WO2016142225A1 - Détection de falsification d'emplacement de terminal mobile - Google Patents

Détection de falsification d'emplacement de terminal mobile Download PDF

Info

Publication number
WO2016142225A1
WO2016142225A1 PCT/EP2016/054370 EP2016054370W WO2016142225A1 WO 2016142225 A1 WO2016142225 A1 WO 2016142225A1 EP 2016054370 W EP2016054370 W EP 2016054370W WO 2016142225 A1 WO2016142225 A1 WO 2016142225A1
Authority
WO
WIPO (PCT)
Prior art keywords
location
mobile device
service
localization system
signals
Prior art date
Application number
PCT/EP2016/054370
Other languages
English (en)
Inventor
Ashish Vijay Pandharipande
Sandeep Shankaran KUMAR
Original Assignee
Philips Lighting Holding B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Philips Lighting Holding B.V. filed Critical Philips Lighting Holding B.V.
Publication of WO2016142225A1 publication Critical patent/WO2016142225A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W64/00Locating users or terminals or network equipment for network management purposes, e.g. mobility management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/02Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
    • G01S5/0205Details
    • G01S5/0244Accuracy or reliability of position solution or of measurements contributing thereto
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/02Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
    • G01S5/0257Hybrid positioning
    • G01S5/0263Hybrid positioning by combining or switching between positions derived from two or more separate positioning systems
    • G01S5/0264Hybrid positioning by combining or switching between positions derived from two or more separate positioning systems at least one of the systems being a non-radio wave positioning system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information

Definitions

  • the present disclosure relates to localization, i.e. the process of determining the location of a mobile device based on a network of wireless nodes.
  • the location of a wireless device such as a mobile user terminal can be determined with respect to a location network comprising a plurality of wireless reference nodes, in some cases also referred to as anchor nodes.
  • anchor nodes are wireless nodes whose locations are known a priori, typically being recorded in a location database which can be queried to look up the location of a node.
  • the anchor nodes thus act as reference nodes for localization. Measurements are taken of the signals transmitted between the mobile device and a plurality of anchor nodes, for instance the RSSI (receiver signal strength indicator), ToA (time of arrival) and/or AoA (angle of arrival) of the respective signal.
  • RSSI received signal strength indicator
  • ToA time of arrival
  • AoA angle of arrival
  • the location of the mobile terminal may then be determined relative to the location network using techniques such as trilateration, multilateration or triangulation. Given the relative location of the mobile terminal and the known locations of the anchor nodes, this in turn allows the location of the mobile device to be determined in more absolute terms, e.g. relative to the globe or a map or floorplan.
  • Another localization technique is to determine the location of mobile device based on a "fingerprint" of a known environment.
  • the fingerprint comprises a set of data points each corresponding to a respective one of a plurality of locations throughout the environment in question.
  • Each data point is generated during a training phase by placing a wireless device at the respective location, taking a measurement of the signals received from or by any reference nodes within range at the respective location (e.g. a measure of signal strength such as RSSI), and storing these measurements in a location server along with the coordinates of the respective location.
  • the data point is stored along with other such data points in order to build up a fingerprint of the signal measurements as experienced at various locations within the environment.
  • the signal measurements stored in the fingerprint can then be compared with signal measurements currently experienced by a mobile device whose location is desired to be known, in order to estimate the location of the mobile device relative to the corresponding coordinates of the points in the fingerprint. For example this may be done by approximating that the device is located at the coordinates of the data point having the closest matching signal measurements, or by interpolating between the coordinates of a subset of the data points having signal measurements most closely matching those currently experienced by the device.
  • the fingerprint can be pre-trained in a dedicated training phase before the fingerprint is deployed, by systematically placing a test device at various different locations in the environment. Alternatively or additionally, the fingerprint can built up dynamically by receiving submissions of signal measurements experienced by the actual devices of actual users in an ongoing training phase.
  • the determination of the mobile device's location may be performed according to a "device-centric” approach or a "network-centric” approach.
  • each anchor or reference node emits a respective beacon signal.
  • the mobile device takes measurements of beacon signals it receives from the reference nodes, obtains the locations of those nodes from the location server, and performs the calculation to determine its own location at the mobile device itself.
  • the reference nodes are used to take measurements of beacon signals received from the mobile device, and an element of the network such as the location server performs the calculation to determine the mobile device's location.
  • Hybrid approaches are also possible, e.g. a "semi" device-centric approach where the mobile device takes the raw measurements but forwards them to the location server to calculate its location
  • one application of a positioning system is to automatically provide a wireless mobile device with access to control of a utility such as a lighting system, on condition that the mobile device is found to be located in a particular spatial region or zone associated with the lighting or other utility.
  • a wireless user device on condition that the device is found to be located within that room and requests access.
  • control access is provided to that device via a lighting control network.
  • location based services or functionality include indoor navigation, location- based advertising, service alerts or provision of other location-related information, user tracking, asset tracking, or taking payment of road tolls or other location dependent payments.
  • beaconing functionality of an anchor node into another unit that is designed to provide another utility such as lighting into the environment in question, rather than the anchor node being a separate, dedicated, stand-alone unit.
  • each node of the positioning system is also a luminaire for illuminating the environment, and optionally the transceiver used for beaconing may also be the same transceiver of the luminaire used to send and/or receive control-related signals such as control commands and sensor readings to and/or from the luminaire).
  • Both positioning systems employing network-centric and device-centric architectures have their own characteristic weaknesses.
  • a network-centric positioning system there is a problem of how to resolve whether the identity of the mobile device, whose transmissions result in its positioning at the location server, is actually true for the session in question.
  • a device-centric positioning system there is a problem of how to ensure that a mobile device that is requesting access to a location-based service is actually presenting its true position.
  • the present disclosure presents a combination of a network- centric positioning system and device-centric positioning system (or preferably a "semi" or "assisted” device- centric positioning system).
  • the network-centric system may be a radio based positioning system
  • the (at least partially) device centric system may be a coded light based positioning system.
  • the signaling between these two systems provides a verification of the true session identity and/or true position of the mobile device based on the individual location estimates performed by each.
  • a method comprising: obtaining a first location estimate of a location of the mobile device, the first location estimate being detected based on a plurality of first signals received from the mobile device by a plurality of reference nodes of a first localization system; and obtaining a second location estimate of the location of the mobile device, the second location estimate being detected based on a plurality of second signals communicated between the mobile device and a plurality of reference nodes of a second localization system.
  • the method then comprises, based on a comparison of the first and second location estimates, detecting one of: whether the first and second location estimate corroborate each other and whether one of the first and second location estimates has been falsified.
  • the method is performed in association with a location-based service which grants the mobile device with access to the location-based service in response to a service access request comprising an ID of the mobile device.
  • the method may further comprises: receiving the ID of the mobile device; and, on condition of said detection being negative (i.e. not detecting the falsification of one of the first or second estimates), verifying to said location-based service that the mobile device having said ID is legitimately associated with the first or second location estimate (the granting of said access to the location-based service being conditional on said verification).
  • the method may further comprises: receiving the ID of the mobile device; and, on condition of said detection being negative (i.e. not detecting the falsification of one of the first or second estimates), verifying to said location-based service that the mobile device having said ID is legitimately associated with the first or second location estimate (the granting of said access to the location-based service being conditional on said verification).
  • said detection is based on the second location estimate, or the measurements of the second signals, being received from the mobile device as part of said service request.
  • the location-based service may be operable to grant the mobile device with access to the location-based service multiple times, each time in response to a respective instance of said service request (e.g. each request being a request to instigate an individual operation of the location-based service such as turn off the lights, or "show my location on a map", etc.).
  • the method may comprise: performing a respective instance of said detection and verification each time the mobile device is granted access to the location-based service, each time based on the second location estimate, or the measurements of the second signals, as received from the mobile device as part of the respective service request.
  • the grant of access may comprise establishing an authenticated session between the mobile device and the location-based service, each time in response to a respective instance of said service request.
  • the method may comprise: performing a respective instance of said detection and verification each time the mobile device is granted access to the location-based service, each time based on the second location estimate, or the measurements of the second signals, as received from the mobile device as part of the respective service request (such that multiple operations of the location- based service can be instigated by the mobile device per session once the session is established, based on a common instance of the verification of the session).
  • the method may also comprise repeating said detection and verification one or more times during said session.
  • a malicious third party (who is not present in the relevant location for obtaining the location-based service) cannot easily take over the session or be granted access to the service because, in order to be verified, actual measurements of the second signals have to be heard by a mobile device present in the environment in question and reported to the second system in association with the device's ID. That is, the system employs a combination of a network centric approach in the first system and a semi device- centric approach in the second system (whereby the mobile device takes the measurements but forwards them to the second system to compute the location). The second system thus requires actual signal measurements to be reported by the mobile device from the relevant location.
  • this localization is then used to verify the mobile device ID presented to the first system, this means a malicious third party cannot falsely adopt the ID of the mobile device without actually knowing the signal measurements that would be experienced by the mobile device at its current location. Even if the third party obtained knowledge of the mobile device's ID and presented this to the first system, and attempted to present false signal measurements to the second system, then without knowing the actual current location of the mobile device (or being incredibly lucky), the verification would still fail at the comparison of the location estimates performed by the first and second systems (because the first system always performs the estimate in a fully network centric manner and so while the ID can be spoofed to the first system, the actual location cannot).
  • the verification can be particularly effective if performed often, e.g. based on an indication of risk - such as suspected malicious behavior, or the like.
  • another instance of the verification may be triggered when a request for a location-based service purports to be from the same device ID as a previously- verified device but arrives from a seemingly different device based on some other parameter visible from the request, e.g. with different network address such as a different IP address.
  • Devices can indeed legitimately change IP addresses for technical reasons, but tend not to do so very often relative to the timescale over which a location-based service is used.
  • a changing IP address is indicative of a different device potentially (but not necessarily) having stolen the legitimate device's device ID (e.g. MAC ID), and this can be used to trigger another instance of the verification.
  • the verification may be triggered by events (such as a new IP address), and/or may be applied periodically or randomly, and/or may be applied at the time when a device requests a session or on each individual request for an operation (e.g. turn on the lights, show my location on a map, etc.) and the question of when and in what circumstances it is desirable to apply the verification (may depend on the risk(s) involved in the application in question, e.g. weighing up the kind of data being breached vs.
  • events such as a new IP address
  • an operation e.g. turn on the lights, show my location on a map, etc.
  • the question of when and in what circumstances it is desirable to apply the verification may depend on the risk(s) involved in the application in question, e.g. weighing up the kind of data being breached vs.
  • the first signals are communicated using a different wireless technology than the second signals.
  • the first signals may be communicated using a different wireless protocol standard than the second signals, and preferably using a different carrier medium than the second signals.
  • the first signals may be communicated using radio as the carrier medium while the second signals are communicated using visible light as the carrier medium. Nonetheless, this is not necessarily the case in all possible embodiments, and the beacon signals of the first and second systems could instead be communicated based on the same wireless technology (same carrier medium and/or protocol).
  • the method may further comprise using the second location estimate to refine the first location estimate (i.e. improving the accuracy or precision of the first estimate, in addition to the verification of whether the first estimate is at least a legitimate estimate).
  • the detection of whether one of the estimates appears falsified may be performed at the first (network-centric) system.
  • the obtaining of the first location estimate comprises performing the calculation at a server the first system
  • the obtaining of the second location estimation may comprise receiving the second location estimation from a server of the second system (based on being computed at the server of second system).
  • the detection of whether one of the estimates appears falsified may be performed at the second (at least partially device-centric) system.
  • the obtaining of the second location estimate comprises performing the calculation at a server the second system
  • the obtaining of the first location estimation may comprise receiving the first location estimation from a server of the first system (based on being computed at the server of first system).
  • said detection could be performed elsewhere, e.g. at the location-based application server.
  • the obtaining of the first and second location estimates may comprise receiving both estimates from a server of the first and second systems (based on a computation performed at the server of the first and second systems).
  • the verification of the mobile device ID may be performed at the server of the same one of the first and second localization systems that performed the detection as to whether the location estimate was falsified, or at the server of the other localization system, or indeed elsewhere. If the verification is performed by one of the first localization system or second localization system, then said verifying may comprise sending an indication of the verification to the application server in order for the access to the location-based service to be granted.
  • an application server provides said location-based service, and said receiving of the ID of the mobile device and/or the second location estimate or measurements comprises: receiving the ID of the mobile device, and/or the second location estimate or the measurements of the second signals, at the first localization system or second localization system forwarded from the application server based on the service request being submitted from the mobile device to the application server.
  • the verification is performed by one of the first localization system or second localization system
  • said receiving of the ID of the mobile device and/or the second location estimate or measurements comprises: receiving the ID of the mobile device, and/or the second location estimate or the measurements of the second signals, at said one of the first localization system or second localization system forwarded from the other of the first localization system or second localization system, having been received at the other of the first localization system from the mobile device (8) or application server based on the service request.
  • said receiving of the ID of the mobile device and/or the second location estimate or measurements comprises: receiving the ID of the mobile device, and/or the second location estimate or the measurements of the second signals, via an authenticated channel between the mobile device and the application server.
  • the receipt of the ID and/or the receipt of the second location estimate or measurement may comprise receiving one or both of these direct from the mobile device, or from the mobile device via the application server (whether then being forwarded directly from the application server or via the second system).
  • the verification is performed by the first system (and optionally the refining of the estimate is also performed by the first system).
  • said obtaining of the first location estimate comprises the first localization system computing the first location estimate based on said first signals being received by the nodes of the first localization system
  • said obtaining of the second location estimate comprises the first localization system receiving a report of the second location estimate from the second localization system (in a device centric or semi device centric approach for the second system), or from the mobile device (in a fully device centric approach).
  • the first system may also receive the ID of the mobile device from the second system or from the mobile device in order to perform this verification of the device's ID in the first system.
  • the report of the second location estimate results from a computation of the second location estimate performed by the second system or mobile device based on said second signals being received by the mobile device from said plurality of reference nodes of the second localization system (i.e. an at least partially device centric approach being used for the second system), and in embodiments the received report results from a computation of the second location estimate performed by the second system based on measurements of the second signals being reported from the mobile device (a "semi" or “partially” device-centric approach, i.e. an assisted approach to device- centric localization).
  • the method may further comprise steps performed by the second localization system of: receiving IDs of said plurality of reference nodes of the second localization system, and performing the computation of the second location estimate based on a time-varying mapping between the IDs and locations of said plurality of reference nodes of the second localization system.
  • a location server of the first localization system configured to perform any of the relevant steps of the first localization system.
  • Fig. 1 is a schematic representation of an environment comprising a localization system in the form of an indoor positioning system
  • Fig. 2 is a schematic block diagram of a system for providing a location based service
  • Fig. 3 is a schematic diagram of an arrangement comprising a first localization system and a second localization system, and
  • Fig. 4 is a schematic block diagram of a mobile device.
  • Figure 1 illustrates an example of a positioning system (localization system) installed in an environment 2 according to embodiments of the present disclosure.
  • the environment 2 may comprise an indoor space comprising one or more rooms, corridors or halls, e.g. of a home, office, shop floor, mall, restaurant, bar, warehouse, airport, station or the like; or an outdoor space such as a garden, park, street, or stadium; or a covered space such as a gazebo, pagoda or marquee; or any other type of enclosed, open or partially enclosed space such as the interior of a vehicle (e.g. a large ship).
  • the environment 2 in question comprises an interior space of a building.
  • the positioning system comprises a location network 4, comprising multiple reference nodes in the form of anchor nodes 6 each installed at a different respective fixed location within the environment 2 where the positioning system is to operate.
  • a location network 4 comprising multiple reference nodes in the form of anchor nodes 6 each installed at a different respective fixed location within the environment 2 where the positioning system is to operate.
  • the network 4 may for example extend further throughout a building or complex, or across multiple buildings or complexes.
  • the positioning system is an indoor positioning system comprising at least some anchor nodes 6 situated indoors (within one or more buildings), and in embodiments this may be a purely indoor positioning system in which the anchor nodes 6 are only situated indoors. Though in other embodiments it is not excluded that the network 4 extends indoors and/or outdoors, e.g.
  • anchor nodes 6 situated across an outdoor space such as a campus, street or plaza covering the spaces between buildings.
  • the following will be described in terms of the reference nodes 6 being anchor nodes of an indoor positioning system or the like, but it will be appreciated this is not necessarily the case in all possible embodiments.
  • the environment 2 is occupied by a user 10 having a wireless device 8 disposed about his or her person (e.g. carried by hand, or in a bag or pocket).
  • the wireless device 8 takes the form of a mobile user terminal such as a smart phone or other mobile phone, a tablet, or a laptop computer.
  • the mobile device 8 has a current physical location which may be determined using the location network 4.
  • Another example would be a mobile tracking device disposed about a being or object to be tracked, e.g. attached to the object or placed within it.
  • Examples would be a car or other vehicle, or a packing crate, box or other container.
  • the device 8 may be any wireless device having the potential to be found at different locations or an as-yet unknown location to be determined. Further, the location of the mobile device 8 may be referred to interchangeably with the location of the associated user 10, being or object about which it is disposed.
  • the environment 2 also comprises at least one wireless access point or router 12 enabling communication with a location server 14
  • the one or more wireless access points 12 are placed such that each of the anchor nodes 6 is within wireless communication range of at least one such access point 12.
  • the following will be described in terms of one access point 12, but it will be appreciated that in embodiments the same function may be implemented using one or more access points 12 and/or wireless routers distributed throughout the environment 2.
  • the wireless access point 12 is coupled to the location server 14, whether via a local connection such as via a local wired or wireless network, or via a wide area network or internetwork such as the Internet.
  • the wireless access point 12 is configured to operate according to a short-range radio access technology such as Wi-Fi, Zigbee or Bluetooth, using which each of the anchor nodes 6 is able to wirelessly
  • each of the anchor nodes 6 could be provided with a wired connection to the location server 14, or one or more of the anchor nodes 6 could be arranged to act as an access point for the others.
  • the following may be described in terms of a wireless connection via an access point 12 or the like, but it will be appreciated that this is not limiting to all possible embodiments.
  • the mobile device 8 is also able to communicate via the wireless access point 12 using the relevant radio access technology, e.g. Wi-Fi, Zigbee or Bluetooth, and thereby to communicate with the location server 14.
  • the mobile device 8 may be configured to communicate with the location server 14 via other means such as a wireless cellular network such as a network operating in accordance with one or more 3 GPP standards.
  • the mobile device 8 is able to wirelessly receive beacon signals from, or transmit beacon signals to, any of the anchor nodes 6 that happen to be in range. In embodiments this communication may be implemented via the same radio access technology as used to communicate with the access point 12, e.g. Wi-Fi, Zigbee or Bluetooth, though that is not necessarily the case in all possible embodiments.
  • any of the communications described in the following may be implemented using any of the above options or others for communicating between the respective entities 6, 8, 12, 14 and for conciseness the various possibilities will not necessarily be repeated each time.
  • the beacon signals between the anchor nodes 6 and the mobile device 8 are the signals whose measurements are used to determine the location of the mobile device 8.
  • the anchor nodes 6 each broadcast a signal and the mobile device 8 listens, detecting one or more of those that are currently found in range and taking a respective signal measurement of each.
  • Each anchor node 6 may be configured to broadcast its beacon signal repeatedly.
  • the respective measurement taken of the respective beacon signal from each detected anchor node 6 may for example comprise a measurement of signal strength (e.g. RSSI), time of flight (ToF), angle of arrival (AoA), and/or any other property that varies with distance or location.
  • the mobile device 8 broadcasts a beacon signal and the anchor nodes 6 listen, detecting an instance of the signal at one or more of those nodes 6 that are currently in range.
  • the mobile device 8 may broadcast its beacon signal repeatedly.
  • the respective measurement taken of each instance of the beacon signal from the mobile device 8 may comprise a measure of signal strength (e.g. RSSI) or time of flight (ToF), angle of arrival (AoA), and/or any other property that varies with distance or location.
  • the nodes 6 may take the measurements but then send them to the mobile device 8 to actually compute the location, or the mobile device 8 may take the measurements but send them to a location server to perform the location computation.
  • This latter type of hybrid approach is referred to herein as a "semi" device centric approach (i.e. a device-assisted approach).
  • Time-of- flight measurements can be obtained by establishing either a one way transmission delay or a two-way transmission delay (round trip time, RTT).
  • RTT round trip time
  • a measurement of one-way delay can suffice if all relevant elements in the network have a synchronized clock or can reference a common clock.
  • the mobile device 8 may initiate the measurement with a single message transmission, adding a timestamp (e.g. time or time+date) of transmission to the message.
  • the anchor or reference nodes 6 can still perform a measurement by bouncing individual messages back from the mobile device 8 and determining the round-trip time-of-flight. The latter may involve coordination from the nodes attempting to measure.
  • the determination of distance from signal strength is based on the diminishment of the signal strength over space between source and destination, in this case between the mobile device 8 and anchor or reference node 6. This may for example be based on a comparison of the received signal strength with a-prior knowledge of the transmitted signal strength (i.e. if the nodes 6 or mobile device 8 are known or assumed to always transmit with a given strength), or with an indication of the transmitted signal strength embedded in the signal itself, or with the transmitted signal strength being communicated to the node 6 or device 8 taking the measurement via another channel (e.g. via location server 14).
  • beacon signal measurement is available from or at each of a plurality of the anchor nodes 6, it is then possible to determine the location of the mobile device 8 relative to the location network 4 using a technique such as trilateration, multilateration, triangulation and/or a fingerprint based technique.
  • the "absolute" locations of the anchor nodes 6 are known, for example from a location database maintained by the location server 14, or by the respective location of each anchor node 6 being stored at the node itself (e.g. and communicated from each relevant nodes to the mobile device 8 in a device centric approach).
  • the absolute location is a physical location of the node in a physical environment or framework, being known for example in terms of a geographic location such as the location on a globe or a map, or a location on a floorplan of a building or complex, or any real-world frame of reference.
  • the absolute location is a physical location of the device in a physical environment or framework, for example a geographic location in terms of the location on a globe or a map, or a location on a floorplan of a building or complex, or any more meaningful real-world frame of reference having a wider meaning than simply knowing the location relative to the location network 4 alone.
  • the absolute location of the nodes 6 may be stored in a human understandable form and/or the absolute location of the mobile device 8 may be output in a human understandable form. For example, this may enable the user 10 to be provided with a meaningful indication of his or her location, and/or may enable the administrator of a location-based service to define rules for granting or prohibiting access to the service or aspects of the service. Alternatively it is possible for the location of the nodes 6 and/or mobile device 8 to only ever be expressed in computer-readable form, e.g. to be used internally within the logic of the location based service.
  • the location is only ever expressed relative to the location network 4, 6 and not as a more meaningful "absolute" location.
  • each anchor node 6 is integrated with a respective luminaire (see below) and the location is being determined for the purpose of controlling those luminaires, then in some embodiments it may only be necessary to determine the user's location relative to the framework of points defined by the anchor nodes of these luminaires (though in other similar arrangements it may still be desired to define lighting control regions relative to the floorplan of a building or the like).
  • the beacon signal from each anchor node 6 comprises an ID of the respective anchor node.
  • the mobile device 8 uses these IDs to look up the locations of the relevant nodes 6 by querying the location server 14 (e.g. via the wireless access point 12).
  • the beacon signal from each node 6 could even comprise an explicit indication of the respective location. Either way, the mobile device 8 can then perform the calculation to determine its own location at the device 8 itself (relative to the location network 4 and/or in absolute terms).
  • the beacon signal comprise an ID of the mobile device 8, and the anchor nodes 6 submit the beacon signal measurements they took to the location server 14 along with the mobile device's ID (e.g. via the wireless access point 12).
  • the location server 14 then performs the calculation of the device's location at the server 14 (again relative to the location network 4 and/or in absolute terms).
  • the mobile device 8 takes the measurements of the beacon signals from the nodes 6, but submits them along with the respective received IDs to the location server 14 in a raw or partially processed form for the calculation to be performed or completed there.
  • a beacon signal measurement is needed from at least three reference nodes, though if other information is taken into account then it is sometimes possible to eliminate impossible or unlikely solutions based on two nodes. For example, if the location is assumed to be constrained to a single level (e.g. ground level or a given floor of a building), the measurement from any one given node 6 defines a circle of points at which the mobile device 8 could be located. Two nodes give two circles, the intersection of which gives two possible points at which the mobile device 8 may be located. Three nodes and three circles are enough to give an unambiguous solution at the intersection of the three circles (though more may be used to improve accuracy).
  • this location may then be used to assess whether the mobile device 8 is granted access to some location-based service (LBS).
  • LBS location-based service
  • a service access system 16 in the form of an LBS server, arranged to receive a service access request from the mobile device 8, requesting access to the service, and in response to conditionally grant access to the service in dependence on the absolute location of the mobile device 8.
  • the mobile device 8 submits its determined absolute location (e.g. in terms of global coordinates, map coordinates or coordinates on a floor plan) to the service access system 16 over a connection via the wireless access point 12 or other means such as a cellular connection.
  • the service access system 16 assesses this location and grants the mobile device 8 with access to the service on condition that the location is consistent with provision of the service (and any other access rules that happens to be implemented, e.g. also verifying the identity of the user 10).
  • the location server 14 submits the determined absolute location of the mobile device 8 to the service access system 16, e.g. via a connection over a local wired or wireless network and/or over a wide area network or internetwork such as the Internet.
  • the location server 14 may send the absolute location to the mobile device 8, and the mobile device may then forward it on to the service access system 16.
  • the service could be provided directly from the location server 14, or could even be implemented on an application running on the mobile device 8 itself.
  • a utility such as lighting from an application running on the mobile device 8, where the user can only control the lighting or utility in a given room or zone when found to be located in that room or zone, or perhaps an associated zone;
  • the location-related function comprises at least providing the device's absolute location to an application running on the mobile device 8, e.g. which the application may then use to display the user's location on a floor plan or map);
  • the localization messages are distributed internally within the localization system 4, 6, 14 security may be less of an issue; but in the case of two-way time of flight messages (RTT) for example, or where the reports are transmitted over a public network, it may be advantageous to provide them with a time-stamp (measurement time) or a nonce, and/or to "hash" the messages (digital signature) so as to thwart any replay attacks on the network backbone. The same could be done with the measurement reports sent to the location server 14.
  • Such measures are not essential but may be desirable in embodiments, particularly if the location-based service or functionality is susceptible to abuse or involves financial transactions or the like.
  • Figure 2 shows arrows in all directions to illustrate the possibility of either device centric or network centric approaches, but in any given implementation not all the communications shown need be bidirectional or indeed present at all.
  • each of the anchor nodes 6 is incorporated into a respective "smart luminaire" having an RF transceiver such as a Wi-Fi, ZigBee or Bluetooth transceiver for facilitating wireless control of the lighting in the environment 2 (as discussed in more detail later), and the anchor node functionality 6 is incorporated by exploiting the existence of this RF transceiver to additionally broadcast and/or receive localization beacon signals for an additional purpose of locating a mobile device 8.
  • the luminaires 6 may for example be installed in the ceiling and/or walls, and/or may comprise one or more free standing units.
  • each of the anchor nodes 6 may be incorporated into any of a luminaire, a smoke alarm, a presence sensor and/or light sensor unit, a security alarm, an air-conditioning unit, a ventilation unit, or a heating unit (and each anchor node 6 does not necessarily have to be incorporated into the same type of unit, though they may be).
  • the anchor nodes 6 may be dedicated anchor nodes 6 having no other function than localization.
  • the service access system 16 may be configured to control access to the control of the lighting 6.
  • the access system 16 of the lighting controller is configured with one or more location dependent control policies.
  • a control policy may define that a user 10 can only use his or her mobile device 8 to control the lights in certain region such as a room only when found within that region or within a certain defined nearby region.
  • the mobile device 8 only controls those luminaires within a certain vicinity of the user's current location.
  • the control of the lighting could be unrelated to the localization in terms of its user- facing function, and instead the location-based service could be something else such as an indoor navigation service, location-based advertising, etc.
  • each of the network-centric architecture and the device-centric architecture has a characteristic weakness of its own that does not exist in the other.
  • One of the challenges in a network-centric positioning system is that the network cannot determine whether the identity, e.g. MAC ID, being presented is actually the true identity of the device to be used during the session. As such, a rogue user can gain access to a service to which he or she is not entitled by taking over the MAC ID of that device (or the like). Also, by gaining access, this may deny the legitimate device access to the service.
  • identity e.g. MAC ID
  • a challenge in device-centric positioning systems is that a user can present any position, or signal measurements, to an application server 16 in order to gain access to the location based service, as there is no means at the application server to decide on the veracity of the location data presented to it by the user. As such, a rogue user can gain access to a service without being at the claimed position and therefore without having a legitimate right to the service.
  • the following embodiments provide a combination of a network-centric positioning system based on an RF (radio frequency) wireless technology and an at least partially device-centric positioning system based on coded light, wherein the signaling between the various system elements enables the true session identity and true position to be verified.
  • RF radio frequency
  • Figure 3 illustrates an arrangement in accordance with embodiments disclosed herein, comprising a combination of a first localization system for performing a first estimate of the location of the mobile device 8, and a second localization system for performing a second estimate of the location of the mobile device 8.
  • the first localization system comprises a first location server 14 and a plurality of first anchor nodes 6.
  • the second localization system comprises a second location server 18 and a plurality of second anchor nodes 6'.
  • the first location server is arranged to communicate with the second location server 18, and the second location server is arranged to communicate with the location-based service (LBS) application server 16.
  • LBS location-based service
  • these communications may be implemented via a local wired network such as an Ethernet network, or a local wireless network such as a Wi-Fi or ZigBee network, or a wide area wired and/or wireless network or internetwork, such as the Internet, or any combination of these.
  • a server is typically implemented in the form of a computer or network of computers running software to perform its serving functionality, but most generally a server may take the form of any entity employing software and/or dedicated hardware to provide the relevant serving functionality.
  • a server refers to logical server, and not necessarily a single server unit, such that a server may be implemented in one or more units at one or more geographical sites.
  • the functionality of the application server 16 could be integrated with the functionality of the location server 14 or second server 18 (e.g. the location-based service being provided by the same party as one or both of the first and second localization systems), or could be distinct (e.g. the provider of the location based service is a separate party than the localization providers).
  • the first location system 6, 14 is in fact a network- centric localization system while the second localization system 6', 18 is an at least partially device-centric localization system. That is, the first location estimate is performed based on one or more beacon signals 100 emitted by the mobile device 8 and received by a plurality of the first anchor nodes 6, while the second location estimate is performed based on a beacon signal 1 10 emitted from each of a plurality of the second anchor nodes 6' to be received by the mobile device 8.
  • each of a plurality of the first nodes 6 receive the signal 100 emitted by the mobile device 8 and take a measurement of the received signal such as its RSSI, ToF or AoA as discussed above, and the first location server 14 is arranged to receive these measurements 105 from the plurality of first nodes 6 (e.g. via any of the communication means discussed above).
  • the first localization server 14 uses these reported measurements to compute the first location estimate for the mobile device 8, based on any of the techniques discussed above such as triangulation, trilateration, multilateration or fingerprinting.
  • the second localization is a semi device-centric localization system. That is, the mobile device 8 is configured to take measurements of the signals 1 10 emitted from a plurality of the second nodes 6', but to forward the measurements 1 15 in raw or partially-processed form to the second localization server 18 for the second location estimate to be computer there based on the forwarded measurements.
  • This forwarding may be achieved via any of the communication means discussed above in relation to Figures 1 and 2, e.g. a direct or networked wired connection, or wireless connection via the access point 12; and again, the second location estimation may be performed using any of the above-described techniques such as triangulation, trilateration, multilateration or fingerprinting.
  • any of the general discussion of localization techniques, device centric techniques or semi device centric techniques described above in relation to components labeled 6 and 14 in Figures 1 and 2, may apply to the corresponding components 6', 18 of the second system in the two-system arrangement of Figure 3.
  • the beacon signal 100 emitted by the mobile device 8 comprises an ID of the first device, such as a MAC (media access control) ID, and the beacon signals 1 10 emitted by the second anchor nodes each comprise an ID of the respective second node.
  • the first device such as a MAC (media access control) ID
  • the beacon signals 1 10 emitted by the second anchor nodes each comprise an ID of the respective second node.
  • measurements 105 of the first beacon signal 100 are forwarded to the first location server 14 along with both the ID (e.g. MAC ID) of the mobile device 8 and respective IDs of the first nodes 6 reporting the measurements, and the measurements 1 15 of the second beacon signals are forwarded to the second location server 18 along with both the ID (e.g. MAC ID) of the mobile device 8 and the respective IDs of the respective second nodes 6' .
  • ID e.g. MAC ID
  • the ID of the mobile device enables the first and second servers 14, 18 to identify the device 8 with which the computed location estimate is to be associated; and the IDs of the first and second nodes 6, 6' enable the first and second servers 14, 18 to compute the first and second location estimates (respectively), by computing the location of the mobile device relative to the respective nodes 6, 6' and looking up the locations of the respective nodes 6, 6' from their IDs.
  • the anchor nodes 6 of the first localization system are arranged to operate according to a first wireless technology, while the anchor nodes 6' of the second localization system are arranged to operate according to a second wireless technology different than the first.
  • the first wireless technology may use a first carrier medium such as RF
  • the second wireless technology may use a second, different carrier medium such as visible light.
  • the first nodes 6 are arranged to receive RF beacon signals from the mobile device, while the second nodes 6' are arranged to emit visible light beacon signals to be received by the mobile device 8.
  • the RF beacon may be implemented using Wi-Fi, ZigBee or Bluetooth, or other such short-range RF technology.
  • the visible light beacon may be implemented in the form of a coded light signal, whereby a signal is modulated into the light at a frequency substantially beyond human perception.
  • each of the first anchor nodes 6 is implemented using the RF transceiver (or at least receiver) of a respective wirelessly-controlled luminaire (the same transceiver or receiver that is used to wirelessly control the luminaire), and a respective second anchor nodes is implemented by modulating the illumination emitted by the lighting element of each of these same luminaires.
  • each first anchor node 6 is in fact incorporated into the same unit as a respective one of the second anchor nodes, and may share some of the same components (e.g. same processor, memory and/or power supply).
  • Figure 4 illustrates and example of a mobile device 8 comprising both a wireless transceiver (or at least transmitter) 22 for emitting an RF beacon signal to be detected by a plurality of the first anchor nodes 6 of the first system, and a light sensor (e.g. camera or dedicated photosensor) 24 for receiving the coded light beacon from a plurality of the second anchor nodes 6' of the second system.
  • the RF transmitter 22 and light sensor 24 are arranged to transmit and receive the RF and coded light beacon signals, respectively, under control of a local controller 20 of the mobile device 8 (e.g. software running on a processor of the mobile device, or dedicated control hardware, or a combination of the two).
  • the controller 20 on the mobile device 8 is also arranged to take the relevant measurements of the received coded light beacon signals (e.g. RSSI, ToF and/or AoA), to detect the respective IDs of the respective anchor nodes 6' of the second system in the coded light beacon signals, and to forward these to the second location server 18, either using the same RF transmitter/transceiver 22 used to emit the first beacon signals, or another transmitter or transceiver onboard the mobile device 8.
  • These measurements and node IDs may be forwarded to the second location server 18, via any suitable communication such as discussed in relation to Figures 1 and 2, e.g. via the wireless access point 12 using any suitable wireless technology such as Wi-Fi, ZigBee or Bluetooth.
  • the measurements and node IDs may be forwarded to or as part of a service request to the application server 16 (which in turn forwards them to the second location server 18), or directly (not via the application server 16).
  • the process for verifying the true location and ID of the mobile device proceeds as follows.
  • the mobile device 100 submits a service request 1 15 to the LBS application server 16 by presenting the coded light identifiers that it receives at its location and its wireless MAC ID on an authenticated channel.
  • the authenticated channel is established using secure credentials between the mobile device 8 and the application server 16.
  • the authentication of the channel could be based on certificates, or username and password combinations, or any other known authentication technique.
  • the authenticated channel may be a TLS (Transport Layer Security) channel (IETF RFC 5246).
  • Another example is to use cryptographic techniques, e.g. using a public key infrastructure, so as to be able to use a key agreement protocol to agree to a session key.
  • this can be used by the mobile device 8 to provide: its credentials and the coded light IDs (second system beacon IDs), the mobile devices MAC ID, and the RSSI measurements (or its own calculated position) to be verified at the application server 16 or second server 18 (i.e. out of control of the mobile device).
  • the coded light IDs second system beacon IDs
  • the mobile devices MAC ID the mobile devices MAC ID
  • the RSSI measurements or its own calculated position
  • the LBS application server 16 On receiving the service request, at step 120 the LBS application server 16 presents the coded light identifiers and the wireless MAC ID to the second server 18 (of the coded light system), which computes a position based on the coded light identifiers.
  • the second server 18 presents the computed position along with the wireless MAC ID to the first server 14 (of the network-centric radio positioning system), and the first server 14 cross-checks whether the presented position and MAC ID is close to the one it has itself computed based on radio signal measurements 100. If yes, the radio positioning system 14 validates the MAC ID that it has independently received from the mobile device 8 as the current session ID. Further, at step 130, it validates to the coded light system 18 the position information corresponding to the MAC ID. A validated position is thereby given service access by the LBS application server.
  • the detection of a falsified location estimate could be based on any detection that the estimates differ by more than a specified margin of error.
  • the condition for detecting a false location may be that any either of the x and y coordinates differs by a threshold amount ⁇ or Ay respectively, or that both the x and y coordinates differ by these threshold amounts, or that some combined measure of x and y such as (x 2 +y 2 ) or V(x 2 +y 2 ) exceeds a threshold. Similar thresholds could be applied based on the coordinates of other coordinates systems such as polar coordinates r, ⁇ .
  • the condition for detecting falsehood could be dependent on a function of multiple instances of any such error measurements over time, e.g.
  • the network-centric radio positioning system 14 validates to the coded- light system 18 the presented position of the MAC ID if the position is within a pre-defined vicinity of the position it has also computed based on signal measurements for the same MAC ID. A validated position also confirms that the position computed by the network- centric radio positioning system 14 can be confidently linked to the MAC ID of the device to be used as a session ID.
  • the coded light system 18 provides feedback on position validation to the LBS application server 16 which can finally make a decision to either allow or deny service to the user device. That is, the system 18 verifies to the location-based service 16 that the device ID is legitimately associated with the estimated location.
  • the system is set up such that each service request for each individual operation requested from the LBS server 16 ("turn off the lights", “show my location on a map”, etc.) must be accompanied by both the requesting device's ID and the device-centric signal measurements (e.g. received signal strengths) it has taken from the second nodes 6', and the ID must be verified based on the signal measurements submitted in that same request, in order to be granted.
  • the device-centric signal measurements e.g. received signal strengths
  • the system may only require the verification to be performed once per session, or perhaps every time it sees another request from a different account with the same device ID (or more generally whenever the LBS application server may think as a malicious behavior in progress). In either case, the malicious party would need both the device ID and the device-centric measurements (e.g. coded light measurements) that the original device experiences in order to take over the ID. This is a difficult combination for the malicious party to fake.
  • the device-centric measurements e.g. coded light measurements
  • the location-based service provider 16 is, say, a cloud-based mapping service. If the map service provider needs to show the location of A on the map, it needs to get the ID (e.g. MAC address) of A (from A) and then ask for A's location from the network-centric location server 14 to depict on the map (there are also other ways but with similar problems, e.g. A only gets the map from a service provider and asks for its own location from the network-centric location server 14).
  • X can pretend to the service provider 16 that it is A by giving it the ID of A (e.g. MAC address) and ask it to depict the current position on a map.
  • the service provider 16 has no way to verify whether the ID belongs to X or A, and neither does the locations server 14 (since in a network-centric arrangement the localization is based on passive listening of the device's signals with no further authentication).
  • A also asks for his location on the map: then the service provider 16 sees two different requests from different devices (e.g. because they originate from two different IP address) and may decide to not give A the service or block it for both A and X (this particular behavior would depend on how each service provider detects 16 possible malicious behavior and how it intend to respond to it).
  • the service provider 16 can link the requesting device 8 (e.g. its IP address or some other credential used to access the service) to the deice ID (e.g. MAC ID) seen on the localization side 14.
  • the deice ID e.g. MAC ID
  • This validation can be performed regularly, or occasionally as required by the LBS application server 16. For example the validation of the location and/or ID may be repeated periodically, or randomly, or in response to an event such as a request from the application server 16, or in response to some other event such as detecting one or more factors indicative of suspicious behavior.
  • the verification can be particularly effective if performed often, e.g. based on an indication of risk - such as suspected malicious behavior, or the like.
  • another instance of the verification may be triggered when a request for a location-based service purports to be from the same device ID as a previously-verified device but arrives from a seemingly different device based on some other parameter visible from the request, e.g. with different network address such as a different IP address.
  • Devices can indeed legitimately change IP addresses for technical reasons, but tend not to do so very often relative to the timescale over which a location-based service is used.
  • a changing IP address is indicative of a different device potentially (but not necessarily) having stolen the legitimate device's device ID (e.g. MAC ID), and this can be used to trigger another instance of the verification.
  • the above embodiments have been described only by way of example.
  • the scope of the present disclosure is not limited to using RF as the beaconing technology in the first system and coded light as the beaconing technology in the second system.
  • the second (at least partially device-centric) system may be configured to use some other modality such as another radio technology (e.g.
  • the mobile device 8 may present a computed position along with identities related to the second nodes' radios or ultrasound transmitters to the LBS application server 16.
  • the first and second systems may be implemented based on any combination of different carrier media (radio, visible light, ultrasound, etc.) or even any combination of different wireless access technologies (different standards) using the same carrier medium (e.g. Wi-Fi, ZigBee, Bluetooth, a proprietary protocol, etc.).
  • the two systems could even use different channels of the same wireless access technology (e.g. different frequency channels, different time slots, etc.).
  • the nodes of a given location network could split the nodes in two independent sets, wherein the first set effectively only listens to the mobile device and determines the position of the mobile on the network side, while the mobile device determines its position using the beaconing of the second set of nodes.
  • the anchor nodes 6' of the second system comprise some or all of the same physical transceivers as the anchor nodes 6 of the first system, e.g. the second nodes being a subset of the first, such that the first and second systems comprise different virtual networks using the same hardware (as long as the nodes of the subset have the option of operating in both network and device centric modes).
  • first (network-centric) and second (device centric) beacon signals are transmitted on different channels (e.g. different frequency channels) or with a timing scheme to avoid or manage collisions (e.g. based on a scheme of acknowledgments).
  • the mobile device ID is not limited to MAC ID, and in other embodiments any identification mechanism may be used.
  • the identification of the mobile device 8, nodes 6 of the first system, and/or nodes 6' of the second system may optionally also be encrypted in the respective communications 105, 1 15 in which they are presented to the first and second systems 14, 18 (or application server 16).
  • the verification of this ID to the location-based service is to verify that the ID appears legitimate based on the fact that one or both of the first and second location estimates have not been detected to be false, and therefore verifying to the location-based service that the mobile device having this ID is entitled to be granted access to the service, at least in terms of its location.
  • the access to the location-based service may be made conditional upon this verification.
  • additional conditions required to be met for the mobile device to actually be granted access e.g. the user of the device has to submit a correct username and password of an account entitled to access the service, and/or the service request from the mobile device has to pass a certain cryptographic authentication test, etc.).
  • the checking for a false location and/or the verification of the mobile device ID against this check need not necessarily be performed by the server 14 of the first system.
  • one or both of these steps could be performed by the server 18 of the second system based on information from the first server 14, or one or both of these steps could be performed by the application server 16 based on information from the first and second servers 14, 18.
  • the information required by the first or second server 14, 18 from the mobile device 8 could be received directly from the device 8, or via the application server 16 (based on the service request). In the latter case, this may be forwarded directly from the application server to the first and/or second server 14, 18, or one of the servers 14, 18 could receive this information forwarded indirectly from the application server 16 to the other of the first and second servers 14, 18.
  • first server 14 server of the first localization system
  • second server 18 server of the second localization system
  • application server 16 refer to logical entities which may be implemented on the same one or more server units, or different server units, or an overlapping combination of server units; and which may be implemented by the same party or different parties.
  • the first and second location servers 14, 18 may be implemented by the same party while the application server 16 may be a third party, or one or the first and second servers 14, 18 may be implemented by the same party as the application server 16, or all three servers may be implemented by the same party.
  • a computer program may be stored/distributed on a suitable medium, such as an optical storage medium or a solid-state medium supplied together with or as part of other hardware, but may also be distributed in other forms, such as via the Internet or other wired or wireless telecommunication systems. Any reference signs in the claims should not be construed as limiting the scope.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Remote Sensing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Position Fixing By Use Of Radio Waves (AREA)

Abstract

L'invention concerne un procédé consistant à : obtenir une première estimation d'emplacement d'un emplacement d'un dispositif mobile, la première estimation d'emplacement étant détectée en se basant sur une pluralité de premiers signaux émis par le dispositif mobile vers une pluralité de nœuds de référence d'un premier système de localisation ; obtenir une seconde estimation d'emplacement de l'emplacement du dispositif mobile, la seconde estimation d'emplacement étant détectée en se basant sur une pluralité de seconds signaux reçus par le dispositif mobile en provenance d'une pluralité de nœuds de référence d'un second système de localisation ; et en se basant sur une comparaison des première et seconde estimations d'emplacement, effectuer une vérification de façon à détecter si l'une des première et seconde estimations d'emplacement a été falsifiée.
PCT/EP2016/054370 2015-03-09 2016-03-02 Détection de falsification d'emplacement de terminal mobile WO2016142225A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP15158133.7 2015-03-09
EP15158133 2015-03-09

Publications (1)

Publication Number Publication Date
WO2016142225A1 true WO2016142225A1 (fr) 2016-09-15

Family

ID=52692413

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2016/054370 WO2016142225A1 (fr) 2015-03-09 2016-03-02 Détection de falsification d'emplacement de terminal mobile

Country Status (1)

Country Link
WO (1) WO2016142225A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107104798A (zh) * 2017-04-28 2017-08-29 北京动石科技有限公司 一种基于无连接通信验证的信息传递方法
US10484350B2 (en) 2017-04-26 2019-11-19 At&T Intellectual Property I, L.P. Privacy-preserving location corroborations
US10623950B2 (en) 2015-06-23 2020-04-14 Signify Holding B.V. System for protecting location information
DE102021204373A1 (de) 2021-04-30 2022-11-03 Trumpf Werkzeugmaschinen Gmbh + Co. Kg Zuverlässige Ortung einer UWB-Mobileinheit
DE102021204374A1 (de) 2021-04-30 2022-11-03 Trumpf Werkzeugmaschinen Gmbh + Co. Kg UWB-Lokalisierung mit unabhängiger UWB-Ankersynchronisation

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050024265A1 (en) * 1999-01-08 2005-02-03 Trueposition, Inc. Multiple pass location processor
US20110287779A1 (en) * 2010-05-21 2011-11-24 Andrew Llc System and Method for Location Assurance of A Mobile Device
US8370629B1 (en) * 2010-05-07 2013-02-05 Qualcomm Incorporated Trusted hybrid location system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050024265A1 (en) * 1999-01-08 2005-02-03 Trueposition, Inc. Multiple pass location processor
US8370629B1 (en) * 2010-05-07 2013-02-05 Qualcomm Incorporated Trusted hybrid location system
US20110287779A1 (en) * 2010-05-21 2011-11-24 Andrew Llc System and Method for Location Assurance of A Mobile Device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10623950B2 (en) 2015-06-23 2020-04-14 Signify Holding B.V. System for protecting location information
US10484350B2 (en) 2017-04-26 2019-11-19 At&T Intellectual Property I, L.P. Privacy-preserving location corroborations
CN107104798A (zh) * 2017-04-28 2017-08-29 北京动石科技有限公司 一种基于无连接通信验证的信息传递方法
CN107104798B (zh) * 2017-04-28 2020-03-03 郭铮铮 一种基于无连接通信验证的信息传递方法
DE102021204373A1 (de) 2021-04-30 2022-11-03 Trumpf Werkzeugmaschinen Gmbh + Co. Kg Zuverlässige Ortung einer UWB-Mobileinheit
DE102021204374A1 (de) 2021-04-30 2022-11-03 Trumpf Werkzeugmaschinen Gmbh + Co. Kg UWB-Lokalisierung mit unabhängiger UWB-Ankersynchronisation

Similar Documents

Publication Publication Date Title
US11041933B2 (en) Localization based on network of wireless nodes
US10401470B2 (en) Method and apparatus for locating of a mobile device
US10165542B2 (en) Localization of a mobile device
EP3029972B1 (fr) Sécurité de données de balise intelligente
US10681494B2 (en) Controlling localization
US10386454B2 (en) Network centric localization for determining the location of mobile devices
US10462625B2 (en) Time-multiplex transmission of localisation beacon signals and control-related signals
WO2016142225A1 (fr) Détection de falsification d'emplacement de terminal mobile
US9903935B2 (en) Positioning system for determining the location of a device
EP3354086B1 (fr) Localisation d'un dispositif mobile
WO2017005502A1 (fr) Règles d'accès à des services basés sur la position

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16707728

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16707728

Country of ref document: EP

Kind code of ref document: A1