KR20190003029A - Authentication apparatus based on location password based on geo-fencing and system thereof - Google Patents

Authentication apparatus based on location password based on geo-fencing and system thereof Download PDF

Info

Publication number
KR20190003029A
KR20190003029A KR1020170083458A KR20170083458A KR20190003029A KR 20190003029 A KR20190003029 A KR 20190003029A KR 1020170083458 A KR1020170083458 A KR 1020170083458A KR 20170083458 A KR20170083458 A KR 20170083458A KR 20190003029 A KR20190003029 A KR 20190003029A
Authority
KR
South Korea
Prior art keywords
authentication
password
geofence
virtual zone
location
Prior art date
Application number
KR1020170083458A
Other languages
Korean (ko)
Other versions
KR102004703B1 (en
Inventor
박영경
양중근
오장훈
Original Assignee
주식회사 엘핀
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 엘핀 filed Critical 주식회사 엘핀
Priority to KR1020170083458A priority Critical patent/KR102004703B1/en
Publication of KR20190003029A publication Critical patent/KR20190003029A/en
Application granted granted Critical
Publication of KR102004703B1 publication Critical patent/KR102004703B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/021Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W64/00Locating users or terminals or network equipment for network management purposes, e.g. mobility management

Abstract

The location context based encryption apparatus according to an embodiment of the present invention may include a memory for storing a geofence entry state using information about a geofence composed of at least one virtual zone and a processor electrically connected to the memory Wherein the processor is configured to: (a) update the geofence entry state based on a current location situation; and (b) if the geofence entry state is confirmed to be an entry, And generating a virtual zone based authentication password based on the request of the user terminal by determining one of the virtual zones.

Description

TECHNICAL FIELD [0001] The present invention relates to a location-based password authentication apparatus using a geofencing technology, and a password authentication system including the same. [0002]

The present invention relates to an authentication technique, and more particularly, to a location-based password authentication device capable of generating an authentication password based on location information of a user continuously changing in terms of time and space to be used in a user authentication process of various wired and / And a password authentication system including the same.

Security authentication technologies are widely used for user authentication in the provision of specific services requiring security. Among them, there are public authentication certificates, security cards, and OTP as secondary authentication technologies that are mainly used. However, duplication and leakage are increasing every year, and high-level hacking techniques for disabling authentication schemes such as memory hacking are emerging, and development of security authentication technology that provides user convenience while enhancing security is required.

Korean Patent Laid-Open Publication No. 10-2005-0118457 (Dec. 19, 2005) relates to a user location authentication system and a control method thereof, and it relates to a user location authentication system and a control method thereof, in which user identification information capable of identifying a user from a specific user is acquired, A plurality of terminals configured to transmit authentication basic data using geographical location information and time information at this time; And, after comparing the user identification information and pre-registered user reference identification information among the authentication basic data transmitted from each terminal, user location authentication is performed, and the user location authentication result is given to the authentication basic data, And a user location authentication server for storing and storing the location information.

Korean Patent Registration No. 10-1703357 (Jan. 31, 2017) discloses a system and method for authenticating an actual location of a terminal, and is provided with an IP address pool managed by a location authentication apparatus and a location information Storing in a location information database (DB) and managing the location information; The location authentication apparatus searches for an IP address pool and location information stored in the location information database (DB) by using the IP address and the location information received from the application service server in the actual location authentication request of the terminal step; And a location authentication step in which the location authentication apparatus authenticates the actual location of the terminal according to the search result, and transmits the authentication result and the distance information to the application service server.

Korean Patent Publication No. 10-2005-0118457 (Dec. 19, 2005) Korean Patent No. 10-1703357 (Jan. 31, 201)

One embodiment of the present invention is a location-based password authentication device capable of generating an authentication password based on location information of a user continuously changing in time and space dimensions and being used in a user authentication process of various wired and wireless services, System.

One embodiment of the present invention provides a location-based password authentication apparatus that can be used as a secure user authentication means in various wired and wireless and offline services by enhancing security against hacking through a virtual zone-based authentication password and a password authentication system including the same .

In embodiments, the location based password authentication apparatus includes a processor that stores a geofence entry state indicating whether to enter a geofence composed of at least one virtual zone, and a processor that is electrically coupled to the memory, comprising the steps of: a) updating the geofence entry state based on a current location situation; and b) determining one of the at least one virtual zone based on the current location situation if the geofence entry state is confirmed as entering And generating a virtual zone based authentication password.

The step (a) may include determining the current location status based on the base station identifier received from the base station.

In the step (a), when the number of the received base station identifiers is plural, the step (a) may further comprise determining the current positional state with a base station identifier received for a longest time in a recent time interval.

The step (a) may include determining the current location status based on an SSID (Service Set Identifier) received from the wireless access point.

The step (b) may include analyzing a network area identified through the received SSID to determine one of the at least one virtual zone.

The step (a) may include the step of determining the current positional state based on the GPS information received from the GPS (Global Positioning System).

Wherein the step (b) comprises the step of determining whether the radar coordinate detected from the received GPS information is included in a predetermined set of radar coordinate sets constituting the at least one virtual zone to determine the one .

The step (b) may include generating an adjacent virtual zone authentication password by identifying an adjacent virtual zone if the authentication of the password fails with the authentication password generated through the determined virtual zone.

The location-based password authentication apparatus may further include a step of checking the geofence entry state periodically or according to the occurrence of a specific event, between the step (a) and the step (b).

The location-based password authentication apparatus further includes a step of configuring the geofence based on at least one of the base station identifier of the base station, the SSID of the wireless access point, and the GPS information of the user terminal, which is performed before step (a) .

The step of constructing the geophone includes constructing each of the at least one virtual zone for a corresponding band in a case of a plurality of band cells based on the base station identifier and accumulating the GPS information for each virtual zone so as to minimize the influence of cell coverage change, And constructing the geophone by combining the coverage for each band.

The location-based password authentication apparatus may further include a step of providing a different base code to each of the at least one virtual zone, which is performed before the step (a).

The providing of the base code may include providing a push-pull basis code providing step of providing a base code corresponding to the virtual zone to the user terminal by confirming the geofence entry state at the request of the user terminal . ≪ / RTI >

The step of providing the base code may include providing a base broadcasting code of a cell broadcasting method in cooperation with the mobile broadcasting company cell broadcasting server to provide different base codes corresponding to each of the at least one virtual zone can do.

The step (b) includes generating the virtual zone-based authentication password as a password reflecting the spatio-temporal information by using the base code and the current time corresponding to the determined virtual zone as the authentication password seed of the authentication password generation algorithm .

The location-based password authentication device may be performed before step (a), and may further include performing an integrity check on the geofence of the user periodically or in response to the occurrence of a specific event.

Among the embodiments, the location-based password authentication system includes a mobile broadcasting company cell broadcasting server for transmitting data to a user terminal through a cell broadcasting method, a mobile communication company location information server for confirming the location of the user terminal, And a location-based password authentication device for performing a corresponding password authentication in cooperation with the cell broadcasting server and the mobile communication company location information server when a password authentication request associated with the user terminal is received, wherein the location- A geofence entry state update unit for updating a geofence entry state indicating whether or not entry into a geofence composed of at least one virtual zone is based on a location situation; Wherein one of said at least one virtual zone Determined comprises a generator for generating an authentication password for the authentication password for the virtual zone-based.

The disclosed technique may have the following effects. It is to be understood, however, that the scope of the disclosed technology is not to be construed as limited thereby, as it is not meant to imply that a particular embodiment should include all of the following effects or only the following effects.

The location-based password authentication apparatus and the password authentication system including the same according to an embodiment of the present invention generate an authentication password based on the location information of the user continuously changing in time and space, Can be used.

The location-based password authentication device and the password authentication system including the same according to an embodiment of the present invention can enhance security for hacking by using a virtual zone-based authentication password and can be used as a secure user authentication means in various wired and wireless services have.

1 is a view for explaining a location-based password authentication system according to an embodiment of the present invention.
2 is a block diagram illustrating the location-based password authentication apparatus of FIG.
Figure 3 is a block diagram illustrating the functional elements of the processor in Figure 2;
4 is a flow diagram illustrating a location based password authentication procedure performed by the processor of FIG.
5 is a diagram showing an embodiment of the location-based password authentication system shown in FIG.
FIG. 6 is a flowchart illustrating an example of a process of performing a password authentication by the location-based password authentication apparatus of FIG.
FIG. 7 is a view for explaining an embodiment of a process of constructing a geofence by the location-based password authentication apparatus shown in FIG.
8 is a view for explaining an embodiment of a process of performing a secondary authentication by identifying an adjacent virtual zone when password authentication fails in the process of performing the password authentication in the location-based password authentication apparatus of FIG.
9 is a view for explaining an embodiment of a process in which the user terminal of FIG. 1 generates an authentication password through a location-based authentication agent installed in the user terminal.

The description of the present invention is merely an example for structural or functional explanation, and the scope of the present invention should not be construed as being limited by the embodiments described in the text. That is, the embodiments are to be construed as being variously embodied and having various forms, so that the scope of the present invention should be understood to include equivalents capable of realizing technical ideas. Also, the purpose or effect of the present invention should not be construed as limiting the scope of the present invention, since it does not mean that a specific embodiment should include all or only such effect.

Meanwhile, the meaning of the terms described in the present application should be understood as follows.

The terms "first "," second ", and the like are intended to distinguish one element from another, and the scope of the right should not be limited by these terms. For example, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" to another element, it may be directly connected to the other element, but there may be other elements in between. On the other hand, when an element is referred to as being "directly connected" to another element, it should be understood that there are no other elements in between. On the other hand, other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.

It is to be understood that the singular " include " or "have" are to be construed as including the stated feature, number, step, operation, It is to be understood that the combination is intended to specify that it does not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.

In each step, the identification code (e.g., a, b, c, etc.) is used for convenience of explanation, the identification code does not describe the order of each step, Unless otherwise stated, it may occur differently from the stated order. That is, each step may occur in the same order as described, may be performed substantially concurrently, or may be performed in reverse order.

The present invention can be embodied as computer-readable code on a computer-readable recording medium, and the computer-readable recording medium includes all kinds of recording devices for storing data that can be read by a computer system . Examples of the computer-readable recording medium include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage, and the like. In addition, the computer-readable recording medium may be distributed over network-connected computer systems so that computer readable codes can be stored and executed in a distributed manner.

All terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. Commonly used predefined terms should be interpreted to be consistent with the meanings in the context of the related art and can not be interpreted as having ideal or overly formal meaning unless explicitly defined in the present application.

1 is a view for explaining a location-based password authentication system according to an embodiment of the present invention.

1, the location-based password authentication system 100 includes a location-based password authentication apparatus 110, a user terminal 120, an application server 130, a mobile communication company cell broadcasting server 140, A server 150, and the like.

The location-based password authentication device 110 corresponds to a computing device capable of generating a location-based authentication password. The location-based cryptographic authentication apparatus 110 may be connected to the user terminal 120, the base station, the mobile communication company cell broadcasting server 140, the mobile communication company location information server 150 and the application server 130, A wireless mobile communication network and a wired data network. In one embodiment, the location-based password authentication device 110 may receive an authentication request associated with the user terminal 120 and may generate a virtual zone-based authentication password based on the location of the user terminal 120 And can perform the password authentication through the verification between the authentication password generated in the corresponding user terminal 120 and the generated virtual zone based authentication password included in the authentication request.

The user terminal 120 corresponds to a computing device that can be connected to the location-based password authentication device 110 through a network, and may be implemented, for example, as a desktop, a notebook, a tablet PC, or a smart phone. In one embodiment, the user terminal 120 may communicate with the user terminal 120 via a location-based authentication agent installed on the user terminal 120 for user authentication associated with a particular service transaction (e.g., transfer, transfer) Based password authentication device 110 or a service provider server (e.g., a financial institution server) associated with the particular service transaction by requesting password authentication. In one embodiment, the location-based authentication agent corresponds to an agent program that is installed in the user terminal 120 and is software capable of being linked with the location-based password authentication apparatus 110 through a network and interworking with each other. For example, And can be implemented as a mobile application that can be executed on a mobile device.

The application server 130 corresponds to a computing device capable of interworking with the user terminal 120 through a location based authentication agent installed in the user terminal 120. [ All. In one embodiment, the application server 130 may provide a location-based authentication agent to the user terminal 120 and may provide a basis code, a complete list of authentication passwords, and a matching Management and encryption of the table can be performed, setting of basic parameters necessary for the location-based authentication agent, setting of detailed parameters for encryption, security policy setting, and database (DB) update can be performed.

The mobile broadcasting company cell broadcasting server 140 corresponds to a computing device capable of transmitting data to a user terminal 120 through a cell broadcasting system. In one embodiment, the mobile-service-cell broadcasting server 140 receives a base-code transmission request from the location-based cryptographic authentication device 110 and the cell broadcasting server 140, including a base code corresponding to each of a plurality of base stations, And may provide the corresponding base code to the user terminal 120 via each base station when received.

The mobile communication company location information server 150 corresponds to a computing device that can track the location of the user based on the mobile phone identifier (e.g., mobile phone number) of the user terminal 120. [ The mobile communication company location information server 150 can confirm the location of the user terminal 120 associated with a specific user on the basis of the base station and provides location information on the confirmed location to the location based password authentication device 110, .

In one embodiment, the location-based cryptographic authentication system 100 may further include a service provider server, wherein the service provider server is a service provider that provides a particular service (e.g., transfer, transfer) For example, a bank, a securities company). In one embodiment, the service provider server may request the user terminal 120 to input an authentication password for user authentication when a request for provision of a specific service is received from the user terminal 120, It is possible to request the location-based password authentication apparatus 110 to perform password authentication for the authentication password, and determine whether to provide the specific service according to whether the password authentication is successful or not.

2 is a block diagram illustrating the location-based password authentication apparatus of FIG.

2, the location-based password authentication apparatus 110 may include a processor 210, a memory 220, a user input / output unit 230, and a network input / output unit 240.

The processor 210 is electrically connected to the memory 220. The processor 210 may perform the location based password authentication procedure shown in FIG. 4 and store and update the results generated in the entire procedure of the procedure in the memory 220. The processor 210 may manage a memory 220 that stores data to be read or written in the course of performing the location based password authentication procedure and may schedule the synchronization time between the volatile memory and the non- can do. The processor 210 may control the overall operation of the location based password authentication device 110 and may control the flow of data between the memory 220, the user input and output unit 230 and the network input and output unit 240, Based password authentication apparatus 110. [0064] FIG.

The memory 220 may be implemented as a non-volatile memory such as a solid state disk (SSD) or a hard disk drive (HDD), and may include an auxiliary storage device used to store data necessary for the location- And a main memory implemented with a volatile memory such as a RAM (Random Access Memory). As such, the memory 220 may be implemented as a volatile or nonvolatile memory, and may be implemented to be connected via a hyperlink if implemented as a nonvolatile memory.

The memory 220 may store a geofence entry state. Here, the geofence entry state indicates whether to enter the geofence 115 composed of at least one virtual zone, and in one embodiment, the user terminal 120 via the location based authentication agent installed in the user terminal 120, Can be tracked and managed in real time. In one embodiment, the memory 220 may store configuration information for each of the at least one virtual zone that constitutes the geofence 115, and may be associated with each virtual zone and may include a seed of a virtual zone- And may store a base code generation algorithm for generating the base code.

The user input / output unit 230 includes an environment for receiving user input and an environment for outputting specific information to the user, and includes an input device including an adapter such as a touch pad, a touch screen, or a pointing device, Or an output device including an adapter such as a touch screen.

The network input / output unit 240 includes an environment for connecting with the user terminal 120 through a network, and may include an adapter for wireless LAN (Local Area Network) communication, for example

Figure 3 is a block diagram illustrating the functional elements of the processor in Figure 2;

3, the processor 210 includes a geofence management unit 310, a geofence entry state update unit 320, an authentication password generation unit 330, a password authentication performing unit 340, and a control unit 350 can do.

The geofence management unit 310 can manage the geofence 115 composed of at least one virtual zone. In one embodiment, the geofenced manager 310 may configure each of the at least one virtual zone based on at least one of the base station cell identifier, the wireless access point identifier, and the GPS information of the user terminal 120. Here, each of the at least one virtual zone corresponds to at least one region that is distinguished to determine whether the user terminal 120 has entered the geofence 115. For example, each virtual zone of the geofence 115 may correspond to a base station service area identifiable by a base station identifier of a base station, and may be a service set identifier (SSID) unit of a Wi-Fi And may correspond to a virtual area generated through a combination of at least two of the base station identifier of the base station, the SSID of the Wi-Fi, and Global Positioning System (GPS) information, for example have.

In one embodiment, the geofence management unit 310 may configure a virtual zone of the geofence 115 on a region-by-region basis having the same base station identifier based on the base station identifier of the base station. In one embodiment, the base station identifier is an identifier that can identify each of a plurality of base stations. For example, the base station identifier corresponds to a PCI (Physical Cell ID) of a base station based on LTE (Long Term Evolution) Identifier or an ECGI (E-UTRAN CGI), or an identifier uniquely assigned by a combination thereof, and in another example, 2G (The Second Generation), 3G (The Third Generation) It may correspond to the identifier of the base station based on the next generation mobile communication technology specification. For example, the geofence management unit 310 can generate a geofence 115 composed of 504 virtual zones using 504 PCIs defined in 3GPP (3rd Generation Partnership Project) LTE standard.

In another embodiment, the geofence management unit 310 may configure the geofence 115 based on the SSID of the wireless access point (e.g., Wi-Fi) Each virtual zone can be configured.

In another embodiment, the geofence management unit 310 may configure the geofence 115 associated with GPS information based on radar information on a map designated by the user or designer. For example, the geofence management unit 310 may include a virtual zone having a corresponding polygonal shape based on a set of radius coordinates corresponding to vertices of a virtual polygon on a map received from the user terminal 120 and input by the user, Lt; / RTI >

In one embodiment, the geofence management unit 310 may generate each of the at least one virtual zone in the form of a polygon, for example, a GPS, a mobile phone base station signal, and a WiFi signal, Can be generated.

In one embodiment, the geofence management unit 310 constructs at least one virtual zone for each frequency band in the case of multiple frequency band cells based on the base station identifier, but accumulates GPS information by virtual zone to minimize the effect of cell coverage change The geophone 115 can be constructed by combining the coverage of each frequency band. This will be described in more detail with reference to FIG. 8B.

In one embodiment, the geofence management unit 310 may reconfigure at least one virtual zone periodically or upon the occurrence of a particular event. For example, the geofenced management unit 310 may reconstruct a virtual zone based on a randomly selected one of the base station identifier of the base station, the SSID of the wireless access point, and the GPS information at a specific time period or under the control of the administrator.

In one embodiment, the geofence management unit 310 may perform an integrity check on the geofence 115 of the user periodically or upon the occurrence of a specific event. For example, when the geofence management unit 310 is connected to the user terminal 120 through a location-based authentication agent at a predetermined period, the geofence management unit 310 may determine the location of the user terminal 120, The SSID and the GPS information of the corresponding user terminal 120 can be used to confirm whether or not the valid geofence 115 is used.

The geofence entry state update unit 320 updates the geofence entry state based on the current location state. In one embodiment, the geofence entrance state update unit 320 receives the authentication code from the authentication code generation unit 330 in the process of generating the authentication code or transmitting the base code by the authentication code generation unit 330, It is possible to receive a management request for the associated geofence entry state, thereby to track the current location of the user terminal 120 to obtain location information regarding the current location status, It can be determined whether or not it has entered the geofence 115 as a basis. For example, the geofence entry state update unit 320 may track the current location status from at least one of the base station identifier, SSID, and GPS information of the base station received from the user terminal 120 through the location based authentication agent, It is possible to track the current positional state of the user terminal 120 in cooperation with the mobile communication device location information server 150 based on the mobile phone number or to detect the current positional state based on the base code received from the user terminal 120 Or receives the current location information of the corresponding user terminal 120 from the authentication code generation unit 330 interlocked with the mobile communication company location information server 150 to check whether the geofence is entered or not and the specific virtual zone information have.

In one embodiment, the geofence entry state update unit 320 can determine the current location situation based on the base station identifier received from the base station. The geofence entry state update unit 320 may communicate with the mobile communication company location information server 150 to receive a base station identifier that is a base station cell identifier associated with the current location of the user terminal 120, It is possible to determine whether or not the virtual zone exists and enter the geofence 115. For example, if the user terminal 120 receives a specific PCI, which is one of the 504 PCIs defined in the 3GPP LTE standard, the geofence entry state update unit 320 determines that the user terminal 120 has entered a specific virtual zone matching the PCI And if it receives another PCI while receiving a specific PCI, it can be determined that the virtual zone is left. In one embodiment, the geofence entry state update unit 320 may reduce the occurrence of unnecessary frequent changes in the virtual zone by setting a grace period of a specific time period in this determination process.

In the above embodiment, the geofence entry state update unit 320 can determine the current location state with the base station identifier received for the longest time in the recent time interval when the number of the received base station identifiers is plural. For example, the geofence entry state update unit 320 may accumulate the time when each of the received PCIs is active, and determine a virtual zone associated with a specific PCI having the longest accumulated time as a virtual zone currently located .

In another embodiment, the geofence entry state update unit 320 can determine the current location situation based on the SSID received from the wireless access point, and determine whether to enter the geofence. In another embodiment, the geofence entry state update unit 320 may determine the current location situation based on the GPS information received from the GPS. For example, the geofence entry state update unit 320 receives the GPS information through the location-based authentication agent installed in the user terminal 120 and updates the current position of the corresponding user terminal 120 to the radius It is possible to determine which virtual zone among the virtual zones based on the road.

In one embodiment, the geofence entry state update unit 320 can periodically check the geofence entry state according to the occurrence of a specific event. For example, when receiving a base code generation request or a password authentication request associated with the user terminal 120, the geofence entry state update unit 320 may track the location status of the user terminal 120 until the corresponding procedure is terminated When the user terminal 120 is connected to the user terminal 120 through the location based authentication agent installed in the user terminal 120, the user terminal 120 can continuously update the geofence entry state, ) May be continuously tracked to update the geofence entry state.

The authentication code generation unit 330 may provide different base codes to each of at least one virtual zone in the geofence 115. [ The authentication code generation unit 330 can generate the base code based on the stored base code generation algorithm and can update the base code with a specific period to restrict the validity of the base code. Here, the base code can be used as a seed in a base code generation algorithm for location based encryption generation. The authentication code generation unit 330 may provide a base code according to the following embodiments.

In the first embodiment, the authentication code generation unit 330 can perform transmission of a base code in a push-pull method based on a user request. When the user terminal 120 requests transmission of the base code to the authentication-password generation unit 330 through the location-based authentication agent, the authentication-password generation unit 330 transmits the authentication code to the authentication code generation unit 330 through the geofence entry state update unit 320 The geofence entry state of the corresponding user terminal 120 can be confirmed and the base code corresponding to the identified virtual zone can be transmitted to the user terminal 120 when the geofence entry state is confirmed.

In the second embodiment, the authentication-code generating unit 330 can perform base-code transmission in a cell broadcasting manner in cooperation with the mobile-communication-cell broadcasting server 140. For example, the authentication code generation unit 330 may periodically update different base codes corresponding to the virtual zones of the geofence 115 and transmit them to the mobile communication company cell broadcasting server 140, The base code may be provided in a cell broadcasting manner through each base station in cooperation with the server 140. [

In one embodiment, the authentication code generation unit 330 receives a request for retransmission of a base code in response to a user request or provides a base code in a cell broadcast manner in cooperation with the cell broadcasting server 140 When it is detected that the user terminal 120 enters or leaves a specific virtual zone through the geofence entry state update unit 320, it can perform retransmission of the base code in the above described schemes. If the two conditions are overlapped, Can be given priority.

In one embodiment, when a specific period associated with the base code update is set by the user terminal 120 located in the same virtual zone over a specific time interval, the authentication code generation unit 330 generates a base code Can be updated, and the updating according to the period designated by the user can be prioritized over the periodic cell broadcasting.

In one embodiment, the authentication code generation unit 330 may update the base code according to the period by adjusting the specific period based on Equation (1) below. For example, the authentication-password generation unit 330 may generate the authentication-password-generated authentication information in such a manner that the personal information leakage detection reference number specified by the designer is 5 (times) ( ht = 5) If the number of times is 10 (times) (h avg = 10), the base code can be updated at a cycle of (1/2) * t 0 which is faster than the basic period value t 0 set by the designer.

[Equation 1]

Figure pat00001

(Here, h avg shall recent disclosure of personal information corresponding to the detected cumulative number of targets of users during a specific time interval and, h t corresponds to the disclosure of personal information detected based on the number of times specified by the designer, t 0 is the designer Or a default period value that can be set by the user)

When the geofence entry state is confirmed to be entered, the authentication password generation unit 330 may generate one of at least one virtual zone based on the current location status to generate a virtual zone-based authentication password. The authentication password generation unit 330 receives the password authentication request associated with the specific user terminal 120 from the geofence entry state update unit 320 in real time and receives the geofence entry state of the corresponding user terminal 120 in real time, A specific virtual zone based authentication password in which the terminal 120 is located. In one embodiment, the authentication-password generation unit 330 may determine one of the at least one virtual zone by analyzing the network area identified through the received SSID. In another embodiment, the authentication- Can determine one of the at least one virtual zone by analyzing whether the detected radar coordinate from the received GPS information is included in a predetermined set of radar coordinates constituting at least one virtual zone.

The authentication-password generation unit 330 may generate the virtual zone-based authentication password using the location information on the specific virtual zone determined based on the current location status and the authentication-password generation algorithm. In one embodiment, the authentication password generator 330 may be previously promised to generate an authentication password using the same algorithm as the authentication password generation algorithm in the location-based authentication agent installed in the user terminal 120. [

In one embodiment, the authentication password generator 330 generates a virtual zone-based authentication password using the base code and user information corresponding to the virtual zone as an authentication password seed of the authentication password generation algorithm, Here, the user information may be specified in advance by the user terminal 120, may correspond to an identity that specifies the user, and may correspond to, for example, a user ID or a password designated by the user .

In another embodiment, the authentication password generation unit 330 uses the base code corresponding to the virtual zone and the current time as the authentication password seed of the authentication password generation algorithm, and uses the virtual zone-based authentication password as the password reflecting the spatiotemporal information And can generate a more secure authentication password by further reflecting the current time in a base code that can be periodically changed according to the location.

In one embodiment, when the authentication of the password fails with the authentication password generated through the determined one virtual zone, the authentication-password generation unit 330 may generate an adjacent virtual zone authentication password by identifying an adjacent virtual zone. In one embodiment, when the user terminal 120 periodically measures the signal for the PCI of the neighboring cell in addition to the PCI of the cell that the user terminal 120 is receiving for the actual communication, It can be utilized in the process of password authentication. In this process, the initial authentication is performed based on the virtual zone corresponding to the activated PCI of the currently used cell, and if it fails, the secondary authentication is performed based on the adjacent virtual zones of the neighboring cells, Can be sequentially performed as secondary password authentication. This will be described in more detail with reference to FIG.

The password authentication performing unit 340 can perform password authentication based on the generated authentication password. When the authentication request associated with the user terminal 120 is received, the password authentication performing unit 340 receives the authentication request and the authentication password generated by the user terminal 120 and the authentication password generating unit 330 The virtual zone based authentication password generated by the virtual zone can be collated to perform the password authentication. For example, when the user terminal 120 transmits the first authentication password generated according to the authentication password generation algorithm in the location-based authentication agent, the password authentication performing unit 340 tracks the current location status of the user terminal 120 A second authentication password can be generated through the same authentication password generation algorithm as that of the user terminal 120 using the PCI or base code corresponding to the virtual zone at the corresponding position as a seed, It is possible to determine that password authentication is successful if the passwords are matched against each other or not if the passwords do not match.

The control unit 350 may receive the password authentication request or the base code transmission request associated with the user terminal 120 and may control the entire procedure. The control unit 350 controls the geofence management unit 310, the geofence entry state The update unit 320, the authentication-password generation unit 330, and the encryption-authentication performing unit 340. [

Based on the functional elements of the process 210 in the location-based password authentication apparatus 110, the geofence management unit 310, the geofence entry state update unit 320, the authentication password generation unit 330, The geofence management unit 310, the geofence entry state updating unit 320, the authentication password generating unit 330, the password authentication performing unit 340, and the control unit 350. However, in another embodiment, The control unit 340 and the control unit 350 may be implemented separately in at least one independent computing device according to the functional elements thereof. For example, the geofence management unit 310, the geofence entry state update unit 320, the authentication password generation unit 330, the password authentication performing unit 340, and the control unit 350 may be implemented by a computing device And may be operated by different providers or the same business entity, or may be implemented as an integrated computing device that is functionally separated without being physically separated from each other, for example, and may be operated by the same business entity.

4 is a flow diagram illustrating a location based password authentication procedure performed by the processor of FIG.

4, the control unit 350 may receive a password authentication request associated with the user terminal 120 (step S410). In one embodiment, when a password authentication request is received through the location-based authentication agent installed in the user terminal 120, the controller 350 controls the geofence entry state updating unit 320 to update the geofence entry state of the corresponding user terminal 120 Can be requested.

The geofence entry state update unit 320 can update the geofence entry state based on the current location state (step S420). In one embodiment, the geofence entry state update unit 320 may update the geofence entry state with respect to the user terminal 120 in real time and provide the updated state to the authentication password generation unit 330.

If the geofence entry state is confirmed to be entered, the authentication password generation unit 330 may determine one of at least one virtual zone based on the current location status to generate a virtual zone-based authentication password (step S430). In one embodiment, the authentication code generation unit 330 acquires information on a specific zone in which the corresponding user terminal 120 is located from the received geofence entry state, and generates a base code corresponding to the specific zone, a current time, It is possible to generate the authentication password by using the property information pre-designated by the authentication information generation unit as the seed of the authentication password generation algorithm.

The password authentication performing unit 340 can perform password authentication based on the generated authentication password (step S440). In one embodiment, the password authentication performing unit 340 may determine whether the password authentication is successful by collating the authentication password generated by the user terminal 120 with the virtual authentication password generated by the authentication password generating unit 330 .

In one embodiment, the geofenced management unit 310 may periodically check the geofence entry state between steps S420 and S430 or upon the occurrence of a specific event, and may determine the base station identifier of the base station, the SSID of the wireless access point And GPS information and may reconfigure the geofence 115 periodically or after the occurrence of a particular event prior to or after step S410, and prior to step S410, Or to perform an integrity check on each of at least one virtual zone according to the occurrence of a specific event.

5 is a diagram showing an embodiment of the location-based password authentication system shown in FIG.

1 to 5, the geofence management unit 310, the geofence entry state update unit 320, the authentication password generation unit 330, the password authentication unit 340, And the control unit 350 may be separately implemented in the geofencing server 510, the LFin gateway server 520, and the LFin authentication server 530 according to functional elements thereof.

In one embodiment, the geofence management unit 310 and the geofence entry state update unit 320 of the location-based password authentication apparatus 110 may be implemented in the geofencing server 510 with respect to their functional elements. The geofencing server 510 may configure and manage the geofence 115 configured with at least one virtual zone and may provide a geofence entry state for a particular user terminal 120 at the request of the LFin authentication server 530 It can be managed in real time.

In one embodiment, the controller 350 of the location-based cryptographic authentication device 110 may be implemented in the LFin gateway server 520 with respect to its functional elements. In one embodiment, the LFin gateway server 520 may act as a gateway in the communication process between the LFin authentication server 530 and the user terminal 120 residing in the mobile communication carrier network, It is possible to control the connection flow between the fencing server 510, the LFin authentication server 530, the application server 130 and the mobile communication company location information server 150. The LFin gateway server 520 sends a password authentication request associated with the user terminal 120 or the user terminal 120 received from the service provider server associated with the particular service transaction of the user terminal 120 to the LFin authentication server 530 And the password authentication may be performed through the LFin authentication server 530. The LFin authentication server 530 may receive the password authentication result and provide the result to the corresponding user terminal 120. [

In one embodiment, the authentication cryptographic unit 330 and the cryptographic authentication performing unit 340 of the location-based cryptographic authentication apparatus 110 may be implemented in the LFin authentication server 530 with respect to their functional elements. The LFin authentication server 530 exists in the mobile communication company network and can be connected to the mobile communication company cell broadcasting server 750 through the corresponding network and can communicate with the user terminal 120 through the LFin gateway server 520 . The LFin authentication server 530 may generate different base codes for each virtual zone in a specific cycle and transmit the generated base codes in a cell broadcasting manner in cooperation with the mobile communication company cell broadcasting server 750, When the authentication request is received, the location information of the corresponding user terminal 120 can be checked in cooperation with the geofencing server 510 and the mobile communication company location information server 760. Also, the LFin authentication server 530 determines a specific virtual zone corresponding to the identified location information, generates a location-based authentication password using the base code corresponding to the virtual zone and the current time as a seed of the authentication password generation algorithm And can determine whether the authentication of the password is successful by comparing the authentication code based on the generated location context and the authentication password generated by the corresponding user terminal 120. [

FIG. 6 is a flowchart illustrating an example of a process of performing a password authentication by the location-based password authentication apparatus of FIG.

6, the geofencing server 510 of the location-based cryptographic authentication apparatus 110 of the location-based cryptographic authentication apparatus 110 generates an identification number 610 and an identifier 610 based on at least one of the base station identifier of the base station, the SSID of the Wi- Similarly, each virtual zone can be configured.

The location-based password authentication apparatus 110 may provide different base codes (encryption codes) to each of the virtual zones constituting the geofence 115 (FIG. 6, step 1). In one embodiment, the LFin authentication server 530 receives a request for a base code request from a location-based authentication agent installed in the user terminal 120 via the LFin gateway server 520 and sends the request to the geofencing server 510 and the mobile carrier It can track the location of the user terminal 120 in conjunction with the location information server 150 and transmit the base code corresponding to the current location through the LFin gateway server 520. In another embodiment, the LFin authentication server 530 cooperates with the geofencing server 510 and the mobile carrier location information server 150 to transmit different base codes corresponding to each virtual zone to the mobile cellular broadcasting server 140 ). ≪ / RTI >

The user terminal 120 can receive the base code through a location-based authentication agent (Location Encryption App) installed in the user terminal 120 and use the received base code as a seed of the authentication- Password) (step 2 in FIG. 6). For example, the user terminal 120 can receive the base code CDHDHFHE corresponding to the virtual zone through the location password app installed in the user terminal 120 and generate the validation password A0! Fr # 8O valid for a specific time period (See Fig. 9).

When a user performs a specific transaction requiring security on / off-line, such as financial transaction or important information storage, the user terminal 120 can automatically input an authentication password by a location-based authentication agent or manually input by a user And may request password authentication for the authentication password generated in association with the specific transaction (step 3 in FIG. 6). In one embodiment, the user terminal 120 may set the encryption level according to a user request with respect to the authentication password generated through the location-based authentication agent, and may set the authentication password based on the encryption algorithm corresponding to the set encryption level to the LFin gateway To the LFin authentication server (530) through the server (520). For example, the user may encrypt and transmit the authentication password in accordance with a first encryption algorithm (e.g., Advanced Encryption Standard (AES) 256 algorithm) corresponding to the encryption level of the basic security level while staying in a specific virtual zone, It may encrypt and transmit the authentication cipher according to a second encryption algorithm (e.g., an algorithm other than the AES 256 algorithm) corresponding to the encryption level of the higher or lower security level selected according to the user's request.

When the LFin authentication server 530 receives the password authentication request associated with the user terminal 120 through the LFin gateway server 520, the LFin authentication server 530 performs the user location check in conjunction with the mobile communication company location information server 150, It is possible to determine whether the authentication of the password is successful by comparing the authentication password received from the user terminal 120 with the authentication password generated through the corresponding virtual zone (step 4 in FIG. 6). In one embodiment, the LFin authentication server 530 may be operated by each mobile communication carrier and may interact with the mobile communication carrier location information server 150 associated with the mobile communication carrier through the mobile communication carrier network to perform password authentication Can be performed.

The LFin authentication server 530 may notify the user terminal 120 of the success or failure of the password authentication through the LFin gateway server 520 (step 5 in FIG. 6).

The location-based password authentication apparatus 110 performs an authentication process optimized according to a policy of a service provider (for example, a bank or a securities company) that provides a specific service (for example, transfer or transfer) .

FIG. 7 is a view for explaining an embodiment of a process of constructing a geofence by the location-based password authentication apparatus shown in FIG. More specifically, FIG. 7A shows an embodiment in which the location-based cryptographic authentication apparatus 110 constructs the geofence 115 considering the overlapping of coverage, FIG. 7B shows an example in which the location- And an integrated coverage is constructed to minimize the coverage gap and reflected in the geofence 115. [

In FIG. 7A, the geofence management unit 310 of the location-based password authentication apparatus 110 can set a region where the coverage overlap occurs in the process of building the geofence 115 as a specific virtual zone. In the urban area, due to the close distance between the base station cells, the PCI overlay phenomenon may occur due to overlapping of coverage, and many handovers may occur due to the PCI overlay phenomenon, which may cause a problem in the geofence establishment process. Accordingly, the geofenced management unit 310 can cumulatively manage the access time per cell or the time when the specific PCI is active in the mixed area, and based on this, the mixed area is set as a specific virtual zone and reflected in the geofence And manage.

In one embodiment, the geofenced management unit 310 can detect the most specific cell (base station) with the cumulative access time in cooperation with the user terminal 120, and can manage the mixed area by adding it as a specific virtual zone . The geofence management unit 310 can manage the entry state of the user terminal 120 with respect to a specific virtual zone using the mixed area information in the geofence management process. The geofence management unit 310 can periodically measure and update the cumulative status in consideration of the possibility that the mixed situation may change due to a change in the wireless environment.

7B, the geofence management unit 310 of the location-based password authentication apparatus 110 constructs at least one virtual zone on the basis of PCI, accumulates GPS information for each virtual zone so as to minimize the influence of the cell coverage change, It is possible to compose the geopens 115 by combining the band-specific coverage. In order to service a plurality of frequency bands at the same position, a plurality of radio units (RU) are required. Since they use different bands, there is a possibility that a coverage gap is generated according to the propagation characteristics of the bands. In order to minimize the coverage gap between different frequency bands that may occur at the same location, the geofence management unit 310 may configure the integrated coverage to reflect the geofence in the geofence. For example, When the base station 120 receives the base code or requests the password authentication, it can collect the location information and configure the coverage to integrate the various RUs, and update the specific virtual zone based on the coverage information.

8 is a view for explaining an embodiment of a process of performing a secondary authentication by identifying an adjacent virtual zone when password authentication fails in the process of performing the password authentication in the location-based password authentication apparatus of FIG.

8, when the password authentication fails with the authentication password generated through the determined one virtual zone, the authentication password generation unit 330 of the location-based password authentication apparatus 110 identifies the adjacent virtual zone, Lt; / RTI > For example, if the user terminal 120 moves to another virtual zone B cell according to the movement of the user after generating the authentication password in the virtual zone A cell to request the password authentication, The authentication password generated based on the current authentication state of the user terminal 120 may not match the authentication password generated based on the current state of the user terminal 120, In this case, the password authentication performing unit 340 may perform the secondary authentication in which the neighboring PCI cells neighboring the B cell in which the current user terminal 120 is located try to authenticate. For this purpose, the password authentication performing unit 340 collects information of the active PCI virtual zone in which the current user terminal 120 is located and neighboring neighbor virtual virtual zones in the vicinity through the location based authentication agent installed in the user terminal 120, It is possible to grasp the neighboring location information based on the location information of the current user terminal 120 in cooperation with the geofence management unit 310 and the mobile communication company location information server 150. [

In one embodiment, the encryption authentication performing unit 340 performs the secondary authentication through the neighbor virtual zone authentication passwords generated based on the neighbor PCI virtual zones, so that if the authentication is successful, If it fails, authentication may be performed using a cell cluster unit such as a tracking area.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as set forth in the following claims And changes may be made without departing from the spirit and scope of the invention.

100: Location-based password authentication system
110: Location-based password authentication device
120: user terminal 130: application server
140: Carrier Cell Broadcasting Server
150: Carrier location information server
210: processor 220: memory
230: user input / output unit 240: network input / output unit
310: Geofence management unit 320: Geofence entry state update unit
330: authentication password generation unit 340:
350:
510: geofencing server 520: LFin gateway server
530: LFin Authentication Server

Claims (17)

A memory for storing a geofence entry state indicating whether to enter a geofence composed of at least one virtual zone; And
And a processor electrically coupled to the memory,
The processor
(a) updating the geofence entry state based on a current location situation; And
(b) generating a virtual zone based authentication password by determining one of the at least one virtual zone based on the current location situation if the geofence entry state is confirmed as entering, .
The method of claim 1, wherein step (a)
And determining the current location status based on the base station identifier received from the base station.
3. The method of claim 2, wherein step (a)
If the number of the received base station identifiers is more than two, determining the current location state with a base station identifier received for a longest time in a recent time interval.
The method of claim 1, wherein step (a)
And determining the current location situation based on an SSID (Service Set Identifier) received from the wireless access point.
5. The method of claim 4, wherein step (b)
And analyzing the network area identified through the received SSID to determine one of the at least one virtual zone.
The method of claim 1, wherein step (a)
And determining the current location situation based on GPS information received from a GPS (Global Positioning System).
7. The method of claim 6, wherein step (b)
Determining whether the radar coordinate detected from the received GPS information is included in a predefined radar coordinate set of the at least one virtual zone to determine the one; Password authentication device.
2. The method of claim 1, wherein step (b)
And generating an adjacent virtual zone authentication password by identifying an adjacent virtual zone if password authentication fails with the authentication password generated through the determined one virtual zone.
The method according to claim 1,
The method of claim 1, further comprising the step of: checking the geofence entry state periodically or in response to occurrence of a specific event, between the step (a) and the step (b).
The method according to claim 1,
Further comprising the step of configuring the geofence based on at least one of the base station identifier of the base station, the SSID of the wireless access point, and the GPS information of the user terminal, performed before the step (a) Authentication device.
11. The method of claim 10, wherein configuring the geofence comprises:
The method comprising the steps of: accumulating the GPS information for each virtual zone so as to minimize the influence of the cell coverage change, Further comprising the step of constructing a fence.
The method according to claim 1,
The method of claim 1, further comprising: providing a different base code for each of the at least one virtual zone, performed prior to step (a).
13. The method of claim 12, wherein providing the basis code comprises:
And a push-pull basis code providing step of confirming the geofence entrance state according to a request of the user terminal and providing a base code corresponding to the virtual zone to the user terminal. Based password authentication device.
13. The method of claim 12, wherein providing the basis code comprises:
And a base-code providing step of providing a different base code corresponding to each of the at least one virtual zone in cooperation with the mobile broadcasting company cell broadcasting server, Authentication device.
13. The method of claim 12, wherein step (b)
Using the base code and the current time corresponding to the determined virtual zone as the authentication cryptosystem of the authentication cryptographic algorithm to generate the virtual zone based authentication cryptosystem as a cryptography reflecting the spatiotemporal information, Password authentication device.
The method according to claim 1,
The method of claim 1, further comprising performing an integrity check on the geofence of the user according to the occurrence of the specific event periodically or before the step (a).
A mobile broadcasting company cell broadcasting server for transmitting data to a user terminal through a cell broadcasting in a cell broadcasting manner;
A mobile communication company location information server for confirming the location of the user terminal; And
And a location-based password authentication device for performing a corresponding password authentication in cooperation with the cell broadcasting server and the mobile communication company location information server when a password authentication request associated with the user terminal is received,
The location-based password authentication device
A geofence entry state updating unit for updating a geofence entry state indicating whether or not to enter a geofence composed of at least one virtual zone based on a current location situation; And
And an authentication password generator for generating a virtual zone based authentication password by determining one of the at least one virtual zone based on the current location status when the entry state of the geofence is confirmed as entering.
KR1020170083458A 2017-06-30 2017-06-30 Location-based authentication apparatus and system using geofencing KR102004703B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020170083458A KR102004703B1 (en) 2017-06-30 2017-06-30 Location-based authentication apparatus and system using geofencing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020170083458A KR102004703B1 (en) 2017-06-30 2017-06-30 Location-based authentication apparatus and system using geofencing

Publications (2)

Publication Number Publication Date
KR20190003029A true KR20190003029A (en) 2019-01-09
KR102004703B1 KR102004703B1 (en) 2019-10-01

Family

ID=65017394

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020170083458A KR102004703B1 (en) 2017-06-30 2017-06-30 Location-based authentication apparatus and system using geofencing

Country Status (1)

Country Link
KR (1) KR102004703B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116033344A (en) * 2022-06-13 2023-04-28 荣耀终端有限公司 Geofence determination method, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050118457A (en) 2004-06-14 2005-12-19 안순현 System for certification of location of user
KR20130097706A (en) * 2010-06-15 2013-09-03 더 유럽피안 유니언, 레프레젠티드 바이 더 유럽피안 커미션 Method of providing an authenticable time-and-location indication
KR20150048227A (en) * 2012-08-30 2015-05-06 이베이 인크. Systems and methods for configuring mobile device applications based on location
JP2015513838A (en) * 2012-02-22 2015-05-14 クゥアルコム・インコーポレイテッドQualcomm Incorporated Positioning a wireless identity transmitter using short-range wireless broadcast
KR101703357B1 (en) 2010-12-14 2017-02-22 주식회사 케이티 System and method for authenticating real-location of terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050118457A (en) 2004-06-14 2005-12-19 안순현 System for certification of location of user
KR20130097706A (en) * 2010-06-15 2013-09-03 더 유럽피안 유니언, 레프레젠티드 바이 더 유럽피안 커미션 Method of providing an authenticable time-and-location indication
KR101703357B1 (en) 2010-12-14 2017-02-22 주식회사 케이티 System and method for authenticating real-location of terminal
JP2015513838A (en) * 2012-02-22 2015-05-14 クゥアルコム・インコーポレイテッドQualcomm Incorporated Positioning a wireless identity transmitter using short-range wireless broadcast
KR20150048227A (en) * 2012-08-30 2015-05-06 이베이 인크. Systems and methods for configuring mobile device applications based on location

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116033344A (en) * 2022-06-13 2023-04-28 荣耀终端有限公司 Geofence determination method, equipment and storage medium
CN116033344B (en) * 2022-06-13 2023-09-26 荣耀终端有限公司 Geofence determination method, equipment and storage medium

Also Published As

Publication number Publication date
KR102004703B1 (en) 2019-10-01

Similar Documents

Publication Publication Date Title
US11397903B2 (en) Short-range device communications for secured resource access
US11347833B2 (en) Method and apparatus for optimized access of security credentials via mobile edge-computing systems
US9898881B2 (en) Short-range device communications for secured resource access
US10382946B1 (en) Providing a service with location-based authorization
CN102104869B (en) Secure subscriber identity module service
CN1332281C (en) Global positioning system (gps) based secure access
US20170085575A1 (en) Systems and methods for determining location over a network
US9386005B2 (en) Method and system for data communication over network
KR101727414B1 (en) Communication cotrol device, authentication device, central control device and communication system
US20110202460A1 (en) Method and system for authorizing transactions based on relative location of devices
US20220029813A1 (en) Communication network node, methods, and a mobile terminal
CN103797858A (en) A system and a method for registering network information strings
CN101668293A (en) Control method and system of network access authority in WLAN
US10311423B2 (en) System and method for transaction approval based on confirmation of proximity of mobile subscriber device to a particular location
CN103475998A (en) Wireless network service providing method and system
CN111092820B (en) Equipment node authentication method, device and system
JP2011503925A (en) System and method for wireless network selection based on attributes stored in a network database
GB2393073A (en) Certification scheme for hotspot services
JP2012531111A (en) System and method for locating via a network
US10820265B2 (en) IoT device connectivity provisioning
KR20190003029A (en) Authentication apparatus based on location password based on geo-fencing and system thereof
KR101104066B1 (en) Authentication system and method for wireless fidelity connection authentication
US8948745B2 (en) Rogue tower detection in a wireless network
KR20090056322A (en) Method for selective access control of wibro using uicc and wibro system therefor
JP2005332240A (en) Method, server and system for authentication

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant