U.S. patent application number 12/748175 was filed with the patent office on 2011-08-18 for method and system for authorizing transactions based on relative location of devices.
Invention is credited to Charles Abraham, Mark Buer, David Garrett, Jeyhan Karaoguz, David Lundgren, David Murray.
Application Number | 20110202460 12/748175 |
Document ID | / |
Family ID | 44370298 |
Filed Date | 2011-08-18 |
United States Patent
Application |
20110202460 |
Kind Code |
A1 |
Buer; Mark ; et al. |
August 18, 2011 |
METHOD AND SYSTEM FOR AUTHORIZING TRANSACTIONS BASED ON RELATIVE
LOCATION OF DEVICES
Abstract
Aspects of a method and system for authorizing transactions
based on relative location of devices are provided. In this regard,
data relating to a location of a first communication device and
data relating to a location of a second communication device may be
received, a distance between the first communication device and the
second communication device may be determined based on the received
data, and whether to approve a transaction may be determined based
on the determined distance. The transaction may have been initiated
from one of the first communication device and the second
communication device, and may comprise a need to access an account.
The transaction may be approved in instances that the first
communication device and the second communication device are within
a predetermined distance of each other. The received data may
comprise distance information determined via communications between
the first communication device and the second communication
device.
Inventors: |
Buer; Mark; (Gilbert,
AZ) ; Abraham; Charles; (Los Gatos, CA) ;
Garrett; David; (Tustin, CA) ; Karaoguz; Jeyhan;
(Irvine, CA) ; Lundgren; David; (Mill Valley,
CA) ; Murray; David; (Mission Viejo, CA) |
Family ID: |
44370298 |
Appl. No.: |
12/748175 |
Filed: |
March 26, 2010 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
61304947 |
Feb 16, 2010 |
|
|
|
61312979 |
Mar 11, 2010 |
|
|
|
61312994 |
Mar 11, 2010 |
|
|
|
61303794 |
Feb 12, 2010 |
|
|
|
61309260 |
Mar 1, 2010 |
|
|
|
Current U.S.
Class: |
705/44 ; 455/411;
701/300 |
Current CPC
Class: |
G06Q 20/40 20130101;
H04W 84/18 20130101; A63B 71/0672 20130101; G06Q 30/02 20130101;
G06Q 20/1085 20130101; G06Q 20/04 20130101; G06Q 20/206 20130101;
G06Q 20/3224 20130101; G06Q 40/02 20130101 |
Class at
Publication: |
705/44 ; 701/300;
455/411 |
International
Class: |
G06Q 20/00 20060101
G06Q020/00; G01C 21/00 20060101 G01C021/00; H04M 1/66 20060101
H04M001/66 |
Claims
1. A method for networking, the method comprising: in a first
network device: receiving data relating to a location of a first
communication device and data relating to a location of a second
communication device; determining a distance between said first
communication device and said second communication device based on
said received data relating to said location of said first
communication device and said received data relating to said
location of said second communication device; determining, based on
said determined distance, whether to approve a transaction, wherein
said transaction was initiated from one of said first communication
device and said second communication device, and said transaction
comprises a need to access an account; and communicating a result
of said determining whether to approve said transaction.
2. The method according to claim 1, wherein said transaction is
approved in instances that said first communication device and said
second communication device are within a predetermined distance of
each other.
3. The method according to claim 1, wherein one or both of said
received data relating to said location of said first communication
device and said received data relating to said location of said
second communication device comprises global navigation satellite
system (GNSS) coordinates.
4. The method according to claim 1, wherein one or both of said
received data relating to said location of said first communication
device and said received data relating to said location of said
second communication device comprises distance information
determined via communications between said first communication
device and said second communication device.
5. The method according to claim 4, wherein said communications are
in accordance with one or both of Bluetooth standards and IEEE
802.11 standards.
6. The method according to claim 1, wherein said communications are
between a secure subsystem within said first communication device
and a secure subsystem within said second communication device.
7. The method according to claim 1, wherein said first
communication device and said second communication device are
associated, in an database accessible by said first network device,
with said account.
8. The method according to claim 7, wherein whether to approve said
transaction is determined based on preferences associated, in said
database, with one or both of said first communication device and
said second communication device.
9. The method according to claim 1, wherein said transaction
comprises an electronic payment or funds transfer.
10. The method according to claim 1, wherein said determining
whether to approve said transaction occurs in response to a request
from a second network device.
11. The method according to claim 10, wherein a result of said
determining whether to approve said transaction is communicated to
said second network device.
12. A system comprising one or more circuits and/or processors for
use in connection with a location server, said one or more circuits
and/or processors being operable to: receive data relating to a
location of a first communication device and data relating to a
location of a second communication device; determine a distance
between said first communication device and said second
communication device based on said received data relating to said
location of said first communication device and said received data
relating to said location of said second communication device;
determine, based on said determined distance, whether to approve a
transaction, wherein said transaction was initiated from one of
said first communication device and said second communication
device, and said transaction comprises a need to access an account;
and communicate a result of said determining whether to approve
said transaction.
13. The system according to claim 12, wherein said transaction is
approved in instances that said first communication device and said
second communication device are within a predetermined distance of
each other.
14. The system according to claim 12, wherein one or both of said
received data relating to said location of said first communication
device and said received data relating to said location of said
second communication device comprises global navigation satellite
system (GNSS) coordinates.
15. The system according to claim 12, wherein one or both of said
received data relating to said location of said first communication
device and said received data relating to said location of said
second communication device comprises distance information
determined via communications between said first communication
device and said second communication device.
16. The system according to claim 15, wherein said communications
are between a secure subsystem within said first communication
device and a secure subsystem within said second communication
device.
17. The system according to claim 15, wherein said communications
are in accordance with one or both of Bluetooth standards and IEEE
802.11 standards.
18. The system according to claim 12, wherein said first
communication device and said second communication device are
associated, in a database accessible by said location server, with
said account.
19. The system according to claim 18, wherein whether to approve
said transaction is determined based on preferences associated, in
said database, with one or both of said first communication device
and said second communication device.
20. The system according to claim 12, wherein said transaction
comprises an electronic payment or funds transfer.
21. The system according to claim 12, wherein said determining
whether to approve said transaction occurs in response to a request
from a network device.
22. The system according to claim 21, wherein a result of said
determining whether to approve said transaction is communicated to
said network device.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS/INCORPORATION BY
REFERENCE
[0001] This patent application makes reference to, claims priority
to and claims benefit from:
U.S. Provisional Patent Application Ser. No. 61/304,947 (Attorney
Docket No. 20997US01) filed on Feb. 16, 2010; U.S. Provisional
Patent Application Ser. No. 61/312,979 (Attorney Docket No.
21007US01) filed on Mar. 11, 2010; U.S. Provisional Patent
Application Ser. No. 61/312,994 (Attorney Docket No. 21008US01)
filed on Mar. 11, 2010; U.S. Provisional Patent Application Ser.
No. 61/303,794 (Attorney Docket No. 21009US01) filed on Feb. 12,
2010; and U.S. Provisional Patent Application Ser. No. 61/609,260
(Attorney Docket No. 21024US01) filed on Mar. 1, 2010.
[0002] This Application also makes reference to:
U.S. patent application Ser. No. ______ (Attorney Docket No.
20997US02) filed on even date herewith; U.S. patent application
Ser. No. ______ (Attorney Docket No. 21007US02) filed on even date
herewith; U.S. patent application Ser. No. ______ (Attorney Docket
No. 21009US02) filed on even date herewith; and U.S. patent
application Ser. No. ______ (Attorney Docket No. 21024US02) filed
on even date herewith.
[0003] Each of the above stated applications is hereby incorporated
herein by reference in its entirety.
FIELD OF THE INVENTION
[0004] Certain embodiments of the invention relate to networking.
More specifically, certain embodiments of the invention relate to a
method and system for authorizing transactions based on relative
location of devices.
BACKGROUND OF THE INVENTION
[0005] The security of electronic networks continues to grow in
importance as more and more sensitive information is stored
electronically communicated via such electronic networks.
Businesses seeking to protect trade secrets and individuals seeking
to protect their credit and identity are two primary forces driving
the need for stronger network security. In this regard, the fact
that such problems are prevalent today illustrates may be an
indication that traditional security techniques such as
username/password requirements and various encryption techniques
are insufficient in many instances.
[0006] Further limitations and disadvantages of conventional and
traditional approaches will become apparent to one of skill in the
art, through comparison of such systems with some aspects of the
present invention as set forth in the remainder of the present
application with reference to the drawings.
BRIEF SUMMARY OF THE INVENTION
[0007] A system and/or method is provided for authorizing
transactions based on relative location of devices, substantially
as illustrated by and/or described in connection with at least one
of the figures, as set forth more completely in the claims.
[0008] These and other advantages, aspects and novel features of
the present invention, as well as details of an illustrated
embodiment thereof, will be more fully understood from the
following description and drawings.
BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS
[0009] FIG. 1 is a block diagram illustrating an exemplary
communication system that enables authorization of transactions
based on relative location of devices, in accordance with an
embodiment of the invention.
[0010] FIG. 2 is a block diagram illustrating an exemplary
communication device that may enable and/or utilize location based
services, in accordance with an embodiment of the invention.
[0011] FIG. 3 is a block diagram illustrating an exemplary location
server, in accordance with an embodiment of the invention.
[0012] FIG. 4 is a flow chart illustrating exemplary steps for
authorizing transactions based on relative location of devices, in
accordance with an embodiment of the invention.
DETAILED DESCRIPTION OF THE INVENTION
[0013] Certain embodiments of the invention may be found in a
method and system authorizing transactions based on relative
location of devices. In various embodiments of the invention, data
relating to a location of a first communication device and data
relating to a location of a second communication device may be
received, a distance between the first communication device and the
second communication device may be determined based on the received
data, and whether to approve a transaction may be determined based
on the determined distance. The transaction may have been initiated
from one of the first communication device and the second
communication device, and may comprise a need to access an account.
The transaction may be approved in instances that the first
communication device and the second communication device are within
a predetermined distance of each other. The received data may
comprise global navigation satellite system (GNSS) coordinates. The
received data may comprise distance information determined via
communications between the first communication device and the
second communication device. The communications between the first
communication device and the second communication device may be in
accordance with Bluetooth and/or IEEE 802.11 standards, for
example. The first communication device and the second
communication device may be associated, in a database, with the
account. Whether to approve the transaction may be determined based
on preferences associated, in the database, with one or both of the
first communication device and the second communication device. The
transaction may comprise an electronic payment or funds transfer.
Determining whether to approve the transaction may occur in
response to a request from a network device. A result of the
determination of whether to approve the transaction may be
communicated to the network device.
[0014] FIG. 1 is a block diagram illustrating an exemplary
communication system that enables authorizing transactions based on
device location, in accordance with an embodiment of the invention.
Referring to FIG. 1, there is shown a communication system 100
comprising communication devices 102 and 104, a mobile core network
110, wireless access points (APs) 112a and 112b, a cellular
basestation (BS) 114, a Worldwide Interoperability for Microwave
Access (WiMAX) BS 116, a broadcast tower 118, a Global Navigation
Satellite Systems (GNSS) network 120, a plurality of GNSS
satellites 122a-122n, the Internet 130, a location server 140, and
a satellite reference network (SRN) 150. The communication devices
102 and 104 may be at locations 106 and 108, respectively.
[0015] The GNSS network 120 may comprise suitable logic, circuitry,
interfaces, and/or code that may provide navigation information to
land-based devices via satellite links. The GNSS network 120 may
provide positioning information via downlink satellite links
transmitted to land-based devices, such as the mobile communication
devices 102 and 104, to enable determining their locations. In this
regard, the GNSS network 120 may comprise, for example, the
plurality of GNSS satellites 122a-122n, each of which is operable
to provide satellite transmissions based on a global navigation
satellite system (GNSS). Exemplary GNSS systems may comprise, for
example, the Global Positioning System (GPS), GLONASS and/or
Galileo based satellite system. The plurality of GNSS satellites
122a-122n may directly provide positioning information and/or a
land-based device may utilize satellite transmissions from
different satellite to determine its location using, for example,
triangulation based techniques.
[0016] The Internet 130 may comprise a system of interconnected
networks and/or devices that enable exchange of information and/or
data among a plurality of nodes, based on one or more networking
standards, including, for example, Internet Protocols (IP). The
Internet 130 may enable, for example, connectivity among a
plurality of private and public, academic, business, and/or
government nodes and/or networks, wherein the physical connectivity
may be provided via the Public Switched Telephone Network (PSTN),
utilizing copper wires, fiber-optic cables, wireless interfaces,
and/or other standards-based interfaces.
[0017] The mobile core network 110 may comprise suitable logic,
circuitry, interfaces, and/or code that are operable to provide
interfacing and/or connectivity servicing among one or more access
networks, which may be provide network accessibility to mobile
communication devices, and external data networks such as packet
data networks (PDNs) and/or the Internet 130. The mobile
communication devices 102 and 104 may access the mobile core
network 110, for example, via the wireless AP 112a, the cellular BS
114, and/or the WiMAX BS 116. The mobile core network 110 may be
configured to communicate various data services, which are provided
by external data networks, to associated users.
[0018] The wireless APs 112a and 112b may each comprise suitable
logic, circuitry, interfaces, and/or code that are operable to
provide data services to communication devices, such as one or more
of the mobile communication devices 102 and 104, in adherence with
one or more wireless LAN (WLAN) standards such as, for example,
IEEE 802.11, 802.11a, 802.11b, 802.11d, 802.11e, 802.11n, 802.11v,
and/or 802.11u. The wireless AP 112a may communicate with the
mobile core network 110, via one or more links and/or associated
devices, for example. The wireless AP 112b may communicate with the
Internet 110, via one or more links and/or associated devices, for
example. In this manner, the wireless APs 112a and 112b may provide
network access to the mobile communication devices 102 and 104.
[0019] The cellular BS 114 may comprise suitable logic, circuitry,
interfaces, and/or code that are operable to provide voice and/or
data services to communication devices, such as one or more of the
mobile communication devices 102 and 104, in adherence with one or
more cellular communication standards. Exemplary cellular
communication standards may comprise Global System for Mobile
communications (GSM), General Packet Radio Services (GPRS),
Universal Mobile Telecommunications System (UMTS), Enhanced Data
rates for GSM Evolution (EDGE), Enhanced GPRS (EGPRS), and/or 3GPP
Long Term Evolution (LTE). The cellular BS 114 may communicate with
the mobile core network 110 and/or the Internet 130, via one or
more backhaul links and/or associated devices for example. In this
manner, the cellular BS 114 may provide network access to the
mobile communication devices 102 and 104.
[0020] The WiMAX BS 116 may comprise suitable logic, circuitry,
interfaces, and/or code that are operable to provide WiMAX based
data services to communication devices, such as one or more of the
mobile communication devices 102 and 104. The WiMAX BS 116 may
communicate with the mobile core network 110 and/or the Internet
130, via one or more backhaul links and/or associated devices for
example. In this manner, the WiMAX BS 116 may provide network
access to the mobile communication devices 102 and 104.
[0021] The broadcast tower 118 may comprise, for example, a
terrestrial radio and/or terrestrial television transmitter. In
this regard, the broadcast tower 118 may transmit television and/or
radio in accordance with one or more broadcast standards such as,
for example, AM radio, FM radio, Radio Data Services (RDS or RBDS),
the Digital Video Broadcasting (DVB) family of standards, the
Advanced Television Systems Committee (ATSC) family of standards,
the Integrated Services Digital Broadcasting (ISDB) family of
standards, the Digital Terrestrial Multimedia Broadcast (DTMB)
family of standards, and the Digital Multimedia Broadcasting (DMB)
family of standards.
[0022] The server 132 may store private and/or secure information,
such as financial information, which may be accessed during a
transaction such as an electronic funds transfer or online
purchase. For example, the server 132 may store information for
credit card holders and may process debits and/or credits to
card-holders accounts. Accordingly, for purposes of this
application, the server 132 may be referred to as a "transaction
hosting server."
[0023] The SRN 150 may comprise suitable logic, circuitry,
interfaces, and/or code that are operable to collect and/or
distribute data from GNSS satellites, on a continuous basis. In
this regard, the SRN 150 may comprise a plurality of GNSS reference
tracking stations located around the world to provide A-GNSS
coverage all the time in both a home network and/or any visited
network. The SRN 150 may utilize satellite signal received from
various GNSS constellations, such as, for example, the plurality of
GNSS satellites 122a-122n of the GNSS network 120. The location
server 140 may provide location related data when requested to do
so.
[0024] The location server 140 may comprise suitable logic,
circuitry, interfaces, and/or code that are operable to provide
and/or support location based services (LBS). In this regard, the
location server 140 may store and/or process location related data
associated with communication devices and/or users thereof. The
location server 140 may be operable to maintain, for example, the
reference database 142, which may comprise profile elements
corresponding to each of the mobile communication devices 102 and
104, and/or users thereof, for example. In this regard, users may
register or otherwise establish a location based services (LBS)
account (also referred to as a profile) with the owner and/or
operator of the location server 140 and the location server 140 may
store location related data associated with the accounts. LBS
accounts or profiles may, for example, be associated with one or
more users, one or more communications devices, or a combination
thereof.
[0025] The location related data may be stored in a reference
database 142 in the location server 140. The location related data
may be communicated securely to and from the location server 140
utilizing authentication and/or encryption mechanisms that may
prevent spoofing or otherwise tampering with the requests and/or
responses. In various embodiments of the invention, location
related data stored in the location server 140 may comprise GNSS
coordinates. In this regard, the location server 140 may also be
operable to access and/or communicate with the SRN 150, for
example, to collect and/or update location related data
independently and/or autonomously. The location server 140 may be
operable to access the SRN 150 to collect GNSS satellite data, and
may utilize the collected GNSS satellite data to generate GNSS
assistance data (A-GNSS data) pertaining to, and/or associated with
the mobile communication devices 102 and 104. In various
embodiments of the invention, location related data stored in the
location server 140 may be collected and/or retrieve location
related data from the mobile communication devices 102 and 104. In
this regard, the location related data may be uploaded to the
location server 140 via any available means such as the APs 112a
and/or 112b, cellular BS 114, WiMAX BS 116, the Internet 130,
and/or other devices such as Femtocells. In some instances,
location related data may be determined via ranging and/or
triangulation based on communications to and/or from one or more of
the APs 112a and/or 112b, cellular BS 114, WiMAX BS 116, and
broadcast tower 118. Similarly, in some instances, location related
data may be determined via ranging based on communications between
the communication devices 102 and 104.
[0026] The location server 140 may be operable to communicate the
stored location related data when requested to do so. In addition,
the reference database 142 maintained in the location server 140
may be modified, refined, and/or updated. The modification may be
performed, for example, based on location related data received
from the SNR 150 and/or from the mobile communication devices 102
and 104 and/or other communication devices in the system 100. The
location related data may be uploaded, for example, by users
logging in to the location server 140 and manually updating
preferences, permissions, and/or other location related data.
Additionally or alternatively, location related data may be
updated, for example, automatically. Such automatic uploading
and/or updating may, for example, be performed periodically,
occasionally, and/or upon the occurrence of certain events, such as
an attempted transaction, completed transaction, and/or data
reaching a particular age.
[0027] Various security protocols and/or procedures may be used
and/or implemented within the system 100 to ensure secure exchange
of location related data among, for example, devices, such as the
communication devices 102 and 104, associated with LBS accounts
and/or devices, such as the transaction processing server 132,
seeking to authenticate devices and/or users associated with an LBS
account. In this regard, each of the communication devices 102 and
104 may comprise a security subsystem that may be operable to
communicate reliable and secure location information to the
location server 140. The security subsystem may comprise, for
example, dedicated hardware and/or one or more secure applications
running on the communication device 104.
[0028] The communication devices 102 and 104 may each comprise
suitable logic, circuitry, interfaces and/or code to communicate
via one or more wired and/or wireless connections. In this regard,
the communication devices 102 and 104 may each be operable to
transmit and/or receive signals to and/or from one or more of the
APs 112a and 112b, the cellular BS 114, the WiMAX BS 116, the GNSS
network 120, and the broadcast tower 118. The communication devices
102 and 104 may each comprise, for example, a phone, a laptop, or a
personal media player.
[0029] In operation, a transaction, such as an online purchase
utilizing a credit card, may be attempted from the communication
device 102 and the purchase may be processed on to the transaction
hosting server 132. In this regard, the server 132 may attempt to
process the payment by checking the credit card's balance and/or
availability of funds. Upon accessing the credit card account, the
server 132 may determine that a LBS account is associated with the
credit card account and that the card owner has enrolled in
location based authentication. Accordingly, the server 132 may send
a request to the location server 140 to have the location server
140 approve the transaction. The request may include information
identifying the device 102 and/or location 108 from which the
transaction is being attempted.
[0030] Upon receiving the request for approval, the location server
140 may access the LBS account associated with the credit card
account and determine that communication devices 102 and 104 are
associated with the LBS account. The LBS server 140 may then
determine the distance between the communication devices 102 and
104. In some instances, the distance may be determined utilizing
location related data previously stored in the database 142.
However, in other instances, the location server 140 may request
updated location related information from one or both of the
communication devices 102 and 104 prior to calculating the
distance.
[0031] In an exemplary embodiment of the invention, upon receiving
a request to approve a transaction associated with an LBS account
that is, in turn, associated with the communication devices 102 and
104, the location server 102 may send a request to communication
device 104 for the communication device 104 to determine a distance
to the communication device 102 and report the distance back to the
location server 140. Accordingly, the communication device 104 may
attempt to communicate with the communication device 102 utilizing,
for example, Wi-Fi, ZigBee, or Bluetooth. In this regard, the
communication device 104 may attempt to determine the distance
utilizing the method and system described in U.S. patent
application Ser. No. ______ (Attorney Docket No. 21004US01). For
example, location information may be communicated between secure or
trusted subsystems of the communication devices 102 and 104 such
that each of the communication devices 102 and 104 may be operable
to authenticate, decrypt, and/or otherwise secure or verify the
location information.
[0032] The formatting and/or type of distance determination may
differ depending on the implementation and/or on the particular
circumstances. For example, the distance determination may be
quantitative, such as a numerical distance or range of distances,
or may be more qualitative, such as "in range" or "out-of-range."
In some instances, upon determining that the transaction was
initiated from communication device 102, the request to determine
distance in accordance with this paragraph may be sent to the
communication device 104. Similarly, upon determining that the
transaction was initiated from communication device 104, the
request to determine distance in accordance with this paragraph may
be sent to the communication device 102.
[0033] Upon determining the distance between the communication
devices 102 and 104, the location server 140 may determine whether
to approve the transaction based on the distance. Such a
determination may be based on a variety of factors including, for
example, preferences and/or rules associated with the LBS account.
Such preferences and/or rules may be established, for example, by
the LBS account holder and/or the credit card company.
[0034] The preferences and/or rules may, for example, be based on
the type of transaction. For example, electronic funds transfers or
other financial transactions may only be approved when the
communication devices 102 and 104 are within X meters. As another
example, access to an online account, such as a financial account,
an email account, or a social networking account may be approved
only when communication device 102 is within Bluetooth or Wi-Fi
range of communication device 104.
[0035] For financial transactions, the preferences and/or rules
may, for example, be based on the amount involved. For example,
transactions involving amounts greater than $X.XX may be approved
only when the communication devices 102 and 104 are less than X
feet apart. Conversely, a rule or preference may be established
that, for all transactions involving less than $X.XX, the
transaction may be approved regardless of the distances between the
communication devices 102 and 104.
[0036] The preferences and/or rules may, for example, be based on
the time at which the transaction is being attempted. For example,
a rule or preference may be established that all transactions being
attempted between the hours of X:XX and Y:YY, and/or on certain
days, may be automatically denied or may automatically trigger
additional authentication measures when the communication devices
102 and 104 are not within X meters of each other.
[0037] The above rules, preferences, and transactions are just for
illustration and the invention is not so limited.
[0038] Upon determining whether to approve or deny the transaction,
the location server 140 may then communicate the approval or denial
to the server 132 and the server 132 may proceed accordingly.
[0039] FIG. 2 is a block diagram illustrating an exemplary
communication device that may enable and/or utilize location based
services, in accordance with an embodiment of the invention.
Referring to FIG. 2 there is shown a communication device 200, a
processor 202, a system memory 204, a system bus 206, a
communication subsystem 210, a plurality of interface processing
blocks 212a-212n, a security subsystem 220, and a transaction
management processing block 230. The communication device 200 may
be substantially similar to the communication devices 102 and 200
described with respect to FIG. 1.
[0040] The communication device 200 may comprise the host processer
202, the system memory 204, the system bus 206, the communication
subsystem 210, the security subsystem 220, and the transaction
management processing block 230. The communication device 200 may
be as described in FIG. 1. In this regard, the communication device
200 may enable reception and/or transmission of signals during
communication via one or more wired and/or wireless connections.
The communication device 200 may also be operable to support and/or
utilize location based services.
[0041] The processor 202 may comprise suitable logic, circuitry,
interfaces, and/or code that may be operable to process data and/or
control operations of the communication device 200. In this regard,
the host processor 202 may be operable to configure and/or control
operations of various components and/or systems of the
communication device 200, by for example, providing control
signals, controlling data transfers within the communication device
200, and enabling execution of applications, programs and/or code,
which may be stored in the system memory 204. Such operations of
the communication device 200 may comprise detection and/or
identification of the location of the communication device 200. In
this manner, the processor 202 may enable the communication device
200 to support and/or utilize location based services.
[0042] The memory 206 may comprise suitable logic, circuitry,
and/or code that may be operable to store information such as
executable instructions and data that may be utilized for
operations of the communication device 200, including utilizing
and/or supporting location based services. The memory 206 may
comprise RAM, ROM, low latency nonvolatile memory such as flash
memory and/or other suitable electronic data storage. One or more
portions of the memory 206 may be secured, e.g., via the security
subsystem 220, and the security may be implanted and/or enforced in
hardware. At least a portion of the memory may be a
one-time-programmable and may comprise information that may be
utilized in authenticating the device 200, its user, and/or its
location. The system memory 204 may store, for example, information
comprising configuration data used during LBS operations in the
communication device 200. The configuration data may comprise
parameters and/or code, which may comprise software and/or
firmware, but the configuration data need not be limited in this
regard.
[0043] The system bus 206 may comprise suitable logic, circuitry,
interfaces, and/or code that may enable exchange of data and/or
information between various components and/or systems in the
communication device 200. In this regard, the system bus may
comprise parallel or serial, and/or internal or external based bus
technologies, and/or any combinations thereof. Exemplary system bus
interfaces may comprise Inter-Integrated Circuit (I.sup.2C),
Universal Serial Bus (USB), Advanced Technology Attachment (ATA),
Small Computer System Interface (SCSI), Peripheral Component
Interconnect (PCI), and/or Peripheral Component Interconnect
Express (PCI-e) based interfaces.
[0044] The communication subsystem 210 may comprise suitable logic,
circuitry, code, and/or interfaces that may enable communication of
data, content, and/or messaging from and/or to the communication
device 200, based on one or more wired and/or wireless protocols.
The communication subsystem 210 may comprise, for example, the
plurality of processing blocks 212a-212n that may be operable to
perform communication based on wired or wireless standards
supported in the communication device 200. In this regard, each of
the plurality of processing blocks 212a-212n may comprise suitable
logic, circuitry, interfaces, and/or code that are operable to
detect, receive, and/or transmit signals based on specific
frequency bands and/or modulation schemes. The processing blocks
212a-212n may also be operable to perform necessary processing
operations, which may comprise, for example, buffering, filtering,
modulation/demodulation, up-conversion/down-conversion, and/or
digital-to-analog/analog-to-digital conversion. The plurality of
processing blocks 212a-212n may be configured to support, for
example, transmission and/or reception of RF signals during
communication based on Ethernet, Bluetooth, WLAN, cellular, WiMAX,
GNSS, FM interfaces and/or protocols.
[0045] The security subsystem 220 may comprise suitable logic,
circuitry, interfaces, and/or code that may operable to perform
security related operations in the communication device 200. In
this regard, the security subsystem 220 may perform device and/or
user authentication, certificate usage, and/or cryptographic
operations in the communication device 200. Various security
functions may be implemented in hardware to prevent security from
being circumvented via software and/or firmware modifications. In
various embodiments of the invention, the security subsystem 220
may comprise dedicated hardware and/or one or more
applications.
[0046] In operation, the communication device 200 may be utilized
to perform network access and/or communication via one or more
wired or wireless interfaces. In this regard, the communication
device 200 may, via the communication subsystem 210, receive
signals from and/or transmit signals to the wireless AP 112a,
wireless AP 112b, the cellular BS 114, the WiMAX BS 116, the
broadcast tower 118, and/or the Internet 130 (e.g., via Ethernet,
DSL, and/or cable infrastructure). During operations in the
communication device 200, the host processor 202 may manage and/or
control operations of, for example, communication subsystem 210
and/or security subsystem 220. In an exemplary aspect of the
invention, the communication device 200 may be operable to support
LBS application. In this regard, the communication device 200 may
be associated with an LBS account managed via the location server
140. Accordingly, the communication device 200 may communicate, via
the communication subsystem 210, with the location server 140.
[0047] Information communicated between the location server 140 and
the communication device 200 may be stored in the database 142
indexed by, or otherwise associated with, the LBS account that is
associated with the communication device 200 and/or an owner or
user thereof. The communication device 200 may interact with the
location server 140 via one or more of the wireless AP 112a,
wireless AP 112b, the cellular BS 114, the WiMAX BS 116, and/or the
Internet 130. During LBS related operations, the communication
device 200 may provide, and/or enable the location server 140 to
determine, the location of the communication device 200. During LBS
related operations, the security subsystem 220 may support various
authentication and/or confidentiality related operations performed
via the communication device 200. For example, the security
subsystem 220 may prevent a user, via software or firmware, from
spoofing the location of the communication device 200. In this
regard, the security subsystem 220 may be trusted by the location
server 140 and/or other communication devices such as the devices
102 and 104 such that location information received from the
communication device 200 may be trusted and/or relied upon for
determining distance.
[0048] Additionally, location may be checked via a plurality of
methods and if the checked methods report inconsistent locations,
then the transaction may not be completed. In some embodiments of
the invention, if a minority of the reported locations is
inconsistent, then other valid identification means may be
requested before the transaction is completed. Other identification
means may comprise passwords, special keys, passphrases, and
personal identifying information,
[0049] In various embodiments of the invention, the communication
device 200 may determine its current location, which may be done
using, for example, GNSS signals received via one or more of the
plurality of processing blocks 212a-212n, LBS data and/or
applications provided by the location server 140, the communication
devices 102 and 104, and/or various entities, such as the wireless
APs 112, the cellular BS 114, and the WiMAX BS 116, with which the
communication devices 102 and 104 communicate. The security
subsystem 220 may then perform, in conjunction with a location
server such as the location server 140, user authentication based
on, for example, LBS based data and/or applications. Once the
location of the device 200 is determined, and/or device and/or user
authentication is performed, transactions, such as described with
respect to FIG. 1, may be initiated and/or completed.
[0050] FIG. 3 is a block diagram illustrating an exemplary location
server, in accordance with an embodiment of the invention.
Referring to FIG. 3 there is shown a server 140, a processor 302, a
memory 304, a reference database 142, and an interfacing subsystem
310.
[0051] The server 140 may comprise the processor 302, the memory
304, the reference database 142, and the interfacing subsystem 310.
In this regard, the server 140 may be operable to provide and/or
support location based services (LBS). In an exemplary aspect of
the invention, the server 140 may maintain location related data,
via the reference database 142, for example. The location related
data may be associated with communication devices that have an
account with, or are otherwise associated with, the location based
services provider that owns and/or operates the location server
140. Location related data may, for example, comprise information
associated with location(s) that the communication devices 102 and
104 are at and/or locations to which the communication devices 102
and 104 have been.
[0052] The processor 302 may comprise suitable logic, circuitry,
interfaces, and/or code that may be operable to manage and/or
control operations of the server 140. In this regard, the processor
302 may be operable to configure and/or control operations of
various components and/or systems of the location server 140, by
providing, for example, control signals. The processor 302 may also
control data transfers within the location server 140, including
data storage and/or retrieval from memory 304 and/or generating,
storing, and/or updating elements in the reference database 142.
The processor 302 may enable execution of applications, programs
and/or code, which may be stored in the memory 304 for example, to
enable performing various services and/or application requested
from the location server 140, including location based services
(LBS) applications for example.
[0053] The memory 304 may comprise suitable logic, circuitry,
interfaces, and/or code that enable permanent and/or non-permanent
storage and/or fetch of data, code and/or other information used in
the location server 140. In this regard, the memory 304 may
comprise different memory technologies, including, for example,
read-only memory (ROM), random access memory (RAM), and/or Flash
memory. The memory 304 may be operable to store, for example, data
and/or code used during LBS operations in the location server 140.
The data and/or code may comprise configuration data or parameters,
and the code may comprise operational code such as software and/or
firmware, but the information need not be limited in this
regard.
[0054] The reference database 142 may comprise suitable logic,
circuitry, interfaces, and/or code that may be operable to store
location related data for one or more LBS accounts, wherein each
LBS account may be associated with one or more communication
devices, such as the communication devices 102 and 104, and/or
owners thereof and/or users thereof. The reference database 142 may
be internally or externally coupled to the location server 140. The
stored location related data may be collected from and/or provided
to associated devices and/or users to support LBS applications. The
reference database 142 may be operable to manage and update the
stored location related data when requested, dynamically whenever
any change is detected, and/or periodically. In an exemplary aspect
of the invention, the reference database 142 may comprise data
which may be utilized to approve or deny transactions. Furthermore,
the reference database 142 may be updated and/or modified based on
data communicated to the server 140 by the communication devices
102 and 104, the SRN 150, the wireless APs 112, the cellular BS
114, the WiMAX BS 116, and/or other devices.
[0055] The interfacing subsystem 310 may comprise suitable logic,
circuitry, interfaces, and/or code that may enable communication of
data, content, and/or messaging from and/or to the location server
140. The interfacing system 310 may support, for example, a
plurality of physical and/or logical connections, based on one or
more wired and/or wireless interfaces in the location server 140.
In this regard, the interfacing system 330 may comprise, for
example, one or more network interface cards (NIC) and/or wireless
network interface cards (WNIC).
[0056] In operation, the location server 140 may be utilized to
provide location based services (LBS). To facilitate LBS operations
and/or servicing via the location server 140, the processor 302 may
be operable to communicate, via the interfacing subsystem 310, with
the SRN 150, the mobile core network 110, and/or the Internet 130
to collect location related data. The processor 302 may utilize the
collected location related data to build and/or update the
reference database 142, which may be coupled internally or
externally to the location server 140. The processor 302 may
retrieve or collect location related data from associated users,
such as the communication device 104. The location server 140 may
provide location related data by retrieving it from the reference
database 142. In this regard, the location server 140 may store the
location related data in the reference database 142 as elements
that may be indexed using identifiers that are specific to serviced
devices and/or users and/or owners thereof. Exemplary identifiers
comprise LBS account numbers, LBS account usernames, phone number
of a communication devices associated with LBS accounts, and MAC
addresses of a communication devices associated with LBS
accounts.
[0057] In an exemplary aspect of the invention, the reference
database 142 may store and/or maintain, via the reference database
142 for example, data and/or information which may be utilized to
approve or deny transactions, substantially as described with
regard to FIG. 1. The transaction related data may be stored into,
for example, LBS accounts (also referred to as profiles) maintained
via the reference database 142. In this regard, when determining
whether to approve a transaction, the server 140 may perform device
and/or user authentication procedures with the serviced devices,
such as the communication devices 102 and 104, and/or with devices
requesting the approval, such as the server 132.
[0058] The location server 140 may enable, via the interfacing
subsystem 310, access to LBS accounts such that information
associated with an account, such as account rules and/or
preferences, may be modified. In this regard, persons and/or
entities which may access an LBS account may comprise an owner
and/or user of a communication device associated with the LBS
account, a credit card company, bank, or other financial
institution associated with the LBS account, a wireless provider
associated the LBS account, an Internet service provider associated
with the LBS account, and/or any other person and/or entity which
has been associated with the LBS account through secure and
authenticated mechanisms,
[0059] FIG. 4 is a flow chart illustrating exemplary steps for
authorizing transactions based on relative location of devices, in
accordance with an embodiment of the invention. Referring to FIG.
4, the exemplary steps may begin with step 404 when a transaction,
such as online purchase using a credit card, is initiated from the
communication device 102, where the credit card and/or
communication device 102 is associated with an LBS account that is
also associated with the communication device 104. The attempted
purchase may be submitted to the server 132. Subsequent to step
404, the exemplary steps may advance to step 406.
[0060] In step 406, the server 132 may send a request to the
location server 140 for the location server 140 to determine
whether to approve the transaction. Subsequent to step 406, the
exemplary steps may advance to step 408.
[0061] In step 407, the location server 140 may access the LBS
account associated with the communication devices 102 and 104.
Based on rules and/or preference of the LBS account, the location
server 140 may determine, based on rules, preferences, and/or other
information in the LBS account, whether the transaction should be
automatically approved. That is, determine whether the transaction
should be approved or denied regardless of the distance between the
communication devices 102 and 104. In instances that the
transaction cannot be automatically approved or denied, the
exemplary steps may advance to step 408. In instances that the
transaction is to be automatically approved or denied, the
exemplary steps may advance to step 412.
[0062] In step 408, the location server 140 may determine the
distance between the communication devices 102 and 104. In this
regard, the location server 140 may send a request to one or both
of the communication devices 102 and 104 via one or more of the
wireless AP 112a, wireless AP 112b, the cellular BS 114, and the
WiMAX BS 116, and one or both of the communication devices 102 and
104 may respond with location information. In this regard, one or
both of the communication devices 102 and 104 may respond with, for
example, the GNSS coordinates of its current location, an RF
characterization of its current location, information about
distance to the other one of communication devices 102 and 104,
and/or information about a distance to, or communications with, a
transceiver such as one or more of the wireless APs 112, the
cellular BS 114, the WiMAX BS 116, and/or the broadcast tower 118.
The location information may be communicated via a security
subsystem 220 in each of the communication devices 102 and 104 such
that the location information may be trusted by the location server
140. Subsequent to step 408, the exemplary steps may advance to
step 410.
[0063] In step 410, the location server 140 may determine whether
to approve the transaction based on the distance between the
communication devices 102 and 104. How the distance between the
communication devices 102 and 104 factors into the determination
may depend on the rules and/or preferences of the LBS account. For
example, the transaction may be approved in instances that the
communication devices 102 and 104 are within X feet of each other.
In instances that the transaction is approved based on the distance
between the communication devices 102 and 104, the exemplary steps
may advance to step 412. In step 412, the location server 140 may
notify the server 132 that the transaction is approved. In step
414, the transaction may be completed.
[0064] Returning to step 410, in instances that the transaction is
denied, the location server 140 may seek approval of the
transaction via an out-of-band channel. For example, the location
server 140 may call or send a message to the communication device
104 requesting manual approval from the user of the communication
device 104. The user may reply to the message and send his or her
approval or denial. For example, to approve the transaction, the
user may have to provide a password. In instances that the user
denies the transaction, the exemplary steps may advance to step
422. In step 422, the location server 140 may notify the server 132
of the denial and the server 132 may, in turn, deny the
transaction.
[0065] Returning to step 418, in instances that the user allows the
transaction, the exemplary steps may advance to step 414 and the
transaction may be completed.
[0066] Although various steps and/or functions described with
respect to FIG. 4 are described as being performed in the location
server 140, the invention need not be so limited. For example, the
location server 140 may provide location related data to another
server or device and such steps and/or functions may be performed
in that server or device.
[0067] Although some devices are referred to as "communication
devices" and some are referred to as "network devices" such
terminology is for clarity of description only and is not meant to
limit the types or capabilities of the devices.
[0068] Various aspects of a method and system for authorizing
transactions based on relative location of devices are provided. In
an exemplary embodiment of the invention, data relating to a
location of a first communication device 102 and data relating to a
location of a second communication device 104 may be received, a
distance between the first communication device 102 and the second
communication device 104 may be determined based on the received
data, and whether to approve a transaction may be determined based
on the determined distance. The transaction may have been initiated
from one of the first communication device 102 and the second
communication device 102, and may comprise a need to access an
account, such as a financial or Internet-accessible account. The
transaction may be approved in instances that the first
communication device 102 and the second communication device 104
are within a predetermined distance of each other. The received
data may comprise global navigation satellite system (GNSS)
coordinates. The received data may comprise distance information
determined via communications between the first communication
device 102 and the second communication device 104. The
communications may be between or involve a security subsystem 220
in each of the communication devices 102 and 104. The
communications between the first communication device 102 and the
second communication device 104 may be in accordance with Bluetooth
and/or IEEE 802.11 standards, for example. The first communication
device 102 and the second communication device 104 may be
associated, in a database 142, with the account. Whether to approve
the transaction may be determined based on preferences associated,
in the database 142, with one or both of the first communication
device 102 and the second communication device 104. The transaction
may comprise an electronic payment or funds transfer. Determining
whether to approve the transaction may occur in response to a
request from a network device 132. A result of the determination of
whether to approve the transaction may be communicated to the
network device 132.
[0069] Other embodiments of the invention may provide a
non-transitory computer readable medium and/or storage medium,
and/or a non-transitory machine readable medium and/or storage
medium, having stored thereon, a machine code and/or a computer
program having at least one code section executable by a machine
and/or a computer, thereby causing the machine and/or computer to
perform the steps as described herein for authorizing transactions
based on relative location of devices.
[0070] Accordingly, the present invention may be realized in
hardware, software, or a combination of hardware and software. The
present invention may be realized in a centralized fashion in at
least one computer system, or in a distributed fashion where
different elements are spread across several interconnected
computer systems. Any kind of computer system or other apparatus
adapted for carrying out the methods described herein is suited. A
typical combination of hardware and software may be a
general-purpose computer system with a computer program that, when
being loaded and executed, controls the computer system such that
it carries out the methods described herein.
[0071] The present invention may also be embedded in a computer
program product, which comprises all the features enabling the
implementation of the methods described herein, and which when
loaded in a computer system is able to carry out these methods.
Computer program in the present context means any expression, in
any language, code or notation, of a set of instructions intended
to cause a system having an information processing capability to
perform a particular function either directly or after either or
both of the following: a) conversion to another language, code or
notation; b) reproduction in a different material form.
[0072] While the present invention has been described with
reference to certain embodiments, it will be understood by those
skilled in the art that various changes may be made and equivalents
may be substituted without departing from the scope of the present
invention. In addition, many modifications may be made to adapt a
particular situation or material to the teachings of the present
invention without departing from its scope. Therefore, it is
intended that the present invention not be limited to the
particular embodiment disclosed, but that the present invention
will include all embodiments falling within the scope of the
appended claims.
* * * * *