U.S. patent application number 15/006431 was filed with the patent office on 2016-05-19 for usage of beacon for location based security.
The applicant listed for this patent is QUALCOMM TECHNOLOGIES INTERNATIONAL, LTD.. Invention is credited to Nicolas Graube, Murray Robert Jarvis, Ben Tarlow.
Application Number | 20160142918 15/006431 |
Document ID | / |
Family ID | 50000476 |
Filed Date | 2016-05-19 |
United States Patent
Application |
20160142918 |
Kind Code |
A1 |
Graube; Nicolas ; et
al. |
May 19, 2016 |
USAGE OF BEACON FOR LOCATION BASED SECURITY
Abstract
A system for location based security which includes a plurality
of receivers. Each of the receivers determines limes of arrival of
received time varying signals. The system also includes a server in
communication with the receivers and a mobile device. The server
receives the times of arrival from the receivers, and times of
arrival of the time varying signals determined by the mobile
device. The server determines a location of the mobile device based
on the times of arrival. The server may then authorize the mobile
device to perform secure communication over the secure
communication network when the location of the mobile device is
determined to be in an authorized communication area defined based
on the Limes of arrival received from the receivers.
Inventors: |
Graube; Nicolas;
(Barrington, GB) ; Tarlow; Ben; (Cottenham,
GB) ; Jarvis; Murray Robert; (Stapleford,
GB) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
QUALCOMM TECHNOLOGIES INTERNATIONAL, LTD. |
CAMBRIDGE |
|
GB |
|
|
Family ID: |
50000476 |
Appl. No.: |
15/006431 |
Filed: |
January 26, 2016 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
13716365 |
Dec 17, 2012 |
9282459 |
|
|
15006431 |
|
|
|
|
Current U.S.
Class: |
455/411 |
Current CPC
Class: |
H04W 64/00 20130101;
G01S 5/06 20130101; H04W 12/08 20130101; G01S 5/0289 20130101; H04W
4/021 20130101; G01S 5/0205 20130101; H04L 63/107 20130101; G01S
5/16 20130101 |
International
Class: |
H04W 12/08 20060101
H04W012/08; H04W 4/02 20060101 H04W004/02; H04L 29/06 20060101
H04L029/06 |
Claims
1-20. (canceled)
21. A method for location based security in a system in an
authorized communication area, the method comprising: confirming,
by a server, a location of a mobile device by: transmitting a data
sequence to the mobile device using a short range transmitter;
receiving, by the server from the mobile device, the transmitted
data sequence transmitted; confirming, by the server, whether the
data sequence received from the mobile device matches the data
sequence transmitted from the short range transmitter.
22. The method of claim 21, wherein the short-range transmitter
transmits the data sequence as one of an ultrasonic, infrared or RF
signal in a frequency band such that transmitted signals tend not
to propagate outside of the authorized communication area.
23. (canceled)
24. A method for achieving location based network security,
comprising: receiving, by a server, data sequences from a plurality
of devices located within an authorized communication area;
determining, in the server, whether any of the received data
sequences received from the plurality of devices matches a data
sequence transmitted in the authorized communication area, wherein
the transmitted data sequence is a random or pseudorandom data
sequence; and transferring, from the server, cryptographic keys to
any of the plurality of devices from which a received data sequence
matches the transmitted data sequence, wherein the cryptographic
keys are configured to authorize secure network communication for
the plurality of devices located within an authorized communication
area.
25. The method of claim 24, further comprising: transmitting, by
the server, the transmitted data sequence within the authorized
communication area.
26. The method of claim 25, wherein transmitting the transmitted
data sequence within the authorized communication area comprises
transmitting the transmitted data sequence by the server via a
short range transmitter located within the authorized communication
area.
27. The method of claim 24, further comprising: computing, in the
server, an accuracy and number of received data sequences that
match the transmitted data sequence.
28. The method of claim 27, further comprising: determining, by the
server, whether the computed accuracy and number of received data
sequences that match the transmitted data sequence exceeds a
predetermined value; and transferring, from the server,
cryptographic keys to devices from which a received data sequence
matches the transmitted data sequence in response to determining
that the computed accuracy and number of received data sequences
that match the transmitted data sequence exceeds the predetermined
value.
29. The method of claim 24, wherein: receiving, by the server, data
sequences from the plurality of devices located within an
authorized communication area includes receiving data sequences
from one or more mobile devices; and transferring, from the server,
cryptographic keys to devices from which a received data sequence
matches the transmitted data sequence comprises transferring
cryptographic keys to the one or more mobile devices from which a
received data sequence matches the transmitted data sequence.
30. The method of claim 24, wherein receiving, by the server, data
sequences from the plurality of devices located within an
authorized communication area includes receiving data sequences
from one or more short range receivers.
31. The method of claim 24, wherein the transmitted data sequence
is transmitted using a medium that does not propagate outside of
the authorized communication area.
32. The method of claim 24, wherein transmitting, by the server,
the transmitted data sequence within the authorized communication
area comprises transmitting the transmitted data sequence by any
one of infrared signals, radio frequency signals, and ultrasonic
signals.
33. A server, comprising: a processor configured with
processor-executable instructions to perform operations comprising:
receiving data sequences from a plurality of devices located within
an authorized communication area; determining whether any of the
received data sequences received from the plurality of devices
matches a data sequence transmitted in the authorized communication
area, wherein the transmitted data sequence is a random or
pseudorandom data sequence; and transferring cryptographic keys to
any of the plurality of devices from which a received data sequence
matches the transmitted data sequence, wherein the cryptographic
keys are configured to authorize secure network communication for
the plurality of devices located within an authorized communication
area.
34. The server of claim 33, wherein the processor is configured
with processor-executable instructions to perform operations
further comprising: transmitting the transmitted data sequence
within the authorized communication area.
35. The server of claim 33, wherein the processor is configured
with processor-executable instructions to perform operations
further comprising transmitting the transmitted data sequence by
the server via a short range transmitter located within the
authorized communication area.
36. The server of claim 33, wherein the processor is configured
with processor-executable instructions to perform operations
further comprising: computing an accuracy and number of received
data sequences that match the transmitted data sequence.
37. The server of claim 36, wherein the processor is configured
with processor-executable instructions to perform operations
further comprising: determining whether the computed accuracy and
number of received data sequences that match the transmitted data
sequence exceeds a predetermined value; and transferring
cryptographic keys to devices from which a received data sequence
matches the transmitted data sequence in response to determining
that the computed accuracy and number of received data sequences
that match the transmitted data sequence exceeds the predetermined
value.
38. The server of claim 33, wherein the processor is configured
with processor-executable instructions to perform operations such
that: receiving data sequences from the plurality of devices
located within an authorized communication area includes receiving
data sequences from one or more mobile devices; and transferring
cryptographic keys to devices from which a received data sequence
matches the transmitted data sequence comprises transferring
cryptographic keys to the one or more mobile devices from which a
received data sequence matches the transmitted data sequence.
39. The server of claim 33, wherein the processor is configured
with processor-executable instructions to perform operations such
that receiving data sequences from the plurality of devices located
within an authorized communication area includes receiving data
sequences from one or more short range receivers.
40. The server of claim 33, wherein the transmitted data sequence
is transmitted using a medium that does not propagate outside of
the authorized communication area.
41. The server of claim 33, wherein the processor is configured
with processor-executable instructions to perform operations such
that transmitting the transmitted data sequence within the
authorized communication area comprises transmitting the
transmitted data sequence by any one of infrared signals, radio
frequency signals, and ultrasonic signals.
42. A non-transitory computer-readable medium having stored thereon
server-executable instructions configured to cause a server to
perform operations comprising: receiving data sequences from a
plurality of devices located within an authorized communication
area; determining whether any of the received data sequences
received from the plurality of devices matches a data sequence
transmitted in the authorized communication area, wherein the
transmitted data sequence is a random or pseudorandom data
sequence; and transferring cryptographic keys to any of the
plurality of devices from which a received data sequence matches
the transmitted data sequence, wherein the cryptographic keys are
configured to authorize secure network communication for the
plurality of devices located within an authorized communication
area.
43. The non-transitory computer-readable medium of claim 42,
wherein the stored server-executable instructions are configured to
cause a server to perform operations further comprising:
transmitting the transmitted data sequence within the authorized
communication area.
44. The non-transitory computer-readable medium of claim 43,
wherein the stored server-executable instructions are configured to
cause a server to perform operations such that transmitting the
transmitted data sequence within the authorized communication area
comprises transmitting the transmitted data sequence by the server
via a short range transmitter located within the authorized
communication area.
45. The non-transitory computer-readable medium of claim 42,
wherein the stored server-executable instructions are configured to
cause a server to perform operations further comprising: computing
an accuracy and number of received data sequences that match the
transmitted data sequence.
46. The non-transitory computer-readable medium of claim 45,
wherein the stored server-executable instructions are configured to
cause a server to perform operations further comprising:
determining whether the computed accuracy and number of received
data sequences that match the transmitted data sequence exceeds a
predetermined value; and transferring cryptographic keys to devices
from which a received data sequence matches the transmitted data
sequence in response to determining that the computed accuracy and
number of received data sequences that match the transmitted data
sequence exceeds the predetermined value.
47. The non-transitory computer-readable medium of claim 42,
wherein the stored server-executable instructions are configured to
cause a server to perform operations such that: receiving data
sequences from the plurality of devices located within an
authorized communication area includes receiving data sequences
from one or more mobile devices; and transferring cryptographic
keys to devices from which a received data sequence matches the
transmitted data sequence comprises transferring cryptographic keys
to the one or more mobile devices from which a received data
sequence matches the transmitted data sequence.
48. The non-transitory computer-readable medium of claim 42,
wherein the stored server-executable instructions are configured to
cause a server to perform operations such that receiving data
sequences from the plurality of devices located within an
authorized communication area includes receiving data sequences
from one or more short range receivers.
49. The non-transitory computer-readable medium of claim 42,
wherein the transmitted data sequence is transmitted using a medium
that does not propagate outside of the authorized communication
area.
50. The non-transitory computer-readable medium of claim 42,
wherein the stored server-executable instructions are configured to
cause a server to perform operations such that transmitting the
transmitted data sequence within the authorized communication area
comprises transmitting the transmitted data sequence by any one of
infrared signals, radio frequency signals, and ultrasonic signals.
Description
[0001] The present invention is directed to a system and method for
providing location based security between a mobile device and other
devices on a secure network. In one example, multiple receivers are
positioned such that they define an authorized communication area
(e.g. a perimeter). In general, these receivers utilize locally
available time varying signals to determine if the mobile device is
located within the authorized area. If the mobile device is
determined to be located within the authorized area, the mobile
device is enabled (e.g. given an encryption key) to communicate
over the secure network with the other devices.
BACKGROUND
[0002] It some scenarios, is desirable to restrict communication of
devices to within a certain geographical region (i.e. an authorized
area). Ensuring that the mobile device is actually within the
authorized area using positioning methods such as global
positioning systems (GPS) may be difficult since the GPS signals
appropriate to the authorized area may be spoofed (i.e. indicate
that it is located in the authorized area, when in actuality it is
outside of the authorized area).
SUMMARY
[0003] A system for location based security which includes a
plurality of receivers. Each of the receivers determines times of
arrival of received time varying signals. The system also includes
a server in communication with the receivers and a mobile device.
The server receives the times of arrival from the receivers, and
times of arrival of the time varying signals determined by the
mobile device. The server determines or validates a location of the
mobile device based on the times of arrival. The server may then
authorize the mobile device to perform secure communication over
the secure communication network when the location of the mobile
device is determined to be in an authorized communication area
defined based on the times of arrival received from the
receivers.
BRIEF DESCRIPTION OF THE DRAWINGS
[0004] The invention is best understood from the following detailed
description when read in connection with the accompanying drawings,
with like elements having the same reference numerals. This
emphasizes that according to common practice, the various features
of the drawings are not drawn to scale. On the contrary, the
dimensions of the various features are arbitrarily expanded or
reduced for clarity. Included in the drawings are the following
figures:
[0005] FIG. 1 shows the location based security system when the
mobile device located inside of the authorized area and when the
mobile device is located outside of the authorized area, according
to an embodiment of the present invention.
[0006] FIG. 2 shows the location based security system where
receivers with known positions are used to define the authorized
area, according to an embodiment of the present invention.
[0007] FIG. 3 shows the location based security system where
transceivers with unknown positions are used to define the
authorized area, according to an embodiment of the present
invention.
[0008] FIG. 4 shows the location based security system where the
time varying signal is a radio frequency (RF) signal that is
restricted within an authorized room, according to an embodiment of
the present invention.
[0009] FIG. 5 shows the location based security system where the
time varying signal is an infrared signal that is restricted within
an authorized room, according to an embodiment of the present
invention.
DETAILED DESCRIPTION OF THE INVENTION
[0010] FIG. 1 shows an example of a location based security system
that includes a server 102 and a mobile device 100. In general,
mobile device 100 may be able to communicate with a server and
other devices on a network using encryption and decryption keys.
These encryption and decryption keys may be supplied to the mobile
device 100 via server 102. In this embodiment, however, the
security of the system relies on location. That is, the location of
the mobile device 100 determines when mobile device 100 can
communicate with server 102.
[0011] Assuming area 104 is defined as a secure communication area,
mobile device 100 (when located in area 104) may be able to perform
bi-directional communication with server 102 via communication
lines 106 and 108. Various data such as document 114 may then be
transferred between the two devices. In general, communication of
device 100 may be enabled (e.g. mobile device is given an
encryption/decryption key) once server 102 determines that device
100 is actually located in area 104.
[0012] In another example, when server 102 determines that mobile
device 100 is not in secure communication area 104, the
bi-directional communication over lines 110 and 112 are restricted
between mobile device 100 and server 102 (i.e., the server will not
provide mobile device 100 with the proper encryption/decryption
keys to perform communication over the network since it is not
located in authorized communication area 104).
[0013] In general, the system shown in FIG. 1 provides a solution
enabling geo-fences (e.g. a secure perimeter) to be used in the
context of delivering the secure encryption/decryption keys for use
of real time decryption. This enables secure communication to occur
within the predefined perimeter of area 104. Outside of area 104
the secure communication is restricted. In some examples, secure
communication area 104 may be an outdoor area or may be an indoor
room which is deemed secure for mobile devices.
[0014] One way of ensuring that mobile device 100 is located in
secure communication area 104 is to rely on time varying
information that is received locally by mobile device 100. By
restricting the time varying signals to within a specific local
region, it becomes even more difficult for a third party to capture
and reproduce information (i.e. spoof the time varying signal).
Thus, the current system combines both time varying signals and
space restrictions to achieve these results.
[0015] Shown in FIG. 2 is an embodiment where receivers 202, 204
and 206 are placed at known positions. In one example, the
receivers may be placed such that their positions directly define a
secure communication area (e.g. a triangular shaped area in between
the receivers). More generally, however, the shape (e.g. perimeter)
and the location of the of the secure communication area may be
defined based on acceptable times of arrival of the RF signals
received by the mobile device with respect to times of arrival of
the RF signals received by the known receivers. This perimeter may
be restricted to an area in between the receivers, or in an area
just outside of the receivers. The example in FIG. 2 shows that the
secure communication area has a somewhat kidney shaped perimeter
that is partially in between and partially outside of a triangular
region defined by the receivers.
[0016] In general, receivers 202, 204 and 206 are able to securely
communicate via a secure communication channel 218 back to server
102. Receivers 202, 204 and 206 are also able to receive radio
frequency signals from mobile device 100 as well as from
transmitters 208, 210, 212, 214 and 216.
[0017] In operation, transmitters 208, 210, 212, 214 and 216 (which
may be located at unknown positions) transmit RF signals to
receivers 202, 204, 206 as well as to mobile device 10Q. These RF
signals may have time varying characteristics. In one example, the
time varying signals may be the measure of times of arrival of
global system for mobile communications (GSM) extended training
sequences (ETS). In general, both GSM and wideband code division
multiple access (WCDMA) networks are non-synchronized systems
making it difficult without specialized equipment to predict the
times of departure of the signals. These signals will also vary
simply because the transmitter clock is not absolutely stable which
therefore causes changes in the transmission time.
[0018] Using techniques according to an embodiment of the subject
invention, it is possible to capture times of arrival of the
transmitted signals. It general, it is not necessary to know the
positions of the transmitters. In one example, three receivers at
known positions, a mobile receiver and five transmitters measured
by all four receivers are implemented. Each of the receivers 202,
204 and 206 may measure the respective times of arrivals of the
time varying signals transmitted from transmitters 208-216 thereby
each providing an equation with three or four unknowns. In general,
these unknowns may be the coordinates of the unknown transmitters,
the time of departure of the signal and the clock offset related to
the time of arrival with respect to the other receivers. In this
example, the mobile device 100 requesting secure information also
measures time of arrivals of the transmitted signals.
[0019] One benefit of this system is that solving the equations is
restricted to quasi-contemporaneous times of arrival measurements
from all the elements. In other words, the device cannot perform
the calculations unless it has access to the measurements made by
all the receivers at the known positions. In operation, each
receiver at a known position communicates its respective time of
arrival measurements on a regular basis (e.g., every few seconds)
to sever 102. Mobile device 100 requesting a secure access can also
deliver its own similar measurements to server 102. In general,
these measurements may be delivered to server 102 via the secure
communication channel 218. Server 102 may then combine these
measurements from the three receivers and the mobile device to
determine the validity of mobile device's position based on the
predefined secure communication area defined by the positions of
receivers 202-206.
[0020] Thus, the system first defines a secure communication area
by positioning receivers 202-206 at specific locations. Then, in
order for mobile device 100 to communicate over the secure network,
mobile device 100 along with receivers 202-206 measure the times of
arrival of the time varying signals transmitted from transmitters
208-216. These times of arrival are then transmitted from mobile
device 100 and receivers 202-206 to centralized server 102 which
determines if the mobile device is actually within the secure
communication area. If server 102 determines that mobile device 100
is within the secure communication area, then server 102 may
transfer cryptographic keys to mobile device 100 allowing mobile
device 100 to securely communicate over the network to other
devices (not shown). If server 102 determines that mobile device
100 is not located in the secure communication area, then the
cryptographic keys will not be transferred to mobile device 100
thereby preventing mobile device 100 from communicating over the
network.
[0021] In one example, for clarification purposes, suppose there
are M receivers (e.g. a mobile terminal and a plurality of other
receivers defining the secure communication area) in a network.
Each receiver is able to measure times of arrival of RF signals
transmitted by N common RF base-stations. The RF signals may be the
ETS if the network is a GSM network. In general, however, the RF
signals can be from any network where the data being transmitted is
a non-predictable sequence. Each receiver is able to time stamp the
data as it is being received which are then utilized by the server
to determine the positions of the receivers relative to each other.
The range equations for these systems are thus:
R.sub.ks=.parallel.x.sub.k-b.sub.s.parallel.+.alpha..sub.s+.epsilon..sub-
.k, (1)
where: k=1 . . . M, s=1 . . . N x.sub.k=the two-dimensional
location of the k.sup.th receiver b.sub.s=the location of the
s.sup.th base-station .alpha..sub.s=the equivalent distance of the
time offset of the s.sup.th base-station, and .epsilon..sub.k=the
equivalent distance of the time offset of the k.sup.th
receiver.
[0022] This defines a set of MN equations in 3M+N unknowns. The
vector of variables, u, is given by equation (2).
u=(x.sub.1,y.sub.1,.epsilon..sub.1,x.sub.2,y.sub.2,.epsilon..sub.2
, . . .
,x.sub.M,y.sub.M,.epsilon..sub.M,.alpha..sub.1,.alpha..sub.2, . . .
,.alpha..sub.N). (2)
[0023] In practice all of the receivers make relative measurements,
(i.e. the timings of the signals received from the base-stations
are measured relative to one another). For example one of the
base-station time offsets, say .alpha..sub.1, would be set to zero
since the time offset of the base-station relative to itself is
zero, and all others are measured relative to it. Therefore there
are 3M+N-1 unknowns.
[0024] Thus, two receivers (M=2) measuring five common
base-stations (N=5) yields a set of 10 equations containing 10
unknowns which can be solved to yield the positions of both
receivers and the time offsets of the five base-stations relative
to one another. Similarly three receivers (M=3) each measuring four
common base-station (N=4) yields a set of 12 equations with 12
unknowns allowing the positions of all three receivers to be
determined as well as the relative time offsets of the
base-stations. Thus, the centralized server in FIG. 2, can use the
measurements from each of the three receivers and the fourth
receiver (e.g. the mobile device) to determine the authorized area
and if the mobile device is located in the authorized area.
[0025] Once the relative timings between the base-stations have
been established linking any one of them to a master reference
source, such as GPS time, allows the timings to determined relative
to the same reference. Thus a single time transfer receiver may be
used to transfer time via the measured relative timings of the
base-stations to any of the receivers even though the network is
unsynchronized. In one example, the transferred time could simply
be the local clock of a selected one of the receivers which is
utilized to establish a relative time with respect to the other
receivers.
[0026] In another embodiment shown in FIG. 3, rather than having
separate transmitters and receivers, the system may include
transceivers (e.g. WiFi or WiMax access points). In one example,
transceivers 302, 304, 306 and 308 may be located at known or
unknown positions creating a perimeter for the secure communication
area (i.e., the secure communication area is located within the
perimeter of the forward transceivers). Similar to the system in
FIG. 2, these transceivers transmit time varying signals such as a
detectable signal at a periodic interval which changes in an
unpredictable manner. Each of the four transceivers also acts as a
receiver measuring the time of arrival of the time varying signals
from all of the other transceivers.
[0027] Thus, each transceiver transmits a signal to the other three
transceivers and also acquires measurements from the other three
transceivers (i.e., each transceiver measures a set of three
measurements). Similar to the system described in FIG. 2, upon
receiving a time varying signal, the transceiver determines the
time of arrival of the signal. Mobile device 100 will also receive
these signals from all four transceivers and determine times of
arrival.
[0028] Once these times of arrival are computed by the transceivers
and the mobile device, they are transferred from all four
transceivers 302-308 and mobile device 100 to secure centralized
server 102 via secure communication line 218. Using these times of
arrival as well as a universal time references utilized by each of
the transceivers and the mobile device, server 102 is able to
estimate the distance between the respective transceivers. Once the
relative distance between the four transceivers is determined, the
distance between the receivers and mobile device 100 may also be
computed. This process ultimately determines if mobile device 100
is located within the perimeter of the secure communication area or
not. As described above with respect to FIG. 2, server 102 either
transfers cryptographic keys to mobile device 100 or does not
transfer these keys to mobile device 100 depending on whether
mobile device 100 is located in the secure communication area.
[0029] In one example, for computing the positions of the
transceivers, assume each transceiver, R.sub.i (i=1, . . . , 4),
has a clock having an offset from a universal time reference
represented by .epsilon..sub.i. The propagation delay of a signal
from R.sub.i to R.sub.j is t.sub.i,j=t.sub.i,j, and the distance
between transceivers R.sub.i and R.sub.j is given by:
d.sub.i,j=d.sub.j,i=t.sub.i,j.times..nu., (3)
where .nu. is the propagation speed of the signal.
[0030] Each transceiver broadcasts an agreed timing signal at a
particular time according to its internal clock. The rate of
broadcast is low enough that there is no ambiguity in the receiver
as to which signal has been received (e.g. on a millisecond
boundary for transceivers that are less than a few Km apart). The
other three transceivers and the mobile device also record the
times of arrival of the signal. For any pair of transceivers, the
arrival time may be represented by equation (4).
.tau..sub.i,j=t.sub.i,j-.epsilon..sub.i+.epsilon..sub.j, (4)
[0031] where .tau..sub.i,j is the time of arrival measured at
transceiver R.sub.i of the signal from transceiver R.sub.j.
[0032] From equation (4), the propagation delay from R.sub.i to
R.sub.j may be determined as shown in equation (5).
t i , j = .tau. i , j + .tau. j , i 2 ( 5 ) ##EQU00001##
These equations provide an estimate for the values d.sub.i,j.
[0033] Revisiting equation (3), each .epsilon..sub.i may be
determined as
.epsilon..sub.i=.epsilon..sub.j+(t.sub.i,j-.tau..sub.i,j), where
the value in parentheses is known. In one example, it is assumed
that R.sub.1 lies at the origin of a 2-dimensional coordinate grid,
R.sub.2 is on the positive x-axis and R.sub.3 is in the half plane
y.gtoreq.0. The values of d.sub.1,2, d.sub.1,3 and d.sub.2,3 fix
the relative positions of the transceivers uniquely. The values of
d.sub.1,4, d.sub.2,4 and d.sub.3,4 now uniquely determine the
position of R.sub.4 on the local grid.
[0034] Since the calculation is for relative clock offsets and
positions, .epsilon..sub.i may be set to 0. Now, the four
measurements made by the mobile device can be used in the same way
as GPS measurements to give a position estimate for the mobile
device, and the mobile device clock offset by using standard
trilateration methods.
[0035] It is noted that the beacons (e.g. time varying signals)
transmitted from transceivers 302-304 do not need to be surveyed
(i.e., their absolute position does not need to be determined at
setup time). In general, just the positions of transceivers
relative to each other are needed in order to determine if the
mobile devices are within the secure communication area (absolute
positions are not necessary).
[0036] In general, FIGS. 2 and 3 show two embodiments where a
secure communication area is defined. The time varying signals
transmitted from the transmitters within the secure communication
area, however, may be intercepted by other devices outside of the
communication area. In order to further increase the security of
the system, it would be beneficial to restrict the transmitted time
varying signals to occurring only within the secure communication
area (i.e., devices that are located outside of the secure
communication area cannot receive the time varying signals).
Examples of such a restriction is at least shown in FIGS. 4 and
5.
[0037] As shown in FIG. 4, a secure communication area may be
defined as room 404 within a building. In one example, a beacon 402
(e.g. short-range transmitter) may be set up within room 404 in
order to create a secure communication area within the room. To
further increase the security, the physical characteristics of the
RF waves transmitted by beacon 402 may be transmitted at high
frequencies which have little or no penetration through the nearby
walls of the room. In another example, the beacon may transmit
infrared or ultrasonic signals which cannot penetrate the walls of
the room. Alternatively, power reduction of the transmitted signal
may also be utilized to restrict the transmission to only receivers
within room 404. Thus, the example in FIG. 4, mobile device 100
would actually have to be in room 404 in order to receive the time
varying signals from the transceiver. This will prevent a mobile
device 100 located outside of the room from even receiving any of
the signals.
[0038] Since the transmitted beacon signal is physically localized
in the authorized area (i.e. the room) due to the short range
transmission/reception, the data of a transmitted random or
pseudorandom sequence (rather than the times of arrival) may be
utilized by the system. Specifically, the data of the sequence may
be received by the mobile device and/or other authorized receivers
located in the authorized area, and then relayed back to the server
for verification purposes. The server may compare the data captured
by the receivers with the data captured by the mobile device to
determine if a match occurs (i.e. determine if the authorized
receivers and mobile device captured the same data sequence). The
server may then compute the accuracy of the match or the number of
matches to determine if the mobile device is located in the
authorized area.
[0039] In a first example, during operation, server 102 could send
the data sequence to beacon 402 over a secure connection. Beacon
402 could then locally transmit the sequence in room 404 using
short-range transmission restricted by walls 406. Mobile device 100
receives the sequence and then relay the sequence back to server
102. Once received, server 102 can then compare the relayed
sequence with the sequence transmitted by the beacon to determine
if a match occurs. If a match occurs, then the cryptographic keys
are delivered to mobile device 100.
[0040] In a second example, without the use of beacon 402, server
102 could also send the random or pseudorandom data sequence
directly to mobile device 100 via an RF broadcast. Mobile device
100 receives the sequence and then relays the sequence back to
server 102 via a short-range receiver (not shown) located in the
room that can only receive signals that are transmitted from within
the room (e.g. infrared signals). In this example, it does not
matter that other mobile devices outside of the room may receive
the sequence via the RF broadcast, because these devices are not
able to relay the sequence back to the server via the short-range
(e.g. infrared) receiver located in the room,
[0041] In a third example, during operation, the beacon itself
could generate the random or pseudorandom data sequence independent
of the server. In this example, room 404 includes a short-range
receiver (not shown). In general, the beacon generates and
transmits the sequence within the room. The sequence is received by
both the mobile device 100 and the receiver (not shown) which are
both located in the room. Both the mobile device and the receiver
then relay their respectively received sequences back to server
102, where a comparison will be performed by the server. If a match
occurs, then the cryptographic keys are delivered to mobile device
100.
[0042] A specific example of the short-range receiver described in
the second example, is shown in FIG. 5, where the room (i.e.
authorized area) may be equipped with an infrared sensor (e.g.
camera) (502). The random or pseudorandom sequence as described
above may be generated and transmitted by an infrared beacon (not
shown) located within the room. In order to confirm its own
location, device 100 (located in the room) transmits the data
sequence as an infrared modulated signal 504 to infrared receiver
502. Infrared receiver 502 may then relay both the data sequence
received from the mobile device and the data sequence received from
the infrared beacon back to server 102 for confirmation. In
general, transmission from the infrared receiver 502 to the server
may be performed using standard RF communication or wired network
transmissions. It is also noted that the infrared beacon may not be
needed in this embodiment if the server generates the data sequence
and transmits the generated sequence using RF signals.
[0043] The time varying data sequence in the embodiments of FIGS. 4
and 5 transmitted by the short-range beacon may be captured at
regular intervals at a rate that may be a function of a rate in
which the beacons are changing the sequence. The mobile device in
the authorized area may also capture the short-range beacon in a
similar manner.
[0044] The transceivers and receivers in FIGS. 2 and 3 are set at
fixed positions which result in a static secure communication area.
It is also contemplated, however, that the transceivers for example
in FIG. 3 may not be stationary. For example, the transceivers 100
may be included on a vehicle such as an automobile or an airplane
such that a secure communication area is defined within the
interior of the vehicle. Thus, the absolute position of the
transceivers and their defined secure communication area is
actually varying as the vehicle travels. However, since the
relative positions of the transceivers within the vehicle remain
constant, the server will still be able to compute the relative
positions of the transceivers and the mobile device 100.
[0045] Although the invention is illustrated and described herein
with reference to specific embodiments, the invention is not
intended to be limited to the details shown. Rather, various
modifications may be made in the details within the scope and range
of equivalents of the claims and without departing from the
invention.
* * * * *