WO2016043389A1 - Ble beacon device for anti-spoofing - Google Patents
Ble beacon device for anti-spoofing Download PDFInfo
- Publication number
- WO2016043389A1 WO2016043389A1 PCT/KR2015/000722 KR2015000722W WO2016043389A1 WO 2016043389 A1 WO2016043389 A1 WO 2016043389A1 KR 2015000722 W KR2015000722 W KR 2015000722W WO 2016043389 A1 WO2016043389 A1 WO 2016043389A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- packet
- count information
- generated
- user
- terminal device
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/28—Timers or timing mechanisms used in protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/52—Network services specially adapted for the location of the user terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/61—Time-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Definitions
- the present invention generally relates to a BLE beacon device for anti-spoofing and, more particularly, to a BLE beacon device that may enhance the security of location-based service of a user's terminal device.
- Locating a user's terminal device with GPS-based technology is widely used outdoors. However, indoors or below ground level, the use of GPS is limited because it is difficult to receive a GPS signal. Consequently, to solve this problem, short-distance communication methods have been suggested. Specifically, beacon devices using Bluetooth Low Energy (BLE) have recently emerged as a solution to the problem.
- BLE Bluetooth Low Energy
- a BLE beacon device periodically transmits its own location information to a user's terminal device, and the user's terminal device receives the information and retransmits it to a beacon management server. Accordingly, the beacon management server may detect the location of the user's terminal device through the location of the BLE beacon device.
- any user's terminal device in the transmission range may receive the location information of the beacon device. Consequently, packet sniffing is done by a user's terminal device, which does not have appropriate authority, thus spoofing is possible.
- existing BLE beacon devices are convenient for detecting a current location of a user, but a service provider may not trust the information about the current location of the user. For example, by sniffing information transmitted from a beacon device that is installed in location A, the information may be retransmitted in location B. Accordingly, even though the user is not in location A, it is possible to receive a service provided in location A, for example acquiring a check-in point. Particularly, in case of a beacon device in connection with a payment system, it is difficult to provide a reliable service because location information of the beacon device may not be trusted.
- an embodiment of the present invention intends to provide a BLE beacon device for anti-spoofing, which may prevent spoofing by an illegal user's terminal device.
- a beacon device for anti-spoofing may include: a count generating unit for generating count information according to a first time rule; a packet generating unit for generating, according to a second time rule, a packet including the generated count information and a beacon device ID (UUID), the generated count information corresponding to a time at which the count information is generated; and a communicating unit for broadcasting the generated packet to a user's terminal device or a user's terminal device connected to a beacon device server in order that the user's terminal device or the beacon management server confirms a location of the user's terminal device according to a difference of times corresponding to pieces of count information included in at least two packets that are generated according to the second time rule.
- UUID beacon device ID
- the beacon device for anti-spoofing may further include an encrypting unit for encrypting the packet using either a single encryption method or a double encryption method.
- the count generating unit may be synchronized with an internal timer of the beacon management server.
- the packet generating unit may generate the packet to sequentially include the generated count information when the first time rule is the same as the second time rule, and generate the packet to include the generated count information according to a predetermined order when the first time rule is different from the second time rule.
- the beacon device for anti-spoofing may further include a state information collecting unit for collecting state information of the beacon device.
- the state information may include at least one among a temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, and seismic intensity of the beacon device.
- a method for anti-spoofing of a beacon device may include: generating count information according to a first time rule; generating, according to a second time rule, a packet including the generated count information and a beacon device ID (UUID), the generated count information corresponding to a time at which the count information is generated; and broadcasting the generated packet to a user's terminal device or a user's terminal device connected to a beacon device server in order that the user's terminal device or the beacon management server confirms a location of the user's terminal device according to a difference of times corresponding to pieces of count information included in at least two packets that are generated according to the second time rule.
- UUID beacon device ID
- the method may further include encrypting the packet using either a single encryption method or a double encryption method.
- the method may further include synchronizing with the beacon management server.
- the packet in generating the packet, when the first time rule is the same as the second time rule, the packet is generated to sequentially include the generated count information, and when the first time rule is different from the second time rule, the packet is generated to include the generated count information according to a predetermined order.
- the method may further include collecting state information of a beacon device.
- the state information may include at least one among a temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, operation modes, and seismic intensity of the beacon device.
- a computer-readable storage medium on which a program for anti-spoofing is recorded is provided, the program being executed in a beacon device.
- the program may include: a code for generating count information according to a first time rule; a code for generating, according to a second time rule, a packet including the generated count information and a beacon device ID (UUID), the generated count information corresponding to a time at which the count information is generated; and a code for broadcasting the generated packet to a user's terminal device or a user's terminal device connected to a beacon device server in order that the user's terminal device or the beacon management server confirms a location of the user's terminal device according to a difference of times corresponding to pieces of count information included in at least two packets that are generated according to the second time rule.
- UUID beacon device ID
- the program may further include a code for encrypting the packet using either a single encryption method or a double encryption method.
- the program may further include a code for synchronizing with the beacon management server.
- the code for generating the packet generates the packet to sequentially include the generated count information when the first time rule is the same as the second time rule, and generates the packet to include the generated count information according to a predetermined order when the first time rule is different from the second time rule.
- the program may further include a code for collecting state information of a beacon device.
- the state information may include at least one among a temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, and seismic intensity of the beacon device.
- a BLE beacon device may enhance reliability of location information of a beacon device by preventing spoofing by an illegal user.
- beacon device depending on reliable location information of a beacon device, it is possible to construct environments that may provide supplementary services using sensitive personal information, such as financial settlements.
- FIG. 1 is a block diagram of a BLE beacon device system for anti-spoofing according to an embodiment of the present invention
- FIG. 2 is a block diagram of a BLE beacon device for anti-spoofing according to an embodiment of the present invention
- FIG. 3 is a block diagram of a user's terminal device for confirming a location of a user in connection with a BLE beacon device for anti-spoofing, according to an embodiment of the present invention
- FIG. 4 is a block diagram of a beacon management server for confirming a location of a user in connection with a BLE beacon device for anti-spoofing, according to an embodiment of the present invention
- FIG. 5 is a flow diagram of a method for anti-spoofing according to an embodiment of the present invention.
- FIG. 6 is a flow diagram of a method for anti-spoofing according to another embodiment of the present invention.
- FIG. 1 is a block diagram of a BLE beacon device system for anti-spoofing according to an embodiment of the present invention.
- a BLE beacon device system for anti-spoofing according to an embodiment of the present invention will be described in detail.
- a BLE beacon device system 10 includes a BLE beacon device 100, a user's terminal device 200, and a beacon management server 300.
- the BLE beacon device 100 may broadcast information for confirming a location of the user's terminal device 200, which includes its own location information, state information, ID, and the like.
- FIG. 2 is a block diagram of a BLE beacon device for anti-spoofing according to an embodiment of the present invention.
- a BLE beacon device 100 may include a count generating unit 110, a state information collecting unit 120, a packet generating unit 130, an encrypting unit 140, and a communicating unit 150.
- the count generating unit 110 may generate count information with a fixed time rule.
- the count generating unit 110 may generate the count information according to a first time rule, including a predetermined sequence table or a predetermined rule.
- the count information is generated according as a value of a timer (not illustrated) inside the BLE beacon device 100 increases with a constant time interval. If count information at a certain time is known, count information before a fixed time period or count information after a fixed time period may be obtained through the predetermined sequence table or the predetermined rule.
- the count generating unit 110 may be synchronized with an internal timer of the beacon management server 300. In this case, the count generating unit 110 may generate count information that corresponds to the time after the synchronization.
- the state information collecting unit 120 may collect various state information of the BLE beacon device 100.
- the state information may include at least one among the temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, and seismic intensity of the BLE beacon device 100.
- the state information collecting unit 120 may collect the state information through a sensor module (not illustrated).
- the packet generating unit 130 may generate a packet including both the count information generated in the count generating unit 110 and a beacon device ID.
- the count information included in the generated packet may correspond to the time at which the count information is generated. More specifically, when the first time rule is the same as the second time rule, the packet generating unit 130 may generate packets to sequentially include the generated count information. For example, when the packet generation time is the same as the time at which the count information is generated, the packet generating unit 130 may generate packets to have the different count information. Also, when the first time rule is different from the second time rule, the packet generating unit 130 may generate packets to include the generated count information according to a predetermined order.
- packets may be generated to include the same count information according to the predetermined rule.
- the number of the packets including the same count information may be different.
- the generated packet may include the state information of the BLE beacon device 100, which is collected by the state information collecting unit 120.
- the encrypting unit 140 may encrypt the packet generated in the packet generating unit 130.
- the encrypting unit 140 may encrypt the generated packet using either a single encryption method or a double encryption method.
- the encrypting unit 140 encrypts the generated packet using a fixed key.
- the fixed key may be distributed in advance to a user's terminal device 200 or a beacon management server 300.
- the encrypting unit 140 encrypts the generated packet using a random shared key. In this case, the packet including the random shared key may be transmitted to the user's terminal device 200 or the beacon management server 300.
- the encrypting unit 140 after encrypting the generated packet using a random shared key, the encrypting unit 140 encrypts the random shred key using a fixed key. Then, the packet including the encrypted random shared key may be transmitted to the user's terminal device 200 or the beacon management server 300. In this case, the fixed key may be distributed in advance to the user's terminal device 200 or the beacon management server 300. Alternatively, after encrypting the generated packet using the random shared key, the encrypting unit 140 may encrypt the packet including the random shared key using the fixed key.
- a BLE beacon device 100 includes an encrypting unit 140, but not limited to the above description, the encrypting unit 140 may be omitted.
- the communicating unit 150 may broadcast the packet encrypted in the encrypting unit 140, or when the encrypting unit 140 is omitted, it may broadcast the packet generated in the packet generating unit 130. Accordingly, the user's terminal device 200 or the beacon management server 300 confirms a location of the user's terminal device 200 according to the difference of the times corresponding to the pieces of count information included in at least two packets that are generated depending on the second time rule.
- the communicating unit 150 may use Bluetooth Low Energy, but the communicating unit 150 is not limited to this, and it is possible to use any short-distance communication method, including Wi-Fi.
- a user's terminal device 200 may transmit a packet received from a BLE beacon device 100 into a beacon management server 300 to confirm its own location.
- the user's terminal device 200 may confirm its own location based on the count information from the BLE beacon device 100.
- FIG. 3 is a block diagram of a user's terminal device for confirming a location of a user in connection with a BLE beacon device for anti-spoofing, according to an embodiment of the present invention.
- a user's terminal device 200 may include a communicating unit 210, a decrypting unit 220, a packet extracting unit 230, a validating unit 240, and a storing unit 250.
- the communicating unit 210 may receive a packet including both count information and a beacon device ID (UUID), which is broadcast from a BLE beacon device 100.
- UUID beacon device ID
- the communicating unit 210 may use Bluetooth Low Energy, but the communicating unit is not limited to this, and it is possible to use any short-distance communication method, including Wi-Fi.
- the decrypting unit 220 may decrypt the packet received in the communicating unit 210.
- the decrypting unit 220 may decrypt the packet using either a single encryption method or a double encryption method.
- the decrypting unit 220 may decrypt the packet using a fixed key that has been distributed in advance.
- the decrypting unit 220 may extract a random shared key from the packet and decrypt the packet using the extracted random shared key.
- the decrypting unit 220 extracts a random shared key, which has been encrypted, from the packet and decrypts the extracted random shared key using a fixed key that has been distributed in advance. Then, the decrypting unit 220 may decrypt the packet using the decrypted random shared key. Alternatively, the decrypting unit 220 decrypts the packet using a fixed key that has been distributed in advance, and extracts a random shared key from the decrypted packet. Then, the decrypting unit 220 may decrypt the packet using the extracted random shared key.
- a user's terminal device 200 includes a decrypting unit 220, but not limited to the above description, the decrypting unit 220 may be omitted.
- the packet extracting unit 230 may extract count information and a beacon device ID from the packet decrypted in the decrypting unit 220.
- the packet extracting unit 230 may extract count information and a beacon device ID from the packet that is periodically received in the communicating unit 210. In this case, according to a predetermined sequence table or a predetermined rule, the packet extracting unit 230 may extract the time at which the count information is generated from the extracted count information.
- the validating unit 240 may confirm a location of the user's terminal device 200 according to whether the difference between the difference of the count information generation times and the difference of the packet reception times is within a tolerance.
- the count information generation times and the packet reception times correspond to the count information extracted by the packet extracting unit 230 and previously stored count information.
- the validating unit 240 measures a packet reception time (T new ), and extracts a time corresponding to the extracted count information, which is the time (T n ) at which the count information is generated.
- the validating unit 240 may confirm the location of the user's terminal device.
- ⁇ T up and ⁇ T down are predetermined tolerances.
- the validating unit 240 confirms that the location of the user's terminal device 200 is valid.
- the validating unit 240 may store the count information extracted from the packet as the latest count information in the storing unit 250.
- the storing unit 250 may store both count information used for confirming a location of a user's terminal device 200 and the first time rule, including a predetermined sequence table or a predetermined rule, the first time rule being for extracting the time at which the count information is generated from the count information.
- the storing unit 250 may store the count information included in the first received packet. After that, if the location of the user's terminal device is confirmed by comparing the extracted count information with the previously stored count information in the validating unit 240, the storing unit 250 may update the count information with the extracted count information.
- a beacon management server 300 may confirm a location of a user's terminal device 200 by using count information of a BLE beacon device 100, which is transmitted from the user's terminal device 200.
- the user's terminal device 200 is not configured as the description of FIG. 3. Instead, the user's terminal device 200 may only include components for transmitting the packet received from the BLE beacon device 100 to the beacon management server 300 through a secure link such as Wi-Fi, Bluetooth, or a cellular network.
- FIG. 4 is a block diagram of a beacon management server for confirming a location of a user in connection with a BLE beacon device for anti-spoofing, according to an embodiment of the present invention.
- the beacon management server 300 may include a communicating unit 310, a decrypting unit 320, a packet extracting unit 330, a validating unit 340, and a storing unit 350.
- the communicating unit 310 may receive a packet including both count information and a beacon device ID (UUID) from the user's terminal device 200, the packet being broadcast from the BLE beacon device 100.
- the communicating unit 310 may communicate with the user's terminal device 200 using a long-distance communication method such as a cellular network.
- the communicating unit 310 may communicate with the user's terminal device 200 using Wi-Fi or Bluetooth.
- the communicating unit 310 may be synchronized with an internal timer (not illustrated) of the beacon device 100.
- the decrypting unit 320 may decrypt the packet received from the communicating unit 310.
- the decrypting unit 320 may decrypt the packet using either a single encryption method or a double encryption method.
- the decrypting unit 320 may decrypt the received packet using a fixed key distributed in advance.
- the decrypting unit 320 may extract a random shared key from the packet, and decrypt the packet using the extracted random shared key.
- the decrypting unit 320 extracts a random shared key, which has been encrypted, from the packet and decrypts the extracted random shared key using a fixed key that has been distributed in advance. Then, the decrypting unit 320 may decrypt the packet using the decrypted random shared key. Alternatively, the decrypting unit 320 decrypts the packet using a fixed key that has been distributed in advance, and extracts a random shared key from the decrypted packet. Then, the decrypting unit 320 may decrypt the packet using the extracted random shared key.
- the beacon management server 300 includes a decrypting unit 320, but not limited to the above description, the decrypting unit 320 may be omitted.
- the packet extracting unit 330 may extract count information and a beacon device ID from the packet decrypted in the decrypting unit 320.
- the packet extracting unit 330 may extract count information and a beacon device ID from the packet that is periodically received in the communicating unit 310. In this case, according to a predetermined sequence table or a predetermined rule, the packet extracting unit 330 may extract the time at which the count information is generated from the extracted count information.
- the validating unit 340 may confirm a location of the user's terminal device 200 according to whether the difference between the difference of the count information generation times and the difference of the packet reception times is within a tolerance.
- the count information generation times and the packet reception times correspond to the count information extracted by the packet extracting unit 330 and previously stored count information.
- the validating unit 340 measures a packet reception time (T new ), and extracts a time corresponding to the extracted count information, which is the time(T n ) at which the count information is generated.
- the validating unit 340 may confirm the location of the user's terminal device 200.
- the validating unit 340 confirms that the location of the user's terminal device 200 is valid.
- the validating unit 340 may store the count information extracted from the packet as the latest count information in the storing unit 350.
- the validating unit 340 determines that spoofing or sniffing is done by an illegal user's terminal device. Accordingly, the validating unit 340 determines that the location of the user's terminal device 200 is invalid, and may block the user's terminal device.
- the storing unit 350 may store both the count information used for confirming a location of a user's terminal device 200 and the first time rule, including a predetermined sequence table or a predetermined rule, the first time rule being for extracting the time at which the count information is generated from the count information.
- the storing unit 350 may store the count information included in the first received packet. After that, if the location of the user's terminal device is confirmed by comparing the extracted count information with the previously stored count information in the validating unit 340, the storing unit 350 may update the count information with the extracted count information.
- a BLE beacon device 100 may enhance reliability of location information of a beacon device by preventing spoofing by an illegal user. Also, depending on reliable location information of the beacon device, it is possible to construct environments that may provide supplementary services using sensitive personal information, such as financial settlements.
- FIG. 5 is a flow diagram of a method for anti-spoofing according to an embodiment of the present invention.
- a method for anti-spoofing 500 includes a step for generating count information (S501); a step for generating a packet including the count information (S502); a step for encrypting the generated packet (S503); a step for transmitting the encrypted packet (S504); and a step for confirming a location of a user's terminal device based on the transmitted count information (S505 to S507).
- a BLE beacon device 100 may generate count information with a fixed time rule (S501).
- the count information may be generated according to a first time rule, including a predetermined sequence table or a predetermined rule.
- various state of the BLE beacon device 100 may be collected.
- the state information may include at least one among the temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, and seismic intensity of the BLE beacon device 100.
- the state information may be collected through a sensor module (not illustrated).
- a packet including both the generated count information and a beacon device ID may be generated according to a second time rule (S502).
- the count information included in the packet may correspond to a time at which the count information is generated.
- packets may be generated to sequentially include the generated count information. For example, when the packet generation time is the same as the time at which the count information is generated, packets may be generated to have the different count information. Also, when the first time rule is different from the second time rule, packets may be generated to include the generated count information according to a predetermined order.
- packets may be generated to include the same count information according to the predetermined rule.
- the number of the packets including the same count information may be different.
- the generated packet may include the collected state information of the BLE beacon device 100.
- the generated packet may be encrypted (S503).
- the generated packet may be encrypted using either a single encryption method or a double encryption method.
- the generated packet is encrypted using a fixed key, and the fixed key may be distributed in advance to a user's terminal device 200 or a beacon management server 300.
- the generated packet may be encrypted using a random shared key, and the packet including the random shared key may be transmitted to the user's terminal device 200 or the beacon management server 300.
- the random shred key is encrypted using a fixed key.
- the packet including the encrypted random shared key may be transmitted to the user's terminal device 200 or the beacon management server 300.
- the fixed key may be distributed in advance to the user's terminal device 200 or the beacon management server 300.
- the packet including the random shared key may be encrypted using the fixed key.
- encryption of the packet is performed, but not limited to the above description, encryption of the packet may be omitted.
- the encrypted packet may be broadcast to the user's terminal device (S504).
- the generated packet may be broadcast to the user's terminal device (S504).
- the packet may be broadcast using Bluetooth Low Energy, but is not limited to this and may be broadcast using any short-distance communication method such as Wi-Fi.
- the user's terminal device 200 may confirm its own location based on the count information from the BLE beacon device 100. More specifically, first, the user's terminal device may receive the packet broadcast from the BLE beacon device 100, which includes the count information and the beacon device ID.
- the received packet may be decrypted (S505).
- the packet may be decrypted using either a single encryption method or a double encryption method.
- the packet may be decrypted using a fixed key that has been distributed in advance.
- a random shared key is extracted from the packet, and the packet may be decrypted using the extracted random shared key.
- the encrypted random shared key is extracted from the packet, and the extracted random shared key is decrypted using the fixed key that has been distributed in advance. Then, the packet may be decrypted using the decrypted random shared key. Alternatively, the packet is decrypted using the fixed key that has been distributed in advance, and the random shared key is extracted from the decrypted packet. Then, the packet may be decrypted using the extracted random shared key.
- decryption of the packet is performed, but not limited to the above description, decryption of the packet may be omitted.
- the count information and the beacon device ID may be extracted from the decrypted packet (S506).
- the time at which the count information is generated may be extracted from the extracted count information.
- the location of the user may be confirmed (S507).
- the count information generation times and the packet reception times correspond to the extracted count information and previously stored count information.
- the packet reception time (T new ) is measured, and the time corresponding to the extracted count information, which is the time (T n ) at which the count information is generated, is extracted.
- the location of the user's terminal device may be confirmed.
- FIG. 6 is a flow diagram of a method for anti-spoofing according to another embodiment of the present invention.
- the method for anti-spoofing 600 includes a step for generating count information (S601); a step for generating a packet including the count information (S602); a step for encrypting the generated packet (S603); a step for transmitting the encrypted packet (S604); and a step for confirming a location of a user's terminal device based on the transmitted count information (S605 to S609).
- a BLE beacon device 100 may generate count information with a fixed time rule to confirm a location of a user's terminal device (S601).
- the count information may be generated according to a first time rule, including a predetermined sequence table or a predetermined rule.
- various state information of the BLE beacon device 100 may be collected.
- the state information may include at least one among the temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, and seismic intensity of the BLE beacon device 100.
- the state information may be collected through a sensor module (not illustrated).
- a packet including both the generated count information and a beacon device ID may be generated according to a second time rule (S602).
- the count information included in the packet may correspond to the time at which the count information is generated.
- packets may be generated to sequentially include the generated count information. For example, when the packet generation time is the same as the time at which the count information is generated, packets may be generated to have different count information. Also, when the first time rule is different from the second time rule, packets may be generated to include the generated count information according to a predetermined order.
- packets may be generated to include the same count information according to a predetermined rule.
- the number of the packets including the same count information may be different.
- the generated packet may include the collected state information of the BLE beacon device 100.
- the generated packet may be encrypted (S603).
- the generated packet may be encrypted using either a single encryption method or a double encryption method.
- the generated packet is encrypted using a fixed key, and the fixed key may be distributed in advance to a user's terminal device 200 or a beacon management server 300.
- the generated packet may be encrypted using a random shared key, and the packet including the random shared key may be transmitted to the user's terminal device 200 or the beacon management server 300.
- the random shared key is encrypted using a fixed key.
- the packet including the encrypted random shared key may be transmitted to the user's terminal device 200 or the beacon management server 300.
- the fixed key may be distributed in advance to the user's terminal device 200 or the beacon management server 300.
- the packet including the random shared key may be encrypted using the fixed key.
- encryption of the packet is performed, but not limited to the above description, encryption of the packet may be omitted.
- the encrypted packet may be broadcast to the user's terminal device connected to the beacon management server (S604).
- the generated packet may be broadcast to the user's terminal device connected to the beacon management server (S604).
- the packet may be broadcast using Bluetooth Low Energy, but not limited to this, the packet may be broadcast using any short-distance communication method such as Wi-Fi.
- the user's terminal device 200 may transmit the packet, received from the BLE beacon device 100, to the beacon management server 300 (S605).
- the user's terminal device 200 may transmit the received packet through a secure link such as Wi-Fi, Bluetooth, or a cellular network.
- the beacon management server 300 may confirm the location of the user's terminal device 200 based on the count information from the BLE beacon device 100. More specifically, first, the beacon management server may receive the packet broadcast from the BLE beacon device, which includes the count information and the beacon device ID, via the user's terminal device 200.
- the received packet may be decrypted (S606).
- the packet may be decrypted using either a single encryption method or a double encryption method.
- the packet may be decrypted using a fixed key that has been distributed in advance.
- a random shared key is extracted from the packet, and the packet may be decrypted using the extracted random shared key.
- the encrypted random shared key is extracted from the packet, and the extracted random shared key is decrypted using the fixed key that has been distributed in advance. Then, the packet may be decrypted using the decrypted random shared key. Alternatively, the packet is decrypted using the fixed key that has been distributed in advance, and the random shared key is extracted from the decrypted packet. Then, the packet may be decrypted using the extracted random shared key.
- decryption of the packet is performed, but not limited to the above description, decryption of the packet may be omitted.
- the count information and the beacon device ID may be extracted from the decrypted packet (S607).
- the time at which the count information is generated may be extracted from the extracted count information.
- the location of the user's terminal device 200 may be confirmed (S608).
- the count information generation times and the packet reception times correspond to the extracted count information and previously stored count information.
- the packet reception time (T new ) is measured, and the time corresponding to the extracted count information, which is the time (T n ) at which the count information is generated, is extracted.
- the location of the user's terminal device 200 may be confirmed.
- the count information may be stored as the latest count information (S609). For example, count information included in the first received packet is stored. After that, if the location of the user's terminal device is confirmed by comparing the extracted count information with the previously stored count information, the count information may be updated with the extracted count information.
- a method for anti-spoofing may enhance reliability of a location of a beacon device by preventing spoofing by an illegal user. Also, based on the high reliability of the location information of the beacon device, it is possible to construct environments that may provide supplementary services using sensitive personal information, such as financial settlements.
- the method described above may be implemented by the BLE beacon device 100 illustrated in FIG. 1, and especially, may be implemented by software programs that perform the described steps.
- these programs may be stored in a computer-readable storage medium, or may be transmitted by a computer data signal combined with carrier wave through the transmission medium or communication network.
- the computer-readable storage medium includes all kind of recording devices storing data that can be read by computer systems.
- the computer-readable storage medium may be ROM, RAM, CD-ROM, DVD-ROM, DVD-RAM, magnetic tapes, floppy disks, hard disks, optical data storage devices, and the like.
Abstract
Disclosed herein is a BLE beacon device for anti-spoofing. The BLE beacon device for anti-spoofing includes: a count generating unit for generating count information according to a first time rule; a packet generating unit for generating, according to a second time rule, a packet including the generated count information and a beacon device ID (UUID), the generated count information corresponding to a time at which the count information is generated; and a communicating unit for broadcasting the generated packet to a user's terminal device or a user's terminal device connected to a beacon device server in order that the user's terminal device or the beacon management server confirms a location of the user's terminal device according to a difference of times corresponding to pieces of count information included in at least two packets that are generated according to the second time rule.
Description
The present invention generally relates to a BLE beacon device for anti-spoofing and, more particularly, to a BLE beacon device that may enhance the security of location-based service of a user's terminal device.
These days, with the rapid spread of smart devices including smartphones, the paradigm of the mobile communication industry has changed from providing voice calls to providing applications. Particularly, as it is possible to locate a user's terminal device, applications that provide various services based on the user's location information in real-time have emerged.
Locating a user's terminal device with GPS-based technology is widely used outdoors. However, indoors or below ground level, the use of GPS is limited because it is difficult to receive a GPS signal. Consequently, to solve this problem, short-distance communication methods have been suggested. Specifically, beacon devices using Bluetooth Low Energy (BLE) have recently emerged as a solution to the problem.
A BLE beacon device periodically transmits its own location information to a user's terminal device, and the user's terminal device receives the information and retransmits it to a beacon management server. Accordingly, the beacon management server may detect the location of the user's terminal device through the location of the BLE beacon device.
However, as currently released BLE beacon devices broadcast their own location information, any user's terminal device in the transmission range may receive the location information of the beacon device. Consequently, packet sniffing is done by a user's terminal device, which does not have appropriate authority, thus spoofing is possible.
As described above, existing BLE beacon devices are convenient for detecting a current location of a user, but a service provider may not trust the information about the current location of the user. For example, by sniffing information transmitted from a beacon device that is installed in location A, the information may be retransmitted in location B. Accordingly, even though the user is not in location A, it is possible to receive a service provided in location A, for example acquiring a check-in point. Particularly, in case of a beacon device in connection with a payment system, it is difficult to provide a reliable service because location information of the beacon device may not be trusted.
Accordingly, the present invention has been made keeping in mind the above problem, and an embodiment of the present invention intends to provide a BLE beacon device for anti-spoofing, which may prevent spoofing by an illegal user's terminal device.
According to an embodiment of the present invention to accomplish the above object, a beacon device for anti-spoofing is provided. The beacon device for anti-spoofing may include: a count generating unit for generating count information according to a first time rule; a packet generating unit for generating, according to a second time rule, a packet including the generated count information and a beacon device ID (UUID), the generated count information corresponding to a time at which the count information is generated; and a communicating unit for broadcasting the generated packet to a user's terminal device or a user's terminal device connected to a beacon device server in order that the user's terminal device or the beacon management server confirms a location of the user's terminal device according to a difference of times corresponding to pieces of count information included in at least two packets that are generated according to the second time rule.
In an embodiment, the beacon device for anti-spoofing may further include an encrypting unit for encrypting the packet using either a single encryption method or a double encryption method.
In an embodiment, the count generating unit may be synchronized with an internal timer of the beacon management server.
In an embodiment, the packet generating unit may generate the packet to sequentially include the generated count information when the first time rule is the same as the second time rule, and generate the packet to include the generated count information according to a predetermined order when the first time rule is different from the second time rule.
In an embodiment, the beacon device for anti-spoofing may further include a state information collecting unit for collecting state information of the beacon device.
In an embodiment, the state information may include at least one among a temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, and seismic intensity of the beacon device.
According to another embodiment of the present invention, a method for anti-spoofing of a beacon device is provided. The method for anti-spoofing of a beacon device may include: generating count information according to a first time rule; generating, according to a second time rule, a packet including the generated count information and a beacon device ID (UUID), the generated count information corresponding to a time at which the count information is generated; and broadcasting the generated packet to a user's terminal device or a user's terminal device connected to a beacon device server in order that the user's terminal device or the beacon management server confirms a location of the user's terminal device according to a difference of times corresponding to pieces of count information included in at least two packets that are generated according to the second time rule.
In an embodiment, the method may further include encrypting the packet using either a single encryption method or a double encryption method.
In an embodiment, the method may further include synchronizing with the beacon management server.
In an embodiment, in generating the packet, when the first time rule is the same as the second time rule, the packet is generated to sequentially include the generated count information, and when the first time rule is different from the second time rule, the packet is generated to include the generated count information according to a predetermined order.
In an embodiment, the method may further include collecting state information of a beacon device.
In an embodiment, the state information may include at least one among a temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, operation modes, and seismic intensity of the beacon device.
According to a further embodiment of the present invention, a computer-readable storage medium on which a program for anti-spoofing is recorded is provided, the program being executed in a beacon device. The program may include: a code for generating count information according to a first time rule; a code for generating, according to a second time rule, a packet including the generated count information and a beacon device ID (UUID), the generated count information corresponding to a time at which the count information is generated; and a code for broadcasting the generated packet to a user's terminal device or a user's terminal device connected to a beacon device server in order that the user's terminal device or the beacon management server confirms a location of the user's terminal device according to a difference of times corresponding to pieces of count information included in at least two packets that are generated according to the second time rule.
In an embodiment, the program may further include a code for encrypting the packet using either a single encryption method or a double encryption method.
In an embodiment, the program may further include a code for synchronizing with the beacon management server.
In an embodiment, the code for generating the packet generates the packet to sequentially include the generated count information when the first time rule is the same as the second time rule, and generates the packet to include the generated count information according to a predetermined order when the first time rule is different from the second time rule.
In an embodiment, the program may further include a code for collecting state information of a beacon device.
In an embodiment, the state information may include at least one among a temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, and seismic intensity of the beacon device.
A BLE beacon device according to an embodiment of the present invention may enhance reliability of location information of a beacon device by preventing spoofing by an illegal user.
Also, according to an embodiment of the present invention, depending on reliable location information of a beacon device, it is possible to construct environments that may provide supplementary services using sensitive personal information, such as financial settlements.
FIG. 1 is a block diagram of a BLE beacon device system for anti-spoofing according to an embodiment of the present invention;
FIG. 2 is a block diagram of a BLE beacon device for anti-spoofing according to an embodiment of the present invention;
FIG. 3 is a block diagram of a user's terminal device for confirming a location of a user in connection with a BLE beacon device for anti-spoofing, according to an embodiment of the present invention;
FIG. 4 is a block diagram of a beacon management server for confirming a location of a user in connection with a BLE beacon device for anti-spoofing, according to an embodiment of the present invention;
FIG. 5 is a flow diagram of a method for anti-spoofing according to an embodiment of the present invention; and
FIG. 6 is a flow diagram of a method for anti-spoofing according to another embodiment of the present invention.
Hereinafter, exemplary embodiments of the present invention will be described in detail referring to accompanying drawings. The following exemplary embodiments are described in order to enable those of ordinary skill in the art to embody and practice the invention. However, the present invention is not limited to the exemplary embodiments disclosed below, but can be implemented in various forms. Reference should now be made to the drawings, in which the same reference numerals are used throughout the different drawings to designate the same or similar components.
FIG. 1 is a block diagram of a BLE beacon device system for anti-spoofing according to an embodiment of the present invention. Hereinafter, referring to the drawing, a BLE beacon device system for anti-spoofing according to an embodiment of the present invention will be described in detail.
Referring to FIG. 1, a BLE beacon device system 10 according to an embodiment of the present invention includes a BLE beacon device 100, a user's terminal device 200, and a beacon management server 300.
The BLE beacon device 100 may broadcast information for confirming a location of the user's terminal device 200, which includes its own location information, state information, ID, and the like.
Hereinafter, referring to FIG. 2, a BLE beacon device for anti-spoofing will be described in detail. FIG. 2 is a block diagram of a BLE beacon device for anti-spoofing according to an embodiment of the present invention.
A BLE beacon device 100 may include a count generating unit 110, a state information collecting unit 120, a packet generating unit 130, an encrypting unit 140, and a communicating unit 150.
To confirm a location of the user's terminal device 200, the count generating unit 110 may generate count information with a fixed time rule. For example, the count generating unit 110 may generate the count information according to a first time rule, including a predetermined sequence table or a predetermined rule. In this case, the count information is generated according as a value of a timer (not illustrated) inside the BLE beacon device 100 increases with a constant time interval. If count information at a certain time is known, count information before a fixed time period or count information after a fixed time period may be obtained through the predetermined sequence table or the predetermined rule. Alternatively, the count generating unit 110 may be synchronized with an internal timer of the beacon management server 300. In this case, the count generating unit 110 may generate count information that corresponds to the time after the synchronization.
The state information collecting unit 120 may collect various state information of the BLE beacon device 100. The state information may include at least one among the temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, and seismic intensity of the BLE beacon device 100. For example, the state information collecting unit 120 may collect the state information through a sensor module (not illustrated).
According to a second time rule, the packet generating unit 130 may generate a packet including both the count information generated in the count generating unit 110 and a beacon device ID. The count information included in the generated packet may correspond to the time at which the count information is generated. More specifically, when the first time rule is the same as the second time rule, the packet generating unit 130 may generate packets to sequentially include the generated count information. For example, when the packet generation time is the same as the time at which the count information is generated, the packet generating unit 130 may generate packets to have the different count information. Also, when the first time rule is different from the second time rule, the packet generating unit 130 may generate packets to include the generated count information according to a predetermined order. For example, when the packet generation time is different from the time at which count information is generated, especially, when the time interval between generation of the count information is larger than the time interval between generation of the packets, packets may be generated to include the same count information according to the predetermined rule. In this case, the number of the packets including the same count information may be different. Also, the generated packet may include the state information of the BLE beacon device 100, which is collected by the state information collecting unit 120.
The encrypting unit 140 may encrypt the packet generated in the packet generating unit 130. In this case, the encrypting unit 140 may encrypt the generated packet using either a single encryption method or a double encryption method. For example, in case of the single encryption method, the encrypting unit 140 encrypts the generated packet using a fixed key. In this case, the fixed key may be distributed in advance to a user's terminal device 200 or a beacon management server 300. Alternatively, the encrypting unit 140 encrypts the generated packet using a random shared key. In this case, the packet including the random shared key may be transmitted to the user's terminal device 200 or the beacon management server 300.
Also, in case of the double encryption method, after encrypting the generated packet using a random shared key, the encrypting unit 140 encrypts the random shred key using a fixed key. Then, the packet including the encrypted random shared key may be transmitted to the user's terminal device 200 or the beacon management server 300. In this case, the fixed key may be distributed in advance to the user's terminal device 200 or the beacon management server 300. Alternatively, after encrypting the generated packet using the random shared key, the encrypting unit 140 may encrypt the packet including the random shared key using the fixed key.
In the present embodiment, a BLE beacon device 100 includes an encrypting unit 140, but not limited to the above description, the encrypting unit 140 may be omitted.
To a user's terminal device 200 or to a user's terminal device 200 that is connected to a beacon management server 300, the communicating unit 150 may broadcast the packet encrypted in the encrypting unit 140, or when the encrypting unit 140 is omitted, it may broadcast the packet generated in the packet generating unit 130. Accordingly, the user's terminal device 200 or the beacon management server 300 confirms a location of the user's terminal device 200 according to the difference of the times corresponding to the pieces of count information included in at least two packets that are generated depending on the second time rule. The communicating unit 150 may use Bluetooth Low Energy, but the communicating unit 150 is not limited to this, and it is possible to use any short-distance communication method, including Wi-Fi.
Again referring to FIG. 1, a user's terminal device 200 may transmit a packet received from a BLE beacon device 100 into a beacon management server 300 to confirm its own location. Alternatively, as described in the present embodiment, the user's terminal device 200 may confirm its own location based on the count information from the BLE beacon device 100.
Hereinafter, a user's terminal device 200 for confirming its own location will be described in detail referring to FIG. 3. FIG. 3 is a block diagram of a user's terminal device for confirming a location of a user in connection with a BLE beacon device for anti-spoofing, according to an embodiment of the present invention.
A user's terminal device 200 may include a communicating unit 210, a decrypting unit 220, a packet extracting unit 230, a validating unit 240, and a storing unit 250.
The communicating unit 210 may receive a packet including both count information and a beacon device ID (UUID), which is broadcast from a BLE beacon device 100. For example, the communicating unit 210 may use Bluetooth Low Energy, but the communicating unit is not limited to this, and it is possible to use any short-distance communication method, including Wi-Fi.
The decrypting unit 220 may decrypt the packet received in the communicating unit 210. In this case, the decrypting unit 220 may decrypt the packet using either a single encryption method or a double encryption method. For example, in case of the single encryption method, the decrypting unit 220 may decrypt the packet using a fixed key that has been distributed in advance. Alternatively, the decrypting unit 220 may extract a random shared key from the packet and decrypt the packet using the extracted random shared key.
Also, in case of the double encryption method, the decrypting unit 220 extracts a random shared key, which has been encrypted, from the packet and decrypts the extracted random shared key using a fixed key that has been distributed in advance. Then, the decrypting unit 220 may decrypt the packet using the decrypted random shared key. Alternatively, the decrypting unit 220 decrypts the packet using a fixed key that has been distributed in advance, and extracts a random shared key from the decrypted packet. Then, the decrypting unit 220 may decrypt the packet using the extracted random shared key.
Alternatively, in the present embodiment, a user's terminal device 200 includes a decrypting unit 220, but not limited to the above description, the decrypting unit 220 may be omitted.
The packet extracting unit 230 may extract count information and a beacon device ID from the packet decrypted in the decrypting unit 220. When the decrypting unit 220 is omitted, the packet extracting unit 230 may extract count information and a beacon device ID from the packet that is periodically received in the communicating unit 210. In this case, according to a predetermined sequence table or a predetermined rule, the packet extracting unit 230 may extract the time at which the count information is generated from the extracted count information.
The validating unit 240 may confirm a location of the user's terminal device 200 according to whether the difference between the difference of the count information generation times and the difference of the packet reception times is within a tolerance. Here, the count information generation times and the packet reception times correspond to the count information extracted by the packet extracting unit 230 and previously stored count information. For example, the validating unit 240 measures a packet reception time (Tnew), and extracts a time corresponding to the extracted count information, which is the time (Tn) at which the count information is generated. Then, like the following Equation (1), using the count information (Cm) stored in the storing unit 250, the time corresponding to the stored count information, which is the time(Tm) at which the stored count information is generated, and the reception time ( Told) of the packet including the stored count information, the validating unit 240 may confirm the location of the user's terminal device.
where ΔTup and ΔTdown are predetermined tolerances.
As described above, when the difference between the time corresponding to the count information extracted from the packet and the time corresponding to the previously stored count information is within the tolerances, the validating unit 240 confirms that the location of the user's terminal device 200 is valid. In this case, the validating unit 240 may store the count information extracted from the packet as the latest count information in the storing unit 250.
The storing unit 250 may store both count information used for confirming a location of a user's terminal device 200 and the first time rule, including a predetermined sequence table or a predetermined rule, the first time rule being for extracting the time at which the count information is generated from the count information. The storing unit 250 may store the count information included in the first received packet. After that, if the location of the user's terminal device is confirmed by comparing the extracted count information with the previously stored count information in the validating unit 240, the storing unit 250 may update the count information with the extracted count information.
Again referring to FIG. 1, a beacon management server 300 may confirm a location of a user's terminal device 200 by using count information of a BLE beacon device 100, which is transmitted from the user's terminal device 200. In this case, the user's terminal device 200 is not configured as the description of FIG. 3. Instead, the user's terminal device 200 may only include components for transmitting the packet received from the BLE beacon device 100 to the beacon management server 300 through a secure link such as Wi-Fi, Bluetooth, or a cellular network.
Hereinafter, referring to FIG. 4, a beacon management server connected with a BLE beacon device for anti-spoofing will be described in detail. FIG. 4 is a block diagram of a beacon management server for confirming a location of a user in connection with a BLE beacon device for anti-spoofing, according to an embodiment of the present invention.
The beacon management server 300 may include a communicating unit 310, a decrypting unit 320, a packet extracting unit 330, a validating unit 340, and a storing unit 350.
The communicating unit 310 may receive a packet including both count information and a beacon device ID (UUID) from the user's terminal device 200, the packet being broadcast from the BLE beacon device 100. For example, the communicating unit 310 may communicate with the user's terminal device 200 using a long-distance communication method such as a cellular network. However, not limited to this, the communicating unit 310 may communicate with the user's terminal device 200 using Wi-Fi or Bluetooth. Also, the communicating unit 310 may be synchronized with an internal timer (not illustrated) of the beacon device 100.
The decrypting unit 320 may decrypt the packet received from the communicating unit 310. In this case, the decrypting unit 320 may decrypt the packet using either a single encryption method or a double encryption method. For example, in case of the single encryption method, the decrypting unit 320 may decrypt the received packet using a fixed key distributed in advance. Alternatively, the decrypting unit 320 may extract a random shared key from the packet, and decrypt the packet using the extracted random shared key.
Also, in case of the double encryption method, the decrypting unit 320 extracts a random shared key, which has been encrypted, from the packet and decrypts the extracted random shared key using a fixed key that has been distributed in advance. Then, the decrypting unit 320 may decrypt the packet using the decrypted random shared key. Alternatively, the decrypting unit 320 decrypts the packet using a fixed key that has been distributed in advance, and extracts a random shared key from the decrypted packet. Then, the decrypting unit 320 may decrypt the packet using the extracted random shared key.
In the present embodiment, the beacon management server 300 includes a decrypting unit 320, but not limited to the above description, the decrypting unit 320 may be omitted.
The packet extracting unit 330 may extract count information and a beacon device ID from the packet decrypted in the decrypting unit 320. When the decrypting unit 320 is omitted, the packet extracting unit 330 may extract count information and a beacon device ID from the packet that is periodically received in the communicating unit 310. In this case, according to a predetermined sequence table or a predetermined rule, the packet extracting unit 330 may extract the time at which the count information is generated from the extracted count information.
The validating unit 340 may confirm a location of the user's terminal device 200 according to whether the difference between the difference of the count information generation times and the difference of the packet reception times is within a tolerance. Here, the count information generation times and the packet reception times correspond to the count information extracted by the packet extracting unit 330 and previously stored count information. For example, the validating unit 340 measures a packet reception time (Tnew), and extracts a time corresponding to the extracted count information, which is the time(Tn) at which the count information is generated. Then, like the Equation (1), using the count information (Cm) stored in the storing unit 350, the time corresponding to the stored count information, which is the time (Tm) at which the stored count information is generated, and the reception time (Told) of the packet including the stored count information, the validating unit 340 may confirm the location of the user's terminal device 200.
As described above, when the difference between the time corresponding to the count information extracted from the packet and the time corresponding to the previously stored count information is within the tolerance, the validating unit 340 confirms that the location of the user's terminal device 200 is valid. In this case, the validating unit 340 may store the count information extracted from the packet as the latest count information in the storing unit 350.
Also, sequentially comparing the pieces of count information, when the difference between the difference of the count information generation times and the difference of the packet reception times is repeatedly outside the range of the tolerances, the validating unit 340 determines that spoofing or sniffing is done by an illegal user's terminal device. Accordingly, the validating unit 340 determines that the location of the user's terminal device 200 is invalid, and may block the user's terminal device.
The storing unit 350 may store both the count information used for confirming a location of a user's terminal device 200 and the first time rule, including a predetermined sequence table or a predetermined rule, the first time rule being for extracting the time at which the count information is generated from the count information. The storing unit 350 may store the count information included in the first received packet. After that, if the location of the user's terminal device is confirmed by comparing the extracted count information with the previously stored count information in the validating unit 340, the storing unit 350 may update the count information with the extracted count information.
As described above, a BLE beacon device 100 according to an embodiment of the present invention may enhance reliability of location information of a beacon device by preventing spoofing by an illegal user. Also, depending on reliable location information of the beacon device, it is possible to construct environments that may provide supplementary services using sensitive personal information, such as financial settlements.
Hereinafter, a method for anti-spoofing of the present invention will be described referring to FIG. 5 and 6. FIG. 5 is a flow diagram of a method for anti-spoofing according to an embodiment of the present invention.
A method for anti-spoofing 500 includes a step for generating count information (S501); a step for generating a packet including the count information (S502); a step for encrypting the generated packet (S503); a step for transmitting the encrypted packet (S504); and a step for confirming a location of a user's terminal device based on the transmitted count information (S505 to S507).
More specifically, as illustrated in FIG. 5, to confirm a location of the user's terminal device, a BLE beacon device 100 may generate count information with a fixed time rule (S501). The count information may be generated according to a first time rule, including a predetermined sequence table or a predetermined rule. Selectively, various state of the BLE beacon device 100 may be collected. The state information may include at least one among the temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, and seismic intensity of the BLE beacon device 100. In this case, the state information may be collected through a sensor module (not illustrated).
Next, a packet including both the generated count information and a beacon device ID may be generated according to a second time rule (S502). The count information included in the packet may correspond to a time at which the count information is generated. When the first time rule is the same as the second time rule, packets may be generated to sequentially include the generated count information. For example, when the packet generation time is the same as the time at which the count information is generated, packets may be generated to have the different count information. Also, when the first time rule is different from the second time rule, packets may be generated to include the generated count information according to a predetermined order. For example, when the packet generation time is different from the time at which count information is generated, especially, when the time interval between generation of the count information is larger than the time interval between generation of the packets, packets may be generated to include the same count information according to the predetermined rule. In this case, the number of the packets including the same count information may be different. The generated packet may include the collected state information of the BLE beacon device 100.
Next, the generated packet may be encrypted (S503). The generated packet may be encrypted using either a single encryption method or a double encryption method. For example, in case of the single encryption method, the generated packet is encrypted using a fixed key, and the fixed key may be distributed in advance to a user's terminal device 200 or a beacon management server 300. Alternatively, the generated packet may be encrypted using a random shared key, and the packet including the random shared key may be transmitted to the user's terminal device 200 or the beacon management server 300.
Also, in case of the double encryption method, after encrypting the generated packet using a random shared key, the random shred key is encrypted using a fixed key. Then, the packet including the encrypted random shared key may be transmitted to the user's terminal device 200 or the beacon management server 300. In this case, the fixed key may be distributed in advance to the user's terminal device 200 or the beacon management server 300. Alternatively, after encrypting the generated packet using the random shared key, the packet including the random shared key may be encrypted using the fixed key.
In the present embodiment, encryption of the packet is performed, but not limited to the above description, encryption of the packet may be omitted.
Next, in order that the user's terminal device 200 confirms its own location according to the difference of the times corresponding to the pieces of count information included in at least two packets, which are generated based on the second time rule, the encrypted packet may be broadcast to the user's terminal device (S504). When encryption of the packet is omitted, the generated packet may be broadcast to the user's terminal device (S504). The packet may be broadcast using Bluetooth Low Energy, but is not limited to this and may be broadcast using any short-distance communication method such as Wi-Fi.
Next, as described above, the user's terminal device 200 may confirm its own location based on the count information from the BLE beacon device 100. More specifically, first, the user's terminal device may receive the packet broadcast from the BLE beacon device 100, which includes the count information and the beacon device ID.
Subsequently, the received packet may be decrypted (S505). In this case, the packet may be decrypted using either a single encryption method or a double encryption method. For example, in case of the single encryption method, the packet may be decrypted using a fixed key that has been distributed in advance. Alternatively, a random shared key is extracted from the packet, and the packet may be decrypted using the extracted random shared key.
Also, in case of the double encryption method, the encrypted random shared key is extracted from the packet, and the extracted random shared key is decrypted using the fixed key that has been distributed in advance. Then, the packet may be decrypted using the decrypted random shared key. Alternatively, the packet is decrypted using the fixed key that has been distributed in advance, and the random shared key is extracted from the decrypted packet. Then, the packet may be decrypted using the extracted random shared key.
In the present embodiment, decryption of the packet is performed, but not limited to the above description, decryption of the packet may be omitted.
Next, the count information and the beacon device ID may be extracted from the decrypted packet (S506). In this case, according to a predetermined sequence table or a predetermined rule, the time at which the count information is generated may be extracted from the extracted count information.
Next, according to whether the difference between the difference of the count information generation times and the difference of the packet reception times is within a tolerance, the location of the user may be confirmed (S507). Here, the count information generation times and the packet reception times correspond to the extracted count information and previously stored count information. For example, the packet reception time (Tnew) is measured, and the time corresponding to the extracted count information, which is the time (Tn) at which the count information is generated, is extracted. Then, like Equation (1), using the count information (Cm) stored in the storing unit 250, the time corresponding to the stored count information, which is the time (Tm) at which the stored count information is generated, and the reception time (Told) of the packet including the stored count information, the location of the user's terminal device may be confirmed.
Hereinafter, a method for anti-spoofing according to another embodiment of the present invention will be described referring to FIG. 6. FIG. 6 is a flow diagram of a method for anti-spoofing according to another embodiment of the present invention.
The method for anti-spoofing 600 includes a step for generating count information (S601); a step for generating a packet including the count information (S602); a step for encrypting the generated packet (S603); a step for transmitting the encrypted packet (S604); and a step for confirming a location of a user's terminal device based on the transmitted count information (S605 to S609).
More specifically, as illustrated in FIG. 6, a BLE beacon device 100 may generate count information with a fixed time rule to confirm a location of a user's terminal device (S601). The count information may be generated according to a first time rule, including a predetermined sequence table or a predetermined rule. Selectively, various state information of the BLE beacon device 100 may be collected. The state information may include at least one among the temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, and seismic intensity of the BLE beacon device 100. In this case, the state information may be collected through a sensor module (not illustrated).
Next, a packet including both the generated count information and a beacon device ID may be generated according to a second time rule (S602). The count information included in the packet may correspond to the time at which the count information is generated. When the first time rule is the same as the second time rule, packets may be generated to sequentially include the generated count information. For example, when the packet generation time is the same as the time at which the count information is generated, packets may be generated to have different count information. Also, when the first time rule is different from the second time rule, packets may be generated to include the generated count information according to a predetermined order. For example, when the packet generation time is different from the time at which count information is generated, especially, when the time interval between generation of the count information is larger than the time interval between generation of the packets, packets may be generated to include the same count information according to a predetermined rule. In this case, the number of the packets including the same count information may be different. Also, the generated packet may include the collected state information of the BLE beacon device 100.
Next, the generated packet may be encrypted (S603). The generated packet may be encrypted using either a single encryption method or a double encryption method. For example, in case of the single encryption method, the generated packet is encrypted using a fixed key, and the fixed key may be distributed in advance to a user's terminal device 200 or a beacon management server 300. Alternatively, the generated packet may be encrypted using a random shared key, and the packet including the random shared key may be transmitted to the user's terminal device 200 or the beacon management server 300.
Also, in case of the double encryption method, after encrypting the generated packet using a random shared key, the random shared key is encrypted using a fixed key. Then, the packet including the encrypted random shared key may be transmitted to the user's terminal device 200 or the beacon management server 300. In this case, the fixed key may be distributed in advance to the user's terminal device 200 or the beacon management server 300. Alternatively, after encrypting the generated packet using the random shared key, the packet including the random shared key may be encrypted using the fixed key.
In the present embodiment, encryption of the packet is performed, but not limited to the above description, encryption of the packet may be omitted.
Next, in order that the beacon management server 300 confirms a location of the user's terminal device 200 according to the difference of the times corresponding to the pieces of count information included in at least two packets, which are generated depending on the second time rule, the encrypted packet may be broadcast to the user's terminal device connected to the beacon management server (S604). When encryption of the packet is omitted, the generated packet may be broadcast to the user's terminal device connected to the beacon management server (S604). The packet may be broadcast using Bluetooth Low Energy, but not limited to this, the packet may be broadcast using any short-distance communication method such as Wi-Fi.
Next, the user's terminal device 200 may transmit the packet, received from the BLE beacon device 100, to the beacon management server 300 (S605). In this case, the user's terminal device 200 may transmit the received packet through a secure link such as Wi-Fi, Bluetooth, or a cellular network.
Next, as described above, the beacon management server 300 may confirm the location of the user's terminal device 200 based on the count information from the BLE beacon device 100. More specifically, first, the beacon management server may receive the packet broadcast from the BLE beacon device, which includes the count information and the beacon device ID, via the user's terminal device 200.
Subsequently, the received packet may be decrypted (S606). In this case, the packet may be decrypted using either a single encryption method or a double encryption method. For example, in case of the single encryption method, the packet may be decrypted using a fixed key that has been distributed in advance. Alternatively, a random shared key is extracted from the packet, and the packet may be decrypted using the extracted random shared key.
Also, in case of the double encryption method, the encrypted random shared key is extracted from the packet, and the extracted random shared key is decrypted using the fixed key that has been distributed in advance. Then, the packet may be decrypted using the decrypted random shared key. Alternatively, the packet is decrypted using the fixed key that has been distributed in advance, and the random shared key is extracted from the decrypted packet. Then, the packet may be decrypted using the extracted random shared key.
In the present embodiment, decryption of the packet is performed, but not limited to the above description, decryption of the packet may be omitted.
Next, the count information and the beacon device ID may be extracted from the decrypted packet (S607). In this case, according to the predetermined sequence table or the predetermined rule, the time at which the count information is generated may be extracted from the extracted count information.
Next, according to whether the difference between the difference of the count information generation times and the difference of the packet reception times is within a tolerance, the location of the user's terminal device 200 may be confirmed (S608). Here, the count information generation times and the packet reception times correspond to the extracted count information and previously stored count information. For example, the packet reception time (Tnew) is measured, and the time corresponding to the extracted count information, which is the time (Tn) at which the count information is generated, is extracted. Then, like Equation (1), using the count information (Cm) stored in the storing unit 350, the time corresponding to the stored count information, which is the time (Tm) at which the stored count information is generated, and the reception time (Told) of the packet including the stored count information, the location of the user's terminal device 200 may be confirmed.
As described above, when the difference between the time corresponding to the extracted count information and the time corresponding to the previously stored count information is within the tolerance, it is determined that the location of the user's terminal device 200 is valid.
On the other hand, sequentially comparing the pieces of count information, when the difference between the difference of the count information generation times and the difference of the packet reception times is repeatedly outside the range of the tolerance, it is determined that spoofing or sniffing is done by an illegal user's terminal device. Accordingly, it is determined that the location of the user's terminal device 200 is invalid, and the user's terminal device may be blocked.
Next, when the location of the user's terminal device 200 is confirmed, the count information may be stored as the latest count information (S609). For example, count information included in the first received packet is stored. After that, if the location of the user's terminal device is confirmed by comparing the extracted count information with the previously stored count information, the count information may be updated with the extracted count information.
As described above, a method for anti-spoofing according to an embodiment of the present invention may enhance reliability of a location of a beacon device by preventing spoofing by an illegal user. Also, based on the high reliability of the location information of the beacon device, it is possible to construct environments that may provide supplementary services using sensitive personal information, such as financial settlements.
The method described above may be implemented by the BLE beacon device 100 illustrated in FIG. 1, and especially, may be implemented by software programs that perform the described steps. In this case, these programs may be stored in a computer-readable storage medium, or may be transmitted by a computer data signal combined with carrier wave through the transmission medium or communication network.
In this case, the computer-readable storage medium includes all kind of recording devices storing data that can be read by computer systems. For example, the computer-readable storage medium may be ROM, RAM, CD-ROM, DVD-ROM, DVD-RAM, magnetic tapes, floppy disks, hard disks, optical data storage devices, and the like.
Although the embodiments of the present invention have been disclosed for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims.
Claims (18)
- A beacon device for anti-spoofing, comprising:a count generating unit for generating count information according to a first time rule;a packet generating unit for generating, according to a second time rule, a packet including the generated count information and a beacon device ID (UUID), the generated count information corresponding to a time at which the count information is generated; anda communicating unit for broadcasting the generated packet to a user's terminal device or a user's terminal device connected to a beacon device server in order that the user's terminal device or the beacon management server confirms a location of the user's terminal device according to a difference of times corresponding to pieces of count information included in at least two packets that are generated according to the second time rule.
- The beacon device of claim 1, further comprising,an encrypting unit for encrypting the packet using either a single encryption method or a double encryption method.
- The beacon device of claim 1, wherein the count generating unit is synchronized with an internal timer of the beacon management server.
- The beacon device of claim 1, wherein the packet generating unit generates the packet to sequentially include the generated count information when the first time rule is the same as the second time rule, and generates the packet to include the generated count information according to a predetermined order when the first time rule is different from the second time rule.
- The beacon device of claim 1, further comprising,a state information collecting unit for collecting state information of the beacon device.
- The beacon device of claim 5, wherein the state information includes at least one among a temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, and seismic intensity of the beacon device.
- A method for anti-spoofing of a beacon device, comprising:generating count information according to a first time rule;generating, according to a second time rule, a packet including the generated count information and a beacon device ID (UUID), the generated count information corresponding to a time at which the count information is generated; andbroadcasting the generated packet to a user's terminal device or a user's terminal device connected to a beacon device server in order that the user's terminal device or the beacon management server confirms a location of the user's terminal device according to a difference of times corresponding to pieces of count information included in at least two packets that are generated according to the second time rule.
- The method of claim 7, further comprising,encrypting the packet using either a single encryption method or a double encryption method.
- The method of claim 7, further comprising,synchronizing with the beacon management server.
- The method of claim 7, wherein, in generating the packet, when the first time rule is the same as the second time rule, the packet is generated to sequentially include the generated count information, and when the first time rule is different from the second time rule, the packet is generated to include the generated count information according to a predetermined order.
- The method of claim 7, further comprising,collecting state information of a beacon device.
- The method of claim 11, wherein the state information includes at least one among a temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, operation modes, and seismic intensity of the beacon device.
- A computer-readable storage medium on which a program for anti-spoofing, executed in a beacon device, is recorded,wherein, the program comprise:a code for generating count information according to a first time rule;a code for generating, according to a second time rule, a packet including the generated count information and a beacon device ID (UUID), the generated count information corresponding to a time at which the count information is generated; anda code for broadcasting the generated packet to a user's terminal device or a user's terminal device connected to a beacon device server in order that the user's terminal device or the beacon management server confirms a location of the user's terminal device according to a difference of times corresponding to pieces of count information included in at least two packets that are generated according to the second time rule.
- The computer-readable storage medium of claim 13, wherein the program further comprises,a code for encrypting the packet using either a single encryption method or a double encryption method.
- The computer-readable storage medium of claim 13, wherein the program further comprises,a code for synchronizing with the beacon management server.
- The computer-readable storage medium of claim 13, wherein the code for generating the packet generates the packet to sequentially include the generated count information when the first time rule is the same as the second time rule, and generates the packet to include the generated count information according to a predetermined order when the first time rule is different from the second time rule.
- The computer-readable storage medium of claim 13, wherein the program further comprises,a code for collecting state information of a beacon device.
- The computer-readable storage medium of claim 17, wherein the state information includes at least one among a temperature, humidity, atmosphere, battery power, power of transmitting RF, power of receiving RF, and seismic intensity of the beacon device.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR20140124402 | 2014-09-18 | ||
| KR10-2014-0124402 | 2014-09-18 | ||
| KR1020150003438A KR101624341B1 (en) | 2014-09-18 | 2015-01-09 | BLE beacon device for anti-spoofing |
| KR10-2015-0003438 | 2015-01-09 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2016043389A1 true WO2016043389A1 (en) | 2016-03-24 |
Family
ID=55533414
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/KR2015/000722 WO2016043389A1 (en) | 2014-09-18 | 2015-01-23 | Ble beacon device for anti-spoofing |
Country Status (1)
| Country | Link |
|---|---|
| WO (1) | WO2016043389A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019053796A1 (en) * | 2017-09-13 | 2019-03-21 | 三菱電機株式会社 | Terminal device, transmission device, data transmission system, and data reception method |
| CN109525938A (en) * | 2018-12-13 | 2019-03-26 | 广州刻路科技有限公司 | A kind of method and system reducing positioning and communicating energy consumption by bluetooth |
| US11337073B2 (en) | 2019-12-20 | 2022-05-17 | Samsung Electronics Co., Ltd. | Electronic apparatus and method of controlling thereof |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100172259A1 (en) * | 2009-01-05 | 2010-07-08 | Qualcomm Incorporated | Detection Of Falsified Wireless Access Points |
| KR20120010899A (en) * | 2010-07-27 | 2012-02-06 | 주식회사 안철수연구소 | Apparatus and method for servicing authentication by using portable device and authentication service system thereof, recordable medium which program for executing method is recorded |
| US20120040694A1 (en) * | 2009-04-22 | 2012-02-16 | Lei Zhou | Method, system and device for positioning mobile terminal |
| US20130294266A1 (en) * | 2012-04-23 | 2013-11-07 | Lg Electronics Inc. | Apparatus and method for estimating a location of a mobile station in a wireless local area network |
-
2015
- 2015-01-23 WO PCT/KR2015/000722 patent/WO2016043389A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100172259A1 (en) * | 2009-01-05 | 2010-07-08 | Qualcomm Incorporated | Detection Of Falsified Wireless Access Points |
| US20120040694A1 (en) * | 2009-04-22 | 2012-02-16 | Lei Zhou | Method, system and device for positioning mobile terminal |
| KR20120010899A (en) * | 2010-07-27 | 2012-02-06 | 주식회사 안철수연구소 | Apparatus and method for servicing authentication by using portable device and authentication service system thereof, recordable medium which program for executing method is recorded |
| US20130294266A1 (en) * | 2012-04-23 | 2013-11-07 | Lg Electronics Inc. | Apparatus and method for estimating a location of a mobile station in a wireless local area network |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019053796A1 (en) * | 2017-09-13 | 2019-03-21 | 三菱電機株式会社 | Terminal device, transmission device, data transmission system, and data reception method |
| JPWO2019053796A1 (en) * | 2017-09-13 | 2020-02-06 | 三菱電機株式会社 | Terminal device, transmission device, data transmission system, and data reception method |
| US11516656B2 (en) * | 2017-09-13 | 2022-11-29 | Mitsubishi Electric Corporation | Terminal device, transmission device, data transmission system, and data reception method for receiving signals transmitted from transmission devices mounted on a train |
| CN109525938A (en) * | 2018-12-13 | 2019-03-26 | 广州刻路科技有限公司 | A kind of method and system reducing positioning and communicating energy consumption by bluetooth |
| US11337073B2 (en) | 2019-12-20 | 2022-05-17 | Samsung Electronics Co., Ltd. | Electronic apparatus and method of controlling thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2016043388A1 (en) | Beacon manangement server for anti-spoofing | |
| CN102239719B (en) | Verifying neighbor cell | |
| WO2015147547A1 (en) | Method and apparatus for supporting login through user terminal | |
| US9325507B2 (en) | System and method for managing mobile device using device-to-device communication | |
| WO2012026644A1 (en) | Method for sharing secret value of sensor nodes in multi-hop wireless communication environment | |
| WO2011081242A1 (en) | Key authentication method for binary cdma | |
| JP4962237B2 (en) | Program and method for managing information on location of portable device and file encryption key | |
| WO2015072788A1 (en) | Method and apparatus for managing security key in a near fieldd2d communication system | |
| EP2856789B1 (en) | Method for tracking a mobile device onto a remote displaying unit via a mobile switching center and a head-end | |
| WO2016043389A1 (en) | Ble beacon device for anti-spoofing | |
| WO2012099330A2 (en) | System and method for issuing an authentication key for authenticating a user in a cpns environment | |
| JP4405309B2 (en) | Access point, wireless LAN connection method, medium recording wireless LAN connection program, and wireless LAN system | |
| WO2015199271A1 (en) | Method and system for sharing files over p2p | |
| WO2013089349A1 (en) | Apparatus and method for identifying wireless network provider in wireless communication system | |
| WO2019231215A1 (en) | Terminal device and method for identifying malicious ap by using same | |
| WO2022255619A1 (en) | Wireless intrusion prevention system and operating method therefor | |
| WO2013176439A1 (en) | Efficient routing-based communication jamming method in wireless network and device therefor | |
| WO2015105401A1 (en) | Security method and system for supporting prose group communication or public safety in mobile communication | |
| WO2012148029A1 (en) | Method for sharing a wireless access device among community-based users, and system using same | |
| WO2011112048A4 (en) | Method and apparatus for reporting audience measurement in content transmission system | |
| WO2018128264A1 (en) | Method for managing key in security system of multicast environment | |
| WO2016088936A1 (en) | Maintenance management for beacon device | |
| WO2012093892A2 (en) | Apparatus and method for audience measurement in multimedia streaming system | |
| WO2021085857A1 (en) | Radon management system using radon detector | |
| KR101624341B1 (en) | BLE beacon device for anti-spoofing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15842475 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 15842475 Country of ref document: EP Kind code of ref document: A1 |