WO2017059282A1 - System and method for privacy enabled discovery of wireless devices and their location - Google Patents

System and method for privacy enabled discovery of wireless devices and their location Download PDF

Info

Publication number
WO2017059282A1
WO2017059282A1 PCT/US2016/054843 US2016054843W WO2017059282A1 WO 2017059282 A1 WO2017059282 A1 WO 2017059282A1 US 2016054843 W US2016054843 W US 2016054843W WO 2017059282 A1 WO2017059282 A1 WO 2017059282A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
identification information
wireless device
time
wireless
Prior art date
Application number
PCT/US2016/054843
Other languages
French (fr)
Inventor
Piotr OLESZKIEWICZ
Original Assignee
Revealo Corp.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Revealo Corp. filed Critical Revealo Corp.
Publication of WO2017059282A1 publication Critical patent/WO2017059282A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1061Peer-to-peer [P2P] networks using node-based peer discovery mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1061Peer-to-peer [P2P] networks using node-based peer discovery mechanisms
    • H04L67/1065Discovery involving distributed pre-established resource-based relationships among peers, e.g. based on distributed hash tables [DHT] 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/75Temporary identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W64/00Locating users or terminals or network equipment for network management purposes, e.g. mobility management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/005Discovery of network devices, e.g. terminals

Definitions

  • the present disclosure relates generally to wireless communication, and, more particularly, to enable location privacy of a wireless device.
  • wireless connectivity There are many benefits in using wireless connectivity, and because most of the sensitive data being transmitted can be and usually is encrypted, this mode of communication proves to be adequately secure. However, wireless connectivity also means that the device itself and its transmission are detectable by parties not explicitly authorized by the device owners or operators, and this may pose a privacy threat to the user.
  • Wireless transmission protocols use hardware address, namely, Media Access Control (MAC) address of a network interface to discover a second endpoint and to direct transmissions thereto.
  • MAC Media Access Control
  • These hardware addresses had been static for many protocols, but with recent advancements in Bluetooth LE specifications, they may be dynamically changed when the communication devices are Bluetooth Privacy enabled. Changing hardware address, however, requires prior pairing of the Bluetooth LE devices to communicate with each other. When such pairing is performed, the paired devices can establish wireless communication using a hardware address either generated in a random way, or based on a certain algorithm described in Bluetooth Privacy specification.
  • a system and method for generating identification information for a wireless device which includes a register for storing a first data, a function store for storing a plurality of functions, a timer for providing a first and second time, a processing unit configured to run a first one of the plurality of functions at the first time with the first data as an input and outputting a second data to an output buffer, the processing unit configured to run a second one of the plurality of functions at a second time with the second data as an input and outputting a third data to the output buffer, a data setting unit configured to convert the second and the third data into at least a part of a first and a second identification information, respectively, and a radio interface configured to transmit the first and the second identification information at different time.
  • Fig. 1 illustrates a communication network where location of a wireless device can be discovered in real time or retroactively.
  • FIG. 2 is a block diagram of a system for dynamically generating a device identification information according to an embodiment of the present invention.
  • FIG. 3 is flowchart depicting an operation of the system shown in Fig. 2.
  • FIGs. 4A and 4B are block diagrams illustrating operations of embodiments of present invention.
  • FIG. 5 is a flowchart depicting an exemplary process of discovering location of a wireless device according to an embodiment of the present invention.
  • Fig. 6 is flowchart depicting an exemplary process of letting a wireless device be discovered according to an embodiment of the present invention. DESCRIPTION
  • One aspect of the disclosure relates to allowing location privacy of a wireless device in a communication network. Embodiments of the present disclosure will be described hereinafter with reference to the attached drawings.
  • Fig. 1 illustrates a communication network 100 where location of a wireless device 120 can be discovered in real time or retroactively.
  • the communication network 100 includes a wireless, cellular, satellite or other type of carrier network 115, a network infrastructure element 112 all connected to a private network or the Internet 102.
  • Wireless device 120 along with smartphones 132 are within the range of the communication network 100.
  • An exemplary server 170, an exemplary computer terminal 161 and an exemplary smartphone 152 are also connected to the Internet 102.
  • the server 170 manages information flow in the communication network 100 and stores data in a database 174.
  • a user can access the communication network 100, such as inquiring location of the wireless device 120, through either the computer terminal 161 which has an Internet browser installed or the smartphone 152.
  • the user may also access the wireless device 120 or the server 170 via other servers or some automated services via appropriate application programming interfaces (API).
  • the smartphones 132 and the server 170 may also be used to detect location of the wireless device 120.
  • the wireless device 120 sends wireless signals through a wireless medium by either advertising its existence, or in response to a wireless communication it receives.
  • Packets of data sent wirelessly by the wireless device 120 include its identification information, such as hardware address and service identifier (ID), to allow it to be distinguished from other devices over a wireless medium as a separate endpoint for communication.
  • ID hardware address and service identifier
  • the service ID is any data advertised by the wireless device 120 prior to pairing with another device or connecting to the network 100.
  • the smartphones 132 and 152 and the computer terminal 161 can serve as detectors of the wireless device 120. However, if the wireless device 120 changes its identification information periodically and the detectors do not possess appropriate data or keys corresponding to the changed identification information, the wireless device 120 can avoid being detected or tracked and therefore maintains its privacy. The changing of
  • identification information can be carried out either deterministically or randomly.
  • a wireless device detector such as the smartphone 132
  • the smartphone 132 can calculate the current hardware address or service identifier of the wireless device 120, and therefore is able to detect the wireless device 120.
  • the smartphone 132 also have a key that allows for calculating a password for establishing connection, pair or encryption between two wireless devices, the smartphone 132 is also able to be connected to the wireless device 120, or paired to the wireless device 120 and exchange encrypted data thereto.
  • wireless mobile devices such as smartphones 132 that have the appropriate key, connect through the wireless, cellular, satellite or other carrier network 100, to the Internet or a private network 102, and report their own locations together with the wireless device 120's identifier, to the server 170 which then stores the data in the database 174.
  • a stationary detector 143 having the appropriate key connects through the wireless or wired network to the Internet or a private network 102, and reports its own location together with the wireless device 120's identifier, to the server 170 which then stores the data in the database 174.
  • Fig. 2 is a block diagram of a system for dynamically generating a device identification information according to an embodiment of the present invention.
  • the system includes a central processing unit (CPU) 202, a seed register 221, a timer 242, a function store 210 and a hash buffer 230 all exemplarily reside in the wireless device 120 shown in Fig. 1.
  • the seed register 221 is implemented with a non- volatile memory storing a secret seed data established in whole or in part by a user.
  • the timer 242 generates time-based variable, such as a time stamp, a date, day, hour, minute and second, etc., to the CPU 202.
  • the function store 210 can be implemented by either a program code stored in a semiconductor memory or by an integrated logic circuit such as a field-programmable-gate-array (FPGA) for storing a plurality of hash functions (0:n).
  • FPGA field-programmable-gate-array
  • the CPU 202 inputs the seed data at a certain time with a time-based variable and runs a hash function (0) to produce a hash value (hash (0) to be outputted and stored in the hash buffer 230.
  • the hash value (hash (0)) can be subsequently used to produce an identification information for the wireless device 120.
  • the CPU 202 may input a hash value from the hash buffer 230 and runs a different hash function (i) to produce a different hash value (hash (i)) which is outputted to the hash buffer 230 and subsequently used to produce a different identification information for the wireless device 120.
  • Fig. 3 is flowchart depicting an operation of the system shown in Fig. 2.
  • the CPU 202 runs hash function (0) with a seed data 302 and time-based variable 305 as inputs, and produces a hash (1) value 312 which is stored in the hash buffer 230 and can be subsequently used to produce a device identification information.
  • the CPU 202 runs hash function (1) 318 with the hash (1) value 312 and time (1) based variable 315 as inputs, and produces hash (2) value (not shown).
  • Such operation can repeat for a predetermined number (n) of iterations as depicted in Fig. 3.
  • a result 332 is generated, which is also stored in the hash buffer 230 and can be used to calculate a device identification information.
  • the device identification information changes over time either deterministically or randomly depending on how the time (0:n) are set.
  • an exemplary method for deriving a hardware address or MAC and a service ID from the result 332 can be as follows. 1) For the 6 byte MAC address, take the vendor assigned 3 bytes as first 3 bytes of the MAC address, and 3 first bytes of the result 332, as bytes 4-6 of the MAC address. 2) For the 8 byte MAC address: take the vendor assigned 3 bytes as first 3 bytes of the MAC address, and 5 first bytes of the Result 10, as bytes 4-8 of the MAC address. 3) Take bytes 11 - 30 of the result 332 as a Service ID. However, other methods of deriving the hardware address or MAC and the service ID from the result 332 may be used as well.
  • An exemplary method for deriving the pairing/ connection/ encryption password from the result 332 can be as follows. Take first 16 bytes of the result 332, and use them directly as the password. Another possible method can be: taking the result 332, concatenate it with a secret value unique to the device or a salt, perform a hash function on the concatenated value and use the result of the hash function directly as the password. Other methods for deriving the pairing / connection / encryption password from the result 332 can be used as well.
  • a data setting unit may perform the above exemplary methods of producing either the hardware address/ service ID or the password by converting hash values and combining them with other data.
  • the data setting unit may be implemented by the CPU 202.
  • the device identification information can be hardware address or service identification or both.
  • password used for establish connection, pairing or encryption between two wireless devices can also be dynamically altered by the system and method depicted in Figs. 2 and 3.
  • Fig. 3 depicts a particular hash function running on a particular hash value as an input, in embodiments, a hash function can take in any
  • predetermined hash value or the seed data for producing a next hash value By pairing a hash function with different hash values, the number of alternative hash values is significantly increased.
  • a user who is in possession of either the wireless device 120's seed data, or the appropriate key, i.e., the hash values (hash (0:n)) associated therewith, and wishes to locate the wireless device 120, may generate and distribute the key or keys valid for appropriate period of time to a smartphone 132, for instance, that comply with the system and method of the present invention.
  • the smartphone 132 will then look for the location of the wireless device 120, and report the location information to the server 170, or directly to the user on the smartphone 132 via email, text message or other forms of communication.
  • a user by sharing the seed, a user allows the recipient to calculate appropriate values indefinitely.
  • a user By sharing the hash function (0)'s result, a user allows the recipient to calculate appropriate values for a given month for any day and hour. After the month changes, the recipient will lack the hash function (0)'s result needed to calculate values for any other month.
  • a user By sharing the hash function (l)'s result, a user allows the recipient to calculate appropriate values for any hour in a given day in a given month.
  • By sharing the hash function (2)'s result a user allows the recipient to calculate appropriate values for a given hour in a given day in a given month only. The user can share more than one result, thus giving him/her more granular control of time for which the recipient can calculate appropriate values.
  • a device that does not possess the key or keys required to discover or recognize the wireless device 120 may report to the server 170 their own location and hardware addresses and/ or service IDs of all wireless devices they discover or only of some based on the value of the hardware address or the service ID.
  • the server 170 stores this data into the database 174.
  • the server 170 can calculate the hardware addresses or service IDs of wireless device 120 for a given time— using the system and method depicted in Figs. 2 and 3, and look them up in the database 174 of previously stored hardware addresses or service IDs and corresponding locations information. In this way, the server 170 can provide the user with location information of the wireless device 120 at a certain period of time, while protecting the privacy of the other users.
  • the process of the present invention also allows for establishing a shared secret between two parties: A and B, that would change over time, and where party A could disclose the key to party B, allowing party B to find out what is the valid shared secret for the defined time period. After this period passes party B would not be able to calculate a valid shared secret.
  • This process could be used by party A to disclose multiple keys to other parties, valid for different periods of time, not requiring establishing a public key cryptography infrastructure for time limited access control or communication with the device controlled by party A, also not requiring any online connectivity to that device.
  • Figs. 4A and 4B are block diagrams illustrating operations of embodiments of present invention.
  • a wireless device includes a CPU 402, a memory 415, a real time clock 423, a register 435, an output buffer 445, a radio interface 450 and an antenna 462.
  • the memory 415 stores and provides execution codes and hash functions to the CPU 402.
  • the register 435 stores a seed data and a password seed data.
  • the real time clock 423 provides a current time required for calculations.
  • the radio interface 450 allows the device to communicate wirelessly using one or more standards, including but not limited to Bluetooth, Bluetooth Low Energy, WiFi, ZigBee and others.
  • identification information such as hardware address and service ID stored in the output buffer 445 are calculated and converted by the CPU 402 from the seed data stored in the register 435 in predefined time intervals and changes them accordingly based on real time clock 423.
  • the password stored in the output buffer 445 for establishing network connection, pairing or encryption between two wireless devices is also calculated and converted by the CPU 402 from the password seed data stored in the register 435. Then the hardware address, the service address and the password stored in the buffer 445 can be transmitted through the radio interface 450 and the antenna 462 for the wireless device to be identified by other devices in the same communication network 100.
  • a user can allow the recipient to discover the wireless device 120, but not to connect thereto, pair with it or exchange encrypted data with it.
  • the hardware address stored in the buffer 445 is derived from a list of hardware address stored in a register 475 using the system and method depicted in Figs. 2 and 3.
  • the service ID stored in the buffer 445 is derived from a list of service ID stored in the register 475; and a password stored in the buffer 445 is derived from a list of password stored in a register 475.
  • the real time clock 423 provides timing control for new hardware address, service ID and password generation, so that at different time, the wireless device transmits a different hardware address, service ID or password to avoid detection or allow a time-sensitive detection as depicted in Figs. 2 and 3.
  • the service ID stored in the output buffer 445 is a dynamic service identifier.
  • the service ID can be optionally
  • the hardware address stored in the output buffer 445 is assigned to the radio interface 450, and is determined using the method depicted in Figs. 2 and 3, or alternatively the hardware address can be determined randomly, in which case the service ID must be determined and set using the process depicted in Figs. 2 and 3. In both cases the connection, pairing, encryption password, can be either static, or determined and set using the process depicted in Figs. 2 and 3.
  • Fig. 5 is a flowchart depicting an exemplary process of discovering location of a wireless device according to an embodiment of the present invention.
  • the process begins with refreshing a database for "lost item" in step 502. Then the lost item's hardware address at a current time is calculated in step 505 based on the information stored in the database. As time elapses, a new hardware address may have to be calculated based on the information stored in the database.
  • a discovery device scans a surrounding area and looks for the wireless devices with the calculated hardware address.
  • the discovery device performs detection. If there is a wireless being detected, then a comparison between the calculated hardware address and a hardware address of the detect device is performed in step 522.
  • the discover device reports location information of the detected device to a server in step 525. Then after waiting for a first predetermined time, for instance one minute, in step 515, the discovery device checks a time duration since the current database is last updated in step 542. If time duration is less than a second predetermined time, for instance thirty minutes, the process returns to step 505, i.e., calculating the hardware address again. If the time duration is longer than the second predetermined time, the process returns to step 502, i.e., refreshing the database.
  • step 512 if there is no device within the network is detected, the process goes straight to steps 515 and 542.
  • step 522 if the two hardware address do not match, then a checking whether the detected device being in the range of retroactive searchable devices is performed in step 532.
  • a user may supply appropriate hash value or keys to the server 170, which can then calculate the identification information for a given time using the system and method depicted in Figs. 2 and 3. After the calculation, the server 170 looks up the calculated
  • the server 170 can provide the user with appropriate knowledge to
  • step 532 if the detected device is not in the range of retroactive searchable devices, the process does not report anything in step 535 and
  • step 532 if the detected device is not in the range of retroactive searchable devices, the process reports nothing is step 535 and goes through steps 515 and 542 for repeating the detecting process.
  • detecting process shown in Fig. 5 uses hardware address as the identification information for detecting location of a wireless device
  • service ID can be similarly used for the same purpose.
  • Fig. 6 is flowchart depicting an exemplary process of letting a wireless device be discovered according to an embodiment of the present invention.
  • the discovery process begins in step 601 for determining if a wireless device's hardware address should be randomly generated. If the answer is "no", the discovery process calculates the hardware address for the wireless device based on a seed value and set it in step 603. Then the discovery process further detects if a service ID should be calculated and advertised in step 612. If the answer is "no", the discovery process advertises a static service ID which is not calculated or no service ID at all in step 615 to indicate presence of the wireless device.
  • step 601 if the answer is "yes”, the discovery process set a random hardware address in step 604, and then calculates a service ID based on a seed value and set it in step 606. Then the discovery process advertises the calculated service ID in step 608.
  • step 612 if the answer is "yes”, the discovery process also performs steps 606 and 608, i.e., calculating a service ID and advertising it.
  • the discovery process check if a password should be dynamically calculated in step 622, wherein the password is used for establishing connection, pairing and encrypting between two wireless devices. If the answer in step 622 is "no", the discovery process waits a third predetermined time, for instance one minute in step 628 before returning to step 601 for repeating another round of the discovery process. If the answer in step 622 is "yes”, the discover process calculates a password based on a password seed value and sets the calculated password in the output buffer 445 in step 625. Then the discovery process goes through the waiting step 628 and returns the step 601 for repeating another round of the discovery process.

Abstract

A system and method for generating identification information for a wireless device is disclosed which includes a register for storing a first data, a function store for storing a plurality of functions, a timer for providing a first and second time, a processing unit configured to run a first one of the plurality of functions at the first time with the first data as an input and outputting a second data to an output buffer, the processing unit configured to run a second one of the plurality of functions at a second time with the second data as an input and outputting a third data to the output buffer, a data setting unit configured to convert the second and the third data into at least a part of a first and a second identification information, respectively, and a radio interface configured to transmit the first and the second identification information at different time.

Description

SYSTEM AND METHOD FOR PRIVACY ENABLED DISCOVERY OF WIRELESS DEVICES AND THEIR LOCATION
PRIORITY CLAIM
[0001] This application claims the benefit of U.S. Provisional Application No. 62/236,108 filed October 1, 2015, the entire content of which is hereby incorporated by reference.
FIELD
[0002] The present disclosure relates generally to wireless communication, and, more particularly, to enable location privacy of a wireless device.
BACKGROUND
[0003] Many electronic devices are using wireless connection technologies today. Some examples are laptops, mobile phones, fitness trackers, Internet of Thing (IoT) tags. There are many benefits in using wireless connectivity, and because most of the sensitive data being transmitted can be and usually is encrypted, this mode of communication proves to be adequately secure. However, wireless connectivity also means that the device itself and its transmission are detectable by parties not explicitly authorized by the device owners or operators, and this may pose a privacy threat to the user.
[0004] Wireless transmission protocols use hardware address, namely, Media Access Control (MAC) address of a network interface to discover a second endpoint and to direct transmissions thereto. These hardware addresses had been static for many protocols, but with recent advancements in Bluetooth LE specifications, they may be dynamically changed when the communication devices are Bluetooth Privacy enabled. Changing hardware address, however, requires prior pairing of the Bluetooth LE devices to communicate with each other. When such pairing is performed, the paired devices can establish wireless communication using a hardware address either generated in a random way, or based on a certain algorithm described in Bluetooth Privacy specification.
[0005] Being able to detect the hardware network interface signature in the wireless medium allows unauthorized third party to locate and even map movements of the wireless device user, provided that the third party has access to the appropriate network of wireless signal detectors or network sniffers.
[0006] As such, it is desirable to provide a system and method for enabling location privacy of a wireless device.
SUMMARY
[0007] It is an object of the present invention to provide a system and method for enabling wireless communication to take place while protecting the device user's privacy. It is another object of the present invention to provide a system and method for enabling wireless device detection and recognition by parties authorized to do so, without the need of prior pairing the devices.
[0008] It is another object of the present invention to provide a system and method for enabling wireless device detection and recognition by parties authorized to do so, where the authorization is temporary.
[0009] Disclosed and claimed herein is a system and method for generating identification information for a wireless device which includes a register for storing a first data, a function store for storing a plurality of functions, a timer for providing a first and second time, a processing unit configured to run a first one of the plurality of functions at the first time with the first data as an input and outputting a second data to an output buffer, the processing unit configured to run a second one of the plurality of functions at a second time with the second data as an input and outputting a third data to the output buffer, a data setting unit configured to convert the second and the third data into at least a part of a first and a second identification information, respectively, and a radio interface configured to transmit the first and the second identification information at different time. [0010] Other aspects, features, and techniques will be apparent to one skilled in the relevant art in view of the following detailed description of the embodiments.
BRIEF DESCRIPTION OF THE DRAWINGS
[0011] The drawings accompanying and forming part of this specification are included to depict certain aspects of the present disclosure. A clearer conception of the present disclosure, and of the components and operation of systems provided with the present disclosure, will become more readily apparent by referring to the exemplary, and therefore non-limiting, embodiments illustrated in the drawings, wherein like reference numbers (if they occur in more than one view) designate the same elements. The present disclosure may be better understood by reference to one or more of these drawings in combination with the description presented herein. It should be noted that the features illustrated in the drawings are not necessarily drawn to scale.
[0012] Fig. 1 illustrates a communication network where location of a wireless device can be discovered in real time or retroactively.
[0013] Fig. 2 is a block diagram of a system for dynamically generating a device identification information according to an embodiment of the present invention.
[0014] Fig. 3 is flowchart depicting an operation of the system shown in Fig. 2.
[0015] Figs. 4A and 4B are block diagrams illustrating operations of embodiments of present invention.
[0016] Fig. 5 is a flowchart depicting an exemplary process of discovering location of a wireless device according to an embodiment of the present invention.
[0017] Fig. 6 is flowchart depicting an exemplary process of letting a wireless device be discovered according to an embodiment of the present invention. DESCRIPTION
[0018] One aspect of the disclosure relates to allowing location privacy of a wireless device in a communication network. Embodiments of the present disclosure will be described hereinafter with reference to the attached drawings.
[0019] Fig. 1 illustrates a communication network 100 where location of a wireless device 120 can be discovered in real time or retroactively. The
communication network 100 includes a wireless, cellular, satellite or other type of carrier network 115, a network infrastructure element 112 all connected to a private network or the Internet 102. Wireless device 120 along with smartphones 132 are within the range of the communication network 100. An exemplary server 170, an exemplary computer terminal 161 and an exemplary smartphone 152 are also connected to the Internet 102. The server 170 manages information flow in the communication network 100 and stores data in a database 174. A user can access the communication network 100, such as inquiring location of the wireless device 120, through either the computer terminal 161 which has an Internet browser installed or the smartphone 152. The user may also access the wireless device 120 or the server 170 via other servers or some automated services via appropriate application programming interfaces (API). Alternatively, the smartphones 132 and the server 170 may also be used to detect location of the wireless device 120.
[0020] In operation, the wireless device 120 sends wireless signals through a wireless medium by either advertising its existence, or in response to a wireless communication it receives. Packets of data sent wirelessly by the wireless device 120 include its identification information, such as hardware address and service identifier (ID), to allow it to be distinguished from other devices over a wireless medium as a separate endpoint for communication. Here the service ID is any data advertised by the wireless device 120 prior to pairing with another device or connecting to the network 100.
[0021] Armed with knowledge of the identification information, the smartphones 132 and 152 and the computer terminal 161 can serve as detectors of the wireless device 120. However, if the wireless device 120 changes its identification information periodically and the detectors do not possess appropriate data or keys corresponding to the changed identification information, the wireless device 120 can avoid being detected or tracked and therefore maintains its privacy. The changing of
identification information can be carried out either deterministically or randomly.
[0022] On the other hand, if a wireless device detector, such as the smartphone 132, is compliant with the system and method of the present invention and possess an appropriate key which is valid for a current time, it can calculate the current hardware address or service identifier of the wireless device 120, and therefore is able to detect the wireless device 120. If the smartphone 132 also have a key that allows for calculating a password for establishing connection, pair or encryption between two wireless devices, the smartphone 132 is also able to be connected to the wireless device 120, or paired to the wireless device 120 and exchange encrypted data thereto.
[0023] To enable global discovery of the wireless device 120's identity and location by trusted parties, other wireless mobile devices, such as smartphones 132 that have the appropriate key, connect through the wireless, cellular, satellite or other carrier network 100, to the Internet or a private network 102, and report their own locations together with the wireless device 120's identifier, to the server 170 which then stores the data in the database 174.
[0024] Similarly, a stationary detector 143 having the appropriate key connects through the wireless or wired network to the Internet or a private network 102, and reports its own location together with the wireless device 120's identifier, to the server 170 which then stores the data in the database 174.
[0025] Fig. 2 is a block diagram of a system for dynamically generating a device identification information according to an embodiment of the present invention. The system includes a central processing unit (CPU) 202, a seed register 221, a timer 242, a function store 210 and a hash buffer 230 all exemplarily reside in the wireless device 120 shown in Fig. 1. In an embodiment, the seed register 221 is implemented with a non- volatile memory storing a secret seed data established in whole or in part by a user. The timer 242 generates time-based variable, such as a time stamp, a date, day, hour, minute and second, etc., to the CPU 202. The function store 210 can be implemented by either a program code stored in a semiconductor memory or by an integrated logic circuit such as a field-programmable-gate-array (FPGA) for storing a plurality of hash functions (0:n).
[0026] In an embodiment, the CPU 202 inputs the seed data at a certain time with a time-based variable and runs a hash function (0) to produce a hash value (hash (0) to be outputted and stored in the hash buffer 230. The hash value (hash (0)) can be subsequently used to produce an identification information for the wireless device 120. At another time, the CPU 202 may input a hash value from the hash buffer 230 and runs a different hash function (i) to produce a different hash value (hash (i)) which is outputted to the hash buffer 230 and subsequently used to produce a different identification information for the wireless device 120.
[0027] Fig. 3 is flowchart depicting an operation of the system shown in Fig. 2. At time (0), the CPU 202 runs hash function (0) with a seed data 302 and time-based variable 305 as inputs, and produces a hash (1) value 312 which is stored in the hash buffer 230 and can be subsequently used to produce a device identification information. At time (1), the CPU 202 runs hash function (1) 318 with the hash (1) value 312 and time (1) based variable 315 as inputs, and produces hash (2) value (not shown). Such operation can repeat for a predetermined number (n) of iterations as depicted in Fig. 3. When the last predetermined hash function (n) 328 is operated on hash (n) value 322 and time (n) based variable 325, a result 332 is generated, which is also stored in the hash buffer 230 and can be used to calculate a device identification information. In such a way, the device identification information changes over time either deterministically or randomly depending on how the time (0:n) are set.
[0028] In embodiments, an exemplary method for deriving a hardware address or MAC and a service ID from the result 332, can be as follows. 1) For the 6 byte MAC address, take the vendor assigned 3 bytes as first 3 bytes of the MAC address, and 3 first bytes of the result 332, as bytes 4-6 of the MAC address. 2) For the 8 byte MAC address: take the vendor assigned 3 bytes as first 3 bytes of the MAC address, and 5 first bytes of the Result 10, as bytes 4-8 of the MAC address. 3) Take bytes 11 - 30 of the result 332 as a Service ID. However, other methods of deriving the hardware address or MAC and the service ID from the result 332 may be used as well.
[0029] An exemplary method for deriving the pairing/ connection/ encryption password from the result 332 can be as follows. Take first 16 bytes of the result 332, and use them directly as the password. Another possible method can be: taking the result 332, concatenate it with a secret value unique to the device or a salt, perform a hash function on the concatenated value and use the result of the hash function directly as the password. Other methods for deriving the pairing / connection / encryption password from the result 332 can be used as well.
[0030] In embodiments, a data setting unit may perform the above exemplary methods of producing either the hardware address/ service ID or the password by converting hash values and combining them with other data. In one embodiment, the data setting unit may be implemented by the CPU 202.
[0031] As aforementioned that the device identification information can be hardware address or service identification or both. In embodiments, password used for establish connection, pairing or encryption between two wireless devices can also be dynamically altered by the system and method depicted in Figs. 2 and 3.
[0032] Although Fig. 3 depicts a particular hash function running on a particular hash value as an input, in embodiments, a hash function can take in any
predetermined hash value or the seed data for producing a next hash value. By pairing a hash function with different hash values, the number of alternative hash values is significantly increased.
[0033] A user, who is in possession of either the wireless device 120's seed data, or the appropriate key, i.e., the hash values (hash (0:n)) associated therewith, and wishes to locate the wireless device 120, may generate and distribute the key or keys valid for appropriate period of time to a smartphone 132, for instance, that comply with the system and method of the present invention. The smartphone 132 will then look for the location of the wireless device 120, and report the location information to the server 170, or directly to the user on the smartphone 132 via email, text message or other forms of communication.
[0034] In embodiments, by sharing the seed, a user allows the recipient to calculate appropriate values indefinitely. By sharing the hash function (0)'s result, a user allows the recipient to calculate appropriate values for a given month for any day and hour. After the month changes, the recipient will lack the hash function (0)'s result needed to calculate values for any other month. By sharing the hash function (l)'s result, a user allows the recipient to calculate appropriate values for any hour in a given day in a given month. By sharing the hash function (2)'s result, a user allows the recipient to calculate appropriate values for a given hour in a given day in a given month only. The user can share more than one result, thus giving him/her more granular control of time for which the recipient can calculate appropriate values.
[0035] To enable retroactive global device discovery and locating, i.e., discovering the location of the wireless device 120 in time before a user distributes appropriate key or keys to a wireless devices or network detectors 132, stationary detectors 143, and other network infrastructure elements 112, that comply with the system and method of the present invention. A device that does not possess the key or keys required to discover or recognize the wireless device 120, may report to the server 170 their own location and hardware addresses and/ or service IDs of all wireless devices they discover or only of some based on the value of the hardware address or the service ID. The server 170 stores this data into the database 174.
However, such data itself does not allow for locating device 120. If a user decides to locate the wireless device 120 retroactively, and supplies server 170 with the appropriate keys, the server 170 can calculate the hardware addresses or service IDs of wireless device 120 for a given time— using the system and method depicted in Figs. 2 and 3, and look them up in the database 174 of previously stored hardware addresses or service IDs and corresponding locations information. In this way, the server 170 can provide the user with location information of the wireless device 120 at a certain period of time, while protecting the privacy of the other users.
[0036] The process of the present invention also allows for establishing a shared secret between two parties: A and B, that would change over time, and where party A could disclose the key to party B, allowing party B to find out what is the valid shared secret for the defined time period. After this period passes party B would not be able to calculate a valid shared secret. This process could be used by party A to disclose multiple keys to other parties, valid for different periods of time, not requiring establishing a public key cryptography infrastructure for time limited access control or communication with the device controlled by party A, also not requiring any online connectivity to that device.
[0037] Figs. 4A and 4B are block diagrams illustrating operations of embodiments of present invention. Referring to Fig. 4A, a wireless device includes a CPU 402, a memory 415, a real time clock 423, a register 435, an output buffer 445, a radio interface 450 and an antenna 462. The memory 415 stores and provides execution codes and hash functions to the CPU 402. The register 435 stores a seed data and a password seed data. The real time clock 423 provides a current time required for calculations. The radio interface 450 allows the device to communicate wirelessly using one or more standards, including but not limited to Bluetooth, Bluetooth Low Energy, WiFi, ZigBee and others.
[0038] In an embodiment, identification information such as hardware address and service ID stored in the output buffer 445 are calculated and converted by the CPU 402 from the seed data stored in the register 435 in predefined time intervals and changes them accordingly based on real time clock 423. Similarly, the password stored in the output buffer 445 for establishing network connection, pairing or encryption between two wireless devices is also calculated and converted by the CPU 402 from the password seed data stored in the register 435. Then the hardware address, the service address and the password stored in the buffer 445 can be transmitted through the radio interface 450 and the antenna 462 for the wireless device to be identified by other devices in the same communication network 100.
[0039] Referring again to Fig. 4A, by using the seed data for calculating and converting device hardware address or dynamic service ID, and the different password seed data for calculating and converting a password for establishing connection, pairing, encryption, a user can allow the recipient to discover the wireless device 120, but not to connect thereto, pair with it or exchange encrypted data with it.
[0040] Referring to Fig. 4B, in an embodiment, the hardware address stored in the buffer 445 is derived from a list of hardware address stored in a register 475 using the system and method depicted in Figs. 2 and 3. Similarly, the service ID stored in the buffer 445 is derived from a list of service ID stored in the register 475; and a password stored in the buffer 445 is derived from a list of password stored in a register 475. The real time clock 423 provides timing control for new hardware address, service ID and password generation, so that at different time, the wireless device transmits a different hardware address, service ID or password to avoid detection or allow a time-sensitive detection as depicted in Figs. 2 and 3.
[0041] Referring to both Figs. 4A and 4B, the service ID stored in the output buffer 445 is a dynamic service identifier. The service ID can be optionally
determined and set using the process depicted in Figs. 2 and 3. The hardware address stored in the output buffer 445 is assigned to the radio interface 450, and is determined using the method depicted in Figs. 2 and 3, or alternatively the hardware address can be determined randomly, in which case the service ID must be determined and set using the process depicted in Figs. 2 and 3. In both cases the connection, pairing, encryption password, can be either static, or determined and set using the process depicted in Figs. 2 and 3.
[0042] Fig. 5 is a flowchart depicting an exemplary process of discovering location of a wireless device according to an embodiment of the present invention. The process begins with refreshing a database for "lost item" in step 502. Then the lost item's hardware address at a current time is calculated in step 505 based on the information stored in the database. As time elapses, a new hardware address may have to be calculated based on the information stored in the database. In step 508, a discovery device scans a surrounding area and looks for the wireless devices with the calculated hardware address. In step 512, the discovery device performs detection. If there is a wireless being detected, then a comparison between the calculated hardware address and a hardware address of the detect device is performed in step 522. If the two hardware address matches, the discover device reports location information of the detected device to a server in step 525. Then after waiting for a first predetermined time, for instance one minute, in step 515, the discovery device checks a time duration since the current database is last updated in step 542. If time duration is less than a second predetermined time, for instance thirty minutes, the process returns to step 505, i.e., calculating the hardware address again. If the time duration is longer than the second predetermined time, the process returns to step 502, i.e., refreshing the database.
[0043] In step 512, if there is no device within the network is detected, the process goes straight to steps 515 and 542.
[0044] In step 522, if the two hardware address do not match, then a checking whether the detected device being in the range of retroactive searchable devices is performed in step 532. For retroactively searching a wireless device, a user may supply appropriate hash value or keys to the server 170, which can then calculate the identification information for a given time using the system and method depicted in Figs. 2 and 3. After the calculation, the server 170 looks up the calculated
identification information in the previously stored data in the database 174. In this way, the server 170 can provide the user with appropriate knowledge to
retroactively acquire location information of the wireless device.
[0045] In step 532, if the detected device is not in the range of retroactive searchable devices, the process does not report anything in step 535 and
subsequently goes through steps 515 and 542 for repeating the detecting process. In step 532, if the detected device is not in the range of retroactive searchable devices, the process reports nothing is step 535 and goes through steps 515 and 542 for repeating the detecting process.
[0046] Although the detecting process shown in Fig. 5 uses hardware address as the identification information for detecting location of a wireless device, in other embodiments, service ID can be similarly used for the same purpose.
[0047] Fig. 6 is flowchart depicting an exemplary process of letting a wireless device be discovered according to an embodiment of the present invention. The discovery process begins in step 601 for determining if a wireless device's hardware address should be randomly generated. If the answer is "no", the discovery process calculates the hardware address for the wireless device based on a seed value and set it in step 603. Then the discovery process further detects if a service ID should be calculated and advertised in step 612. If the answer is "no", the discovery process advertises a static service ID which is not calculated or no service ID at all in step 615 to indicate presence of the wireless device.
[0048] In step 601, if the answer is "yes", the discovery process set a random hardware address in step 604, and then calculates a service ID based on a seed value and set it in step 606. Then the discovery process advertises the calculated service ID in step 608.
[0049] In step 612, if the answer is "yes", the discovery process also performs steps 606 and 608, i.e., calculating a service ID and advertising it.
[0050] Following step 608 or 615, the discovery process check if a password should be dynamically calculated in step 622, wherein the password is used for establishing connection, pairing and encrypting between two wireless devices. If the answer in step 622 is "no", the discovery process waits a third predetermined time, for instance one minute in step 628 before returning to step 601 for repeating another round of the discovery process. If the answer in step 622 is "yes", the discover process calculates a password based on a password seed value and sets the calculated password in the output buffer 445 in step 625. Then the discovery process goes through the waiting step 628 and returns the step 601 for repeating another round of the discovery process.
[0051] While this disclosure has been particularly shown and described with references to exemplary embodiments thereof, it shall be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit of the claimed embodiments.

Claims

WHAT IS CLAIMED IS:
1. A system for generating identification information for a wireless device, the system comprising: a register for storing a first data; a function store for storing a plurality of functions; a timer for providing a first and second time; a processing unit configured to run a first one of the plurality of functions at the first time with the first data as an input and outputting a second data to an output buffer, the processing unit configured to run a second one of the plurality of functions at a second time with the second data as an input and outputting a third data to the output buffer; a data setting unit configured to convert the second and the third data into at least a part of a first and a second identification information, respectively; and a radio interface configured to transmit the first and the second
identification information at different time.
2. The system of claim 1, wherein the first or second identification information is selected from the group consisting of hardware address, a service identifier and a password.
3. The system of claim 2, wherein the password is used for establishing network connection, pairing or encrypted communication between two wireless devices.
4. The system of claim 1, wherein the first data is a seed established in the wireless device at least in part by a user.
5. The system of claim 1, wherein the function store is implemented with semiconductor memory.
6. The system of claim 1, wherein the function store is implemented with an integrated logic circuit.
7. The system of claim 1, wherein the plurality of functions is a set of predetermined hash functions.
8. The system of claim 1, wherein the data setting unit is implemented with the processing unit.
9. The system of claim 1, wherein the data setting unit combines a first predetermined number of bytes from the second data with a second predetermined number of bytes from an identification data assigned by a vender of the wireless device to form the identification information.
10. The system of claim 1, wherein the transmission by the radio interface is in response to a wireless communication the wireless device receives.
11. The system of claim 1, wherein the transmission by the radio interface is to advertise the presence of the wireless device.
12. The system of claim 1, wherein the processing unit configured to produce a fourth data from a random value as an input and output the fourth data to the output buffer; the data setting unit configured to convert the fourth data into at least a part of a third identification information; and the radio interface configured to transmit the third identification
information at a third time different from the first and second time.
13. The system of claim 12, wherein the third identification information is a hardware address while the first or second identification information is a service identifier.
14. A method for generating identification information for a wireless device, the method comprising: producing a second data by executing a first function by a processing unit with a first data as an input, the first function being stored in a function store in the wireless device, the first data being stored in a register in the wireless device; converting the second data into a first identification information; transmitting the first identification information at a first predetermined time; producing a third data by executing a second function with the second data as an input, the second function being also stored in the function store; converting the third data into a second identification information; and transmitting the second identification information at a second
predetermined time different from the first predetermined time.
15. The method of claim 14, wherein the identification information is selected from the group consisting of a hardware address, a service identifier and a password.
16. The method of claim 15, wherein the password is used for establishing network connection, pairing or encrypted communication between two wireless devices.
17. The method of claim 14, wherein the first data is a seed established in the wireless device at least in part by a user.
18. The method of claim 14, wherein the function store is implemented with semiconductor memory.
19. The method of claim 14, wherein the function store is implemented with an integrated logic circuit.
20. The method of claim 14, wherein the first and second functions are predetermined hash functions.
21. The method of claim 14, wherein the converting is performed by the processing unit.
22. The method of claim 14, wherein the converting includes combining a first predetermined number of bytes from the second data with a second predetermined number of bytes from an identification data assigned by a vender of the wireless device to form the identification information.
23. The method of claim 14, wherein the transmitting is in response to a wireless communication the wireless device receives.
24. The method of claim 14, wherein the transmitting is to advertise the presence of the wireless device.
25. The method of claim 14 further comprising producing a fourth data from a random value as an input; converting the fourth data into at least a part of a third identification information; and transmitting the third identification information at a third time different from the first and second time.
26. The method of claim 25, wherein the third identification information is a hardware address while the first or second identification information is a service identifier.
27. The method of claim 14 further comprising exposing one of the first data, the second data and the third data to an user not being an owner of the wireless device to enable the user to track the wireless device from another device.
28. The method of claim 14 further comprising saving the first and second identification information along with time-based location information of the wireless device in a database for retroactively tracking the wireless device.
PCT/US2016/054843 2015-10-01 2016-09-30 System and method for privacy enabled discovery of wireless devices and their location WO2017059282A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201562236108P 2015-10-01 2015-10-01
US62/236,108 2015-10-01

Publications (1)

Publication Number Publication Date
WO2017059282A1 true WO2017059282A1 (en) 2017-04-06

Family

ID=58427951

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2016/054843 WO2017059282A1 (en) 2015-10-01 2016-09-30 System and method for privacy enabled discovery of wireless devices and their location

Country Status (1)

Country Link
WO (1) WO2017059282A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109348477A (en) * 2018-09-28 2019-02-15 深圳大学 Wireless internet of things physical layer authentication method based on service network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073795A1 (en) * 2002-10-10 2004-04-15 Jablon David P. Systems and methods for password-based connection
US20150058949A1 (en) * 2013-08-20 2015-02-26 Mastercard International Incorporated Method and system for computing code management platform
US20150098563A1 (en) * 2013-10-09 2015-04-09 Sean M. Gulley Generating Multiple Secure Hashes from a Single Data Buffer
US20150143122A1 (en) * 2013-11-18 2015-05-21 Qualcomm Incorporated Methods and apparatus for private service identifiers in neighborhood aware networks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073795A1 (en) * 2002-10-10 2004-04-15 Jablon David P. Systems and methods for password-based connection
US20150058949A1 (en) * 2013-08-20 2015-02-26 Mastercard International Incorporated Method and system for computing code management platform
US20150098563A1 (en) * 2013-10-09 2015-04-09 Sean M. Gulley Generating Multiple Secure Hashes from a Single Data Buffer
US20150143122A1 (en) * 2013-11-18 2015-05-21 Qualcomm Incorporated Methods and apparatus for private service identifiers in neighborhood aware networks

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109348477A (en) * 2018-09-28 2019-02-15 深圳大学 Wireless internet of things physical layer authentication method based on service network
CN109348477B (en) * 2018-09-28 2021-03-09 深圳大学 Wireless internet of things physical layer authentication method based on service network

Similar Documents

Publication Publication Date Title
Al‐Turjman et al. An overview of security and privacy in smart cities' IoT communications
Sain et al. Survey on security in Internet of Things: State of the art and challenges
EP2817937B1 (en) Method and devices for obscuring a device identifier
Eun et al. Conditional privacy preserving security protocol for NFC applications
EP3318048B1 (en) Bluetooth low energy addresses generation
US10419907B2 (en) Proximity application discovery and provisioning
EP3127309B1 (en) Transmission of beacon message
US20160277933A1 (en) Secure Data Communication system between IoT smart devices and a Network gateway under Internet of Thing environment
US20150356289A1 (en) Secure Current Movement Indicator
KR20130111165A (en) Bluetooth low energy privacy
CN102077623A (en) Methods and apparatus for securely advertising identification and/or discovery information
EP3189643A1 (en) Proximity application discovery and provisioning
KR20180119201A (en) Electronic device for authentication system
Sahu et al. Secure authentication protocol for IoT architecture
CN105208551A (en) Method and apparatus for transmitting and obtaining beacon data
US11882097B2 (en) Providing substitute domain information in a virtual private network
WO2017059282A1 (en) System and method for privacy enabled discovery of wireless devices and their location
WO2018093683A1 (en) Systems and methods for detection of wireless beacon cloning
KR20190084640A (en) Beacon location checking method
US20230328635A1 (en) Non-Waking Maintenance of Near Owner State
US20230132742A1 (en) End-to-End Encrypted Location-Finding
Huang et al. A secure and efficient WSN by employing symmetric key matrix and rectangular frame scheme
Kesharwani et al. Location Privacy in Wireless Sensor Networks Using Anonymity
JP2018037898A (en) Transmitter, communication system, transmission method, and program
EP3419217B1 (en) Network of nodes and method of operation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16852735

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16852735

Country of ref document: EP

Kind code of ref document: A1