System and method for location-based authentication

摘要

A system, apparatus, method, and machine readable medium are described for location-aware authentication. For example, one embodiment of a location-aware method for user authentication comprises: determining a current location of a mobile device; identifying a location class corresponding to the current location; selecting a set of one or more authentication techniques to provide a sufficient level of user authentication for a current transaction based on the identified location class.

主权项

1. A location-aware method for user authentication comprising:
determining a current location of a mobile device, wherein determining a current location of a mobile device comprises: detecting, by a device proximity detection module, the presence of one or more peer or network infrastructure devices; and performing, by the device proximity detection module, a correlation against historical presence data for the peer or network infrastructure devices, wherein a relatively higher correlation indicates that the mobile device is at a known location and a relatively lower correlation indicates that the mobile device is not at a known location; identifying, by a location class determination module, a location class corresponding to the current location; receiving, by an authentication policy engine, an authentication policy associated with a particular relying party, the authentication policy defining a set of one or more authentication techniques to provide a sufficient level of user authentication for a current transaction based on the identified location class; and selecting, by the authentication policy engine, from the set of one or more authentication techniques to authenticate the user for the current transaction based on the identified location class.