TWI313124B - Global positioning system(gps)based secure access - Google Patents

Description

1313124 IX. Description of invention: Midday "Revision replacement page i [Technology of invention] Page 本 Field] The present invention relates to (4) and methods of safety (4) security paste. [Prior Art] A crypto+password is a customary security mechanism that prevents unauthorized users from accessing the pen and brain system while at the same time accessing the user during the entire access process. However, authorized users can have multiple mechanisms to obtain the password of an authorized user. Instead of an unauthorized user obtaining an authorized user password, an unauthorized user can access the computer system in the same way as an authorized user: in many cases, non-inviting users access the maliciously. computer system. The activities of unauthorized users will generally be detected when major disruptions occur or cause disruptions. Authorized users are required to change their Mima regularly, at least on a scheduled basis to reduce the activities of unauthorized users. However, the periodic time period is a few weeks or a few.姊__州编疋 Even if the author is more general (4), it is not expected to be effective at this time _ real face and (four). Her household = 'Song computer _ each _ household provides _ change random ^ life ==, the computer system administrator provides each authorized user with a set = internal pseudo-random number generator, which can be in a corresponding short time / one 2 If you turn 'generate' - exhaustion. The computer system is simultaneously set to detect the pseudo-random number within the defamatory day-to-day. When an authorized user attempts to access the 1313124

Computer system, for password. It is feasible for an authorized user to rely on the code generated by the handle and the code shown in the above for the quick change of the password. Therefore, even if an unauthorized user obtains a password, the password is only short. It is only valid for the 4th period', which can effectively reduce the damage of non-Christian households. However, such a computer network may still be exposed to unauthorized users. As

- An additional security precaution - some computer systems are required to be authorized at the same time: access from two specific client terminals. This particular client terminal is considered a secure terminal and is preferably placed in a physically reliable location. Therefore, in order to obtain miscellaneous access to such a computer network, the physical security measures are physically destroyed in the reliable location. Unauthorized users can bypass this reliable location by obtaining remote access to the secure terminal. Therefore, the remote access of the secure terminal is usually off. However, the _ security terminal remote end usually cuts off all connections between ...', Bu, and even the safety terminal between the feeders of the electric road. This essentially weakens the security terminal's function as a dedicated terminal for accessing a computer system. Those skilled in the art will appreciate other limitations and disadvantages of conventional and conventional methods by comparing the systems of the present invention as will be described in conjunction with the drawings. SUMMARY OF THE INVENTION The present invention provides a globally based (four)_secure access system and a party 1313124. In the i embodiment, a type of authorization access is provided. The method includes: whether the mobile terminal of the ## 4 electric engraving network is in the financial position; if the measurement is set, then (4) the Qing object is at a predetermined position outside the predetermined position, and the Qing (4) is a mobile terminal. Absolutely access to the computer network. In another embodiment, a seed system is provided. . Readable medium. The computer readable σσ 气 — 个 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑 电脑The mobile terminal at the first visit is located at the visit of the brain network if n., a π 仙(四). 'If the secret end is in the pre-grain access. Take the tears of the computer network to implement the financial, provided - _ authorized access - a computer network spoon 4 network. The communication network includes a server and a wireless network.兮 The server is connected to (4) the electric _ road to visit _ request; the wireless network is limited to the global (four) system (GPS) technology (four) _ _ _ the location of the mobile terminal, posted based on the mobile terminal verification _ Access to the circuit. According to an aspect of the present invention, a method for authorizing access to a computer network is provided, the method comprising: receiving a request to access the computer network; 1313124 determining whether the mobile terminal is in a working position; The mobile terminal is in a predetermined location to authorize access to the computer network; if the mobile terminal is outside the predetermined location, access to the computer network is denied. The invention is characterized in that the method further comprises:

A wireless IT network is requested to determine the location of the crane terminal. This July is characterized in that the requesting the wireless communication network to determine the location of the location of the mobile terminal comprises: requesting the non-trust network to determine the mobile terminal by using a global positioning system s position. The feature of this ^ month is that the method further includes receiving a dense stone horse. In addition, the (4) includes a letter-value type number that is displayed on the terminal of the M-think. In the 4th Temple of the month, the point is that the step of determining the location of the mobile terminal further includes: 乂; the password of the received s彳 to determine the location of the mobile terminal. According to another aspect of the invention, there is provided a computer-containing article, characterized in that the computer-readable age towel=execution instruction is used for: Deliberately viewing whether the axis terminal is within a predetermined location; if the mobile terminal is within the predetermined location, authorizing access to the computer network 8 1313124; if the mobile terminal is outside the predetermined location, then Denying access to the computer network. One feature of the invention is that the plurality of executable instructions further comprise - executable instructions for: receiving a request to access the computer network. One feature of the present invention is that the plurality of executable instructions further include - executable instructions for: initiating communication for access to the network. The invention is characterized in that said plurality of executable instructions further comprise at least one executable instruction for: requesting a wireless communication network to determine the location of said mobile terminal. The feature of the present invention is that the step of requesting the wireless communication network to be closer to the location of the mobile terminal includes requesting the neon communication network to determine the location of the decorated terminal by using the global positioning cable. . The feature of the present invention is that the plurality of executable instructions further comprise at least one executable instruction for: receiving a password. Including: the step of determining the location of the mobile terminal further determines the location of the scaled end based on the received password. 1313124 This month's feature is that the password includes a displayed alphanumeric number that is randomly generated at any time. The invention is characterized in that the alpha-numerical number randomly generated over time is generated by the mobile terminal. According to another aspect of the present invention, there is provided an It network for authorizing access to a computer network.

a feeding service ϋ 'receive (4) the request of the computer network Lai Xing access; we '., line, turn 'test' at least part of the location of the Lach terminal; wherein the server authorizes the computer The access of the network depends on the location of the mobile terminal. Access to the present invention is characterized in that if the secret terminal is in a -specific location, the access to the computer network is accessed by the server; If the mobile terminal is in the position of the mobile terminal, the invention of the present invention is to use the global positioning system for determining the location of the mobile terminal. Accuracy is set by the servo. One of the features of the present invention is that the location of the mobile terminal is set. One of the features of the present invention is that the system further includes a client terminal for providing the request to the server. - The characteristic is that the password is a letter/numerical number randomly generated by the mobile terminal or generated by the time change. The received password measurement - one feature of the present invention is that the wireless Network based And the position of the mobile terminal & amp x month;. Advantages and new profile points, and the preferred embodiment of the present invention is described below County of fine ^ off track in a comprehensive understanding of mosquito f [Embodiment.

Referring now to Figure 1, there is shown a block diagram of a typical communication system for moving - to provide a random password over time, in accordance with an embodiment of the present invention. The system includes a computer network and a wireless network (10). The computer network 100 includes a server 105 that can be accessed by a client terminal 115 in physical location 117 via a computer network. The computer network 100 can be any type of f- or wire-distribution network and can include any combination of communication media including, but not limited to, the Internet, a public switched telephone network, a local area network (LAN), and a wide area network ( WAN). The server 105 can provide access to a database storing sensitive or similar information' or allow individuals to perform various transactions. Therefore, it is very important to control access to the server 105. Therefore, the server 1〇5 needs the password of U5 from the client terminal to verify the identity of the user of the client terminal 115. As an additional layer of security measures, computer network 100 requires an authorized user to access the computer network 1 from physical location 117. The particular physical location in is a predetermined physical security location that is generally not readily accessible to the general public. When an unauthorized 1313124 user attempts to access the computer network, the computer network loo will ask the user to pick up the code. In addition, the computer network 1 uses the wireless network 13 to find the location of the mobile terminal 12 与 associated with the user via the terminal 125. Terminal 125 A terminal that can access wireless network 130, either directly or via other networks. For example, terminal 125 can include a computer coupled to a wireless network 13 or a public switched telephone network. If the user provides the correct password and the wireless terminal 12Q is in the physical location 117, the computer network 1 accepts access by the user. It is worthwhile to think that the unauthorized user not only needs the password of an authorized user, but it is difficult to place the authorized user's mobile terminal 120 in the physical location 117 and even if an unauthorized user successfully accesses the client terminal remotely (1) 'Computer network 100 will also not allow unauthorized users to access. Therefore, the client and terminal 115 need to turn off remote access. This allows the client terminal 115 to serve other purposes, such as accessing the Internet. In a real towel, as a side-added security feature, the computer network β, using a password randomly generated with 4 changes. This randomly generated password over time can be displayed on the mobile terminal 12(). The above system and method integrates a security identification card into a cellular phone (Imegrati〇n 〇fphase ifca oncardim〇ceUph〇ne), which has been described in the patent ^ ^ Patent application number: ---, agency Code · 15469US01, Relan is equal to March 16, 2004, please use it here for reference. During the visit process 12 1313124

Generating the dual use:: Providing the mobile terminal 12 is not visible. The change over time is randomly generated (4). The _ additional feature can actually ensure that it is being accessed within physical location 117. The mobile terminal can be integrated into the client terminal 115 for ease of use. As shown in Fig. 2', a flow chart of the implementation of the present invention-implementation server 105 is shown. In step 155, the servo_receives a request to access the computer network 100. At step 16G, the server (10) asks for a password from the user. As mentioned above, many programs can be used to collect these passwords. In one embodiment, the password may be a letter_numeric type number that is randomly generated over time. At step 165, the server 105 determines if the provided password is the correct one. If the password provided in step 160 is incorrect in step 165, the server 105 requests the user to refrain from providing the password a predetermined number of times. If after a predetermined number of times (step Π5), the user still cannot provide the correct password. , the server 105 rejects the access (step ι8〇). When the user provides the correct password in step 165, the server 1〇5 then requests the wireless network to check the location of the mobile terminal 12〇 via the terminal (step 185) to determine the mobile terminal. 2 〇 is in position 丨丨7 (step 190). If the mobile terminal 120 is in location U7, the server 105 allows access by an authorized user (step 195). If the mobile terminal 120 is not in position 117' then the server 105 rejects the access (step 18A). 13 1313124 The server 105 employs the wireless network 130 to check the location of the wireless terminal 120. The wireless network 130 can include a variety of communication networks including, but not limited to, Global System for Mobile Communications (GSM), or Personal Communications Service Network (PCS), EE 802.11 wireless local area network, Ethernet, and the like. Referring now to Figure 3, a block diagram of a Public Land Mobile Network (PLMN) 210 of the Global System for Mobile Communications (GSM) is shown. The PLMN 210 is comprised of a plurality of areas 212 each having a node called a Mobile Switching Center (MSC) 214 and a User Location Register (VLR) 216. The MSC/VLR area 212, in turn, includes a plurality of location areas (LAs) 218, which are defined as part of a given MSC/VLR area 212, and the mobile terminal 120 can move freely within the location area 218 without sending updates. The location information is directed to the MSC/VLR area 212 of the LA 218. Each location area 212 is divided into a number of cells 222. The mobile terminal 22 is a physical device, such as a car phone or other military-type phone, which is used by mobile users to communicate with cellular networks 210, with each other, or by wired or wireless users outside the user's network. The mobile parent switching center 214 is in communication with at least one base station controller (BSC) 223, which in turn is coupled to at least one base station (bts) 224. A base station is a node that includes physical devices and can be simply described as a radio antenna tower that provides reliable coverage of the geographic area from which the cell is located. It can be understood (4) that the base station controller 223 can be made into a single-node node by a plurality of base stations 224 or integrated with a mobile switching center. Regardless of the application, the base station controller 223 and the base station 224 are generally 1313124 - generally referred to as a - base station system (BSS) 225. At least one mobile switching center 214 is connected to the public switched telephone network (psTN). The PLMN's service area or wireless network 21 includes a Home Location Register (HLR) 226' which is a repository for managing all user information. The user consent includes such information as 'user scam, current location information, International Mobile Subscriber Identity (IMSI)' and other management information. The home location register can be co-located with, or integrated with, a given mobile switching center 214, or serviced to multiple mobile switching centers 214. This will be explained later. The visitor register 216 is a database containing information about all mobile terminals currently in the Msc strip area 212. If a mobile terminal 120 roams into a new MSC/VLR area 212, the guest register connected to the mobile switching center requests the mobile terminal 12 to the home location register database for related data (simultaneously to the home location register). Through the current location of the mobile terminal). Therefore, when the mobile terminal 120 powers up 4' local visitor location register 2丨6, it is necessary to re-interrogate the home location register 216 to have the necessary fingerprint identification information. In the method described above, the visitor location register database 216 and the home location register 226 contain information about various users associated with a given portant 120, respectively. The Global System for Mobile Communications Public Land Mobile Network 210 also has the ability to find mobile terminals 120 using a Global Positioning System (GPS). The global positioning system utilizes the base station 224 with the difficult terminal 12(4) to determine the said

15 1313124

= physical location of the mobile terminal 120. Each base station 224 utilizes a recorded electrical signal to measure the distance between the four mobile terminals 120 and each of the base stations 224. The base station 224 transmits the mobile terminal 12A. In response to the received message from the base station 224, the secret terminal 120 also transmits a scale f signal, and the radio money issued by the Chiji terminal indicates the time at which the secret terminal passes the wireless residual number. Thus, the distance between the mobile terminal 12() and the base station 224 can be determined by transmitting a delay between the radio signal and the received radio signal from the base station 224. The GPS node 236 measures and triangulates the distance from several base stations 224 to determine the physical location of the mobile terminal 120. In the implementation of the present invention, during the user's test, the computer network loo requires the GSMPL to use the Gps mosquito mobile terminal (3). In response, GSMPLMN 21() reports the location of the mobile terminal 12 to the computer network _. The computer network (10) then determines if the mobile terminal 12 is within the physical area 117. If the mobile terminal 12 is in the physical area 117 and the user provides the correct password, the computer network 1 allows access. ... see > Figure 4' shows a money flow_ for describing the operation of a communication network in accordance with one embodiment of the present invention. The user requests access to the computer network 100 by providing a password (signal * (6). The feeder 1〇5 then verifies the Mi Ma (10)). By verifying the password, the server 105 then sends a request (signal 415) to the location associated with the authorized user to the GPS ray point 236 outside of the wireless network 13. 16 1313124 The lower structure of the no-channel 13Q is transmitted to the MSC 2H associated with the mobile terminal 120. The MSC 214 commands (signal 42 〇) a plurality of base stations to approximate the distance between the base station 224 and the mobile terminal m. The base station 224 sends a radio signal (signal 425) to the mobile terminal 120 and receives a radio signal (signal 43) from the mobile terminal 120. The radio signal transmitted by the mobile terminal 120 indicates the time at which the mobile terminal 12 communicates the signal. Therefore, the distance between the mobile terminal no and the base station 224 can be determined by transmitting the delay between the radio signal and the received radio signal from the base station 224. Base station 224 provides the time of receipt of the 彳§ number from mobile terminal 120 to GPS node 236 (signal 435). The gps node 236 measures and triangulates (signal 440) the distance from several base stations 224 to determine the physical location of the mobile terminal 12A. The GPS node 236 then provides the physical location (signal 445) of the mobile terminal to the server 1〇5 via the terminal 125. The server 105 then determines (450) whether the mobile terminal 12 is in the physical area 117 and denies or allows access therein. Referring now to Figure 5', there is shown a block diagram of a typical server 105 in accordance with an embodiment of the present invention. The CPU 60 is connected to a random access memory (RAM) 64, a read only memory (ROM) 66, an input/output (I/O) adapter 68, a user interface adapter 72, a communication adapter 84, and a display adapter 86 via a system bus 62. . The I/O adapter connects a peripheral device such as a hard disk drive 40, a floppy disk drive 41 for reading 1313124 to the removable floppy disk 42, and a compact disk drive for reading a removable optical disk 44 such as a compact disk or a digital versatile disk. The user interface adapter 72 is connected to some devices, such as a key (four), a mouse 76 with a multi-button 67, a speaker 78, a microphone 82, and/or other user peripherals, such as a smart screen device (not (4) ) to sink _ 62. The Communication Adapter Section connects the computer system to the data processing network %. The display adapter % connects a display 88 to the general route 62.

The actual _ of the present invention can be implemented as a file that resides in the memory system of the electronic system 58 as described in FIG. When requested by the system, the file can be stored and read by another computer, such as a memory drive 4 (), or a removable memory (such as a disk that can be used in the optical disk drive 43). It can be used in the floppy disk 42) used in the floppy disk. The teachings can include a number of instructions that can be executed by the computer system to cause the computer to complete the tasks of the age, such as the flow diagram described by the 2 towels. The physical storage of the 疋' instruction set of the value m' physically changes the medium that electronically stores it electronically or chemically, carrying computer-readable information at the age of the genius. The present invention has been described with reference to the preferred embodiments, and it is understood by those skilled in the art that various changes and substitutions may be made without departing from the scope of the present invention. Further, many modifications to the particulars of the present invention, 1313124 and materials, do not depart from the scope of the invention. Accordingly, the present invention is to be construed as being limited to the scope of the following claims. A block diagram of the system. Computer network provides security

2 is a flow diagram for describing the operation of a server, in accordance with one embodiment of the present invention.

3 is a block diagram of a typical global mobile communication system employing a public land mobile network, in accordance with one embodiment of the present invention; FIG. 4 is a signal flow diagram for describing operation of a communication network, in accordance with one embodiment of the present invention; 5A block diagram for describing a typical hardware environment in which one embodiment of the present invention is implemented. [Description of main component symbols] Computer network 100 Client terminal 115 Mobile terminal 12〇 Wireless network 130 receives a request to access the fine network 1 Requires a password from the user 16Θ The password is correct 165 Server 105 Physical location 117 Terminal 125

19 1313124 The mobile terminal is in location 170 The password has been verified a predetermined number of times 175 Denied access 180 Requires the cellular telephone network to check the location of the mobile terminal 185 Authorized access 195 Global System for Mobile Communications (GSM) Public Land Mobile Network (pLMN) 21〇 Area 212 Mobile Switching Center (MSC) 214

User Location Register (VLR) 216 Location Area (LA) 218 Mobile Terminal 220 Cell 222 Base Station Controller (BSC) 223 Base Station (BTS) 224 Base Station System (BSS) 225 Home Location Register (HLR) 226 GPS Node 236 Signals 405, 415 420, 425, 430, 435, 440, 445 hard disk drive 40 floppy disk drive 41 mobile floppy disk 42 optical disk drive 43 removable optical disk 44 general configuration of computer system 58 CPU 60 system bus 62 random access memory (RAM) 64 Read Only Memory (ROM) 66 Button 67 Input/Output (I/O) Adapter 68 User Interface Adapter 72 Keyboard 74 Mouse 76 Speaker 78 20 1313124 Microphone 82 Communication Adapter 84 Display Adapter 86 Display 88 Data Processing Network 92

1313124 1 is replacing the page 丨 if the mobile terminal is in the pre-existing visit, then the electronic engraving network is rejected. 6. The instruction is as follows: The instruction ^ 'where the eve can perform a row access request. ...receiving a slight advance to the computer network. 7. The system of the invention as described in claim 5 of the scope of the patent application includes - shooting the rape into the ^, and the description of the plurality of executable communication communications is used for: Access to the network includes: • a communication system for authorizing access to a computer network, the communication system package side service H, for receiving a request for access to the computer township road; Wireless wirelessly inspects at least a portion of the position of the terminal; depending on where the mobile device authorizes access to the computer network. 'Please supplement _ δ 顿 触 , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Then (4) refused (4) access to the computer network. 10. The system of claim 9, wherein the wireless network comprises a global positioning system for determining a location of the mobile terminal. twenty three

Claims (1)

1313124 X. Patent application scope: 'It is characterized by 'the party 1 _ A method for authorizing access to a computer network includes: receiving a request for access to the computer network; determining whether the mobile terminal is at a predetermined location If the mobile terminal is in a predetermined location; if the secret end of the visiting mission is outside the financial position, it is difficult to use the computer network. The method of item 1, the method further comprising: clearing the location of the wireless communication network to the lion's secret end. 3. The method of claim 5, wherein the requesting to determine the step of stepping the mobile terminal comprises: requesting the line communication network to determine the location of the miscellaneous terminal. 4. The method of claim 2, wherein the method further receives a password (4) 5 - an article comprising a brain readable medium, the side readable medium having a plurality of executable instructions The executable instruction is used to determine whether the mobile terminal is in a predetermined location; if the mobile terminal is in a predetermined location, the computer network 22 is authorized