WO2014113882A1

WO2014113882A1 - Computer system and method for indoor geo-fencing and access control

Info

Publication number: WO2014113882A1
Application number: PCT/CA2014/000061
Authority: WO
Inventors: Bharat Gadher; Hossein RAHIMI; Nur ZINCIR-HEYWOOD
Original assignee: Spielo International Canada Ulc
Priority date: 2013-01-28
Filing date: 2014-01-28
Publication date: 2014-07-31

Abstract

A computer system for authenticating a wireless device based on localization is provided. The computer system includes a central server or computer network service and a wireless device configured to access a mobile application, the mobile application being coupled with the central server or the computer network service, and when executed accesses functions of the wireless device to collect measurement data related to (i) a first wireless network and (ii) a second wireless network; wherein the mobile application sends the measurement data to the central server or computer network service for analyzing the measurement data to determine a location of the wireless device relative to a defined area, and wherein the central server or computer network service is configured to grant or deny the wireless device access to one or more resources linked to the central server or computer network service, based on the location determined for the wireless device relative to the defined area. A related computer implemented method is provided for authenticating a wireless device to a central server or computer network service based on its location of the wireless device relative to a defined area at the time of a request for one or more resources linked to the central server or computer network service. The computer system may apply smoothing algorithms and implement security mechanisms.

Description

COMPUTER SYSTEM AND METHOD FOR INDOOR GEO-FENCING

AND ACCESS CONTROL

CROSS REFERENCE TO RELATED APPLICATIONS

[0001] This application claims all benefit, including priority, of each of United States Provisional Patent Application Serial No. 61/757,488, filed on January 28, 2013, entitled COMPUTER SYSTEM AND METHOD FOR INDOOR GEO-FENCING AND ACCESS CONTROL; and United States Provisional Patent Application Serial No. 61/859,945, filed July 30, 2013, entitled COMPUTER SYSTEM AND METHOD FOR INDOOR GEO-FENCING AND ACCESS CONTROL, the entire contents of each are incorporated herein by this reference.

FIELD OF THE INVENTION

[0002] Embodiments described herein relate generally to location based services. More particularly, embodiments described herein relate to products and solutions that use wireless technologies for localization and authentication.

BACKGROUND OF THE INVENTION

[0003] Various technologies exist for determining the location of a wireless device. Various localization services are known that determine the location of a user based on the calculation of the location of their wireless device.

[0004] Knowledge about geographical location of a wireless device, or indirectly its owner or user, can be valuable. Geospatial information is used in many fields, including computer software, physical security, and location aware advertising.

[0005] The aim of some localization technologies is to identify the exact location of a user for example using Global Positioning Systems (GPS). GPS technology generally provides an accurate solution for determining position in outdoor environments. However, due to line of sight requirements when using satellite infrastructure, GPS does not work, or is not accurate enough, for many indoor applications.

[0006] Some localization technologies are directed at determining the presence of a device or user within a virtual perimeter of a given geographical landscape, which may be referred to as "geo-fencing". The virtual boundaries of the geo-fenced area can be used for various applications such as equipment theft control, transportation path control, asset management and tracking, automatic house arrest monitoring systems, sharing location through social networks, and location based targeted advertising. See for example References 1 and 2.

[0007] Another major difference between outdoor and indoor geo-fencing is the amount of tolerable positioning error. While in an outdoor geo-fence a dozen of meters in error might be tolerable, even half of this amount of error may not be acceptable or may result in failure in an indoor geo-fencing application.

[0008] Localization of wireless devices in indoor environments is sometimes provided by tagging objects with a wireless network compatible device or chip. For example a smart phone or a bracelet may be tagged, using a Radio Frequency Identification (RFID) chip for determining whether the user with the tagged device is within a defined perimeter or not.

[0009] In 2002, Bluetooth v1.1 was introduced as a standard. Reference 3 includes an introductory description of Bluetooth. Wi-Fi was defined in 1997, and later clarified in 1999.

[0010] Various other wireless standards exist such as GSM, Ultra Wide Band (UWB), Ultra High Frequency (UHF), Near Field Communication (NFC), and Radio Frequency Identification (RFID). Various technologies for positioning devices are known.

[001 1] Reference 4 generally discloses the "Radar" Wi-Fi based indoor positioning technology proposed by Microsoft Research. Radar uses a specifically designed network interface card that allows collection of data sets with more information than just Received Signal Strength Indication ("RSSI") values. Using overlapping of wireless network access point service ranges, the proposed method uses triangulation and noise modeling to position users in indoor environments. The accuracy of this system is limited to be between around 2 and 3 meters.

[0012] In Reference 5, Horus uses clustering techniques to convert an indoor area into tiles, and then locate each wireless device relative to those tiles. The clustering approach disclosed associates a subset of access points to an area of a map. First a probabilistic model is built based on association of access points and areas of an indoor map. Then the model is used to cluster the RSSI data received from users into access point subsets and then locations. This reference however does not provide a solution that addresses noise in the experimental environment; however, the disclosure claims accuracy of about 90% in distances above 2.1 meters.

[0013] References 6 and 7 use Support Vector Machine ("SVM") techniques to classify RSSI data for localizing the nodes in a Wi-Fi network. Clearing the area of noise, 100% accuracy is claimed in this disclosure when using obstacles (e.g. walls) to separate the zone from outside areas. The data set referenced includes unknown number of instances sampled in 21 symmetric predefined locations of the area.

[0014] Reference 8 discloses using SVM and also triangulation to position a node inside or outside a given zone. However, the research of this Reference does not include a detailed error investigation, and also static formation of anchor nodes is used, and the reference discloses only a homogenous hardware environment.

[0015] In References 8 and 9, use of machine learning and probabilistic models is proposed, while using small grids of Wi-Fi access points to locate wireless devices. These disclosures reference an accuracy of about 1.5 meters with about 50% of the samples. Where samples are collected in 270 fixed locations, they have used 8 Wi-Fi access points to extract coordinates of the users in a 16 x 40 meters office area. The environment noise is not discussed, but it is mentioned that the test area includes glass, concrete and wooden obstacles.

[0016] In References 10 and 1 1 , researchers have taken the approach of employing Artificial Neural Networks to determine the location of users, achieving an error of over 1 meter in 72% of the samples. Reference 10 in particular uses 3 access points with unequal transmission powers, associating the data collected with a map to locate the users. With minimum of 5 data points sampled at the training time, the authors have managed to locate test samples with errors of 3 meters or above. Due to the unbalanced power of access points and their arbitrary placing, missing values resulted in certain blind spots of the experimentation area.

[0017] Very few prior art solutions utilize Bluetooth for indoor positioning. Reference 12 discloses use of multiple Neural Networks to achieve indoor positioning using Bluetooth, however, the proposed system does not provide accurate localization with different wireless devices. [0018] Reference 13 introduces a Wi-Fi based indoor positioning system that is based on combination of Bayesian networks, stochastic complexity and online competitive learning. The research disclosed resulted in the development of the commercial products branded EKAHAU™. The accuracy levels of Ekahau products operate at a room level or a patient bed level in medical facility, which may not be sufficient for geo-fencing in retail applications. Ekahau systems also require the use of proprietary infrared beacons and wireless devices that include infrared sensors, and a proprietary driver that supports a site survey process. As such, Ekahau does not provide indoor positioning using the existing, standard wireless devices of consumers.

[0019] References 14 and 15 describe the "GloPos" GSM/CDMA based commercial positioning technology. It uses information from cell towers to estimate the location of mobile devices. The system accuracy is referred to as being 10 to 40 meters in suburban, urban and indoor areas. Moreover, they have claimed a 7.7 to 12.5 meters accuracy being achieved during an independent test described in Reference 15. However, this accuracy is achieved in less than 75% of the test cases, and the overall average of accuracy is between 15.1 and 23.9 meters.

[0020] Reference 16 describes the products of AEROSCOUT™, a company offering enterprise indoor and outdoor positioning infrastructure. Their technology is a combination of RFID, GPS and Wi-Fi technologies. Their main goal is to integrate these technologies in a localization solution, where one technology is used to compensate for the shortcomings of one or more of the others. However, this technology also requires the use of a proprietary AEROSCOUT tag.

[0021] When wireless technologies started to grow and started to play an important role in the computer and mobile networking market, systems may attempt to leverage the available network data for indoor positioning. Example technologies include, but are not limited to: Ultra Wide Band (UWB) radio, Ultra High Frequency (UHF) radio, Global System for Mobile (GSM), RFID, Bluetooth, Wi-Fi, and infrared waves. See References 2 and 21 , for example.

[0022] References 22 and 23 describe using different combinations of Bluetooth and Wi-Fi reference points to estimate the position of a user using trilateration and multilateration and experiments with the addition of a few Bluetooth hotspots to Wi-Fi infrastructure. This divides a building floor into certain number of regions. Then, these short range hotspots increase the accuracy of a position system that approximates a device's location based on the closest access point or hotspot.

[0023] Reference 24 describes employing bayesian filtering and simulated annealing to position users. Experiments described in references referred to herein are done as simulations, and not in real world environments.

[0024] References 25 and 26 investigate methods to make networks resistant against low level jamming attacks. However, in case of high level system design, they do not study higher levels of network protocol stack, specifically the application layer for indoor positioning techniques. Embodiments described herein may investigate some attack scenarios that are taking place in the higher layers of the network protocol stack.

[0025] There is a need for improved technologies for authentication a wireless device or user to a computer system based on location of the wireless device, particularly for use indoors, and with accuracy that is suitable to allow authorization of devices based on location relative to virtual boundaries, in a relatively precise manner. For many applications, it is not desirable to require access to a particular tag. It is also important to provide solutions that couple localization with authentication, but permit users to use their own wireless device. Stated otherwise, there is a need for a localization/authentication technology that works indoor, with a strong emphasis on security, but enables users to use their own wireless device.

REFERENCES

[1] F. Reclus and . Drouard, "Geofencing for fleet and freight management," in Intelligent Transport Systems Telecommunications, (ITST), 2009 9th International Conference on, Oct 2009, pp. 353-356.

[2] H. Liu, H. Darabi, P. Banerjee, and J. Liu, "Survey of wireless indoor positioning techniques and systems," Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions on, vol. 37, no. 6, pp. 1067 -1080, Nov. 2007.

[3] "IEEE standard for telecommunications and information exchange between systems - Ian/man - specific requirements - part 15: Wireless medium access control (MAC) and physical layer (Phy) specifications for wireless personal area networks (WPANS)," IEEE Standards C/LM LAN/MAN Standards Committee, 2002. [4] P. Bahl, V. N. Padmanabhan, and A. Balachandran, "Enhancements to the radar user location and tracking system," Tech. Rep., 2000.

[5] M. Youssef, A. Agrawala, and A. U. Shankar, "WLAN location determination via clustering and probability distributions," in IEEE PerCom, 2003.

[6] H. Miura, J. Sakamoto, N. Matsuda, H. Taki, N. Abe, and S. Hori, "Adequate RSSI determination method by making use of SVM for indoor localization," in Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II, ser. KESO6. Berlin, Heidelberg: Springer-Verlag, 2006, ppr628-636. [Online]. Available: http://dx.doi.org/10.1007/1 1893004 81

[7] J.-C. Chang, C.-C. Shen, A.-C. Chang, and Y.-C. Chung, "Indoor LBS based on SVM and RSSI method," in Proceedings of BAI Conference, 201 1.

[8] P. Castro, P. Chiu, T. Kremenek, and R. Muntz, "A probabilistic room location service for wireless networked environments," 2001 , pp. 18-34.

[9] T. Roos, P. Myllyma ^"ki, H. Tirri, P. Misikangas, and J. Sieva^' nen, "A Probabilistic Approach to WLAN User Location Estimation," International Journal of Wireless Information Networks, vol. 9, no. 3, pp. 155-164, Jul. 2002. [Online]. Available: http://dx.doi.orq/10.1023/A: 1016003126882

[10] R. Battiti, T. L. Nhat, and A. Villani, "Location-aware computing: A neural network model for determining location in wireless LANs," Tech. Rep., 2002.

[1 1 ] S. Saha, K. Chaudhuri, D. Sanghi, and P. Bhagwat, "Location determination of a mobile device using IEEE 802.11 b access point signals," in Wireless Communications and Networking, 2003. WCNC 2003. 2003 IEEE, vol. 3, march 2003, pp. 1987 -1992 vol.3.

[12] M. Altini, D. Brunelli, E. Farella, and L. Benini, "Bluetooth indoor localization with multiple neural networks," in Proceedings of the 5th IEEE international conference on Wireless pervasive computing, ser. ISWPC10. Piscataway, NJ, USA: IEEE Press, 2010, pp. 295-300. [Online]. Available: http://dl.acm. orq/citation.cfm?id=1856330.1856382

[13] P. Kontkanen, P. Myllymki, T. Roos, H. Tirri, K. Valtonen, and H. Wettig, "Topics in probabilistic location estimation in wireless networks," 2004. [14] "Glopos - a revolution in indoor positioning technology," http://www. glopos.com/site/, sep. 2012.

[15] "Glopos indoor positioning accuracy tests conducted by VTT": http://www. glopos.com/site/technoloqy.html, sep. 2012.

[16] "WiFi based RTLS solutions and wireless sensor technologies by Aeroscout", http://www.aeroscout.com/, sep. 2012.

[17] J. R. Quinlan, C4.5: programs for machine learning. San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., 1993.

[18] L. Breiman, "Random forests," Mach. Learn., vol. 45, no. 1 , pp. 5-32, Oct. 2001. [Online]. Available: http://dx.doi.org/10.1023/A: 1010933404324

[19] L. Rokach and O. Z. Maimon, Data Mining with Decision Trees: Theroy and Applications, ser. Series in Machine Perception and Artificial Intelligence. World Scientific Publishing Co. Pte. Ltd., 2007, vol. 69.

[20] "Weka 3 - data mining with open source machine learning software in JAVA": http://www.cs.waikato.ac.nz/ml/weka/, May 2012.

[21] Y. Gu, A. Lo, and I. Niemegeers. A survey of indoor positioning systems for wireless personal networks. Communications Surveys Tutorials, IEEE, 1 1 (1 ): 13—32, 2009.

[22] C. E. G. T. I. Galvan-Tejada, E. I. Sandoval, and R. Brena. Wifi bluetooth based combined positioning algorithm. Procedia Engineering, 35(0): 101 - 108, 2012. <ce:title>lnternational Meeting of Electrical Engineering Research 2012.</ce:title>.

[23] A. Baniukevic, D. Sabonis, C. Jensen, and H. Lu. Improving wi-fi based indoor positioning using bluetooth add-ons. In Mobile Data Management (MDM), 201 1 12th IEEE International Conference on, volume 1 , pages 246 -255, june 201 1.

[24] R. Wang, F. Zhao, H. Luo, B. Lu, and T. Lu. Fusion of wi-fi and bluetooth for indoor localization. In Proceedings of the 1 st international workshop on Mobile location-based service, MLBS Ί 1 , pages 63-66, New York, NY, USA, 201 1. ACM. [25] M. Strasser, C. Popper, S. Capkun, and M. Cagalj. Jamming-resistant key establishment using uncoordinated frequency hopping. In IEEE Symposium on Security and Privacy, pages 64-78. IEEE Computer Society, 2008.

[26] S. Capkun. Jamming resistance. In H. C. A. van Tilborg and S. Jajodia, editors, Encyclopedia of Cryptography and Security (2nd Ed.), pages 661-662. Springer, 201 1.

[27] R. T. Fielding. Architectural Styles and the Design of Network-based Software Architectures. PhD thesis, UNIVERSITY OF CALIFORNIA, IRVINE, 2000.

[28] R. J. Hyndman. Moving averages, www.robjhyndman.com/papers/movingaverage.pdf, 2009.

[29] X. He. Signal Processing, Perceptual Coding and Watermarking of Digital Audio: Advanced Technologies and Models. BrainMedia LLC, 201 1.

[30] P. Kelley, S. Komanduri, M. Mazurek, R. Shay, T. Vidas, L. Bauer, N. Christin, L. Cranor, and J. Lopez. Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 523-537, 2012.

[31 ] M. Marlinspike. Sslstrip. Thoughtcrime Labs.[Online], 2009.

[32] M. Laner, P. Svoboda, and M. Rupp. Latency analysis of 3g network components. In European Wireless, 2012. EW. 18th European Wireless Conference, pages 1-8, 2012.

SUMMARY

[0026] In one aspect, embodiments described herein may provide a computer system for authenticating a wireless device (or its user) based on localization, including: (A) a central server or computer network service, that couples with (B) a wireless device configured to access a mobile application, the mobile application being coupled with the central server or the computer network service, and when executed accesses functions of the wireless device to collect measurement data related to (i) a first wireless network and (ii) a second wireless network; wherein the mobile application sends the measurement data to the central server or computer network service for analyzing the measurement data to determine a location of the wireless device relative to a defined area, and wherein the central server or computer network service is configured to grant or deny the wireless device access to one or more resources linked to the central server or computer network service, based on the location determined for the wireless device relative to the defined area.

[0027] In another aspect, an indoor geo-fenced area is established, within which the wireless device is permitted to access the central server or the computer network service, and wherein the first set of measurement data are made in a Wi-Fi mode, and the second set of measurement data are made in a Bluetooth mode, and the first and second set of measurement data are analyzed to determine whether the wireless device is located in the indoor geo-fenced area at the time of a request to access the one or more resources linked to the central server or computer network service.

[0028] In another aspect, the measurement data comprise RSSI data and the computer system includes a service that implements one or more machine learning approaches to classify the RSSI data to determine the location of the wireless devices relative to one or more virtual boundaries of the indoor geo-fenced area.

[0029] In yet another aspect, the computer system is configured to apply one or more smoothing techniques to RSSI data sent from the wireless device in a geo-fenced environment.

[0030] In a further aspect, the one or more smoothing techniques are based on at least one of the smoothing methods of Moving Average, weighted Moving Average, LOWESS, LOESS, Savitzky-Golay filter, a robust version of LOWESS, and a robust version of LOESS.

[0031] In still a further aspect, the computer system is configured to apply security mechanisms based on at least one of throttling, per user statistical analysis, outlier detection upon RSSI value growth rate_, infrastructure monitoring, and detection of fake access points and hotspots.

[0032] In another aspect, the mobile application is loaded within the wireless device.

[0033] In one aspect, embodiments described herein may provide a computer implemented method suitable for a central server or computer network services, for authenticating a wireless device based on localization, the method including (i) receiving measurement data from a wireless device; (ii) analyzing the measurement data to determine a location of the wireless device relative to a defined area; and (iii) based on the determination of the location of the wireless device, determining whether to authenticate the wireless device.

[0034] In another aspect, the measurement data comprises RSSI data associated with the wireless device.

[0035] In another aspect, analyzing the measurement data comprises classifying or modeling of the measurement data.

[0036] In yet another aspect, analyzing the measurement data comprises applying one or more smoothing techniques to the measurement data prior to the classifying or modeling of the measurement data.

[0037] In a further aspect, the method further comprises the step of applying security mechanisms based on at least one of: throttling, per user statistical analysis, outlier detection upon RSSI value growth rate, infrastructure monitoring, and detection of fake access points and hotspots.

[0038] In still a further aspect, the method further comprises the step of granting or denying access to one or more resources linked to the central server or computer network service, based on the location determined for the wireless device relative to the defined area.

[0039] In another aspect, the defined area comprises an indoor geo-fenced area.

[0040] In still another aspect, the measurement data comprises at least two sets of measurement data, the first set of measurement data made in a Wi-Fi mode, and the second set of measurement data made in a Bluetooth mode.

[0041] In one aspect, embodiments described herein may provide a method, suitable for a wireless device, or authenticating the wireless device based on localization, the method comprising the steps of (a) collecting measurement data related to (i) a first wireless network and (ii) a second wireless network; and (b) sending the measurement data to a central server or computer network service for modeling the measurement data to determine a location of the wireless device relative to a defined area.

[0042] In another aspect, the measurements data comprise RSSI data. [0043] In another aspect, an indoor geo-fenced area is established, within which the wireless device is permitted to access the central server or the computer network service, and wherein the first set of measurement data are made in a Wi-Fi mode, and the second set of measurement data are made in a Bluetooth mode.

[0044] In yet another aspect, access to one or more resources linked to the central server or computer network service is granted or denied based on the location determined for the wireless device relative to the defined area.

[0045] In a further aspect, the method comprises the step of receiving a barcode or a ticket from the server or computer network service.

[0046] In still a further aspect, the method comprises the step of sending a response to the server or computer network service in response to receiving the barcode or ticket.

[0047] In yet still another aspect, the measurement data are processed prior to being sent to the central server or computer network service.

[0048] Various other embodiments are described.

BRIEF DESCRIPTION OF THE DRAWINGS

Fig. 1 is block diagram showing the basic functional units of a localization/authentication system in accordance with one aspect of the present invention.

Fig. 2 is diagram illustrating a representative floor map used with the localization/authentication system in accordance with some aspect of the present invention.

Fig. 3 is a table illustrating representative performance results for one implementation of the localization/authentication system in accordance with some aspect of the present invention.

Figs. 4a - 4f illustrate representative performance results, for different devices and for different zone sizes in accordance with some aspect of the present invention.

Fig. 5 illustrates screen shots of the statistics and monitoring user interface in accordance with some aspect of the present invention. Fig. 6 illustrates an overview of the data held by client status manager in accordance with some aspect of the present invention.

Figs. 7A and 7B shows the effect of the changing window size on experiments in accordance with some aspect of the present invention.

Fig. 8 demonstrates the trend of average Growth_rate for three different users over 100 positioning requests based on an illustrative experiment in accordance with some aspect of the present invention.

Figs. 9A and 9B show results from an experimental classification on a zone using different infrastructure and wireless devices in accordance with some aspect of the present invention.

Fig. 10 demonstrates a representative workflow in accordance with one aspect of the present invention.

[0049] Elements that are the same or equivalent are labeled with the same reference numerals.

DETAILED DESCRIPTION

[0050] Throughout the following discussion, numerous references will be made regarding servers, services, interfaces, portals, platforms, or other systems formed from computing devices. It should be appreciated that the use of such terms is deemed to represent one or more computing devices having at least one processor configured to execute software instructions stored on a computer readable tangible, non-transitory medium. For example, a server can include one or more computers operating as a web server, database server, or other type of computer server in a manner to fulfill described roles, responsibilities, or functions. One should further appreciate the disclosed computer-based algorithms, processes, methods, or other types of instruction sets can be embodied as a computer program product comprising a non-transitory, tangible computer readable media storing the instructions that cause a processor to execute the disclosed steps.

[0051 ] The term "wireless device" as used in this disclosure refers to any manner of wireless device including computing resources capable to initiate the functions described. For example, a wireless device may be a mobile phone, a laptop, a tablet, a portable gaming device, a Google™ Glass, a Samsung™ Galaxy Gear Watch, or any wearable computing device,

[0052] The following discussion provides many example embodiments of the inventive subject matter. Although each embodiment represents a single combination of inventive elements, the inventive subject matter is considered to include all possible combinations of the disclosed elements. Thus if one embodiment comprises elements A, B, and C, and a second embodiment comprises elements B and D, then the inventive subject matter is also considered to include other remaining combinations of A, B, C, or D, even if not explicitly disclosed.

[0053] As used herein, and unless the context dictates otherwise, the term "coupled to" is intended to include both direct coupling (in which two elements that are coupled to each other contact each other) and indirect coupling (in which at least one additional element is located between the two elements). Therefore, the terms "coupled to" and "coupled with" are used synonymously.

[0054] The embodiments of the systems and methods described herein may be implemented in hardware or software, or a combination of both. These embodiments may be implemented in computer programs executing on programmable computers, each computer including at least one processor, a data storage system (including volatile memory or nonvolatile memory or other data storage elements or a combination thereof), and at least one communication interface. For example, and without limitation, the various programmable computers may be a server, network appliance, set-top box, embedded device, computer expansion module, personal computer, laptop, personal data assistant, cellular telephone, smartphone device, UMPC tablets and wireless hypermedia device or any other computing device capable of being configured to carry out the methods described herein.

[0055] Program code is applied to input data to perform the functions described herein and to generate output information. The output information is applied to one or more output devices, in known fashion. In some embodiments, the communication interface may be a network communication interface. In embodiments in which elements of the invention are combined, the communication interface may be a software communication interface, such as those for interprocess communication (IPC). In still other embodiments, there may be a combination of communication interfaces implemented as hardware, software, and combination thereof. [0056] Each program may be implemented in a high level procedural or object oriented programming or scripting language, or both, to communicate with a computer system. However, alternatively the programs may be implemented in assembly or machine language, if desired The language may be a compiled or interpreted language. Each such computer program may be stored on a storage media or a device (e.g., ROM, magnetic disk, optical disc), readable by a general or special purpose programmable computer, for configuring and operating the computer when the storage media or device is read by the computer to perform the procedures described herein. Embodiments of the system may also be considered to be implemented as a non-transitory computer-readable storage medium, configured with a computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner to perform the functions described herein.

[0057] Furthermore, the systems and methods of the described embodiments are capable of being distributed in a computer program product including a physical, non-transitory computer readable medium that bears computer usable instructions for one or more processors. The medium may be provided in various forms, including one or more diskettes, compact disks, tapes, chips, magnetic and electronic storage media, volatile memory, non-volatile memory and the like. Non-transitory computer-readable media may include all computer-readable media, with the exception being a transitory, propagating signal. The term non-transitory is not intended to exclude computer readable media such as primary memory, volatile memory, RAM and so on, where the data stored thereon may only be temporarily stored. The computer useable instructions may also be in various forms, including compiled and non-compiled code.

[0058] Embodiments described herein provide a novel and innovative technology for coupling indoor geo-fencing with access control based on authentication of a wireless device (and optionally a user of the wireless device) to a computer system (or application linked to a computer system). Embodiments described herein provide an localization/authentication system that incorporates wireless network positioning in a way that may provide significant accuracy, and that may enable users to be localized/authenticated using any wireless device, and therefore permitting the delivery of network services (such as access to application resources associated with a remote computer) in a way that the wireless device may be required to be positioned in a defined area (as explained below). [0059] Providing access to a network resource is based on authentication of the wireless device, the authentication of the wireless device including validation of the location of the wireless device. Embodiments described herein may require, in addition to validation of location, other parameters in order to grant access to a network resource. Other parameters may include for example: (A) time of day, to ensure that network resources can only be access during authorized hours (for example operating hours defined by a regulator), (B) preventing access to unauthorized devices (based on for example safe gaming requirements), (C) prevent tampering, and (D) enable age verification. Further examples may be provided herein.

[0060] Significantly, the localization/authentication system may be cost effective to implement and maintain in part because the resources required are reduced by the fact that a system architecture is provided with localization/authentication requiring little overhead. In one aspect, and as further mentioned below, localization/authentication is performed with relatively few steps, data requirements, or resource requirements.

[0061 ] Embodiments described herein provide a computer system is provided that includes: (A) a central server or computer network service, that couples with (B) a mobile application linked to and/or is accessible by any manner of wireless device that accesses functions of the wireless device to collect measurements related to (i) a first wireless network and (ii) a second wireless network; (C) the mobile application processes the measurements; and (D) sends the processed measurements to the central server for modeling the processed measurements to determine a position of the wireless device relative to a defined area. Based on positioning of the wireless device, the wireless device or its user is granted or denied access to one or more network resources linked to the central server.

[0062] In one aspect of the invention the first measurements are signal measurements collected by the wireless device in connection with at least one Wi-Fi network or WLAN. As is well known, Wi-Fi networks may be vulnerable to security attacks and therefore may not be suitable for various applications where authentication of a device, and indirectly its user is required, with significant certainty. Therefore, embodiments described herein utilize a Wi-Fi or similar network to capture a first data set used for localization, and then capture a second data set obtained based on connection of the wireless device to a more secure wireless connection protocol such as Bluetooth. [0063] Embodiments described herein provide a method whereby the first data set and the second data set are analyzed so as to generation localization information for the wireless device. More specifically, embodiments described herein provide a mechanism wherein at least two data sets are used to perform localization/authentication in an efficient manner.

[0064] The disclosure refers to "authentication" in a general manner. A variety of purposes may exist for authentication, including registration of the wireless device to a computer resource such as an Internet service. The Internet service may consist of providing access to an Internet application from a wireless device but only so long as the wireless device is in a defined area. One example of application of the present technology is to manage access to an Internet gaming application using a wireless device, but only so long as the wireless device is authorized for access including based on the wireless device being within a location authorized for gaming for example by a gaming authority. Access to the Internet gaming application may also depend on providing credentials associated with the user of the wireless device.

[0065] Significantly, the present technology enables users to use their own wireless device for gaming (as an illustrative example) and therefore is designed to provide localization/authentication in connection with any wireless device thereby meeting "bring your own device" ("BYOD") market requirements.

[0066] It may be desirable to provide significant positioning accuracy in a number of different applications. For example, in a gaming application there may be regulatory consequences if access to gaming functionality is provided outside of a licensed location. It is also important to ensure that users have a positive experience and therefore denying access to users who are within the defined area and authorized/registered for access would provide a negative experience. It is also important to provide a localization/authentication solution that provides desirable positioning accuracy and is relatively easy and cost effective to implement, and easy for consumers to use.

[0067] In one particular implementation an Internet gaming application is provided that consumers may access using their wireless device provided that they are within an authorized area such as a geo-fenced area. Additionally, the user may need to provide additional credentials. In other words, access to the Internet gaming application may be associated with (a) location based credentials, and (b) identity based credentials (such as an existing user profile that may include age or residence for example). An advantage of embodiments described herein may be providing a technical mechanism for managing access to an Internet resource (such as the gaming application) based on both (a) location of the wireless device, and (b) authentication of the wireless device or the user.

[0068] Different applications or different jurisdictions may require variation of the authentication processes. The present technology is designed to be flexible and also to provide a scalable solution that can address such variation from application to application, or location to location, and also depending on the user's profile.

Intelligent Localization

[0069] Embodiments described herein provide a computer system that enables the localization/authentication of one or more wireless devices in an indoor "noisy" environment such as a retail environment, where because of the presence of different wireless networks and wireless devices, the performance of prior art localization methods using wireless technology may be inadequate. The discussion covered in the "Introduction" section above highlights that while the prior art has proposed indoor wireless localization solutions, these do not address the need for strong accuracy and performance in relatively noisy environments. They may also note address security issues with wireless networks.

[0070] At a high level, as detailed in the examples below, embodiments described herein provide insight that it can be determined with improved accuracy whether a wireless device is within a defined indoor area, consistently across different types of devices, using a machine learning approach to classify RSSI information for determining the presence of a wireless device relative to one or more virtual boundaries of the defined indoor area. Furthermore, a machine learning approach can be applied to discover the position of a wireless device for the purpose of granting the wireless device access to network resources in compliance with security standards by combining measurements in a Wi-Fi or similar mode with another more secure mode such as Bluetooth. These wireless networks are common, and further most if not all wireless devices incorporate hardware/software components to connect to these networks.

[0071] Embodiments described herein provide for the first time a platform and technology that enables localization/authentication of wireless devices based on their presence in a defined area, in a way that provides desirable accuracy characteristics, and requires from users only that they have a mobile application on their wireless device. [0072] Referring now to Fig. 1 , which demonstrates a block diagram of a system in one embodiment in accordance with one aspect of the invention, the system can include a server component (10) and a mobile application (12). The mobile application (12) may be loaded or connected to a wireless device (14) using any suitable loading or linking mechanism. The server (10) may consist of a server computer (16) linked to (or loaded within) a server application (18). The server computer (16) may also be a server farm, and the server application (18) may be implemented as a set of distributed computer program components. The server (10) may also be implemented as computer network implemented service such as a cloud networking service.

[0073] In another embodiment of the invention (not illustrated), mobile application or a mobile application module (12) may be remotely linked to and/or accessible by the wireless device (14), with an optional client interface module on the wireless device (14). The mobile application module (12) may comprise entirely of software, or entirely of hardware, or include both software and hardware components. The mobile application module (12) may be implemented to one or more server computers, or may be implemented as an interconnected network of computer providing a cloud service, and accessed by the wireless device (14) and the server (10) through one or more trusted networks. The mobile application module (12) can interoperate with the wireless device (14) and/or the server (12) in order to deliver the functionalities described herein.

[0074] In another embodiment of the invention, the mobile application module (12) may be implemented as a component of the server (10).

[0075] In yet another embodiment of the invention (not illustrated), a user may access the mobile application module (12) through a cloud service web interface, for example by opening a mobile web browser on the wireless device (14) and going to an IP address associated with the mobile application module (12). The mobile application module (12) may act like a web portal, and can authenticate the user and the wireless device (14) accordingly prior to sending an access request to the server (10), as will be described below.

[0076] The server (10) includes or is linked to one or more network resources. The server (10) may act as a gateway to access network resources. In one implementation, the server (10) is linked to one or more gaming applications (20) (e.g. gaming terminals programmed with one or more games), where consumers may access gaming features from their wireless device (14) so long as they are authorized to access the server (10), based on determination that they are located with a defined area or zone (22) and optionally also based on providing credentials associated with the consumer. The defined area (22) may be for example a location authorized by a gaming licensing organization, for example for playing games of chance.

[0077] The network resources are not limited to gaming applications (20). The network resources may be any kind of resources desired by a user and provided by and/or linked to a server (10). For example, the network resources may be banking services, flight-checking services, document access services, record management services, enterprise solution services, customer relation management services, and so on.

[0078] The server (10) includes an administrative utility (24). The administrative utility (24) includes a series of administrative features or functions for setting up the virtual boundaries of a defined area (22). The administrative utility (24) may also include various other tools or functions including for example: one or more assessment tools for assessing the various factors affecting localization in connection with a defined area (22) including noise from networks or devices, and one or more optimizers for optimizing the classification or modeling features discussed below.

[0079] The mobile application (12), in one possible implementation, includes programming for locating and connecting to the server (10), or gaming applications (20). The mobile application (12) includes programming for collecting and processing information relevant for localization/authentication of its wireless device (14), as explained herein. The mobile application (12) may exist in different versions for different wireless device operating systems such as iOS™, ANDROID™, WINDOWS™ for mobile, or BLACKBERRY™. The mobile application (12) is designed and configured to enable localization/authentication in connection with a range of devices, regardless of their manufacturer or model.

[0080] Optionally, the mobile application (12) obtains from the server (10) configuration data for optimizing the localization functions performed by the mobile application (12), for example based on parameters associated with the defined area (22). There parameters may include a set of parameters regarding the boundaries of the defined area (22).

[0081 ] The mobile application (12) can include or be linked to what may be referred to as a "surveyor" component (26). The surveyor component may be activated by the user when s/he wants to access a network resource (for example play a game linked to the computer system of the present invention), or may be triggered automatically when the mobile application (12) determines (accessing functions of the wireless device (14)) that it is within a predetermined range of a defined area (22).

[0082] In another embodiment of the invention (not illustrated), the surveyor component (26) may be remotely linked to or accessible by the wireless device (14). The surveyor component (26) may comprise entirely of software, or entirely of hardware, or include both software and hardware components. The surveyor component (26) may be implemented to one or more server computers, or may be implemented as an interconnected network of computer providing a cloud service, and accessed by the wireless device (14) and the server (10) through one or more trusted networks. The surveyor component (26) can interoperate with the wireless device (14) and/or the server (12) in order to deliver the functionalities described herein.

[0083] In another embodiment of the invention, the surveyor component (26) may be implemented as a component of the server (10).

[0084] The surveyor component (26) surveys a defined area (22) and collects information based on measurements made by the wireless device (14) in regards to two or more defined wireless networks, as explained herein. In one implementation, this information is used as training data that is then used to build one or more classification models for localization/authentication of the wireless device (14). In one possible implementation, the training data is collected by the surveyor component (26) and then transferred to the server (10) for modeling, as further explained herein. The server (10) acts as a central computer for the purposes of localization/authentication. The server (10) may consist of a local server computer, deployed to provide for example localization/authentication for enabling for example gaming using wireless devices within a defined area (22) such as a casino. The server (10) may also be an Internet connected resource that is deployed across multiple locations. Various computer system and computer network implementations are possible.

[0085] The surveyor component (26) includes programming for collecting: (A) a first set of wireless network signal data and associated Received Signal Strength Indication ("RSSI") data, and (B) a second set of wireless network signal data and associated RSSI data. In one implementation, (A) consists of Wi-Fi signal data and associated RSSI data (or some other wireless network with desirable characteristics), and (B) consists of signal data and associated RSSI data for a second wireless network type that may compensate for some of the characteristics of wireless network (A). For example, Wi-Fi networks may have desirable range and bandwidth characteristics, however, they are generally subject to noise and security attacks. Bluetooth may have less desirable range characteristics but tends to yield accurate measurements even in noisy environments, and also is relatively secure. Other suitable wireless network measurements may be used.

[0086] The mobile application (12) can leverage existing Wi-Fi and/or Bluetooth infrastructure. For example a Wi-Fi and Bluetooth network components may already be deployed at a particular location, and now may be utilized for localization/authentication in accordance with the present invention.

[0087] Once the mobile application (12) is in a "survey mode" or equivalent, it collects a series of test data sets both for Wi-Fi and for Bluetooth networks, comprising network signal measurements and associated RSSI information. The mobile application (12) includes functionality for labeling these data sets based on the parameters associated with the defined area (22). Specifically, in one possible implementation, the mobile application (12) categorizes or labels each data set as to whether it indicates being inside or outside the defined area (22). In other words, for any particular localization, there will be one or more labels indicating that the wireless device (14) is within the defined area (22), and one or more labels indicating that the wireless device (14) is outside the defined area (22). This requires that the mobile application (12) have access to information regarding the boundaries of the defined area (22), which the mobile application (12) may acquire from the server (10) or may already be stored in a memory linked to the mobile application (12).

[0088] It is to be appreciated that "text data set(s)" in this application may be also referred to as data set(s), test data, training data set(s), or training data.

[0089] In another aspect, the mobile application (12) collects and processes information to conduct a site survey that is usable by the server (10) to perform the localization/authentication operations described herein. In one aspect, the mobile application (12) creates a local database to categorize and to store the labeled data sets that constitute samples.

[0090] These samples (data set values plus assigned labels) can then be automatically sent to the server (10) by wireless device (14) based on programming of the mobile application (12). The server (10) includes or links to an analyzer (25) utility or analyzer service that implements one or more data mining routines or algorithms, which may include one or more machine learning algorithms, for determining the location of the wireless device (14).

[0091 ] In another embodiment of the invention (not illustrated), the analyzer (25) utility may be remotely linked to or accessible by the server (10) and/or the wireless device (14). The analyzer (25) may comprise entirely of software, or entirely of hardware, or include both software and hardware components. The analyzer (25) may be implemented to one or more server computers, or may be implemented as an interconnected network of computer providing a cloud service, and accessed by the wireless device (14) and the server (10) through one or more trusted networks. The analyzer (25) can interoperate with the wireless device (1 ) and/or the server (12) in order to deliver the functionalities described herein.

[0092] It is to be appreciated that server (10) can also be implemented as a computer network service remotely connected and maintained on a cloud or installed at a physical hardware location.

[0093] In one embodiment of the invention, a site survey for a defined area such as a geo- fenced area is conducted by a mobile application (12) in conjunction with the survey component (26) accessible by a wireless device (14) every time the particular wireless device enters the defined area. The samples based on the site survey are then sent to the server (10) for the purpose of determining the location of the wireless device relative to the defined area.

[0094] In another embodiment of the invention, a site survey is conducted by a mobile application (12) in conjunction with the survey component (26) accessible by a wireless device (14) only once for the particular wireless device (and thus its user) for a defined area or a geo- fenced zone, and/or optionally over a defined period of time. For example, when a user first enters or comes close to a geo-fenced zone, a wireless device on the user can be prompted by a server (10) to: (if needed, to download and install the mobile application first), collect measurements and conduct a site survey. The samples can then be sent to the server (10) by the wireless device for the purpose of building classification models necessary for determining the location of the wireless device relative to the geo-fenced zone. The user and the wireless device may then leave and re-enter the geo-fenced zone again in the future without the requirement of conducting another site survey. In this scenario, in the subsequent visits to the same geo-fenced zone, the mobile application (12) on the wireless device only needs to send fresh measurement data to the server (10) without conducting an extensive site survey, and the server (10) may recognize the wireless device and then apply previously determined and stored classification models, as well as one or more data mining routines or algorithms, which may include one or more machine learning algorithms, to the measurement data in order to determine the location of the wireless device relative to the geo-fenced area. The requirement or exemption of site survey may be time-stamped, such that a site survey is required every X hours or Y days, and so on. The exemption of site survey may also be controlled by an administrator or the administration utility in the server (10).

[0095] The wireless device which the user is using to view, create, or otherwise interact or interface with the gaming applications (20) or the server (10) may or may not necessarily be the same wireless device that processes the measurement data or training data sets. For example, the user's training data sets may be collected by the wireless device (14), then transmitted over a communications network, such as the Internet, other wide area network, or a local area network, to another computing device for processing. This other computing device may be the server (10) or any other suitable computing device locally or remotely available.

Possible Server Implementation

[0096] Server (10) may be implemented using a server and data storage devices configured with database(s) or file system(s), or using multiple servers or groups of servers distributed over a wide geographic area and connected via a network. Server (10) may be connected to a data storage device directly or via to a cloud based data storage device via network. Server (10) may reside on any networked computing device including a processor and memory, such as a personal computer, workstation, server, portable computer, mobile device, personal digital assistant, laptop, tablet, smart phone, WAP phone, an interactive television, video display terminals, gaming consoles, electronic reading device, and portable electronic devices or a combination of these. Server (10) may include one or more microprocessors that may be any type of processor, such as, for example, any type of general-purpose microprocessor or microcontroller, a digital signal processing (DSP) processor, an integrated circuit, a programmable read-only memory (PROM), a field programmable gate array (FPGA), a reconfigurable processor. Server (10) may include any type of computer memory that is located either internally or externally such as, for example, random-access memory (RAM), read-only memory (ROM), compact disc read-only memory (CDROM), electro-optical memory, magneto- optical memory, erasable programmable read-only memory (EPROM), and electrically-erasable programmable read-only memory (EEPROM), or the like. Server (10) may include one or more input devices, such as a keyboard, mouse, camera, touch screen and a microphone, and may also include one or more output devices such as a display screen and a speaker. Server (10) has a network interface in order to communicate with other components, to serve an application and other applications, and perform other computing applications by connecting to network XX (or multiple networks) capable of carrying data including the Internet, Ethernet, plain old telephone service (POTS) line, public switch telephone network (PSTN), integrated services digital network (ISDN), digital subscriber line (DSL), coaxial cable, fiber optics, satellite, mobile, wireless (e.g. Wi-Fi, WiMAX), SS7 signaling network, fixed line, local area network, wide area network, and others, including any combination of these. Although only one server (10) is shown for clarity, there may be multiple servers (10) or groups of servers (10) distributed over a wide geographic area and connected via e.g. network (which may be referred to as cloud computing).

[0097] In one possible implementation of the computer system, the server (10) implements a positioning or localization service (28) and an authentication service (30). For example, both of these services may be implemented as RESTful web services.

[0098] The server application (18) may be implemented as an Internet application or web application that includes one or more components implementing the administrative utility (24). In one aspect of the administrative utility (24), it enables administrators to control the positioning (or localization) service (28).

[0099] In another embodiment of the invention (not illustrated), the localization service (28) utility may be remotely linked to or accessible by the server (10) and/or the wireless device (14). The localization service (28) may comprise entirely of software, or entirely of hardware, or include both software and hardware components. The localization service (28) may be implemented to one or more server computers, or may be implemented as an interconnected network of computer providing a cloud service, and accessed by the wireless device (14) and the server (10) through one or more trusted networks. The localization service (28) can interoperate with the wireless device (14) and/or the server (12) in order to deliver the functionalities described herein. Zb

[00100] For example, a human administrator can use the administrative utility (24) to define attributes of an "active zone" where geo-fencing is then performed to create one or more defined areas (22). The administrative utility (24) may also implement one or more training routines that enable the administrator to collect training data sets, test scenarios, and optionally iteratively modify settings so as to calibrate system parameters.

[00101] The administrative utility (24) may also be used to upload and modify floor plans to assist in building geo-fencing profiles. FIG. 2 for example illustrates the set up of a defined area (22) for the experiments referred to herein, namely the placement of Wi-Fi access points, and Bluetooth dongles, and possible placements of the 2 x 2 and 5 x 5 zones referred to below.

[00102] The administrative utility (24) may permit for example an administrator to define several geo-fenced areas that may be associated with different localization/authentication requirements. For example multiple defined areas (22) may be associated with different network services, such as for example games. These define areas (22) may or may not overlap. For example, specific zones that are part of a retail environment may be dedicated to playing specific games.

[00103] Numerous other features or settings may be implemented using the administrative utility (24).

[00104] The network services provided through the server (10) may be provided using a secure communication protocol such as HTTPS in order to maintain the confidentiality of data communications related to system operations. Various other security technologies may be used in order provide a secure localization/authentication platform for gaining access to network resources.

[00105] In one aspect of embodiments described herein, the test data are collected based on an administrator's input.

[00106] In one aspect of embodiments described herein, there may be two labels: (A) one for "inside" the defined area (22) or zone, or (B) one for "outside" defined area (22) or zone. In one possible implementation, these labels are indicated in a simple way to help an administrator track and monitor the test data being collected. For example, in one aspect of the server (10), within defined parameters, if access is not granted automatically by operation of the authentication service (30), for example, because positioning of the wireless device within a defined area (22) cannot be determined in a way that meets predetermined specificity or probability scores, then the administrative utility may escalate to display one or more parameters associated with the localization/authentication to a human administrator for processing. The administrator may review the parameters and determine manually whether the wireless device in question is within the defined area (22).

[00107] In one particular implementation, the administration utility (24) when executed permits an administrator to determine settings such as sensitivity of the localization, in other words whether access may be granted to network services within particular range of probability that the wireless device (14) is positioned outside a boundary of the zone. An example is provided below.

[00108] In one implementation of the present invention, the authentication service (30) includes one or more components that are part of the server (10) and also includes a barcode reading component that is part of the mobile application (12), and invokes the camera of the wireless device (14), which is included in most wireless devices (14). The authentication service (30), in one implementation, initiates the computer implemented workflow that is described below under "Representative Workflow", using one or more server and/or mobile application executed routines.

[00109] The authentication service (30) may include a security key infrastructure (32) and a registration service (34) for registering a wireless device (14) to the authentication service (30). In one possible implementation, registration of the wireless device (14) is performed once only. The security key infrastructure (32) may include or link to a certificate authority (36) for generating and assigning data security keys. The authentication service (30) may maintain a profile for each user, which includes a public key, and also other credentials identifying the user such as for example a device ID, and user ID.

[001 10] System may also incorporate various strategies for dealing with noise in the RSSI data. Generally, filters are used to remove noise, however, for improved accuracy filters may need to be applied in a particular way. For example, there is a trade-off between the delay for a filter to start its impact on the values and the amount of the noise that is removed by the filter. Data smoothing may be applied for example by using outlier detection and value estimation so as to smooth the data samples. Value estimation tries to estimate the next upcoming value in a stream of data, and estimation is normally based on temporally local samples of data. Data smoothing may involve variation of the span or window size of the data samples. The window size determines the number of previous samples that are taken into account when estimating the next possible value. The bigger the window size, the stronger the effect of previous data samples on the estimated next sample. Hence larger window sizes will yield a smoother trend line in comparison to the original data. As a result, aside from the estimation methodology, parameters such as window size can greatly impact the outcome of the procedure. One or more smoothing methods may be used to vary the window size in order to reduce the impact of noise.

[001 1 1] Wireless device (14) is operable by a user and may be any portable, mobile, networked computing device including a processor and memory and suitable for facilitating communication between one or more computing applications of wireless device (14) (e.g. a computing application installed on or running on the user device XX), server (10).

[001 12] Wireless device (14) may be a two-way communication device with advanced data communication capabilities having the capability to communicate with other computer systems and devices. Wireless device (14) may include the capability for data communications and may also include the capability for voice communications. Depending on the functionality provided by the mobile device, mobile device may be referred to as a portable electronic device, smartphone, a data messaging device, a cellular telephone with data messaging capabilities, personal digital assistant, WAP phone, laptop, mobile gaming console, a wireless Internet appliance, a portable laptop computer, a tablet computer, a media player, an electronic reading device, a data communication device (with or without telephony capabilities) or a combination of these.

[001 13] Wireless device (14) may include be any type of processor, such as, for example, any type of general-purpose microprocessor or microcontroller, a digital signal processing (DSP) processor, an integrated circuit, a field programmable gate array (FPGA), a reconfigurable processor, a programmable read-only memory (PROM), or any combination thereof. Wireless device (14) may include any type of computer memory that is located either internally or externally such as, for example, random-access memory (RAM), read-only memory (ROM), compact disc read-only memory (CDROM), electro-optical memory, magneto-optical memory, erasable programmable read-only memory (EPROM), and electrically-erasable programmable read-only memory (EEPROM), Ferroelectric RAM (FRAM) or the like. Wireless device (14) may include one or more input devices, such as a keyboard, mouse, camera, touch screen and a microphone, and may also include one or more output devices such as a display screen and a speaker. Wireless device (14) may also have additional embedded components such as a global positioning system (GPS), a clock, a calendar, and so on. Wireless device (14) has a network interface in order to communicate with other components, to serve an application and other applications, and perform other computing applications by connecting to network (or multiple networks) capable of carrying data including the Internet, Ethernet, plain old telephone service (POTS) line, public switch telephone network (PSTN), integrated services digital network (ISDN), digital subscriber line (DSL), coaxial cable, fiber optics, satellite, mobile, wireless (e.g. Wi-Fi, WiMAX), SS7 signaling network, fixed line, local area network, wide area network, and others, including any combination of these. Although only one wireless device (14) is shown for clarity, there may be multiple wireless device (14) distributed over a geographic area and connected via e.g. network.

[00114] Wireless device (14) may be configured with various computing applications, such as mobile application (12). A computing application may correspond to hardware and software modules comprising computer executable instructions to configure physical hardware to perform various functions and discernible results. A computing application may be a computer software or hardware application designed to help the user to perform specific functions, and may include an application plug-in, a widget, instant messaging application, mobile device application, e-mail application, online telephony application, java application, web page, or web object residing, executing, running or rendered on the wireless device (14). Wireless device (14) may include mobile application (12) in order to access the functionality of server (10), by providing and receiving data and carrying out actions and instructions, for example. Wireless device (14) is operable to register and authenticate users (using a login, unique identifier, and password for example) prior to providing access to applications and server (10). Wireless device (14) may be different types of devices and may serve one user or multiple users.

Representative Workflow

[00115] One or more authentication services (30) components may listen for requests from wireless devices (14). [001 16] As mentioned earlier, most wireless devices may include a camera. Referring now to FIG. 10, a representative workflow of server (10) is described below. In one implementation of embodiments described herein, a barcode based positioning system is provided, as described below.

[001 17] At step 1010, a user may request access to a network resource (such as access to a gaming resource) from a local access control server, using a wireless device (14). In one example embodiment, the user may activate the surveyor component on the wireless device (14) in the process of requesting access to a network resource. In another embodiment, the surveyor component, and/or the mobile application (12) may be triggered automatically when the mobile application (12) determines (accessing functions of the wireless device (14)) that it is within a predetermined range of a defined area (22). The server (10) then receives the access request from the wireless device (14).

[001 18] At step 1015, optionally, the server (10) can analyze the request and retrieve one or more rules for authenticating the wireless device (14) and/or the user in order to access the network resource. Various aspects of authentication may vary depending on the nature of the request. For example a particular defined area (22) may apply depending on the request.

[001 19] At step 1020, the server (10) can initiate a location check routine to verify whether the wireless device is in the applicable defined area (22). In one implementation the location check routine involves initiating the collection of the test samples by the mobile application (12), or alternatively the collection is commenced by the mobile application (12) upon initiation of the request. In one exemplary embodiment, the mobile application (12) can collect and process information to collect a site survey that is usable by the server (10) to perform the localization/authentication operations described herein. In one aspect, the mobile application (12) can create a local database to categorize and to store the labeled data sets that constitute samples.

[00120] These samples (data set values plus assigned labels) can then be automatically sent to the server (10) by wireless device (14) based on programming of the mobile application (12).

[00121 ] At step 1025, the server (10) receives the test samples and can initiate the analyzer (25) to build one or more classification models to perform the localization. The server (10) may include or links to an analyzer (25) utility or analyzer service that implements one or more data mining routines or algorithms, which may include one or more machine learning algorithms, for determining the location of the wireless device (14). In one embodiment of the invention, a positioning service 28 including a geo-fencing service is invoked to employ, via classification based positioning engine, a Random Forest based classifier that is trained on a given site survey RSSI data set to predict the presence or absence of a specific device in relation to a specific geo-fenced zone.

[00122] In one embodiment of the invention, a site survey for a defined area such as a geo- fenced area is conducted by a mobile application (12) on a wireless device (14) every time the particular wireless device enters the defined area. The samples based on the site survey are then sent to the server (10) for the purpose of determining the location of the wireless device relative to the defined area.

[00123] In another embodiment of the invention, a site survey is conducted by a mobile application (12) on a wireless device (14) only once for the particular wireless device (and thus its user) for a defined area or a geo-fenced zone, and/or optionally over a defined period of time. For example, when a user first enters or comes close to a geo-fenced zone, a wireless device on the user can be prompted by a server (10) to: (if needed, to download and install the mobile application first), collect measurements and conduct a site survey. The samples can then be sent to the server (10) by the wireless device for the purpose of building classification models necessary for determining the location of the wireless device relative to the geo-fenced zone. The user and the wireless device may then leave and re-enter the geo-fenced zone again in the future without the requirement of conducting another site survey. In this scenario, in the subsequent visits to the same geo-fenced zone, the mobile application (12) on the wireless device only needs to send fresh measurement data to the server (10) without conducting an extensive site survey, and the server (10) may recognize the wireless device and then apply previously determined and stored classification models, as well as one or more data mining routines or algorithms, which may include one or more machine learning algorithms, to the measurement data in order to determine the location of the wireless device relative to the geo- fenced area. The requirement or exemption of site survey may be time-stamped, such that a site survey is required every X hours or Y days, and so on. The exemption of site survey may also be controlled by an administrator or the administration utility in the server (10). [00124] At step 1030, if the server (10) determines that the wireless device (14) is in the designated area (22) and optionally if the wireless device (14) or its user is authorized for the requested resource, then the server (10) can, at step 1035, generate an encrypted ticket using the public key specific to the wireless device (14). Otherwise, access to the system is denied.

[00125] At step 1040, a barcode may be delivered to the mobile application (12). The mobile application (12) can scan the barcode automatically and decrypt the contents to obtain ticket information.

[00126] At step 1045, the wireless device (14) can send back the ticket information to the server (10) through a secure HTTPS connection, optionally along with other credentials. This information can be logged by the server (10), and this completes the localization/authentication of the wireless device (14) to the server (10).

[00127] At step 1050, the server (10) can grant the user access to services he/she requested on the wireless device (14).

[00128] In one possible implementation, a Single Sign On (SSO) solution may be used. A Central Authentication Service (CAS) may be used, which may be maintained using JASIG, a Java implementation of SSO. Plug-ins may be used for the CAS such that it can support any custom protocol as its backend for authentication. This representative implementation can support various protocols such as RADIUS, Open LDAP, OAuth, SPNEGO, x509 certificate based authentication, and OpenID that are all widely used.

[00129] The localization service (28) may be implemented as a web service that maintains classification models and data sets. It also may maintain information regarding the state of each wireless device (14) at the time of operation. Based on the activated geo-fence that is selected by the administrators managing the server (10), classification models are built by the analyzer (25) for classification of the RSSI samples so as to determine positioning or a location of a wireless device relative to the geo-fence coordinates.

[00130] Licensed tokens may be used between the server (10) and the wireless devices (14) in order to create a secure private wireless network where only wireless devices (14) in possession of active and authenticated license tokens can be activated at a specific retail location, for the purpose of accessing specific network resources. [00131 ] In addition, geo-fencing functions can be enhanced by using RFID tags and sensors to define virtual boundaries, including for example in relation to boundaries that are particularly challenging to manage based on noise or physical features of the environment.

[00132] Embodiments described herein may be used in conjunction with purpose-built, security-encrypted dongles, that may incorporate for example hardware keys that enable software operations, for example of the mobile application (12). This aspect may be used to further ensure that access is provided only to authorized devices/users.

[00133] The server (10) may also include programming to detect and contain rogue devices; combat malware; and limit the wireless frequency range to the physical boundaries of the retailer location.

Example in Operation

[00134] What follows in an example in operation that illustrates a possible implementation of embodiments described herein that provides representative test data that shows the accuracy delivered by embodiments described herein.

[00135] Multiple scenarios are considered for collecting data. Assuming that zones are of different sizes in the retail areas, two scenarios are described based on the dimensions of the zone:

I. 2 x 2 Meters, square zones.

II. 5 x 5 Meters Square shaped.

[00136] A skilled reader will appreciate that different zone sizes are possible. The 5 x 5 meter zone dimension may be an accurate representation of gaming in existing retail sites, and also in future gaming sites. Other zone dimensions are possible such as for example 10 x 10 meters.

[00137] In the example provided, the data collected was not cleaned from other wireless signals, in order to replicate a retail environment where typically different signals are propagated by different electronic machines and wireless networking components. The inventors note that they believe that in many of the studies cited in the Background, the environment had been cleaned from existing external noises. [00138] Figure 2 illustrates the data collection area and placements of the Wi-Fi/Bluetooth access points in an illustrative example embodiment.

[00139] Data sets may be collected on the wireless devices (14) used. The technical specification of the wireless adapter that each device is equipped with may play an important role in the quality and characteristics of the data collected.

[00140] In the example in operation, two types of wireless devices were used to collect information: i) tablets and ii) smart phones. In one of the experiments, more than 7 different Android devices are used, including a Galaxy Nexus from Google and Sony Ericsson Xperia devices, running Android operating system versions ranging from 2.2 to 4.0.1. Figure 3 includes a table that shows the data sets collected along with their specifications for this illustrative example.

[00141 ] In one embodiment according to some aspect of the invention, the analyzer (25) may implement one or more data mining algorithms.

[00142] In another embodiment of the invention described herein, the server (10) may use two data mining algorithms.

[00143] In one aspect of embodiments described herein, particular data mining algorithms may work well to derive positioning information, particularly in noisy indoor environments, and using multiple test samples, as explained herein. The data results referenced herein were benchmarked using 1 ) a C4.5 decision tree (for example as described in Reference 17, and 2) a Random Forest algorithm (for examples as described in Reference 18). The C4.5 algorithm is widely used for many reasons. This algorithm may have robust performance against noisy data and missing values, it also may leverage a comprehensible model structure which makes it easy to analyze and modify. However, in some cases where data is imbalanced or there are many features C4.5 might build over fitted models. To address this, in one aspect of embodiments described herein, the Random Forest may be used as an algorithm. Using an ensemble of decision trees, Random Forest is known to be efficient when dealing with imbalanced data sets. This is caused by its use of a random subset of sample data set for training each tree. The Random Forest algorithm also performs well in terms of using as many features as possible by randomly using subsets of features for building each tree in the ensemble. [00144] In one aspect of embodiments described herein, the analyzer (25) may analyze the test samples and determine which algorithm may be suitable for providing the best localization result.

[00145] 1 ) C4.5 Decision Tree: Decision trees may be built using the available data vectors, then the built model is used to predict the label of an unseen data record. The tree consists of three building blocks, internal nodes, edges and leaves. Each internal node represents a feature. Edges that connect internal nodes to their children are labeled with values that the feature can take. Leaves of the tree represent predicted labels. Any data record in a given data set will lead to traversing the tree from root to one of the leaves to determine the label.

[00146] Features are ranked based on their gain ratio, where the information gain ratio for a feature F in a set of T samples is defined as: lnformationGain(F, T)

GainRatio(F, T) =

Entropy(F, T)

[00147] lnformationGain(F, T) is the value that shows impurity of the values in a feature. Since Information Gain is biased towards nominal attributes with many different values, the gain ratio formula is designed to normalize it. This is further explained in Reference 19. This may prevent the problem of zero InformationGain for nominal attributes that have many different values.

[00148] 2) Random Forest: Random Forest is an ensemble classifier. It consists of a collection of decision tree models each built on a subset of training data set attributes. Feature subsets are randomly selected for each of the trees, while the distribution is the same and selection of attributes is independent for every single tree.

[00149] Assuming that a data set consists of N samples and M attributes, the number of random attributes selected for each tree, m, should be much smaller than M. Then for each tree, a subset of m features is randomly selected. An un-pruned decision tree may be built upon the selected subset. For prediction, a sample is iterated over all the trees in the forest. All the tree outputs are stored as votes. Finally, a mode of the votes is selected as a prediction. [00150] Random Forest is well known for building accurate classifiers on different data sets. It also supports methods for balancing errors in unbalanced data sets and can handle a large number of attributes.

[00151 ] By a linear search in parameters, we have achieved (experimentally) a number of 250 trees as the best configuration for our data sets. While the best number of features per tree is discovered to be equal to 2.

[00152] The following describes the results of the application of the above described machine learning algorithms to a geo-fencing scenario.

[00153] First, captured data was transformed into a suitable format. Features are the name or Service Set Identifier (SSID) of the access points concatenated with their MAC address to guarantee their uniqueness. Feature values are the integer RSSI value obtained from the wireless adapter at the time of sampling. RSSI value is an integer in the range of -30 to -99. The value range depends on many factors including zone size, wireless technology, and different kinds of noise present in the environment.

[00154] To implement both classifiers, in one possible implementation a WEKA is used, as described in Reference 20. WEKA is an open source tool for machine learning and data transformation. In one implementation the J48 WEKA implementation was used for the C4.5 classifier and the implementation from the same package for the Random Forest classifier. To determine the best parameters for the classifiers, a linear parameter search can be conducted. Through linear search it may determine the number of trees to be trained in the Random Forest ensemble. Our parameter selection results show that 250 trees each trained on 2 features is the configuration giving the best results based on maximizing F_Measure- The confidence factor used by the C4.5 algorithm to prune decision trees is also determined by experimentation (linear parameter search). Results showed that C4.5 is on its peak performance on our data sets while the confidence factor is set to 0.25.

[00155] With the configurations achieved by parameter selection, final experiments are run. Figures 4(a) to 4(f) show the distribution of resulting classification measures, as a result of a 10- fold cross validation run on the data sets using a Random Forest classifier. Fig. 4(a) represents data for Bluetooth, 2x2 zone, Samsung Galaxy Ace; Fig. 4(b) represents data for Bluetooth, 2x2 zone, Asus TF101 ; Fig. 4(c) represents data for Bluetooth, 5x5 zone, Samsung Galaxy Ace; Fig. 4(d) represents data for Wi-Fi, 2x2 zone, Asus TF101 ; Fig. 4(e) represents data for Wi-Fi- 2x2 zone, Asus TF101 ; and Fig. 4(f) shows data for Wi-Fi, 5x5 zone, Samsung Galaxy Ace.

[00156] The Table shown in Figure 3 presents the results achieved by running both the C4.5 and the Random Forest based classifiers.

[00157] The smaller the zone size, the larger the errors for both Wi-Fi and Bluetooth. Increasing the zone size from 2 x 2 to 5 x 5 results in an increase of performance for the Bluetooth while the same increase in the zone size does not change the performance on the Wi- Fi infrastructure. This happens because Bluetooth dongles used in this experiment have a shorter range than that of the Wi-Fi access points. This results in an earlier reflection of zone size effect. This shows the fact that using shorter range wireless technologies will result in more accurate position predictions.

TABLE I

DESCRIPTION OF COLLECTED DATA SETS

*** "BT" refers to Bluetooth.

Extracting Best Access Point Formation [00158] Placement of the access points and dongles impacts on positioning accuracy. Referring to Figure 2, the dongles may be arbitrarily placed in locations in order to preserve geometrical shape or symmetry. Installation in all environments is not going to follow the same principles. Installed electronic equipment, building materials, and the population of the users present in the retail environment play an important role in the noise generated. Also, the structural limitations do not always allow geometric and symmetric placing of access points and dongles.

TABLE II

TOP 10 FORMATIONS FOR THE 5X5 ZONE SIZE

USING BLUETOOTH POSITIONING

Count Dongle Names ^Measure

3 2, 3, 4 0.78

6 5, 1 , 2, 3, 6, 4 0.77

4 2, 3, 6, 4 0.76

4 1 , 2, 3, 4 0.76

1 3 0.75

5 5, 2, 3, 6, 4 0.75

4 5, 2, 3, 4 0.75

5 1 , 2, 3, 6, 4 0.747

3 3, 6, 4 0.746

5 5, 1 , 3, 6, 4 0.74 [00159] In order to gain both more accuracy and flexibility, in one aspect of embodiments described herein, a tool may be provided to assist in the installation of access points or dongles (more generally anchor nodes) in an effective manner. The tool may be configured to calculate all feature subsets of a collected data set. For example, 64 subsets are generated for a Bluetooth data set that is using 6 dongles for the positioning infrastructure. Eliminating the identical and empty subsets, 62 data sets may remain. Each of these subsets will represent a possible formation of the access points.

[00160] Anchor nodes may be placed to define a geo fenced area a number of manners. For example, the number of anchor nodes may be arbitrary, and may be based on the size and geometric shape of the floor where the infrastructure is being installed. In other cases, a common geometric installation may be used, for example 4 Bluetooth dongles can be placed as corners of an imaginary rectangle that encloses the virtual zone area. However, such an arbitrary installation is not guaranteed to be optimal for providing positioning information. In some cases, even with a much smaller number of anchor nodes satisfactory, or better, results can be achieved.

[00161 ] In another possible implementation, the tool previously mentioned may be configured to extract a preferred subset of the anchor nodes that are to be arbitrarily installed first. To this end, an exhaustive search approach may be undertaken. Because each anchor node is translated to a feature in the geo-fencing system's training data sets, it is possible to build a different classifier with any subset of initial set of anchor nodes. An example search process may consist of the following steps:

Forming all subsets of the features from the dataset collected using all the initial anchor nodes.

Building a classification model using each subset, or sub-dataset.

Ranking the classifiers built upon all the subsets based on their F_Measure achieved using an stratified cross-validation process.

Choosing the best subset based on these two criteria: (a) a better discriminative classification performance, intuitively larger F _easure, and (b) a smaller number of anchor nodes. [00162] For example when working with a 10 x 10 zone that covers a gaming area, using Bluetooth anchor nodes, the initial installation may normally include 6 dongles. The tool however may determine that using two anchor nodes in the middle of the gaming area can achieve results that are even better than using all the six anchor nodes in the initial installation. Therefore cost savings may be provided by reducing the number of anchor nodes by 66% while the dimensions of our data set are reduced by 4 at the same time.

[00163] The framework may target a discriminative classification for tackling both positive (inside) and negative (outside) samples equally. Multiple measures may be taken into consideration. In order to achieve this, a variable referred to as F_Measur_e may be used as a criterion for ranking the subsets, favoring formations that keep Precision and Recall.

[00164] A discriminative classification approach aims to minimize the number of false positive (FP) and false negative (FN) predictions, which intuitively, at the same time leads to maximizing true positive (TP) and true negative (TN) predictions. In other words, discriminative classification focuses on improving predictions for both negative and positive labels at the same time, while generative approaches focus on a single label. For example, a classifier that only focuses on minimizing number of false positive predictions is a generative classifier with a focus on positive samples.

Precision = TP / (TP + FP)

Recall = TP / (TP + FN)

[00165] Considering the equations above, precision is lowered when the number of false positive predictions is high, while recall is lowered when the number of false negative predictions rises. This means that keeping Precision and Recall high at the same time leads to a minimization for both FN and FP predictions. F_Measure may be calculated in the way that its value approaches 1 when both Precision and Recall are maximized. For example, F_Measure may be calculated as follows:

FMeasure = ^{2 *} (Precision ^* Recall) / (Precision + Recall)

[00166] This is why F_Measure rnay be a proper measure for evaluating classifiers towards building a discriminative model. [00167] Table II above lists the top 10 subsets based on the illustrative example F_Measure results. The subsets are derived from the experimental 5 x 5 Bluetooth data set collected by Samsung Galaxy Ace™ devices. In one example embodiment, even using half of the dongles better results can be achieved than using prior art solutions. Considering the shape: the 5 x 5 zone is limited from east and south by walls. This results in a data collection that is mostly close to the north and west borders of the imaginary zone. As a result, the dongles that are closer to these borders turn out to be more useful than the whole set of dongles installed in the playground area.

[00168] Table II compares the results achieved using subsets of an initial anchor node installation (such as installation of one or more Bluetooth dongles) to the results achieved using a full set of anchor nodes. The results show that taking only 3 of 6 dongles into account, we are achieving results that are better than using all the existing anchor nodes.

Robustness and Security

[00169] As described herein, the growing prevalence of wireless devices (e.g. Smartphones and Tablets) has introduced new challenges and a heterogeneous hardware and software ecosystem. Embodiments described herein may involve consideration of how to control user owned devices' access to organization/retail resources. Embodiments described herein may enhance a proposed indoor geo-fencing and access control framework aimed for indoor geo- fencing based access control in retail environments, gaming environments, or other indoor environments. Embodiments described herein may improve robustness and security of the system described herein. The focus of these improvements is building a system that is able to operate properly in noisy, heterogeneous and less controlled environments where the presence of attackers may be a high probability. As a result statistical measures may improve the system's robustness and positioning accuracy along with mechanisms that effectively detect and prevent domain specific attacks.

[00170] For the retail gaming industry to benefit the users who do not depend on the companies' gaming hardware, there may need to be a mechanism to ensure proper and legal use of the gaming resources on user devices (e.g. wireless device (14)). Embodiments described herein may add an extra level of monitoring over the identity and presence of players/users in a retail environment at the time of playing a wagered game via a gaming machine or other mechanism. A user's identity might be required to verify his/her eligibility for using age restricted games. Moreover, the location of gaming can be an important issue, because of legal restrictions involved with whereabouts of a lawful wagered gaming practice. Consequently, a framework is required to bring in Authentication, Identification and Positioning to determine whether a wireless device (14) is authorized to play a game in the aforementioned environment or not. For such applications, the focus may not be on the exact coordinates of a user. Instead, having the knowledge of the presence of a user in a certain area/zone that is associated with certain privileges and authorization rules may be an asset.

[00171 ] Rapid advances and the prevalence of different indoor wireless networking schemes and techniques is another phenomenon of the recent decades. Some techniques may leverage the data available from these wireless networks to approximate the position of a tag or device. See Reference 2, for example. Some techniques may have instrumented proximity based techniques, like RFID (Radio Frequency Identification), to accomplish positioning information. A requirement of tagging or adding additional hardware may be limiting in their application in the heterogeneous hand held device environment. However, Wi-Fi and Bluetooth are communication technologies that are embedded in hand held devices to aid them in connecting to these networks. Consequently, these two technologies may be used by embodiments described herein as candidates for building an indoor positioning system that can be applied to a wide variety of hand held devices.

[00172] Embodiments described herein may use different techniques that can improve the robustness and security of system. Robustness may refer to providing mechanisms and employing techniques for the system to operate normally along with the irregularities of a deployment environment. To this end, environmental noise and outlier sensor values may be processed and analyzed. Then the methods that can be used to overcome such issues may be benchmarked and tested to choose the best approach. Such methods include signal smoothing and filtering methods such as Moving Average and Regression Based Smoothing techniques. In some embodiments, Moving Average may provide the best performance on data sets to overcome these issues. Moreover, in terms of security, characteristics of user data and monitoring of the infrastructure in order to counter framework specific threats may be implemented. [00173] The employed geo-fencing engine may use classification based positioning. Different locations and sites may be surveyed for training a geo-fencing system specific to the site. As an illustrative experiment, a site survey Android application was built. This application helps the administrator to record, label, and categorize RSSI samples to form site surveys. Site survey data may be uploaded to a server associated with the mobile application. The server may decode the data and executes the geo-fencing classifiers to determine the position of the mobile device relative to the geo-fenced zone. For positioning both Bluetooth and Wi-Fi infrastructures may be used. This design set may use as many features currently available on different mobile platforms while avoiding extra hardware or system software modifications. This may lead to a better and smoother integration of components. A prototype of such a system is described by the inventors in indoor geo-fencing and access control for wireless networks, Proceedings of the IEEE Conference on Computational Intelligence and Cyber Security 2013, the entire contents of which is hereby incorporated by reference.

[00174] The server (10) shown in FIG. 1 may comprise various services. Three example services that may be provided are: 1. Authentication and Identification, 2. Positioning and Geo- fencing, and 3. Monitoring.

[00175] The services may be implemented using web technologies for the purpose of ease of deployment and maximum compatibility. In some illustrative example embodiments, for further compatibility, the services may be implemented to follow the basics of RESTful APIs (Representational State Transfer Application Programming Interface), See Reference 27 for example.

Authentication

[00176] As described herein, server may provide an authentication service (30). This may be provided using a web based SSO (Single Sign In/Out). Example implementations are JOSSO (Java Open Single Sign-On) and CAS. Authentication backends are supported by CAS. For example, LDAP (Lightweight Directory Access Protocol), RADIUS, and database authentication in addition to a handful of other protocols such as x509 key based authentication, SPNEGO, OAuth, are supported out of the box. There is also another backend called Legacy which is meant to give backward compatibility with older CAS deployments available. A developer can also add a custom authentication backend when needed. [00177] CAS follows the ticket issuing cycle which is similar to some SSO solutions.

[00178] As an example illustration an application may register with CAS. Authentication service (30) may perform an authentication and ticket issuing process taking the following example steps:

[00179] 1 ) User access the desired network resource (e.g. gaming or registration application), and may be redirected to the CAS authentication service (30).

[00180] 2) Providing the CAS server with correct credentials, a user obtains a Ticket Granting Ticket (TGT).

[00181] 3) Using the TGT, now user obtains a Service Ticket (ST) from CAS. To obtain the ST, a user may need to provide the correct URL from where he/she was referred to CAS. CAS may be aware of such a URL from the registration process of an application to CAS, and also a Referer header that may be provided at the time of redirection in step 1.

[00182] 4) The user may now redirected back to the network resource, passing the ST via POST/GET. (The ST may be configured to be one time usable)

[00183] 5) The network resource verifies the ST with the CAS authentication service (30). After a successful verification, the access control filters determine if a user is authorized to access the network resource.

[00184] 6) After authorization, a user can access the services. [00185] Another example authentication process is described herein. Registration

[00186] Server (10) may include a registration service (34) to register users. Registration of the users may be a critical operation as the server (10) may need a one-time recording of the device (14) and user identity. For example, a device's identity may based on three factors:

(i) MAC (Media Access Control) address of the Wi-Fi adapter installed on the device.

(ii) IMEI (International Mobile Station Equipment Identity) number of the device. (iii) Build model of the device.

[00187] Personal and device information of the user may be collected by registration service (34) at the time of the registration. To finish the registration a security or licensed token (e.g. random salt value) may be transferred to the device using a proximity based communication medium via security key 32. This token may be later used to hash a specific string and send to server (10) to verify session validity. Whenever a registered user starts a new session, a new token (e.g. salt value) may be provided to the user through the proximity based communication apparatus. This specific string or token may be constructed in time of the positioning request. The system may use scanning of barcodes with the wireless devices' (14) camera. Most wireless devices (14) that run gaming applications (12) may be already equipped with cameras, and may be able to scan barcodes using configured hardware and software.

Positioning and Geo-fencinq

[00188] Server (10) may include a positioning service (28) for positioning and geo-fencing. Positioning service (28) may include a set of services used to create, maintain and run user location models or help increase accuracy of location detection. There may be two major services that form positioning service (28): 1 ) Proximity Based Positioning, and 2) Wireless Based Positioning.

[00189] Proximity based data transfer and positioning may be implemented using barcode scanning. The way that barcodes are physically protected from shoulder surfing may be different and may depend on the retail area and limitations. Some barcode displays may have privacy angle of sight protectors or be protected from third parties by proper placing. The proximity based approach may be replaced by an NFC component, which may be more resilient to attacks such as sniffing and also may make vision based attacks difficult. NFC may also prevent confusion when more than one user requests for a validation at the same time.

[00190] The proximity based unit may provide the users with a session specific token (e.g. specific salt value). This randomly generated string may be used to salt a hash string that may be sent along with wireless based positioning requests. As a result, this proximity based approach may serve three purposes: 1 ) Finding the location of the device relative to the geo- fenced zone, 2) Collecting data samples for adapting to the noise in the environment, and 3) Securing sessions (e.g. preventing replay attacks). [00191] The wireless based positioning may have a RESTful API interface. Positioning service (28) may consists of three main components:

1. Geo-fencing engine.

2. Client Status Manager (CSM).

3. Statistics and monitoring unit.

[00192] The Geo-fencing service employed may be a classification based positioning engine. The mechanism for the geo-fencing engine may employ a Random Forest (as described herein) based classifier that is trained on a given site survey RSSI data set to predict the presence or absence of a specific device in relation to a specific geo-fenced zone.

[00193] CSM may be responsible for managing user requests and collecting statistics. CSM may hold brief and long term history of each user's activity. CSM may also work as a behaviour analysis system for clients, throttling request timings and managing the number of active devices for each user. It may keep track of statistical characteristics of the RSSI values sent by a device to detect anomalous activity. CSM may be a component responsible for detecting and preventing attacks specific to the indoor geo-fencing system employed by server (10). Some of these attacks and their countermeasures are discussed herein as illustrative examples. Moreover, this component may be responsible for applying smoothing and outlier detection on the signal strength data provided by wireless devices (14) to enhance the classification and software behaviour. Details for this functionality of CSM are described herein.

[00194] Statistics and monitoring unit uses data collected by CSM to make an abstract view of the client activity per geo-fenced zone. A web interface may demonstrate the status and information of clients (wireless devices (14)) active in a specific geo-fence. The information includes parameters such as being inside or outside the zone, signal strength, device type, etc. Figure 5 demonstrates some screen shots of the statistics and monitoring user interface. Statistics and monitoring user interface may provide different visualized information. For example, user 4 and user 6 have two devices each (user6-1 , user6-2, user4-1 and user4-2), while one of user 4's tablets user4-2 is outside the zone. Devices user6-1 and user4-1 may have weaker signal strength compared to devices user6-2 and user4-2. Security And Robustness For Geo-Fencing

[00195] In this system, rather than tracking the exact position of a user, the system may check the presence or absence of a user relative to the geo-fenced area. This then enables to study the problem as a binary classification system. In this case, binary classification suffices because for such an access control system, presence in a geo-fenced zone may be sufficient to give the permission to use the service, such as play a game, access a map, check-in at a hotel, connect to e-mail servers, and so on.

[00196] An experimental system was designed, developed and evaluated in a common lab area. This area is a 10 by 10 meters room where more than 10 people actively work. The area was not cleaned from electromagnetic noise to better resemble less controlled retail environments where many electronic devices may operate at the time of geo-fenced access control. Figure 2 gives a bird's eye view of the experimentation area.

[00197] Table III presents the data sets that were collected for this experiment. Data was collected with different devices having different types of Wi-Fi and Bluetooth adapters. All the devices ran different versions of the Android operating system ranging from 2.3 to 4.0.

[00198] Several classifiers were tested on the data sets. For selecting the best classifier FMeasure was used. F_Measure is maximized when Precision and Recall are at their maximum. This results in a classification measure that favours better prediction of both negative and positive samples, leading to a more discriminative classification model.

[00199] In such systems, although the classifiers can achieve high accuracy, the performance may decrease in deployment. Due to the high amount of noise present in the Industrial, Scientific and Medical (ISM) radio bands that Bluetooth and Wi-Fi operate in, spontaneous behaviours may happen. Outliers and noisy data recordings at the time of presence in a geo-fence zone may cause users to experience unpredictable gaming conditions. To address these issues, smoothing and outlier detection may be applied on the data. The experiment implement smoothing to study its effect on the performance of the system. TABLE III: GEO-FENCING DATA SET DESCRIPTION

[00200] Figure 6 illustrates an overview of the data held by CSM. Raw RSSI Value and Smoothing RSSI Value arrays are used for smoothing purposes. Discretized RSSI Value and Request Timing arrays are used for security purposes. Client profile and Prediction History buffers are used for enhancing user experience. Enhanced Geo-fencing

[00201] To enhance geo-fencing accuracy and make its behaviour smooth, several smoothing techniques may be used. To this end, CSM is the heart of statistical information that is used to overcome noise and outliers.

Smoothing RSSI Values

[00202] Different approaches may be used for dealing with noise in RSSI data. Such approaches include outlier detection and value estimation, which leads to smoothing the data samples. Value estimation may try to estimate the next upcoming value in a stream of data. Estimation is normally based on temporally local samples of data, the range of this locality can be determined by a span or window size. This span determines the number of previous data points that are taken into account when estimating the next possible value. The bigger the window size, the stronger is the effect of previous data samples on the estimated next sample. Hence larger window sizes yield a smoother trend line in comparison to the original data. As a result, aside from the estimation methodology, parameters such as window size can greatly impact the outcome of the procedure. To choose the best smoothing method, six different smoothing methods were evaluated:

1. Moving Average, a low pass filter with filter coefficients equal to the reciprocal of the span.

2. Local regression using weighted linear least squares and a 1st degree polynomial model (LOWESS).

3. Local regression using weighted linear least squares and a 2nd degree polynomial model (LOESS).

4. Savitzky-Golay filter. A generalized moving average with filter coefficients determined by an un-weighted linear least-squares regression and a polynomial model.

5. A robust version of LOWESS that assigns lower weight to outliers in the regression. The method assigns zero weight to data outside six mean absolute deviations (Robust LOWESS).

6. A robust version of LOESS that assigns lower weight to outliers in the regression. The method assigns zero weight to data outside six mean absolute deviations (Robust LOESS). [00203] The Moving Average method is based on the idea that signals that are close to each other in time, should also have values close to each other. Average speed of walking for humans is about 5 km/h or 1.4 meters per second. Based on the fact that users cannot move fast enough in a retail environment to cause drastic changes and leaps in RSSI values, the idea of Moving Average makes sense for this application. A moving average using a window size of k will result in an estimated value calculated as given in Equation 1.

[00204] The formula given above is also called one-sided moving average. Two sided moving averages are useful when samples are available both from before and after the estimation point. Setting k= 0 leads to putting the latest sample value as the estimate, which is also called "naive" Moving Average. Exponential weighting of the values in the window is another approach for managing the effect of their age on the estimate. Further information can be found in Reference 28.

[00205] The method LOESS (Locally Weighted Regression Scatter Plot Smoothing) is a local regression based on a second order polynomial derived using a Least Square approximation. The polynomial is built using points from the whole data span, biased toward a range of points in the vicinity of the sample, which is estimated by an assigned weight. The LOWESS method is the same as LOESS, unless the least square approximation is a first degree or linear polynomial.

[00206] Least square approximation method is a popular approximation for data fitting. Least square tries to minimize the summation of squared value of errors. Error is defined in terms of the difference of an approximated value with the actual value observed at that point, this difference is also called a residual.

[00207] Reference 29 describes a filter that is a generalized form of the moving average algorithm. The filter uses an order-k polynomial regression local to vicinity of the estimation point. It also assumes that all data points are evenly distributed against time, which does not hold for our collected data sets. This might cause inconvenience when data sampling is set to be on demand for purposes such as extending device battery operation time. [00208] For Robust LOESS and Robust LOWESS, the only difference with the original methods is that outliers are removed from the computation by simply assigning zero weights to them. When calculating the estimate, a 1 st or 2nd orderpolynomial is used to approximate the trend of data in that vicinity. However, weights are assigned to the closest values to bias the least square approximation toward the most recently observed data. When zero weights are assigned to outliers, they are simply disregarded in the least square approximation process. Outliers are detected based on comparing their residual to the mean absolute deviation. Mean absolute deviation is the average distance a sample has from the mean of the data that is observed so far. Mean absolute deviation (MAD) of n data samples is calculated as presented in Equation 2

[00209] Where x is average value of the samples. By six mean absolute deviations, we mean the MADs over the six most recent windows of size n. Considering six MADs instead of one helps getting a better sense of overall behaviour of data and not getting stuck in local conditions where noise is prone to be misleading.

[00210] The smoothing process may be performed in a few steps. For an experiment, data sets may be loaded into Matlab environment (or other computing environment) from CSV file formats (or other file format compatible with the enviroment). The sets may be sorted based on the order of collection, where data sets represent a recorded time series of RSSI values. Starting from the beginning of the data set, the algorithms may try to adjust the value of next sample based on the samples observed up to now. Applied filters have a delay for removing the noise. This delay is in direct relation to the window size selected. As mentioned herein, there may be a trade-off between the delay for a filter to start its impact on the values and the amount of the noise that is removed by the filter. After smoothing is done, the data may be saved back to separate CSV files, or other file format.

[0021 1 ] In each data set the smoothing may be performed separately for each feature and also separately for outside and inside samples of the data. This may be done for two reasons: First, each attribute value may be technically independent from the other values because of the location of the user in proportion to each dongle or access point. Additionally, the noise on each access point may also be independent because they operate on different frequency bands. Secondly, it is rational not to smooth outside data samples according to the inside samples.

[00212] The results of two series of experiments are provided. The first set of experiments are aimed to determine the best smoothing method for the data sets. The second set of experiments are designed to discover the best parameter values for the method chosen in the previous step. In these experiments, each of the 12 data sets, Table III, is smoothed using the methods described above.

[00213] Smoothed data sets may be sorted based on average F_Measure, Equations 3, 4, and 5, then the method with the best ranks may be chosen as the main algorithm. Moving Average has shown more steadiness across different data sets, i.e. for 1 1 out of 12 data sets. Consequently, "Moving Average" has been chosen as the best performing algorithm.

Precision■ Recall

F I, I eas u ve (3)

Precision + Recall

TP

Recall (4)

TP + FN

Precision = _{Tp + pp} (5)

[00214] To further examine the moving average method, experiments results are provided undertaken with different window sizes. The window size has been changed from 10% to 100% of the data stream size. Then the Random Forest classifier is run and results are compared based on F_Measure. Figures 7A and 7B shows the effect of the changing window size on experiments. Fig. 7A demonstrates results for Bluetooth and Fig. 7B demonstrates results for Wi-Fi. In general, results demonstrates that a value of 35% to 45% of the data size is the best window size for both Bluetooth and Wi-Fi data sets. Figures 9A and 9B shows Random Forest results from an experimental classification on a 5X5 zone using Wi-Fi and Bluetooth infrastructure, respectively, and different wireless devices (14) (e.g. ASUS tablet and Samsung Smartphone, respectively). Figs. 9A(a) and 9B(a) represent Moving Average method, Figs. 9A(b) and 9B(b) represent LOWESS method, Figs. 9A(c) and 9B(c) represent LOESS method, Figs. 9A(d) and 9B(d) represent Savitzky-Golay method, Figs. 9A(e) and 9B(e) represent Robust LOWESS method, and Figs, 9A(f) and 9B(f) represent Robust LOESS method.

Smoothing Issues

[00215] Although smoothing can improve the classification by eliminating noise and outliers in some cases, there may be some issues in the geo-fencing system. One issue is the transition of a user from being inside to going outside. Even a relatively small window size (between 5 to 15 data samples) will cause the values to tend to be similar to the past. Consequently, it may improve user experience by removing sudden decision changes, but may introduce the risk of giving access to resources while the user is outside a zone. As mentioned herein, a weighted moving average method can help result in making predictions in favour of the latest data points. However, due to the significant amount of noise, this may also make the smoothing method prone to issues when outliers are introduced.

[00216] To address this issue, the information stored by CSM may be used. In Figure 6 two circular FIFO buffers with sizes equal to the smoothing window size are shown. The "Raw RSSI Values" buffer stores the RSSI data points as received from a client, opposite is the "Smoothed RSSI Values" buffer, which stores the RSSI values that are output of the smoothing algorithm, e.g. Moving Average, or other smoothing algorithm. A third buffer, "Predictions History", stores the three latest predictions. As shown in Figure 6, this information may be stored for each client separately in client profiles. Based on these data points, two predictions may be made per each geo-fencing request:

1. A decision made by the classifier trained on the raw data based on the latest raw data point.

2. A decision made by the classifier trained on the smoothed data based on the latest smoothed data point.

[00217] In cases where these two decisions disagree the final decision may be made in favour of the smoothed decision maker, or based on another configured default rule. However, whenever the two classifiers have disagreed more than a k number of times, the decision will be put in favour of the raw classifier and all smoothing windows will be flushed. By flushing the smoothing windows, the effect of the history on the latest changes may be removed.

[00218] Taking this approach results in a small delay in switching from present to absent in a geo-fenced zone. In return, two negative factors may be removed at the same time. Firstly, the spontaneous behaviour caused by noise may be eliminated. Secondly, the smoothing drawback of making predictions relative to the past may also be addressed. Experiments show that setting k = 3 will lead to a more balanced configuration.

Investigating Threats And Attacks

[00219] Like any other network service, the geo-fencing services of system may be prone to network attacks in different layers. These go from one end of the spectrum to the other, namely jamming attacks in lower network layers to higher level attacks including ARP (Address Resolution Protocol), IP address or data spoofing, Denial of Service (DoS), Brute Force, and Man in the Middle (MitM).

[00220] Many DoS attacks may be countered using third party installations like IDS systems. Also user activity may be tightly firewalled and protocol specific payloads may be limited to a certain size in relation to the number of users and scale of the service.

[00221] Authentication services like CAS and JOSSO may have password Brute Force prevention mechanisms like request throttling, human verification, blacklisting, and minimum password requirements for a strong password. This type of attacks can also be aptly tackled by setting sufficient password requirements such as password length and use of special characters. See for example Reference 30.

[00222] To ensure the safety of the communication against sniffing and MitM attacks such as ARP spoofing and SSLStrip (see Reference 31), servers use static ARP entries. Communications may be strictly performed under HTTPS and SSH to be protected from sniffing. HTTPS may be used strictly, disabling the SSLStrip attacking node to redirect the communication to a plain text HTTP connection. System may also use a mechanism for proximity based presence verification by issuing and handing a per session random token that helps verify sender identity and randomize security tokens per session. [00223] The geo-fencing methodology, if known to the attacker, may be exploited to gain alleged access to gaming resources. Because the system highly depends on RSSI data samples reported by a user's wireless device (14), one can manipulate the reported values to impersonate a person who is present in a legal zone. The following discusses different aspects and countermeasures of possible scenarios.

Coupling Proximity Based and Wireless Based Geo-fencing

[00224] As mentioned herein, a token value (e.g. saltj_nit value) may be provided to the user on the time of registration and another token value (e.g. salt_session value) may be provided each time a user initiates a game session. The value of the token (e.g. salt_init) may be used to identify the registered device, while the other token (e.g. salt_seSsion) may be changed in every game session to couple the local proximity based positioning mechanism to the related geo-fenced zone.

[00225] Each time the user intends to start a new game session the following steps may be taken:

1. User authenticates to the service using the registered user name and the password.

2. User then visits a barcode terminal and scans the "green" barcode.

3. The token (e.g. salt_seSsion) is now displayed on the same display, so the user scans the "red" barcode and obtains this token.

[00226] This two step barcode scanning ensures that the user gets the token (e.g. salt_seSsion) that is dedicated to his/her device. Both token values (e.g. salt_injt and salt_sessi0n) may be stored on the geo-fencing server (10). Then, on each request the users calculate and send a hash, equation 6, to the server.

Hasli(sal _{ll l†} + salt _<t + RS Sirring

Ϊ User name + BuUdModcl + IMEI + MAC_{addrc s})

[00227] A plus shows the concatenation of strings. RSSI_string is a string that is formatted according to the observed anchor node RSSI values. Other values may be shared with the server (10) at the time of the registration. [00228] Finally, each token (e.g. salt_seSsion) may be assigned a maximum time to live. During the validity time, the geo-fencing server (10) computes the hash value using the same previously known parameters. The server side hash is then compared to the hash submitted by the user to make sure proximity based positioning is performed and at the same retail site. If the hash is not valid or the token (e.g. salt_seSsion) has gone obsolete, the user's access may be cut and he/she may be required to perform the steps to obtain a new token (e.g. salt_seSsion) value.

Brute Forcing RSSI Values

[00229] In this case, an adversary present in a gaming retail environment can access a game outside the specific geo-fenced zone. In order to do so, he/she needs to collect a collection of positive samples to be used for replaying when spoofing is needed. Brute forcing RSSI values may be more successful than password brute forcing, because guessing a positive value is more probable. In contrast, for a password guessing attack, there is only one correct answer for the whole process.

[00230] There are many methods to detect or disable a brute force attempt. An example method for delaying brute force attacks is to throttle the number of requests a user (via wireless device (14)) can submit to the server (10). As mentioned herein, CSM keeps track of request timings from each user. CSM is designed to be configurable with the following parameters:

(i) Minimum Request Delay This determines the minimum time that a user needs to wait to submit a new positioning request.

(ii) Maximum Number of Violations This determines the maximum number of times a user can violate a constraint before the account is blacklisted, including the violation of Minimum Request Delay.

(iii) Time in Blacklist The time that the user will be blacklisted. This could be set to infinity by setting a non-positive value or exponential blacklisting times, if it is set to a positive value.

[00231] Generating signal data randomly, an attacker may attempt to keep the positive samples for future replay. Comparing the randomly generated signals to regular users' behaviour according to the data buffers that CSM is recording can distinguish users from attackers. For each client, a long term history of RSSI values per anchor node is stored. This history is held as a set of unique RSSI values each client has sent for positioning requests.

[00232] Because of the nature of a retail gaming environment and human movement speed, a regular user sending legitimate values is limited to a number of possible values in a specific time frame. However, because the attacker is generating random values aiming to cover the state space, his/her values are not as limited as a benign user. To differentiate these two behaviours, CMS keeps track of the growth rate of the each anchor node's value set per each user. The growth rate may be calculated as shown in Equation 7.

Size ( Value Set)

Growt h-ate — (7)

Total Nu m her ofBequ e si s

[00233] At the beginning of a session the set is empty. Consequently, the growth rate is high and close to 1. After a number of values are submitted to the server, a user's growth rate starts to fall, because new unique values are not added to the set as frequently. Experiments show that normal users' growth rate falls much earlier and faster than that of a brute forcing attacker.

[00234] Assuming that attacks are anomalous activities, detection of such behaviour is based on the following principles:

1. Value sets are reset at every Flush_Point requests.

2. A user must have submitted at least Min_Req_Uests requests to become eligible for the process.

3. A user is reported as suspicious when its average Growth_rate is higher than the average of Growth_rates over all the eligible users with a distance of at least 3MAD.

[00235] Intuitively, the variations observed in the signal values may also be dependent on the geo-fencing zone sizes, as the user has more freedom to move and send a more diverse set of values. To this end, Flush_Point and Min_Req_Uests can be tuned to suit different zone sizes.

[00236] Figure 8 demonstrates the trend of average Growth_rate for three different users (a RSSI spoofing user, a brute-force attacker, and a regular user) in a 2x2 zone over 100 positioning requests based on an illustrative experiment. A brute force attacker is sending random RSSI values between -30 and -90. A regular user is normally moving or standing inside the geo-fenced zone. A spoofer is replaying 10 positive samples while staying outside the geo- fenced zone. Figure 8 shows the trend of Growth_rate for RSSI Spoofing, Bruteforcing ,and a regular user in a 2x2 zone monitored using Bluetooth RSSI values as an illustrative.

Fake Wi-Fi and Bluetooth Anchor Nodes

[00237] The geo-fencing system is dependent on RSSI values for determining the position and as a result permissions of a user. One way for an attacker to disrupt this process is introducing fake Wi-Fi or Bluetooth anchor nodes. Such an attack may be achieved by running a Wi-Fi access point or Bluetooth hotspot that advertises services with the same MAC address or SSID (Service Set Identifier) as one or more of the anchor nodes employed in the geo- fencing infrastructure.

[00238] To counter such an attack, the Bluetooth hardware (or other wireless hardware) used in the wireless infrastructure constantly scans the environment for beacons from other anchor nodes. Each node will compare each observed MAC address and/or SSID to its own MAC and SSID. If any of the anchor nodes observe such a duplicate, an alert may be sent to the administrator for further investigation.

Other Attacks

[00239] In this case, some threatening scenarios are studied where a certain decision could not be made about the true class of an activity. One such scenario is studied where an activity cannot be marked as attack due to ambiguous nature of such practice. This problem may depend on the terms of service (ToS) that is agreed upon by a gaming company and its customers.

[00240] This scenario includes a device (14), which is physically present in a geo-fenced zone, which is facilitating the game play for users not present. Such a scenario can use the third or the fourth generation data networks to give access to users remotely connecting.

[00241] A remote user can connect over a screen sharing protocol to play remotely. Or he/she can connect through a more sophisticated set of services to obtain environment values such as RSSI and tokens (e.g. hashing salt), and then start playing games while the facilitating node acts a relay or network proxy. [00242] Such an attack can be countered by two strategies. Firstly, CSM can be configured such that no more than one user at a time is able to play using a physical hand held wireless device (14). Secondly, in 3G networks, up-link has a very smaller delay in comparison to the down-link (See Reference 32). This helps detect such an activity when a tunnelled connection is used by the remote user to play through the facilitating device.

[00243] As mentioned herein, such a scenario is highly dependent on a regional legislative decisions in addition to the gaming company policies and ToS. Such situations further emphasize the need to expand legal studies in order to keep up with the evolution of the digital computing environments.

Example Results

[00244] Embodiments described herein may provide accurate proximity based positioning, even in indoor environments, and utilizing existing hardware features of wireless devices, especially smart phones.

[00245] Not all users may wish to use traditional electronic gaming machines or gaming consoles. Rather, increasingly consumers may wish to use their own wireless devices. Internet gaming in many jurisdictions is prohibited or restricted. Users visiting a defined area that is a casino or other regulated licensed gaming zone, for example, may want to play games of chance that may not be authorized outside of a defined area by regulating authorities, using their wireless device. This may not have been possible prior to development of embodiments described herein. Users may access gaming resources using their wireless device within the boundaries of a casino, by accessing resources for example through a casino controlled local computer, or an Internet deployed server or network service associated with the casino operator. For example, a wireless device may couple to a local computer which in turn may connect to one or more gaming terminals. As another example, a wireless device may couple to one or more gaming terminals. Granting access to wireless devices to resources based on localization/authentication may also enable new and engaging methods of interacting with electronic gaming machines or in casino displays, as well as multi-player features that permit users to access functionality using their wireless device. Embodiments described herein may therefore permit significant innovation in the overall gaming experience, including for example in casinos. [00246] Many users prefer using their wireless devices over electronic gaming machines, and therefore a platform that enables access from wireless devices to regulated games can attract new gaming users.

[00247] The technology described herein may be integrated in existing electronic gaming machines, thereby extending the use of electronic gaming machines. For example a video lottery terminal (VLT) may incorporate or link to the technology described in this disclosure, thereby anchoring a geo-fenced area that permits additional users to access special, for example regulated games, that they can play on their wireless device, using resources of the VLT or a system linked to the VLT.

[00248] Embodiments described herein may provide proximity based positioning without the need for additional devices or chips such as RFID or Near Field Communication (NFC) chips for this purpose. Accordingly, embodiments described herein may provide wide compatibility, which is desirable for example in retail environments. In a gaming environment in particular, the embodiments described herein may permit users a completely new way to interact with games in for example a casino environment, using their own wireless devices such as smart phones.

[00249] Embodiments described herein may also permit the use of existing wireless infrastructures such as any Wi-Fi or Bluetooth infrastructure that is already in effect.

[00250] Embodiments described herein may work with any device with a wireless or Bluetooth adaptor, or other wireless network adapter to couple to server or gaming machines.

[00251] Significantly, embodiments described herein may enable localization/authentication under noisy and realistic indoor positioning contexts.

[00252] Embodiments described herein may be easy to implement and efficient to scale. They may be used in various applications that require positioning information for a wireless device, including in indoor environments. Additionally, embodiments described herein may include an overall platform with hardware and software components for securing the communications and providing authentication, identification and registration. There are numerous applications of the embodiments described herein .

[00253] Embodiments described herein may allow for the first time the use of off the shelf wireless devices to build a classification based indoor geo-fencing system. [00254] Embodiments described herein may permit users to access a gaming environment by providing a user security and identity mechanism that also incorporates positioning as a factor for access control. Positioning is done using proximity based techniques and also wireless based indoor positioning infrastructure.

[00255] Embodiments described herein may apply measures and modifications to make the system more robust and secure in noisy environments.

[00256] Robustness may be achieved by applying smoothing algorithms to RSSI data sent from the devices in a geo-fencing environment. Smoothing may remove outliers and reduce the spontaneous changes in decisions made by the positioning system. Smoothing issues may be addressed using different classifiers on different data sets at the same time. Results show that smoothing may not only improve the behaviour of the software, it may also improve the average accuracy.

[00257] Based on studies of threats faced by a real world deployment of indoor location based access control, embodiments described herein may provide security mechanisms. Security of the system may be assured by adding throttling and per user statistical analysis. Attacks may be countered by using mechanisms such as static ARP entries, and request throttling. However, to address system specific attacks including RSSI value brute forcing and spoofing, new measures and detection mechanisms such as outlier detection upon RSSI value Growth_rate (or growth rate) and infrastructure monitoring are introduced. Detection of fake Wi-Fi access points and Bluetooth hotspots may also be built-in to the system.

[00258] Passive collection of signal values by the anchor nodes may be useful in countering many domain specific attacks that are involved with RSSI values. However, this also introduces new challenges for identifying devices and countering other low level attacks. To further improve the system additional factors may be implemented such as for example: hybrid positioning based on both Wi-Fi and Bluetooth, a user's direction (magnetometer sensor), as well as integration of NFC for two way proximity based communication.

Claims

A computer system for authenticating a wireless device based on localization, comprising:

(a) a central server or computer network service; and

(b) a wireless device configured to access a mobile application, the mobile application being coupled with the central server or the computer network service, and when executed accesses functions of the wireless device to collect measurement data related to (i) a first wireless network and (ii) a second wireless network; wherein the mobile application sends the measurement data to the central server or computer network service for analyzing the measurement data to determine a location of the wireless device relative to a defined area, and wherein the central server or computer network service is configured to grant or deny the wireless device access to one or more resources linked to the central server or computer network service, based on the location determined for the wireless device relative to the defined area.

The computer system of claim 1 , wherein an indoor geo-fenced area is established, within which the wireless device is permitted to access the central server or the computer network service, and wherein the first set of measurement data are made in a Wi-Fi mode, and the second set of measurement data are made in a Bluetooth mode, and the first and second set of measurement data are analyzed to determine whether the wireless device is located in the indoor geo-fenced area at the time of a request to access the one or more resources linked to the central server or computer network service.

The computer system of any one of claim 1 or claim 2, wherein the measurement data comprise RSSI data and the computer system includes a service that implements one or more machine learning approaches to classify the RSSI data to determine the location of the wireless devices relative to one or more virtual boundaries of the indoor geo-fenced area.

4 The computer system of claim 3, wherein the computer system is configured to apply one or more smoothing techniques to RSSI data sent from the wireless device in a geo- fenced environment.

5 The computer system of claim 4, wherein the one or more smoothing techniques are based on at least one of the smoothing methods of Moving Average, weighted Moving Average, LOWESS, LOESS, Savitzky-Golay filter, a robust version of LOWESS, and a robust version of LOESS.

6 The computer system of any one of claim 1 to claim 5, wherein the computer system is configured to apply security mechanisms based on at least one of throttling, per user statistical analysis, outlier detection upon RSSI value growth rate_, infrastructure monitoring, and detection of fake access points and hotspots.

7 The computer system of any one of claims 1 to claims 6, wherein the mobile application is loaded within the wireless device.

8 A computer-implemented method, suitable for a central server or computer network services, for authenticating a wireless device based on localization, the method comprising the steps of: receiving measurement data from a mobile application accessible by the wireless device; analyzing the measurement data to determine a location of the wireless device relative to a defined area; and based on the determination of the location of the wireless device, determining whether to authenticate the wireless device.

9. The method of claim 8, wherein the measurement data comprises RSSI data associated with the wireless device.

10. The method of any one of claim 8 or claim 9, wherein analyzing the measurement data comprises classifying or modeling of the measurement data.

1 1. The method of claim 10, wherein analyzing the measurement data comprises applying one or more smoothing techniques to the measurement data prior to the classifying or modeling of the measurement data.

12. The method of any one of claim 9 to claim 1 1 , further comprising the step of applying security mechanisms based on at least one of: throttling, per user statistical analysis, outlier detection upon RSSI value growth rate, infrastructure monitoring, and detection of fake access points and hotspots.

13. The method of any one of claim 8 to claim 12, further comprising the step of granting or denying access to one or more resources linked to the central server or computer network service, based on the location determined for the wireless device relative to the defined area.

14. The method of any one of claim 8 to claim 13, wherein the defined area comprises an indoor geo-fenced area.

15. The method of any one of claim 8 to claim 14, wherein the measurement data comprises at least two sets of measurement data, the first set of measurement data made in a Wi-Fi mode, and the second set of measurement data made in a Bluetooth mode.

16. A method, suitable for a wireless device, for authenticating the wireless device based on localization, the method comprising the steps of: collecting measurement data related to (i) a first wireless network and (ii) a second wireless network; and sending the measurement data to a central server or computer network service for modeling the measurement data to determine a location of the wireless device relative to a defined area.

17. The method of claim 16, wherein the measurements data comprise RSSI data.

18. The method of any one of claim 16 or claim 17, wherein an indoor geo-fenced area is established, within which the wireless device is permitted to access the central server or the computer network service, and wherein the first set of measurement data are made in a Wi-Fi mode, and the second set of measurement data are made in a Bluetooth mode.

19. The method of any one of claim 16 to claim 18, wherein access to one or more resources linked to the central server or computer network service is granted or denied based on the location determined for the wireless device relative to the defined area.

20. The method of claim any one of claim 16 to claim 19, further comprising the step of receiving a barcode or a ticket from the server or computer network service.

21. The method of claim 20, comprising the step of sending a response to the server or computer network service in response to receiving the barcode or ticket.

22. The method of claim 21 , wherein the measurement data are processed prior to being sent to the central server or computer network service.