发明名称 |
Authenticating user sessions based on reputation of user locations |
摘要 |
User sessions are authenticated based on locations associated with a user account used for sending a request for creating a session. Examples of locations of a source of a request include a geographical location, a network address, or a machine cookie associated with a device sending the request. Locations of the request are compared with stored safe locations associated with the user account and a suspiciousness index is determined for the session. The level of authentication required for the session is determined based on the suspiciousness index. Locations are associated with a reputation based on past history of sessions originating from the locations. A location associated with a history of creating suspicious session is considered an unsafe location. Reputation of the location originating the session is used to determine the level of authentication required for the session. |
申请公布号 |
US8869243(B2) |
申请公布日期 |
2014.10.21 |
申请号 |
US200912646803 |
申请日期 |
2009.12.23 |
申请人 |
Facebook, Inc. |
发明人 |
McGeehan Ryan;Popov Lev Timourovich;Palow Christopher William;Read Robert J.;Keyani Pedram |
分类号 |
G06F7/04;G06F21/31 |
主分类号 |
G06F7/04 |
代理机构 |
Fenwick & West LLP |
代理人 |
Fenwick & West LLP |
主权项 |
1. A computer implemented method comprising:
receiving a request for creating a session from a computing device; identifying a location associated with the computing device originating the request; receiving a measure of reputation of the location, wherein the measure of reputation of the location is determined based at least in part on a set of past sessions of a plurality of other users that originated from the location, the measure of reputation indicating the location as being safe if more than a threshold of past sessions correspond to benign requests, wherein a request is classified as a benign request if the request is for access to information of a user by another user connected to the user via a social networking system; determining a level of authentication required from the sender of the request based on the measure of reputation of the location; and sending a request for authentication, wherein the information requested for authentication is determined based on the determined level of authentication. |
地址 |
Menlo Park CA US |