Geolocation can also be done using other methods, such as assisted GPS or multiple wireless basestations.
“2.3 Internet Service with Device Based Authentication”
“In another embodiment, internet services providers may allow a person to authenticate without the need for a username or password login. This is done by automatically recognising an identifier such as a WiFi address associated with a device such as a laptop computer, or another WiFi-enabled handheld device previously registered as being owned by the user.”
“The internet service provider might use location-based validation in order to verify that the user who accesses internet service using a registered device is actually part of the household. The internet service provider may keep records of times and geographical locations where internet service was requested or accessed via the device. An internet service provider might require that internet service is requested and/or accessed on a minimum basis (e.g., once per week) from the geographic location of the subscriber household. An internet service provider policy may establish the minimum period required. This policy could be applicable to all internet service subscribers. It may not be unique to each subscriber or different depending on the group of subscribers they belong to.
“In one embodiment, access may be validated using geolocation of the wireless device used to access services within the home. This embodiment may establish the address of the subscriber household when they sign up for the internet service. The subscriber’s home can then be used to verify access by using a WiFi basestation that is connected to the subscriber’s location. Geolocation can also be done using other methods, such as assisted GPS or multiple wireless basestations.
“In another embodiment geolocation may be confirmed by accessing a modem provided by the service provider associated with the subscriber household. The service provider might install a web cookie that identifies the device, which can be detected by the subscriber when the device is used for web access from within their household. If the service provider detects requests for access, including those originating from the subscriber’s modem, the location within the subscriber’s household can be confirmed.
“2.4 Telephone Service”
“Another embodiment of telephone service providers may use place-based validation to verify that the user who requests telephone service via a device equipped with a registered device identification (such an EIN or WiFi MAC address), is actually a member the subscribing households. Telephone service can be either cellular, or internet-based. In some embodiments, other types of telecommunications devices can also be used (e.g. services for handheld devices like PDAs and portable music players).
“For example, a telephone service provider might track times and geographical locations from which telephone service was requested or accessed. They may also keep a record these times and locations. A cellular telephone or PDA may track the location of the device using assisted-GPS tracking or cell tower triangulation. It could also be based on the location a single basestation or cell tower used for access. A WiFi-based VoIP embodiment and a cellular Femtocell embodiment might confirm the device’s location by watching it connect or communicate through provider-provisioned customer premises gear, such as a cable modem or wireless access point or femtocell.
“The telephone provider may require that the telephone service is requested and/or accessed on a minimum period basis (e.g., once per week) from the geographical location of the subscriber household. One embodiment may require that the subscriber establish the address of the household when they sign up for the telephone service. A telephone service provider policy may establish the minimum frequency required by the provider. This policy can be applied to all internet service subscribers. It may not be unique to each subscriber or different depending on the group that subscriber is part of. A default policy is applied to subscriber accounts in a preferred embodiment, except where exceptions are made.
“3. Authentication”
“3.1 User ID-Based authentication”
“In the flowchart at FIG. 2, one exemplary embodiment is illustrated. 2. The validation system at the provider authenticates users using a user ID and password that the user has sent to the provider when requesting access to a service 200. The user identifier can be any number, string or other identifier that is associated with a subscriber, household, or service provider database. In some cases, the user ID may include multiple identifiers that are associated with an account or user accounts. The user identifier for phones may be a number that is assigned to a customer. The user identifier for cable TV service that is accessed via the internet may be a username associated with a subscriber household. One embodiment may associate the user identifier with a subscriber account. This information could be stored in a service provider’s database. The username may be used as the user identifier. Service providers may have access to a list of subscriber accounts with associated usernames. A subscriber account ID may also be included in the request.
The service provider may keep a record of all information, including the user identifiers, identifiers for the device from where the user accesses it, the times the user accesses it, the geographic locations, and the times the user accesses it. This information can be used to verify that the user is accessing the service according to acceptable use policies. A system policy may be developed by the service provider to ensure that access is allowed in all cases. The terms of service might stipulate that any subscriber can use the service. The system policy could also require that all subscriber accounts access the service at least once per two weeks from the subscriber’s location. The service provider may store the system policy in a database. A default policy can be used to validate all users in a preferred embodiment, except when an exception is made for a subscriber’s household. Service providers may keep track of each subscriber’s geographic location. This could be defined as the household of the subscriber.
The service provider will review the request once it has been received. If the policy is valid, it will determine if the user can access the service as a subscriber. The service provider might examine the information it has kept track of when the user requested access to the service. This could include the number of requests made and the locations. This information may be used by the service provider to determine whether the subscriber has established the minimum periodic presence 206 in the associated geographic location. This step can be skipped if the user requests access from their home.
If the policy requires that an authorized user access the service from the subscriber’s home at least once every two (2) weeks and the tracked data indicates that the last time they accessed it from their home was last week, then the user could be validated as a subscriber household member, authorized to access this service. If the tracked information shows that the last time the user accessed this service was three weeks back, the user could be flagged as potentially unauthorized and not valid. However, a service provider might use other methods to verify that a subscriber has maintained a minimum level of periodic presence at home. A service provider might check the user’s access patterns and not just the last time they accessed the service. If the user’s pattern of use is suspicious, the service provider might determine that the user has not established a minimum period of presence at the subscriber’s home. A service provider might implement a system to decline to validate a user who has requested access from the subscriber’s home in the past 2 days. This is if the user’s access history shows that the subscriber has not requested access for more than one month.
“In certain embodiments, the policy might define whether to validate a new user if there is no record of previous attempts from the home to access the server. The policy could, for example, state that new users must first be manually validated. It may also specify that the policy will track subsequent requests to determine if they should be validated.
“In one embodiment, the policy might require access from within the subscriber’s household. The frequency will depend on how many sessions the user has used. A policy may require access from the subscriber’s household at least once per ten sessions. The system can adapt to infrequent users by measuring frequency relative to sessions, rather than time. Another embodiment of the policy might include both session-based and time-based frequency criteria. A policy may require access within a subscriber’s household at least once every two weeks, or at most once in the past ten sessions.
“3.2 User Device Based authentication”
FIG. “Alternatively, in FIG. 3, the service provider authenticates users by using a user device identifier. This could be the MAC address of a device being used to access the service or a combination thereof. One embodiment may associate the user device ID with a subscriber account. This information may be stored in a service provider’s database.
The service provider keeps track of 302 the user’s device identifier and the times that the device accesses it. It also records the geographic locations and times from which the device accesses it. This information may be used by the service provider to verify that a user device has been properly associated with a subscriber’s account and is authorized to access a service according to policy rules. Preferably, the service provider will determine 306 when the user device last accessed the service from the geographic location associated to the subscriber account. The service provider then evaluates 306 this information with the policy to determine whether the policy should be applied to validate the user device. A device-based authentication system allows a subscriber to be authenticated without the need for them to log in with a username or password.
Some services may still require user-ID-based authentication even though a device-based system is being used. A service provider might implement a device-based authentication system that allows a subscriber connect to a wireless network using a PDA. This will allow the subscriber to access email online without having to log in manually. The service provider might still require the subscriber to enter a username or password in order to access email from their PDA.
“User devices can also be considered to belong to a subscription household if, for instance, a subscriber uses the device to access a service and there is a minimum correlation with an authorized user identifier. If John Smith logs in to a service provider’s service using username??john? and username???john, then the laptop may be validated as belonging to John Smith. If the service provider has verified that the user is associated with an authorized household member, the laptop could be used to log into the service provider’s service using username?john? and username?john?.
“A service provider might set up an authentication system that ignores normal rules for a certain period after the initial registration of a device. If John Smith purchases a laptop and uses it to access a service offered by the provider, the service provider might ignore normal rules for a time in order to determine if John Smith has established a valid pattern. One embodiment may consider a device authorized if it has been used within the past two weeks from home or if it has been registered for the first time within the past two weeks.
“3.3 Subscriber Profile.”
FIG. 4. The service provider authenticates users and devices by accessing the subscriber profile associated to the subscriber account. Subscriber profiles may contain user identifiers that are associated with subscriber accounts. Additional information may also be included. The service provider may create a subscriber profile based on data it has collected. After the service provider has received 400 user identifiers or device identifiers, the service provider can track the request 402 to access 404 the subscriber profile that is associated with the user ID. If the subscriber profile contains an entry for the user or device associated to the device identifier, the service provider might determine that 406.
“The subscriber profile can contain a list or devices and rules for accessing service for each user, device, group, or subscriber. One embodiment of the subscriber profile contains information about previous service requests and/or devices for the subscriber account. The service provider might determine 410, if an entry is found in the subscriber profile for the user/device. This will be based on criteria set out in the policy.
The validation system can also be used for inferring user and/or device relationships. Location tracking, which confirms multiple users and devices at certain times and for specific durations, may suffice to confirm a household connection, even though it cannot be determined where they are located. The policy or subscriber profile may specify the times and durations required for the system to infer a family relationship. The system can use the track information to determine changes in the subscriber household, and continuously update the subscriber profile.
“4. Example”
FIG. 5 shows an example of how the preferred embodiment of this invention works. 5 is now shown. John Smith is a user who has a subscription to cable TV service from a provider. John has a service plan that allows him to access cable TV over the internet from anywhere in the world. He logs into a service provider website using a username such as?john? and the password associated with his account. John logs into his account with his username and password. He accesses cable TV service via the internet from Arlington, Va. (zipcode 22201), on January 1, 2009 at 7:03 PM EST. John’s username may be the same password John uses to access his email account.
John requests access to the cable TV service. The service provider authenticates John’s username and password. The service provider will verify that John has used the username within his home on a minimum basis per policy 501. This step can be skipped in certain embodiments if access is requested from the subscriber’s home. After validation is successful, John is granted access to the cable TV service by the service provider. The service provider records 500 details about John’s access to the service. This includes the username 502, the time 504, where John accessed it, and the method of access 505. It also records whether John was at his subscriber home 519. A device identifier 508 may be recorded by the service provider. The service provider might record John’s MAC address 510 on a gateway device John uses for accessing the service. This could be a router at John’s house. The service provider could also install a cookie to recognize John’s computer and identify it by receiving the cookie during login.
“If John accesses the cable TV service while at work on the next day at 2:00 PM EST, the provider may determine whether John’s username was used to access the service from John?s home in accordance with the policy’s minimum required periodic basis. John has not accessed 516 of the service since Jan. 1, 2009. The policy states that John must access the service at least once per week from John’s house. The service provider might not be able to access the MAC address of the accessing device in this instance. One embodiment may store an IP Address 518. Note that this IP address is used to locate the accessing device.
“If John accesses 513 cable television service at 5:01 PM EST two weeks later, while on a business trip to Los Angeles (zip code 90711), the service provider will find that John last accessed 516 from home on January 1, 2009. The policy states that service must be accessed at least once per week from home. 538 John’s account may be flagged by the service provider as being used by an unauthorized user 540. The flag can be used by the provider to block access to John’s account using John’s username. John will need to contact customer support to resolve the issue. Or, it could be reviewed by the provider at a later time to determine if additional action is required. This flag can be stored in John’s profile and/or associated with John. In some cases, the service provider may also track whether each request for services is authorized or not based on tracking information.
“For instance, the service provider might note 530 a current state 536 of John’s username 532 or his device 534 that he is accessing the service. Each username and device identifier can have one current status at any given moment (validated, potentially unauthorized or unauthorized, for example). A service provider may use historical access patterns to create a new status. John’s username 538 could be flagged as potentially unauthorized 540 if the pattern of access associated to john’s username doesn’t currently meet access requirements for a service provider policy. Jane, John’s wife may have a username of 550 that meets the service provider policy access requirements. Her username could be flagged as a valid 552 username. The status of the user device may also be noted by the service provider. The service provider might note, for example, John’s device status (542 and 546) that has been registered with them. A current status may be assigned to each device, such as valid 544 or potentially unauthorized. If a representative of a service provider confirms that a username or device is potentially unauthorized, the provider may flag the username/device as unauthorized 548.
“Alternatively, in certain embodiments, the service providers may review a list 526 of exceptions created for the user account in order to determine if a non-default strategy should be used to evaluate whether the account or username should be flagged. John may have an exception for his username that requires access to John’s home only once a month, instead of every week because he is away on business trips. A username belonging to John’s child, Sam, may also be exempt. Sam could be at college. This exception could state, for example, that John’s son must use John’s home service at least once every six months.
“In some instances, the service provider may create a subscriber profile 521 to account John’s household. A subscriber profile can include authorized users 522 and authorized devices 524. It may also contain exceptions 526 that could be used to John’s household members. The subscriber profile can be created automatically, manually, or at a later date. Customers may request exceptions, and/or they can be created by service provider representatives.
“5. Conclusion”
The above system and process can be implemented on a computer as a program that executes on a machine, a product of a computer program, or as a computer-readable media.
“While different embodiments of the invention have been described, it is important to understand that they are only examples and not a limitation. Anyone skilled in the relevant arts will see that there are many ways to modify the form and details of the invention without compromising the spirit or scope. The scope and breadth of the invention should not be restricted by the exemplary embodiments. Instead, it should be defined in accordance to the following claims and equivalents.
Summary for “Enhanced subscriber authentication via location tracking”
“Field of Invention”
“The invention generally refers to telecommunications, and more specifically to telecommunications authentication.”
“Related Art”
Telecommunications services are often delivered to a household rather than on an individual basis. Telephone, television, internet access, and other services are traditionally delivered to subscriber households. All members enjoy these services. These services are usually delivered on an uncapped basis. This means that each household subscriber can use all or part of these services at flat-rate pricing.
“As traditional home-based services are extended beyond the household, it is becoming more difficult to deliver them. There are difficulties in ensuring that services are only available to the members of the household. As internet service providers allowed multiple email addresses per subscriber account to support multiple household members, and cell phone providers introduced family plans that support families with multiple cell phones users, they had to ensure that these users were members of the household associated to a particular “account.”
“Users have always been authenticated using credentials such as username and password or possession of an authorized device like a cell phone with a particular EIN. There has never been a way to verify that the user is actually part of a household. It is important to provide additional authentication, as usernames and passwords can be shared with other subscribers or compromised.
“Some service providers have placed a limit on how many sub-accounts can be linked to a subscriber household. Internet service providers restrict the number and type of email addresses that can be created. Cell phone providers limit the amount of phones that can be added to a family sharing account. This may make it impossible for a family of six to get a phone for every family member under a cellular family plan that limits them to five phones. This approach could also be too permissive. For example, a three-person family might secretly add ‘family share’ to their account. phone to the account for friends that are not household members.”
“Some service providers try to prevent multiple simultaneous logins in order to prevent sharing of services. This approach does not prevent multiple users from sharing their credentials. As mobile and mobile video and data services increase in popularity, the problem will only get worse.
“Existing methods lack a mechanism that validates actual membership within a subscribing households. Instead, they impose arbitrary limits meant to limit the impact on inappropriate service sharing while still adequately serving the majority. It is necessary to have a method that validates that the user is actually part of the household with which their service is associated.
“This section summarizes some aspects of the invention and briefly introduces some of the preferred embodiments. To avoid confusing the purpose of the section, simplifications and omissions can be made. These simplifications and omissions do not limit the scope or usefulness of the invention.
Modern telecommunications systems can identify at least a rough geographical location for a user (such as a town) and are often capable of identifying a specific geographic location (such as an address). Requests for services can be identified as coming from a particular address if they originate from a home that is accessed by a wireline. A request for services can be identified from a portable device that is accessed through a wireless basestation directly operated by a telecommunications provider. This portable device can often be located more precisely using established techniques like triangulation and assisted GPS. Services requested via intermediary networks that are not operated directly by the telecommunications provider (e.g. access via the internet via an office or hotel) can usually be located at least roughly. This is possible using well-known methods such as mapping IP addresses to approximate geographical locations such as towns.
“Identification is more than just the initial request for services. Systems can typically recognize an ongoing session of service usage after the initial request or just ongoing connectivity of a user access devices between periods of active use. Mobile services are an example of this. A portable device can change its location after a request to start a session. However, most systems can continue to track the device’s location as it moves.
“Members can expect to display certain location-related behavior, such as frequent and extended presence at a service address associated with an accounts or regular and extended periods in the same place as other household members. The location history of a human or user device can be used, in accordance with the principles of this invention, to verify or challenge whether the user is a member of an account household. The invention provides methods and systems that can be used to determine whether a user of a service belongs to an account household. This is done in part using the user’s geographical location history. A preferred embodiment also incorporates a location-based validation step into user device authentication.
“In one embodiment, a request for access to a service is received by a user. This request could be to access the service provider’s services or to receive services from them. In some cases, the request may initiate a session with a service provider. Other embodiments do not initiate a session. Requests may include a password or identifiers such as user device identifiers, user identifiers and/or user account identifiers. Alternately, the identifiers can be found by asking the user device for access to the service. Any of these identifiers can be used to track user data, including information about the user’s access time and/or the location from which they accessed it. To determine whether the user identifier and/or user device should have access to the service, the tracked user data can be evaluated. This evaluation could be done by determining whether the user identifier has established a minimum period presence in a geographical location associated with a subscriber’s account. For example, the home of the subscriber household. One embodiment specifies the criteria to determine if the user identifier has established a minimum period presence.
According to another aspect, it is possible to access a subscriber profile associated the account identifier. The subscriber profile could contain location history data for various identifiers associated to the subscriber account. A separate process may analyze this historical information to determine if the location history is compatible with account household members. The service provider might flag the user ID or device as potentially unauthorized if the analysis shows that the location history does not match expectations. This flag can be used in one embodiment to prevent any further access by the user ID or device. This flag could be used in another embodiment to alert service provider personnel to investigate any unauthorized access. Another embodiment uses the flag to send a warning message or request additional information to the subscriber or user.
With reference to the accompanying illustrations, “Further features, advantages, and the structure and operation for various embodiments are described below. The invention does not limit itself to the particular embodiments that are described. These embodiments are only for illustration purposes. Persons skilled in the relevant art(s), based on the teachings contained therein, will be able to see additional embodiments.
“1. Overview”
“Systems, methods and tools are provided to enhance authentication processes for telecommunications services using location tracking to validate a subscriber’s membership in a household. As used herein, ?user? The term?user? can refer to both a human user (or a device) and the term?user identifier?. could refer to a human identifier or a device identification. One example method assumes that subscribers to telecommunications services are expected to live within their household. It doesn’t matter if access and authentication are credential-based (e.g. authenticated using a user ID), or device-based; users associated with a subscriber household to telecommunications services may be expected regularly to access the telecommunications services within the subscriber premises.
An email user can access his or her email from both within their home and from any other location. An email user who is actually a member of a subscriber household might be expected to be able to access their email account from that household. This access could be detected. Services accessed via device can be accessed both within and outside the home. Even if the device isn’t used extensively within the home it is still likely to be used minimally. A cell phone user may, for example, turn on his/her phone before leaving the house and then turn it off when he/she arrives home.
“FIG. “FIG. 1 illustrates an example of a system. A service provider 100 offers a telecommunications services to a user through a user device such as a laptop computer. Through a network 104, the user device 106 connects to service provider 100. One embodiment of the invention allows the user to connect to the service provider via a provider-operated WiFi connection point 102. Another embodiment may involve a mobile phone 112, which connects to the network via a cell tower. 114 To access a subscriber’s service, the user device 106 transmits a request 110 through the network 100 to the service provider 106.
“In an embodiment, the request contains user information such as a user ID. In an internet service system, for example, the user identifier could be a username and/or password that allows access to the user account. Another embodiment of the request includes information about user devices, such as a device identifier. In an internet service system, for example, the device identifier could be a MAC adress. The service provider may also be able to query the device identifier rather than sending a request. The service provider may continue to track the location after receiving the initial request. For example, it might monitor the continued connection to the network by following the device’s 108 ongoing association with access point 102. Another embodiment of the service provider monitors the user’s location after they have made their initial request. This includes tracking packets sent and received from the device 106 that are marked with a network address, such as an IP address, to help the user device address 106.
“In one embodiment, the service provider uses user information and/or device information to determine, based upon information gathered during previous requests, access sessions and/or periods, if the user/user device has established a minimum presence within the subscribing households associated with the user account ID. This is done in an exemplary manner by comparing the pattern of usage that the user has been using with the required pattern as defined by the service provider policy. The policy may allow the user to access the service if the user meets the requirements. The evaluation can be done in real-time, during authentication, or before authentication. The authentication process can check the results of an evaluation performed before the authentication of the user. A maximum periodic presence can be used by some service providers to determine whether a user has authorization or not. Other embodiments may require that access be restricted to the household authorized, in order to determine if the access is authorized.
“1.1 Establishing Presence within the Subscribing Family”
One embodiment states that a service provider might require the user or device establish presence at a location associated to a subscribing family on a minimum of two weeks to validate their association with the household. A subscribing house may be located at the primary residence. Subscribers may also be asked for this information when they sign up for the service. If the customer is a commercial customer, then the address of the subscriber may be the location of the household. One location may be associated with the subscribing household, while other locations could be used.
The service provider might track user identifiers such as usernames, email addresses and passwords or device identifiers such as MAC addresses and account identifiers. They may also track times of request, access, and/or connection and the locations from which they were made. The service provider can use this information to determine whether the user/device requesting access may have established a consistent or inconsistent pattern of usage with an authorized user. This is true for every user id/device id that is part of the household. One embodiment may only require that the user or device requesting access to the service be present on a periodic basis in order to validate membership in the household. In another embodiment, the service provider might require membership verification on a more stringent and complex basis. The service provider may require that users who request access to the service be present in the household for a minimum of 30 days per year.
A service provider may expect to not only see that a user/device has been present in a subscriber’s home periodically, but also that they were present for a substantial time period, even overnight. A service provider might expect to see a pattern of access that indicates that a user has been sleeping at a specific location. New vendors may add more advanced geo-location analysis capabilities to their validation systems. Location tracking that confirms multiple subscribers together at certain times and for specific durations can be used to verify a family relationship validating common membership in a subscribing home, even though it cannot be determined where the subscriber is located. Location tracking can also be used to confirm that a user or device is legitimate or suspect. This is true even if the usage pattern is not clear.
“1.2 Locating Cell Phones and Other Devices in the Area”
“Assisted-GPS tracking and cell tower triangulation can be used to determine the location of modern cell phones. Access point association or triangulation can also identify the approximate location of WIFI-enabled gadgets. If the subscriber household does not have access to a cell tower, access point or other method of locating their location, it may be verified by another means. One example is that cell phones may be expected to have access to one or more of the nearest cell towers as soon as the subscriber returns to their home. WIFI device users might expect to have their own access points at home. Web cookies and other mechanisms may be used to identify a particular device that is accessing the network via a gateway. A lot of hardware devices can be set up to authenticate periodically (e.g. via “docking?”). You can either connect wirelessly or physically to another IP-connected device from the comfort of your home.
“1.3 Exceptions”
“Exceptions to the rules may also be included. A household member could be on extended vacation or an adult child may be at college. A service provider might implement a manual exception mechanism to support these situations. Location tracking can be used to verify that an exception has been granted for a user. It will also confirm that the exception was created using a location pattern that is consistent with the explanation. The explanation for an exception could be stored with it. For example, a subscriber profile may contain a list of all exceptions, and each explanation can be stored with each subscriber profile. An embodiment may include an explanation that describes an alternative location. For example, the location of a college campus where the user is enrolled. The system can validate that the user’s access pattern matches that of the location. Another embodiment may contain information that identifies the nature of the explanation. The system might store information indicating that the exception is for college students. This system has been designed to validate college student exceptions by determining that the user’s access pattern matches that of a student who resides at or near a campus location during fall semester and spring semesters and then returns to the subscriber’s household during winter holidays and summer.
“1.4 The Consequences Of Failed Validation”
“Location tracking can be integrated into authentication processes in many ways. The service provider might deny access to a user/device if it is determined that location technology fails to verify membership. This would force the user to contact customer service to resolve the problem. The system might flag a user/device as potentially unauthorised. Service provider personnel or systems may review flagged users and devices later to decide if they should be denied access. The data may also be used for research purposes and to improve the system’s ability to recognize when a user is authorized or flagged as potentially unauthorised. If a user is flagged by a service provider, they may review the user’s use patterns and decide whether to remove the flag (or not) from the user. This is even if the user has not used service from their home. Service providers may keep track of the user’s validation status (e.g. flagged or not) for each username and device. This information could be saved in a subscriber profile in certain embodiments.
“Location analysis can also be used to detect improper sharing of credentials by multiple user, for example by geo-locating IP addresses used in accessing services and determining that there is an established pattern of use at different locations. This cannot be explained simply by one user roaming from one location to another.”
This basic approach can also be used to disallow content stored on a portable device. For example, if location track shows that the device is not within a subscriber household or an authorized device (such a Mac or iTunes-authorized PC), this could be used. A service provider may have an expiration date associated with content loaded onto portable media devices. The expiration date can be modified or renewed every time the device connects to the service provider. The portable media device can update its entitlements for content, which may be downloaded from the service providers or loaded onto the device. This happens whenever the device connects to the service providers or to an authorized device. If the device connects to the service providers or to an authorized device, either the authorized device or the portable device will update the content’s expiration date. A portable media device can be configured to disable content once the expiration date is reached. This could happen, for example, if it goes too long without contacting the service provider, or another authorized device.
“2. Embodiments”
“The system described herein can be implemented in many embodiments, including cable TV, internet and telephone services.”
“2.1 Cable Television Service”
“In one embodiment, cable TV service providers may use location based validation to verify that the user who requested access to the cable TV service with the provided user ID(s), such as a username or password, is actually a member the subscribing households. A cable TV subscriber can access the cable television service via the internet by using a computer. The subscriber will need to provide a username and password that are associated with the household account. The username and password are associated with the email account of the service provider in an embodiment. This embodiment makes it less likely that the username and password will be shared with unauthorised users (such family or friends). Because a customer is less likely than others to have access to his or her private email account, they may not be as likely to share this information.
The cable provider may keep records of times and geographical locations where the service was requested or accessed. The service provider might require that the service be requested and/or accessed at a minimum frequency (for example, once per week) within the household. A service provider policy may specify the minimum frequency that is required. A preferred embodiment may establish a default policy that applies to all subscribers to cable services. Policy exceptions can be recorded in a subscriber profile linked with an account. Other embodiments may have policies that are unique to each subscriber or different depending on the group of subscribers they belong to.
“One embodiment may recognize that the user has accessed the cable services via a device provided to the household. The service provider might deliver services to the household through a cable modem, for example. Practitioners skilled in the art know that a user device using the internet to access services may be provided with an IP address via the DHCP protocol. An element of the network may tag the device’s request for an IP address by claiming that it has entered the network via the subscriber’s cable modem. This allows the DHCP to identify the subscriber house in which the device is located and log the IP address assigned. These techniques can be used to create audit trails, as is well-known to anyone skilled in the art. The subsequent access to authenticated services such as email and internet-based TV can be tracked, and the subscriber’s household can be confirmed.
“2.2 Internet Service with Username Based Authentication”
“In an alternative embodiment, internet service providers might use location-based verification to verify that the user who requests access to internet services with a provided user ID is actually a member in good standing of the household. An internet service subscriber might log on to the network with a username and password that are associated with an account in their household. An internet service provider may keep records of times and geographical locations from which internet service was requested or accessed. An internet service provider might require that internet service is requested and/or accessed at a minimum frequency (e.g., once per week) from the subscribing house. An internet service provider policy may establish the minimum period required. This policy can be applied to all internet service subscribers. It may not be specific to each subscriber or be different depending on the group that they belong to. A default policy is applied to subscriber accounts in a preferred embodiment, except where exceptions are made.
“In one embodiment, access may be confirmed from within the subscriber’s household, as described above, by verifying access via a provider-provisioned cable modem. A provider may also use other technologies such as Digital Subscriber Line or Fiber to the Home (FTTH), to confirm access from the subscriber’s household.
“In another embodiment, access may be validated from within the house by geolocation of a wireless device that allows for access to services within the home. This embodiment may establish the subscriber’s address when they sign up for the internet service. The subscriber’s home can then be used to verify access by using a WiFi basestation that is connected to the subscriber’s location. Geolocation can also be done using other methods, such as assisted GPS or multiple wireless basestations.
“2.3 Internet Service with Device Based Authentication”
“In another embodiment, internet services providers may allow a person to authenticate without the need for a username or password login. This is done by automatically recognising an identifier such as a WiFi address associated with a device such as a laptop computer, or another WiFi-enabled handheld device previously registered as being owned by the user.”
“The internet service provider might use location-based validation in order to verify that the user who accesses internet service using a registered device is actually part of the household. The internet service provider may keep records of times and geographical locations where internet service was requested or accessed via the device. An internet service provider might require that internet service is requested and/or accessed on a minimum basis (e.g., once per week) from the geographic location of the subscriber household. An internet service provider policy may establish the minimum period required. This policy could be applicable to all internet service subscribers. It may not be unique to each subscriber or different depending on the group of subscribers they belong to.
“In one embodiment, access may be validated using geolocation of the wireless device used to access services within the home. This embodiment may establish the address of the subscriber household when they sign up for the internet service. The subscriber’s home can then be used to verify access by using a WiFi basestation that is connected to the subscriber’s location. Geolocation can also be done using other methods, such as assisted GPS or multiple wireless basestations.
“In another embodiment geolocation may be confirmed by accessing a modem provided by the service provider associated with the subscriber household. The service provider might install a web cookie that identifies the device, which can be detected by the subscriber when the device is used for web access from within their household. If the service provider detects requests for access, including those originating from the subscriber’s modem, the location within the subscriber’s household can be confirmed.
“2.4 Telephone Service”
“Another embodiment of telephone service providers may use place-based validation to verify that the user who requests telephone service via a device equipped with a registered device identification (such an EIN or WiFi MAC address), is actually a member the subscribing households. Telephone service can be either cellular, or internet-based. In some embodiments, other types of telecommunications devices can also be used (e.g. services for handheld devices like PDAs and portable music players).
“For example, a telephone service provider might track times and geographical locations from which telephone service was requested or accessed. They may also keep a record these times and locations. A cellular telephone or PDA may track the location of the device using assisted-GPS tracking or cell tower triangulation. It could also be based on the location a single basestation or cell tower used for access. A WiFi-based VoIP embodiment and a cellular Femtocell embodiment might confirm the device’s location by watching it connect or communicate through provider-provisioned customer premises gear, such as a cable modem or wireless access point or femtocell.
“The telephone provider may require that the telephone service is requested and/or accessed on a minimum period basis (e.g., once per week) from the geographical location of the subscriber household. One embodiment may require that the subscriber establish the address of the household when they sign up for the telephone service. A telephone service provider policy may establish the minimum frequency required by the provider. This policy can be applied to all internet service subscribers. It may not be unique to each subscriber or different depending on the group that subscriber is part of. A default policy is applied to subscriber accounts in a preferred embodiment, except where exceptions are made.
“3. Authentication”
“3.1 User ID-Based authentication”
“In the flowchart at FIG. 2, one exemplary embodiment is illustrated. 2. The validation system at the provider authenticates users using a user ID and password that the user has sent to the provider when requesting access to a service 200. The user identifier can be any number, string or other identifier that is associated with a subscriber, household, or service provider database. In some cases, the user ID may include multiple identifiers that are associated with an account or user accounts. The user identifier for phones may be a number that is assigned to a customer. The user identifier for cable TV service that is accessed via the internet may be a username associated with a subscriber household. One embodiment may associate the user identifier with a subscriber account. This information could be stored in a service provider’s database. The username may be used as the user identifier. Service providers may have access to a list of subscriber accounts with associated usernames. A subscriber account ID may also be included in the request.
The service provider may keep a record of all information, including the user identifiers, identifiers for the device from where the user accesses it, the times the user accesses it, the geographic locations, and the times the user accesses it. This information can be used to verify that the user is accessing the service according to acceptable use policies. A system policy may be developed by the service provider to ensure that access is allowed in all cases. The terms of service might stipulate that any subscriber can use the service. The system policy could also require that all subscriber accounts access the service at least once per two weeks from the subscriber’s location. The service provider may store the system policy in a database. A default policy can be used to validate all users in a preferred embodiment, except when an exception is made for a subscriber’s household. Service providers may keep track of each subscriber’s geographic location. This could be defined as the household of the subscriber.
The service provider will review the request once it has been received. If the policy is valid, it will determine if the user can access the service as a subscriber. The service provider might examine the information it has kept track of when the user requested access to the service. This could include the number of requests made and the locations. This information may be used by the service provider to determine whether the subscriber has established the minimum periodic presence 206 in the associated geographic location. This step can be skipped if the user requests access from their home.
If the policy requires that an authorized user access the service from the subscriber’s home at least once every two (2) weeks and the tracked data indicates that the last time they accessed it from their home was last week, then the user could be validated as a subscriber household member, authorized to access this service. If the tracked information shows that the last time the user accessed this service was three weeks back, the user could be flagged as potentially unauthorized and not valid. However, a service provider might use other methods to verify that a subscriber has maintained a minimum level of periodic presence at home. A service provider might check the user’s access patterns and not just the last time they accessed the service. If the user’s pattern of use is suspicious, the service provider might determine that the user has not established a minimum period of presence at the subscriber’s home. A service provider might implement a system to decline to validate a user who has requested access from the subscriber’s home in the past 2 days. This is if the user’s access history shows that the subscriber has not requested access for more than one month.
“In certain embodiments, the policy might define whether to validate a new user if there is no record of previous attempts from the home to access the server. The policy could, for example, state that new users must first be manually validated. It may also specify that the policy will track subsequent requests to determine if they should be validated.
“In one embodiment, the policy might require access from within the subscriber’s household. The frequency will depend on how many sessions the user has used. A policy may require access from the subscriber’s household at least once per ten sessions. The system can adapt to infrequent users by measuring frequency relative to sessions, rather than time. Another embodiment of the policy might include both session-based and time-based frequency criteria. A policy may require access within a subscriber’s household at least once every two weeks, or at most once in the past ten sessions.
“3.2 User Device Based authentication”
FIG. “Alternatively, in FIG. 3, the service provider authenticates users by using a user device identifier. This could be the MAC address of a device being used to access the service or a combination thereof. One embodiment may associate the user device ID with a subscriber account. This information may be stored in a service provider’s database.
The service provider keeps track of 302 the user’s device identifier and the times that the device accesses it. It also records the geographic locations and times from which the device accesses it. This information may be used by the service provider to verify that a user device has been properly associated with a subscriber’s account and is authorized to access a service according to policy rules. Preferably, the service provider will determine 306 when the user device last accessed the service from the geographic location associated to the subscriber account. The service provider then evaluates 306 this information with the policy to determine whether the policy should be applied to validate the user device. A device-based authentication system allows a subscriber to be authenticated without the need for them to log in with a username or password.
Some services may still require user-ID-based authentication even though a device-based system is being used. A service provider might implement a device-based authentication system that allows a subscriber connect to a wireless network using a PDA. This will allow the subscriber to access email online without having to log in manually. The service provider might still require the subscriber to enter a username or password in order to access email from their PDA.
“User devices can also be considered to belong to a subscription household if, for instance, a subscriber uses the device to access a service and there is a minimum correlation with an authorized user identifier. If John Smith logs in to a service provider’s service using username??john? and username???john, then the laptop may be validated as belonging to John Smith. If the service provider has verified that the user is associated with an authorized household member, the laptop could be used to log into the service provider’s service using username?john? and username?john?.
“A service provider might set up an authentication system that ignores normal rules for a certain period after the initial registration of a device. If John Smith purchases a laptop and uses it to access a service offered by the provider, the service provider might ignore normal rules for a time in order to determine if John Smith has established a valid pattern. One embodiment may consider a device authorized if it has been used within the past two weeks from home or if it has been registered for the first time within the past two weeks.
“3.3 Subscriber Profile.”
FIG. 4. The service provider authenticates users and devices by accessing the subscriber profile associated to the subscriber account. Subscriber profiles may contain user identifiers that are associated with subscriber accounts. Additional information may also be included. The service provider may create a subscriber profile based on data it has collected. After the service provider has received 400 user identifiers or device identifiers, the service provider can track the request 402 to access 404 the subscriber profile that is associated with the user ID. If the subscriber profile contains an entry for the user or device associated to the device identifier, the service provider might determine that 406.
“The subscriber profile can contain a list or devices and rules for accessing service for each user, device, group, or subscriber. One embodiment of the subscriber profile contains information about previous service requests and/or devices for the subscriber account. The service provider might determine 410, if an entry is found in the subscriber profile for the user/device. This will be based on criteria set out in the policy.
The validation system can also be used for inferring user and/or device relationships. Location tracking, which confirms multiple users and devices at certain times and for specific durations, may suffice to confirm a household connection, even though it cannot be determined where they are located. The policy or subscriber profile may specify the times and durations required for the system to infer a family relationship. The system can use the track information to determine changes in the subscriber household, and continuously update the subscriber profile.
“4. Example”
FIG. 5 shows an example of how the preferred embodiment of this invention works. 5 is now shown. John Smith is a user who has a subscription to cable TV service from a provider. John has a service plan that allows him to access cable TV over the internet from anywhere in the world. He logs into a service provider website using a username such as?john? and the password associated with his account. John logs into his account with his username and password. He accesses cable TV service via the internet from Arlington, Va. (zipcode 22201), on January 1, 2009 at 7:03 PM EST. John’s username may be the same password John uses to access his email account.
John requests access to the cable TV service. The service provider authenticates John’s username and password. The service provider will verify that John has used the username within his home on a minimum basis per policy 501. This step can be skipped in certain embodiments if access is requested from the subscriber’s home. After validation is successful, John is granted access to the cable TV service by the service provider. The service provider records 500 details about John’s access to the service. This includes the username 502, the time 504, where John accessed it, and the method of access 505. It also records whether John was at his subscriber home 519. A device identifier 508 may be recorded by the service provider. The service provider might record John’s MAC address 510 on a gateway device John uses for accessing the service. This could be a router at John’s house. The service provider could also install a cookie to recognize John’s computer and identify it by receiving the cookie during login.
“If John accesses the cable TV service while at work on the next day at 2:00 PM EST, the provider may determine whether John’s username was used to access the service from John?s home in accordance with the policy’s minimum required periodic basis. John has not accessed 516 of the service since Jan. 1, 2009. The policy states that John must access the service at least once per week from John’s house. The service provider might not be able to access the MAC address of the accessing device in this instance. One embodiment may store an IP Address 518. Note that this IP address is used to locate the accessing device.
“If John accesses 513 cable television service at 5:01 PM EST two weeks later, while on a business trip to Los Angeles (zip code 90711), the service provider will find that John last accessed 516 from home on January 1, 2009. The policy states that service must be accessed at least once per week from home. 538 John’s account may be flagged by the service provider as being used by an unauthorized user 540. The flag can be used by the provider to block access to John’s account using John’s username. John will need to contact customer support to resolve the issue. Or, it could be reviewed by the provider at a later time to determine if additional action is required. This flag can be stored in John’s profile and/or associated with John. In some cases, the service provider may also track whether each request for services is authorized or not based on tracking information.
“For instance, the service provider might note 530 a current state 536 of John’s username 532 or his device 534 that he is accessing the service. Each username and device identifier can have one current status at any given moment (validated, potentially unauthorized or unauthorized, for example). A service provider may use historical access patterns to create a new status. John’s username 538 could be flagged as potentially unauthorized 540 if the pattern of access associated to john’s username doesn’t currently meet access requirements for a service provider policy. Jane, John’s wife may have a username of 550 that meets the service provider policy access requirements. Her username could be flagged as a valid 552 username. The status of the user device may also be noted by the service provider. The service provider might note, for example, John’s device status (542 and 546) that has been registered with them. A current status may be assigned to each device, such as valid 544 or potentially unauthorized. If a representative of a service provider confirms that a username or device is potentially unauthorized, the provider may flag the username/device as unauthorized 548.
“Alternatively, in certain embodiments, the service providers may review a list 526 of exceptions created for the user account in order to determine if a non-default strategy should be used to evaluate whether the account or username should be flagged. John may have an exception for his username that requires access to John’s home only once a month, instead of every week because he is away on business trips. A username belonging to John’s child, Sam, may also be exempt. Sam could be at college. This exception could state, for example, that John’s son must use John’s home service at least once every six months.
“In some instances, the service provider may create a subscriber profile 521 to account John’s household. A subscriber profile can include authorized users 522 and authorized devices 524. It may also contain exceptions 526 that could be used to John’s household members. The subscriber profile can be created automatically, manually, or at a later date. Customers may request exceptions, and/or they can be created by service provider representatives.
“5. Conclusion”
The above system and process can be implemented on a computer as a program that executes on a machine, a product of a computer program, or as a computer-readable media.
“While different embodiments of the invention have been described, it is important to understand that they are only examples and not a limitation. Anyone skilled in the relevant arts will see that there are many ways to modify the form and details of the invention without compromising the spirit or scope. The scope and breadth of the invention should not be restricted by the exemplary embodiments. Instead, it should be defined in accordance to the following claims and equivalents.
Click here to view the patent on Google Patents.