WO2011029972A2 - Sistema para la definición y aplicación de áreas geográficas de acceso fiable - Google Patents
Sistema para la definición y aplicación de áreas geográficas de acceso fiable Download PDFInfo
- Publication number
- WO2011029972A2 WO2011029972A2 PCT/ES2010/070552 ES2010070552W WO2011029972A2 WO 2011029972 A2 WO2011029972 A2 WO 2011029972A2 ES 2010070552 W ES2010070552 W ES 2010070552W WO 2011029972 A2 WO2011029972 A2 WO 2011029972A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- identifier
- location
- reliable
- geographic
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/52—Network services specially adapted for the location of the user terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/084—Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
Definitions
- the present invention refers to a procedure and a system that adds a guarantor of the identity of a user when said user accesses a service provider that requires authentication, being applicable to telecommunications systems and especially to systems where the user accesses the service provider by connecting his mobile telephone terminal to the Telecommunications network.
- Said user identity guarantor factor is based on determining if the current location of the user who intends to access the service provider is in a geographical area previously defined as reliable access.
- authentication systems are basically based on three authentication factors, which are:
- Authentication systems can use infinite authentication factors that can be grouped into the three authentication factors described above.
- each of said authentication systems can consist of a set of factors of type ⁇ 1 ⁇ that the user knows', which can be represented for example by Fll to END, where N is a natural number between 0 and infinity, a set of factors of type ⁇ 1 ⁇ that the user has', which can be represented, for example, by F21 to F2N, where N is a natural number that takes values from 0 onwards, and a set of factors of type ⁇ 1 ⁇ that the user is', which can be represented, for example, by F31 to F3N, where N is a natural number that takes values from 0 onwards.
- the user must present the characteristics required by each of the authentication procedures that implement the different types of factor, so that the latter can use them to validate the identity of the user. From the point of view of trust, the more trust associated with a given authentication factor, the more reliable is the authentication system of which it is a part. Thus, factors based on something that the user has known for some time have ceased to be considered reliable. On the other hand, those based on something that is possessed have a limited confidence in how easy or difficult is their loss, abandonment or copying (in the case of specific tokens). Finally, those based on some physiological characteristic of the user are not always technologically developed enough to be considered reliable.
- An example of biometric authentication is BioWallet® (http://biowallet.net) that uses iris recognition and handwritten signature as biometric authentication mechanisms.
- authentication systems based on factors that require proof of being in possession of something, involve having an infrastructure dedicated to determining whether, in fact, it is in possession of what is required or not, and if it is not a copy .
- digital certificates need a deployed PKI infrastructure to be used.
- authentication systems based on physiological characteristics of the user require specific devices that can measure the characteristic in question of the real user behind the access request, which in turn implies the cost of taking these devices to the points from which the user usually accesses (his home or public access rooms).
- indoor location technologies are those based on WiFi, Ultra Wideband, Bluetooth or RFID, and their main feature is the presence of a network of local sensors, with a reduced area of action (usually less than 5 meters), especially installed to capture the signals of devices equipped with transmitters of this type of signal, and then apply some type of algorithm that determines their location.
- An example of indoor location is found in the state of the art within "Ra ⁇ l Sánchez V ⁇ tores. Indoor Location Systems. December 2005: http: // www. Coit. En / publications / bit / bit148 / 57-59 . pdf ".
- GSM Global System for Mobile Communications
- HLR native location registration functionality
- Outdoor location is based on mathematical principles and theorems that shape the shape of the Earth. Like any model, it is a simplification of the real object that is useful to be used as the basis for the establishment of a spatial reference system.
- the Earth is considered to be a body that is almost spherical but deformed. It is an equipotential surface of the gravitational field, coinciding, approximately, with the average level of the oceans.
- the ellipsoid is the simplest figure that fits the shape of the Earth. It is the three-dimensional shape generated by the rotation of an ellipse on its shortest axis. This axis approximately coincides with the axis of rotation of the Earth.
- the spherical Earth approximation model is the most intuitive and simple. Once the model is selected, the calculation of the distance between two points on the earth's surface must be based on some mathematical principle or theorem that facilitates the work. The method chosen for this purpose depends fundamentally on the separation that a priori is estimated to be between the points whose distance is to be found.
- Cyber Locator® uses signals from the customer's GPS system to form a complex and changing signature that never repeats itself. This signature is processed by a protected server that determines from it the geospatial and time attributes of the remote client to determine its right to access protected data. Remote access from unregistered sites or regions will be blocked by the server. In this way, participation by the user accessing the service is not necessary since this functionality is completely transparent to him.
- the invention consists of a method and a system that provides an additional authentication factor, thereby increasing the level of security of the system that incorporates it.
- the novel system of the present invention comprises at least one geographical area management module, an authentication module and a location module. These novel modules comprise the necessary means for interconnection with other modules of the prior art and with themselves. Additionally, the authentication module of the invention offers the additional possibility of inclusion in other authentication modules of the state of the art, thus adding an additional authentication factor and increasing their security.
- the geographical area management module of the invention comprises at least some means of processing location data, management means for registering or registering, modifying and deleting geographic areas of reliable access and a graphical interface which, at its It also includes means of visualization of the geographic area of reliable access and means of visualization and information gathering.
- Said geographical area management module of the invention is managed by the graphic interface according to an architecture selected between user-centric and service centric.
- a user-centric architecture is a user-centered architecture, which gives the end user total freedom to manipulate their reliable geographic areas: you can register the desired areas as reliable geographic areas, only subject to the restrictions imposed by the service provider ( if there are any). In addition, you can change or delete the data associated with the reliable geographic areas already registered, with the exception of location-related information.
- a service-centric architecture is an architecture focused on the service provider, it is said service provider that predefines and manipulates the reliable geographic areas for each user. Depending on the type of service offered, the reliable areas that best adapt to the scenario will be established. Once the areas have been established, the service provider may choose one of the following variants: o Involve the end user in the process of providing their reliable geographic areas and allow them to choose, from among those already predefined by the service provider, a subset of them as the only ones that will be taken into account in the authentication process. o Maintain the process of providing geographic areas in a transparent way to the end user, so that it is totally alien to both the registration and the possible modifications that can be made to the reliable geographic areas assigned to it.
- the authentication module comprises at least one means for connecting and exchanging data with at least one standard authentication means, means compatible with the standard authentication means for integration into said standard authentication means and means for connecting and exchanging data with A service provider.
- the location module comprises at least one means of execution of at least one mathematical location algorithm selected from Pythagoras, Haversine and Spherical Trigonometry, a database, means of connection and data exchange with at least one specific means of location, means data connection and exchange with the geographical area management module and the authentication module, and a graphical administration interface.
- at least one mathematical location algorithm selected from Pythagoras, Haversine and Spherical Trigonometry
- a database means of connection and data exchange with at least one specific means of location
- means data connection and exchange with the geographical area management module and the authentication module means data connection and exchange with the geographical area management module and the authentication module
- a graphical administration interface selected from Pythagoras, Haversine and Spherical Trigonometry
- the specific location means locates the user with an ID using at least one of the options selected from GSM, GPS, WiFi, GPRS and UMTS. Likewise, said specific location means defines the location of the user with an ID identifier by means of an option selected between a location area and a location point associated with an error.
- the authentication procedure of the invention introduces an authentication factor as a guarantor of the identity of a user with an ID identifier associated therewith.
- Said authentication factor is the geographic areas of reliable access stored in the system by the method of the invention in which the user with an ID identifier is a participant.
- the novel authentication procedure of the invention through geographic areas of reliable access comprises performing the following steps in the authentication module:
- step ii) of the process of the invention additionally comprises checking the communication between the authentication module and the location module; set the value of the Boolean authentication parameter to "false” when at least one option selected between the Boolean location parameter is "false” and the existence of an error in the communication between the authentication module and the location module ; extract the security level value associated with the localization Boolean parameter from the localization module response when the localized Boolean parameter value is "true” and there was no error in the communication between the authentication module and the module location, and applying a predetermined security criteria, set the value of the Boolean authentication parameter; and, add some attributes to the user with ID identifier when the value of the Boolean authentication parameter is "true”.
- Step i) of the novel method of the invention additionally comprises receiving the user verification request with ID identifier from the authentication module to the location module; obtain user data with an ID identifier by consulting a database contained in the location module; obtain, from among the user data, the number of geographic areas of reliable access associated with said user with ID identifier registered in the database contained in the location module; set the value of the Boolean location parameter to "false" when the number of geographic areas of reliable access associated with said user with ID identifier is zero; extract all the reliable geographic areas associated with the user with the ID identifier of the database located in the location module when the number obtained from geographic areas of reliable access associated with said user with ID identifier is greater than zero; Obtain the location of the user with an ID identifier, issuing a request to a specific location solution that will return selected location data between a location area and a location point associated with its error when the number obtained from associated geographic areas of reliable access to said user with ID identifier is greater than zero; treat the location data obtained from the specific location solution to adapt
- the mathematical location algorithms basically calculate two parameters, at least one of them being sufficient to determine the previous values, that is, the value of the Boolean parameter location and the level of security associated with it.
- the first parameter is the distance between the location point associated with its user error associated with its ID and the central point of the reliable geographic access area associated to the user with ID identifier. If the distance is less than a predetermined threshold, the Boolean location parameter takes the value "true” and the security level takes the value "HIGH".
- the second parameter is the number of cut-off points between the location area and the reliable geographic access area associated with the user with ID identifier, with the Boolean location parameter taking the "true” value and the security level taking the value "LOW "when there is at least one cut point. While the "false” value is assigned to the Boolean location parameter when the distance between the location point associated with its user error with ID identifier and the central point of the reliable geographic access area associated with the user with ID identifier is at least equal to the default threshold. The “false” value is also assigned to the Boolean location parameter when there is no cut-off point between the user's location area with ID identifier and the reliable geographic access area associated with the user with ID identifier. The "false” value is assigned to the Boolean location parameter and the "LOW" value to the associated security level when the user with ID identifier does not have any reliable geographic access area associated with the user with identifier.
- the geographic areas of reliable access associated to each user with ID identifier are stored in the database and managed by the module of management of geographic areas.
- Said module is capable of registering or registering, modifying and deleting the geographic areas of reliable access associated with the user with an ID.
- the management of said geographic areas of reliable access can be done through a type of architecture selected between user-centered architecture and service provider-centric architecture, in both cases the user with an ID identifier and an administrator user in charge of managing the data contained in the database.
- user-centric architecture user with ID identifier and administrator user match.
- users with ID identifier and administrator user differ.
- the module of management of geographic areas of reliable access of the invention comprises, for any of the previously defined architectures, select, by the user administrator, in a menu the option to consult the geographic areas of reliable access associated with the user with ID identifier; consult the geographic areas of reliable access associated with said user with ID identifier stored in the database; check the number of geographic areas of reliable access associated with said user with ID identifier; show an error message, when the number of geographic areas of reliable access associated with said user with ID identifier is zero; display a message with all the geographic areas of reliable access associated with said user with ID identifier, when the number of geographic areas of reliable access associated with said user with ID identifier is greater than zero; ask the admin user if he wishes to examine the characteristics of at least one of the geographic areas of reliable access associated with said user with an identifier ID; return to the previous step if the desire of administrator user is negative; show the characteristics of the at least geographic area of reliable access associated
- the reliable geographic access area management module of the invention comprises, for any of the architectures defined above, send a user location request to the location module for the user with ID identifier; consult the number of geographic areas of reliable access associated with the user with ID identifier; check if the user's position with ID identifier matches at least one of the geographic areas of reliable access associated with the user with ID identifier; show the administrator user an error message when the user's position with ID identifier coincides with at least one of the geographic areas of reliable access associated with the user with ID identifier; show the administrator user geographical characteristics of the current location of the user with ID identifier that are registered in the database as geographical attributes of the at least geographic area of reliable access associated with the user with ID identifier when the user with ID identifier does not have no geographic area of reliable access associated with the user with ID identifier registered in the database or when the current position of the user does not match any of the geographic areas of reliable access associated with the
- Figure 1. Shows a block diagram of a state of the art authentication system.
- Figure 2.- Shows a flow chart of a state of the art authentication procedure.
- Figure 3. Shows the infinite factors that an entity (1) can present when requesting access (2) to a system (3).
- Figure 4. Shows part of the system of the present invention necessary to provide said additional authentication factor based on the geographic areas of reliable access associated with a user with an ID identifier.
- FIG. 5 Shows the basic steps of the process of the present invention.
- Figure 6. Shows the sub-steps included in the first step of the novel process of the present invention.
- FIG. 7 Shows the sub-steps included in the second step of the novel process of the present invention.
- Figure 8. Shows the requests generated by both the user with ID identifier and the different modules to carry out the different procedures.
- Figure 9. Shows the steps of the process of the present invention when the administrator user wants to register the user's current location as a reliable geographical area.
- Figure 10. It shows the steps of the process of the present invention when the administrator user wants to consult or eliminate any of the reliable geographical areas associated with the user with ID identifier.
- Authentication systems implement authentication procedures that, together with identification and authorization procedures, form the set of procedures that implement access control systems to regulate, grant or deny requests from an entity (typically a user through of a mobile telephone terminal) on the consumption of resources in a Telecommunications network:
- FIG. 1 A block diagram of a state of the art authentication system is shown in Figure 1.
- an entity or user (1) requests access (2) to a system (3), which includes an access control module (4).
- This module consists of two elements that execute the authentication (5) and authorization (6) processes.
- the authentication process is the responsible for deciding whether or not the entity should be allowed access to the system.
- the authorization process verifies, once the entity has been authenticated, if it has the necessary privileges to reach (7) the requested resource (8).
- JAAS Authentication and Authorization Service®
- JAAS Authentication and Authorization Service®
- JAAS offers the possibility of creating authentication chains (authentication procedure by which authentication mechanisms are chained sequentially, in order to improve the final guarantee of authenticity of the user), implemented by third parties using the system object of the invention (typically, web applications).
- FIG. 2 A flow chart of a state of the art authentication procedure is shown in Figure 2.
- the basic steps of said authentication procedure are: the procedure (9) is initiated, the user requests access to the system (10), the system requests the user to authenticate (11), the user provides the credentials that they identify you and allow you to verify the authenticity of the identification (12), and subsequently, the system validates according to its rules if the credentials provided are sufficient to give access to the user or not (13) ending (14) thus the authentication procedure.
- Authentication procedures are based on authentication factors that determine the security of the authentication system.
- Figure 3 shows the infinite factors that an entity (1) can present when requesting access (2) to a system (3).
- factors can be grouped into the three authentication factors described above.
- each of said authentication systems can consist of a set of factors of type ⁇ 1 ⁇ that the user knows' (15), which are represented by Fll at END, N being a natural number between 0 and infinity, a set of factors of type ⁇ 1 ⁇ that the user owns' (16), which are represented by F21 to F2N, where N is a natural number that takes values from 0 onwards, and a set of factors of type ⁇ 1 ⁇ that the user is' (17), which are represented by F31 to F3N, with N being a natural number that takes values from 0 onwards.
- a system that uses all three kinds of factors is a factor-3, that one that uses only two is of type factor-2, and that one that uses only one factor is of type factor-1, the system of The present invention is of type factor-2.
- the present invention provides an additional authentication factor in the authentication process, thereby increasing the security level of the system of the present invention, and optionally, in other systems that incorporate it into, for example, its access control module. .
- FIG 4 shows part of the system of the present invention necessary to provide said additional authentication factor based on the geographic areas of Reliable access associated with a user (1) with an ID identifier.
- the system comprises a module for managing geographic areas (18), an authentication module (19) and a location module (20).
- Said authentication module (19) is comprised in an access control module (4) which in turn is comprised in a service provider (22).
- the geographical area management module (18) comprises a graphic interface (26) for managing the geographical area management module (18) by an administrator user (27).
- the different modules that make up the system can be connected to each other directly in a centralized configuration or via the Internet (28), in a distributed configuration.
- the user (1) is located by means of his user device (25) that a selected option is connected between cellular networks such as GSM, GPRS, UMTS, and the like, Wifi and GPS (29) by means of the necessary GPS complement for this purpose .
- the specific location solution (24) uses the GSM cellular network (29), being totally analogous and extensible to GPRS and UMTS as well as to GPS with small differences that will be explained in due course.
- GSM cellular network 29
- a user-centric architecture is chosen, since it is about providing the user (1) with total freedom to manage their geographic areas of reliable access.
- Authentication module (19) is of JAAS type, this enables its chain integration with other standard authentication modules, such as the one based on username and password.
- the geographical area management module (18) is a web application type module with graphical interface (30) accessible through the Internet.
- He location module (20) is a web application module without a graphical interface accessible through the Internet.
- the user (1) is located by the geographical location of the mobile device (25) it carries.
- the mobile terminal (25) is connected to the GSM, GPRS, UMTS or GPS network (29), in the latter case containing a specific GPS signal receiver module.
- the specific location solution (24) which interacts with the selected location technology (29) would not be an independent element, if not a component included in the application location web that would communicate with the GPS receiver of the mobile device in order to obtain the user's location.
- the user device (25) also has an Internet connection via WiFi access or using the cellular network (29) as a gateway. It should be noted that the interaction of all modules takes place through the Internet or any other type of network (28).
- Figure 5 shows the basic steps of the process of the present invention.
- the first step (32) of the authentication procedure through geographic areas of reliable access in the JAAS type authentication module comprises sending a verification request from a user with ID identifier associated with it, to the web application of the location module, returning said web application of the location module to the JAAS type authentication module composed of a Boolean location parameter associated with its security level, representing the Boolean parameter of location the probability that the user with ID identifier is in at least one reliable geographic access area associated with said user with ID identifier, and representing its level of security the reliability of said Boolean location parameter, that is, represents how Certainly it is the Boolean location parameter taking into account the technology used by the specific location solution and the errors associated with it.
- the second step (33) is to analyze the Boolean location parameter and the security level associated with said Boolean location parameter to establish a value of a Boolean authentication parameter, said value of the Boolean authentication parameter being "true” when the user with ID identifier is authenticated, and "false” when the user with identifier ID is not authenticated. Ending (34) thus with the basic steps that make up the process of the present invention.
- Figure 6 shows the sub-steps included in the first step of the novel process of the invention, which additionally requires receiving the user verification request with identifier ID (35) from the web application of the authentication module to the web application of the localization module formed by a set of Java® servlets
- the location-specific solution uses the GSM, GPRS or UMTS cellular network to locate the mobile devices connected to this network.
- GPS the GPS receiver included in the mobile device is used.
- the servlet that receives user location requests performs the following sub-steps: • Associate the user's ID with their mobile phone number, the result of which is x msisdn ', by consulting the location database. This is only necessary for GSM, GPRS and UMTS location technologies.
- the sub-steps included within the first step of the novel process of the invention are continued.
- this data to the data format specified in the web application interface location, specifically, transformation of the geographic coordinates in sexagesimal format to decimal format and send the response constructed by the servlet in response to the request for user location with identifier ID (41).
- Said predetermined verification algorithm returns a response such that if the user has reliable geographic areas registered, they are iterated and for each of them, it is checked whether the point most likely to find the user in the area returned by the solution is included.
- GSM / GPRS / UMTS location or the point provided by the GPS receiver in which case said response comprises a "true” and "HIGH” result for the Boolean parameter and its security level respectively. If this condition is not met, it is tested if both zones (the reliable geographical area and the GSM / GPRS / UMTS / GPS location zone) intersect. If this assumption is fulfilled, then the result of the process is "true” for the Boolean location parameter but the security level is "LOW".
- the result of the verification process is "false” for the Boolean location parameter and "LOW" for the security level associated with that parameter.
- the alphanumeric code that, optionally, is attached to the verification response is a numerical code in which the following values are contemplated:
- Figure 7 shows the sub-steps included in the second step of the novel method of the invention, which additionally comprises checking the communication (45) of the authentication module with the web application of the location module, establishing the Boolean authentication parameter the "false” value (46) when there is a communication failure. Next, the value of the Boolean location parameter (47) is extracted. If said Boolean location parameter has the value "false”, the process is terminated and if it has the value "true”, the value of the security level (48) is extracted, and by applying a predetermined security criterion (49), it is established the value of the Boolean authentication parameter (50).
- FIG 8 shows the requests generated by both the user (1) with ID identifier and the different modules to carry out the different procedures. All user-module (53, 54, 55) and module-module (56-61) requests are made over the Internet. Through such an Internet connection, the user with an ID identifier will be able to access the web application of the geographical area management module (18), in which he will manage his reliable geographical areas by acquiring the role of administrator user. The geographic areas of reliable access associated to each user (1) with ID identifier are stored in the database (23) and managed through said web application of the module of geographic area management (18).
- the user (1) is able to perform the registration or registration, modification and removal of the geographic areas of reliable access associated with said user with an ID identifier.
- the request will be attended by the administrator user (52) of the location web application (20), which will issue the relevant provision request to this application (54).
- the imposition of a prior request to the user of their consent to use their location data depends on the privacy requirements imposed by the specific location solution (24), a fact that is outside the scope of the present invention.
- the end user with ID identifier is aware at all times that the system will make use of the information regarding its geographical location, thus guaranteeing the principles of privacy.
- the end user with an ID will be invited to access the geographical area management web application to define their first geographic area of reliable access. It is necessary that the user has at least one reliable geographical area so that, in future processes, the authentication algorithm can be carried out in the location web application: logically if an end user does not have any reliable geographic area assigned it can never be authenticated in a successful way.
- the web application of the geographical area management module (18) offers a graphical interface (30) of the web type so that the end user (1) with ID identifier can manage their geographic areas of reliable access.
- Figure 9 shows the steps of the process of the present invention when the administrator user (52) wants to register the user's current location (1) as a reliable geographical area.
- the selection of this registration option triggers: o A user location request to the location web application (62). This request provides the user ID. o A query (64), by the location web application, to the location database to extract the mobile phone number associated with the user with the ID provided. This step (64) would only be necessary if the location technology is GSM, GPRS or UMTS (63). o A user location request (65), from the location web application to the specific location solution (only for GSM, GPRS or UMTS technology) (56, figure 8).
- the geographic area management web application must redirect the browser from the user terminal to the location web application so that it establishes communication with the device's GPS and extracts the user's location.
- the location web application examines this data and extracts the information it has to provide, such as the coordinates of the point with the lowest probability of finding the user.
- these data are adapted to the appropriate format (67) (coordinate system, metric systems and predefined status codes) and send them in response.
- the geographic area management web application receives this location data, it decides the value of the radius of the new reliable geographic area, based on the accuracy offered by the selected location technology, that is, the lower the accuracy, the greater the radius. o Subsequently (68) it shows the end user an area registration form to complete the required fields with the extrinsic characteristics to the required location data (name you want to assign to the new reliable geographic area) and optional (brief description associated with the reliable geographical area). Intrinsic location data, that is, the coordinates of the central point of the geographical area are displayed on a map, but are not susceptible to manipulation by the end user.
- Figure 10 shows the steps of the process of the present invention when the administrator user (52) wants to consult or eliminate any of the reliable geographical areas associated with the user (1) with ID identifier.
- This choice causes a request (71) for selection to the location database in order to obtain all the reliable geographic areas of the user whose ID is provided.
- the database returns the number of registered areas with reliable access associated with the user with ID identifier. If the number is equal to zero, an error message (73) is displayed and the procedure is terminated. If the number is greater than zero, these areas are displayed in a list (74), with the possibility of deleting (75) or modifying (76) any of its entries. If one of these two actions is performed, the changes will be reflected (77) in the location database. In the case of the modification, only the extrinsic characteristics can be altered to the location data, that is, the name of the area and its description.
- the second embodiment of the invention is completely analogous to the first, except that a service-centric architecture is used. That is, it is the service provider that defines the geographic areas of reliable user access, constituting a completely transparent process for the user.
- the deployment diagram is identical to that illustrated in Figure 8, only that request 54 is now replaced by a new request between modules 18 and 22. Therefore, it is only necessary to briefly explain this subtle difference between the two scenarios. .
- the service provider will be able to access the geographical area management web application (18), in which it will manage the Reliable geographical areas of all users who register and make use of the service offered by the service provider (22). In this way the service provider becomes the administrator user.
- the service provider makes the registration of the users who wish to use the service in the location web application by means of a procedure totally analogous to that defined by the steps of the first embodiment of the invention when the administrator user (52) wants to register the current location of the user (1) as a reliable geographical area.
- the service provider can define for each user the geographic areas of reliable access that he wishes, through the graphic interface offered by the web application for the management of geographical areas, in the same way as in the procedure defined by the steps of the first embodiment of the invention when the administrator user (52) wants to modify or eliminate any of the reliable geographical areas associated with the user (1) with ID identifier.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
BR112012005386A BR112012005386A2 (pt) | 2009-09-11 | 2010-08-12 | sistema e método de autenticação por meio de áreas geográficas de acesso confiável |
MX2012002934A MX2012002934A (es) | 2009-09-11 | 2010-08-12 | Sistema y procedimiento de autenticacion mediante areas geograficas de acceso fiable. |
US13/395,350 US20120270521A1 (en) | 2009-09-11 | 2010-08-12 | System for the definition and application of securely accessible geographical areas |
EP10815024A EP2477371A2 (en) | 2009-09-11 | 2010-08-12 | System for the definition and application of securely accessible geographical areas |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ESP200930683 | 2009-09-11 | ||
ES200930683A ES2356963B1 (es) | 2009-09-11 | 2009-09-11 | Sistema y procedimiento de autenticación mediante áreas geográficas de acceso fiable. |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2011029972A2 true WO2011029972A2 (es) | 2011-03-17 |
WO2011029972A3 WO2011029972A3 (es) | 2011-07-07 |
Family
ID=43732868
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/ES2010/070552 WO2011029972A2 (es) | 2009-09-11 | 2010-08-12 | Sistema para la definición y aplicación de áreas geográficas de acceso fiable |
Country Status (8)
Country | Link |
---|---|
US (1) | US20120270521A1 (es) |
EP (1) | EP2477371A2 (es) |
AR (1) | AR077886A1 (es) |
BR (1) | BR112012005386A2 (es) |
ES (1) | ES2356963B1 (es) |
MX (1) | MX2012002934A (es) |
UY (1) | UY32845A (es) |
WO (1) | WO2011029972A2 (es) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8671143B2 (en) * | 2007-04-04 | 2014-03-11 | Pathfinders International, Llc | Virtual badge, device and method |
US9002944B2 (en) | 2007-04-04 | 2015-04-07 | Pathfinders International, Llc | Virtual badge, device and method |
US9144008B2 (en) * | 2012-01-15 | 2015-09-22 | Google Inc. | Providing hotspots to user devices within server-controlled zones |
US9341479B2 (en) | 2013-03-05 | 2016-05-17 | Google Inc. | Configurable point of interest alerts |
US8755824B1 (en) | 2013-06-28 | 2014-06-17 | Google Inc. | Clustering geofence-based alerts for mobile devices |
CN105814925B (zh) | 2013-12-04 | 2020-03-06 | 诺基亚技术有限公司 | 用于无线接入的接入点信息 |
US9986375B2 (en) | 2014-02-12 | 2018-05-29 | Google Llc | Energy-efficient location determination |
US9596647B2 (en) | 2014-07-21 | 2017-03-14 | International Business Machines Corporation | Secure WiFi using predictive analytics |
CN105515774A (zh) * | 2014-10-14 | 2016-04-20 | 鸿富锦精密电子(郑州)有限公司 | 偷盗侦破系统及方法 |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7428411B2 (en) * | 2000-12-19 | 2008-09-23 | At&T Delaware Intellectual Property, Inc. | Location-based security rules |
US20090210147A1 (en) * | 2008-02-20 | 2009-08-20 | Nokia Corporation | Method, Apparatus and Computer Program Product for Map Generation Using Perpendicular Projection to Merge Data |
-
2009
- 2009-09-11 ES ES200930683A patent/ES2356963B1/es not_active Withdrawn - After Issue
-
2010
- 2010-08-12 EP EP10815024A patent/EP2477371A2/en not_active Withdrawn
- 2010-08-12 US US13/395,350 patent/US20120270521A1/en not_active Abandoned
- 2010-08-12 MX MX2012002934A patent/MX2012002934A/es not_active Application Discontinuation
- 2010-08-12 WO PCT/ES2010/070552 patent/WO2011029972A2/es active Application Filing
- 2010-08-12 BR BR112012005386A patent/BR112012005386A2/pt not_active IP Right Cessation
- 2010-08-17 UY UY0001032845A patent/UY32845A/es not_active Application Discontinuation
- 2010-08-19 AR ARP100103039A patent/AR077886A1/es not_active Application Discontinuation
Non-Patent Citations (3)
Title |
---|
ANA BERNARDOS: "Tecnologias de Localización", December 2003 |
R. W. SINNOTT, VIRTUES OF THE HAVERSINE, SKY AND TELESCOPE, 1984 |
RAUL SANCHEZ VITORES, SISTEMAS DE LOCALIZACIÓN EN INTERIORES, December 2005 (2005-12-01), Retrieved from the Internet <URL:http://www.coit.es/pubticaciones/bit/bit148/57-59.pdf> |
Also Published As
Publication number | Publication date |
---|---|
ES2356963A1 (es) | 2011-04-14 |
US20120270521A1 (en) | 2012-10-25 |
MX2012002934A (es) | 2012-04-02 |
AR077886A1 (es) | 2011-09-28 |
WO2011029972A3 (es) | 2011-07-07 |
UY32845A (es) | 2011-04-29 |
ES2356963B1 (es) | 2011-12-13 |
EP2477371A2 (en) | 2012-07-18 |
BR112012005386A2 (pt) | 2016-03-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2011029972A2 (es) | Sistema para la definición y aplicación de áreas geográficas de acceso fiable | |
US11329982B2 (en) | Managing internet of things devices using blockchain operations | |
US9489787B1 (en) | Short-range device communications for secured resource access | |
ES2713424T3 (es) | Sistemas y métodos para la gestión de acceso a cerraduras utilizando señales inalámbricas | |
Zhang et al. | Location-based authentication and authorization using smart phones | |
US9323915B2 (en) | Extended security for wireless device handset authentication | |
US10410444B2 (en) | System and method for access control | |
CN113225176B (zh) | 密钥获取方法及装置 | |
WO2022057736A1 (zh) | 授权方法及装置 | |
MX2007009233A (es) | Mensaje de inicio de locacion segura de plano de usuario en un sistema de informacion de locacion y metodo y sistema para procesar la locacion segura de plano de usuario al utilizar el mismo. | |
CN111683054A (zh) | 用于远程接入的方法和装置 | |
JP2018512571A (ja) | モバイルデバイスの位置特定 | |
US7835724B2 (en) | Method and apparatus for authenticating service to a wireless communications device | |
ES2800430T3 (es) | Método de detección de tipo de red inalámbrica y dispositivo electrónico | |
JP2005128965A (ja) | アクセス権限制御装置 | |
Beltrán | Identifying, authenticating and authorizing smart objects and end users to cloud services in Internet of Things | |
WO2019056971A1 (zh) | 一种鉴权方法及设备 | |
WO2012001366A2 (en) | Wlan location services | |
US20110158172A1 (en) | Method and device for enforcing internet users' geographical positioning traceability | |
ES2953540T3 (es) | Procedimiento y sistema de autorización de la comunicación de un nodo de red | |
CN113784277A (zh) | 用于存储位置信息的系统、方法和装置 | |
ES2952746T3 (es) | Procedimiento y sistema para autorizar la comunicación de un nodo de red | |
Chen et al. | Secondary user authentication based on mobile devices location | |
WO2016061981A1 (zh) | 实现wlan共享的方法、系统和wlan共享注册服务器 | |
CN114554567A (zh) | 通信的方法及通信装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: MX/A/2012/002934 Country of ref document: MX |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010815024 Country of ref document: EP |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10815024 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13395350 Country of ref document: US |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112012005386 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: 112012005386 Country of ref document: BR Kind code of ref document: A2 Effective date: 20120309 |