WO2003067404A1 - A secure locator device - Google Patents
A secure locator device Download PDFInfo
- Publication number
- WO2003067404A1 WO2003067404A1 PCT/NO2002/000055 NO0200055W WO03067404A1 WO 2003067404 A1 WO2003067404 A1 WO 2003067404A1 NO 0200055 W NO0200055 W NO 0200055W WO 03067404 A1 WO03067404 A1 WO 03067404A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- message
- locator device
- secure
- user
- sender
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/86—Secure or tamper-resistant housings
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B65—CONVEYING; PACKING; STORING; HANDLING THIN OR FILAMENTARY MATERIAL
- B65D—CONTAINERS FOR STORAGE OR TRANSPORT OF ARTICLES OR MATERIALS, e.g. BAGS, BARRELS, BOTTLES, BOXES, CANS, CARTONS, CRATES, DRUMS, JARS, TANKS, HOPPERS, FORWARDING CONTAINERS; ACCESSORIES, CLOSURES, OR FITTINGS THEREFOR; PACKAGING ELEMENTS; PACKAGES
- B65D50/00—Closures with means for discouraging unauthorised opening or removal thereof, with or without indicating means, e.g. child-proof closures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
- G06F21/335—User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/222—Monitoring or handling of messages using geographical location information, e.g. messages transmitted or received in proximity of a certain spot or area
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
Definitions
- the present invention is related to a secure locator device for obtaining an authorisation of a user towards a service related to the user's identity and the user's geographical position.
- One such situation may be illustrated by an electronic betting service that is legal only for citizens residing within the borders of some geographical area at the time of the on-line betting.
- said means should authorise access to the service provided that the user of the device is member of the group that is allowed to use the service, i.e. s/he meets the access criteria including own position and, if needed, identity.
- One such situation may be illustrated by an encrypted TV broadcast of a live event where access shall be granted only to viewers residing outside, or only inside, a given area around the location of the live event.
- the geographical part of the access conditions denies access to all positions within or without that circle.
- a secure locator device must be able to generate an electronic message representing the unique identity of the sender, the position of the sender in some defined reference frame, e.g. by latitude and longitude in WGS84, at the time of the transmission, a message and a digital signature created from the message, the user identity, the position indication, and a timestamp.
- a secure locator device must be able to grant access to a service only subject to verifying that the access conditions for the service are met, including that the user is a member of the intended group of recipients and that the geographical position of the user is acceptable.
- the secure locator device combines and integrates the mentioned techniques into a tamper resistant device to prevent manipulation of position, identity or other information by the user to obtain access to a geographically or otherwise restricted service. This is combined with a legal binding, i.e. a contract, where a user accepts that a digital signature generated by her/his secure locator device is legally equivalent to his written signature. The combination of these elements ensures the integrity of the message with authentication of the user's identity and location.
- the sender's position given in the output message M 0 may be exchanged for a less accurate position indication, by either indicating the geographic area in which the sender is located or giving an affirmative or negative response to an inquiry about the sender's presence inside a specific geographical area.
- the same kind of degradation of accuracy may be applied in the service enabling case.
- a message sent from a user can be authenticated towards a service provider, i.e. so that s/he can be granted access to some service, or a potential user of some restricted service may be given access to the service by a secure locator device dependent on that the user meets the access criteria for the service including that the user's current geographical position is acceptable and that this has been verified by the secure locator device.
- FIG. 1 discloses a functional description of the secure device according to the present invention
- figure 2 discloses a structural block diagram of the secure locator device according to the present invention.
- the secure locator device is used for obtaining authenticated identity and authenticated geographical location regarding the sender of a message.
- the following functionality is relevant:
- the secure locator device receives a command, containing an input message
- Mi i.g.a general message and a user identification ID user e.g. using a PIN code or biometrics.
- the secure locator device checks the ID user .
- the secure locator device obtains own geographical position.
- the secure device composes a new message M 0 containing some, or all, of the following information:
- the secure device computes a digital signature over M 0 . All or selected fields of M 0 may also be encrypted.
- the secure device gives a response containing the message M 0 and the computed signature.
- the secure locator device is used for selectively authorising, i.g. allowing or denying a user access to some service.
- the following functionality is relevant:
- the secure locator device receives a command, containing an input message Mj, including access conditions for some service, and possibly a user-identification IDuser, e -g- using a PIN code or biometrics.
- the secure device checks the ID user .
- the secure locator device obtains own geographical position.
- the secure locator device issues a command or message M 0 that gives the user access to some service.
- the secure locator device 1 consists of the following . functional blocks: A positioning device 2, a cryptographic computer 3, an I/O controller 4, a physical I/O device 5 and optionally an input device 7, e.g. for biometrics or PLN-input directly to the device. All these sub-devices are encapsulated in a tamper resistant physical enclosure 8 and or integrated in VLSI with security measures 8 to ensure the tamper resistance.
- the positioning device 2 is producing information on the position.
- the positioning device can be an integrated GPS satellite receiver, a cellular phone unit/SIM microchip module with a program to determine location as a function of the network of base-stations or some other positioning device able to produce an absolute or relative position.
- the security computer 3 is some computational device able to perform cryptographic and security functions as well as general computations.
- the I/O controller 4 is either dedicated hardware and/or driver software to necessary or unnecessary support the communication towards the physical I/O device.
- the physical I/O device 5 may be any standard connector or plug or devices, e.g. USB, ISO 7816 smart card interface, PCMCIA and others.
- the input device 6 may be any input device, e.g. a general keyboard, connected to the Consumer Device.
- the input device 7 may be any keyboard-type or biometrics device for user identification connected directly to the secure locator device.
- Tamper resistance 8 can be achieved by encapsulating these modules in a tamper resistant physical enclosure and/or by exploiting different security measures feasible and inherent in VLSI technology.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/NO2002/000055 WO2003067404A1 (en) | 2002-02-08 | 2002-02-08 | A secure locator device |
AU2002239177A AU2002239177A1 (en) | 2002-02-08 | 2002-02-08 | A secure locator device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/NO2002/000055 WO2003067404A1 (en) | 2002-02-08 | 2002-02-08 | A secure locator device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2003067404A1 true WO2003067404A1 (en) | 2003-08-14 |
Family
ID=27730990
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/NO2002/000055 WO2003067404A1 (en) | 2002-02-08 | 2002-02-08 | A secure locator device |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU2002239177A1 (en) |
WO (1) | WO2003067404A1 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1770580A2 (en) * | 2005-09-30 | 2007-04-04 | Samsung Electronics Co., Ltd. | Apparatus and method for executing security function using smart card |
EP1801726A1 (en) * | 2005-12-20 | 2007-06-27 | Wolfgang Suft | Device and method for creating an authentication characteristic |
WO2012018326A1 (en) * | 2010-08-04 | 2012-02-09 | Research In Motion Limited | Method and apparatus for providing continuous authentication based on dynamic personal information |
US8630620B2 (en) | 2007-01-26 | 2014-01-14 | Interdigital Technology Corporation | Method and apparatus for securing location information and access control using the location information |
US8737990B2 (en) | 2006-08-02 | 2014-05-27 | Nagravision S.A. | Method of local conditional access for mobile equipment |
GB2526264A (en) * | 2014-05-09 | 2015-11-25 | Trakcel Ltd | Verification method and system |
EP2862005A4 (en) * | 2012-06-14 | 2016-02-17 | Intel Corp | Reliability for location services |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5922073A (en) * | 1996-01-10 | 1999-07-13 | Canon Kabushiki Kaisha | System and method for controlling access to subject data using location data associated with the subject data and a requesting device |
EP0997808A2 (en) * | 1998-10-29 | 2000-05-03 | Datum, Inc. | Controlling access to stored information |
US6108365A (en) * | 1995-05-05 | 2000-08-22 | Philip A. Rubin And Associates, Inc. | GPS data access system |
WO2001054091A2 (en) * | 2000-01-19 | 2001-07-26 | Cyberlocator, Inc. | Method and system for controlling access to and taxation of gaming and other activities over a communitations network |
US6317500B1 (en) * | 1995-04-28 | 2001-11-13 | Trimble Navigation Limited | Method and apparatus for location-sensitive decryption of an encrypted signal |
-
2002
- 2002-02-08 WO PCT/NO2002/000055 patent/WO2003067404A1/en not_active Application Discontinuation
- 2002-02-08 AU AU2002239177A patent/AU2002239177A1/en not_active Abandoned
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6317500B1 (en) * | 1995-04-28 | 2001-11-13 | Trimble Navigation Limited | Method and apparatus for location-sensitive decryption of an encrypted signal |
US6108365A (en) * | 1995-05-05 | 2000-08-22 | Philip A. Rubin And Associates, Inc. | GPS data access system |
US5922073A (en) * | 1996-01-10 | 1999-07-13 | Canon Kabushiki Kaisha | System and method for controlling access to subject data using location data associated with the subject data and a requesting device |
EP0997808A2 (en) * | 1998-10-29 | 2000-05-03 | Datum, Inc. | Controlling access to stored information |
WO2001054091A2 (en) * | 2000-01-19 | 2001-07-26 | Cyberlocator, Inc. | Method and system for controlling access to and taxation of gaming and other activities over a communitations network |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1770580A2 (en) * | 2005-09-30 | 2007-04-04 | Samsung Electronics Co., Ltd. | Apparatus and method for executing security function using smart card |
EP1770580A3 (en) * | 2005-09-30 | 2012-04-25 | Samsung Electronics Co., Ltd. | Apparatus and method for executing security function using smart card |
EP1801726A1 (en) * | 2005-12-20 | 2007-06-27 | Wolfgang Suft | Device and method for creating an authentication characteristic |
US8737990B2 (en) | 2006-08-02 | 2014-05-27 | Nagravision S.A. | Method of local conditional access for mobile equipment |
US8630620B2 (en) | 2007-01-26 | 2014-01-14 | Interdigital Technology Corporation | Method and apparatus for securing location information and access control using the location information |
WO2012018326A1 (en) * | 2010-08-04 | 2012-02-09 | Research In Motion Limited | Method and apparatus for providing continuous authentication based on dynamic personal information |
US9342677B2 (en) | 2010-08-04 | 2016-05-17 | Blackberry Limited | Method and apparatus to provide continuous authentication based on dynamic personal information |
EP2862005A4 (en) * | 2012-06-14 | 2016-02-17 | Intel Corp | Reliability for location services |
US9635557B2 (en) | 2012-06-14 | 2017-04-25 | Intel Corporation | Reliability for location services |
GB2526264A (en) * | 2014-05-09 | 2015-11-25 | Trakcel Ltd | Verification method and system |
Also Published As
Publication number | Publication date |
---|---|
AU2002239177A1 (en) | 2003-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109711133B (en) | Identity information authentication method and device and server | |
CN102933980B (en) | Method of providing an authenticable time-and-location indication | |
EP1090307B1 (en) | System and process for limiting distribution of information on a communication network based on geographic location | |
US7792297B1 (en) | System and process for limiting distribution of information on a communication network based on geographic location | |
KR101395749B1 (en) | Method for creating a secure counter on an on-board computer system comprising a chip card | |
CN100562902C (en) | Be used for the method and system that safety management is stored in the data on the electronic tag | |
CA2287379C (en) | Method and apparatus for providing authenticated, secure on-line communication between remote locations | |
JP4959463B2 (en) | Location authentication system | |
WO2001054091A2 (en) | Method and system for controlling access to and taxation of gaming and other activities over a communitations network | |
EP0997808A2 (en) | Controlling access to stored information | |
EP1331543A2 (en) | Access control | |
US20030177094A1 (en) | Authenticatable positioning data | |
WO2002069291A3 (en) | Electronic transaction systems and methods therefor | |
CN101589361A (en) | The distribution of control figure identification presentation and use | |
JPWO2005098468A1 (en) | Position guarantee server, position guarantee system, and position guarantee method | |
US20030140256A1 (en) | Wireless local communication network, access control method for a wireless local communication network and devices suitable therefor | |
WO2003034192A1 (en) | Systems and methods for facilitating transactions in accordance with a region requirement | |
US7284266B1 (en) | System and method for secure biometric identification | |
US20100268778A1 (en) | Apparatus and method for sharing identity in ubiquitous environment | |
US20050091544A1 (en) | Controlling an application provided on a portable object | |
JP4644018B2 (en) | Location authentication method, mobile terminal and control station | |
CN1708988A (en) | GMS SMS based authentication system for digital TV | |
WO2003067404A1 (en) | A secure locator device | |
EP2319738A1 (en) | Wireless communcations system and method | |
EP1353260B1 (en) | Positional information storage system and method, semiconductor memory, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |