WO2019110111A1 - Enhancing security of tag devices - Google Patents

Enhancing security of tag devices Download PDF

Info

Publication number
WO2019110111A1
WO2019110111A1 PCT/EP2017/081871 EP2017081871W WO2019110111A1 WO 2019110111 A1 WO2019110111 A1 WO 2019110111A1 EP 2017081871 W EP2017081871 W EP 2017081871W WO 2019110111 A1 WO2019110111 A1 WO 2019110111A1
Authority
WO
WIPO (PCT)
Prior art keywords
instance
identification
identification information
received
information
Prior art date
Application number
PCT/EP2017/081871
Other languages
French (fr)
Inventor
Lauri Aarne Johannes Wirola
Jari Tapani SYRJÄRINNE
Original Assignee
Here Global B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Here Global B.V. filed Critical Here Global B.V.
Priority to PCT/EP2017/081871 priority Critical patent/WO2019110111A1/en
Priority to EP17809319.1A priority patent/EP3721251A1/en
Publication of WO2019110111A1 publication Critical patent/WO2019110111A1/en

Links

Classifications

    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/02Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/02Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
    • G01S5/0284Relative positioning
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/02Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
    • G01S5/0284Relative positioning
    • G01S5/0289Relative positioning of multiple transceivers, e.g. in ad hoc networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S2205/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S2205/01Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations specially adapted for specific applications
    • G01S2205/02Indoor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Definitions

  • the following disclosure relates to the field of indoor positioning systems, and more particularly relates to systems, apparatuses, and methods for enhancing security of such indoor positioning systems.
  • Satellite-based radio navigation signals simply do not penetrate through the walls and roofs for the adequate signal reception and the cellular signals have too narrow bandwidth for accurate ranging by default.
  • the solution needs to be based on an existing infrastructure in the buildings and on existing capabilities in the consumer devices.
  • Wi-Fi- and/or Bluetooth (BT) -technologies that are already supported in every smartphone, tablet, laptop and even in the majority of feature phones. It is, thus, required to find a solution that uses the Wi-Fi- and BT-radio signals in such a way that makes it possible to achieve 2 to 3 meter horizontal positioning accuracy, close to 100% floor detection with the ability to quickly build the global coverage for this approach.
  • radio mapping To setup indoor positioning in a building, the radio environment in the building needs to be surveyed. This phase is called radio mapping. In the radio mapping phase samples containing geolocation (like latitude-, longitude-, altitude-; or x-, y-, z- (floor) coordinates) and radio measurements (Wi-Fi and/or Bluetooth radio node identities and signal strengths). Having these samples allows understanding how the radio signals behave in the building. This understanding is called a radio map. The radio map enables localization capability to devices. When they observe varying radio signals, the signals can be compared to the radio map resulting in the location information.
  • geolocation like latitude-, longitude-, altitude-; or x-, y-, z- (floor) coordinates
  • radio measurements Wi-Fi and/or Bluetooth radio node identities and signal strengths
  • the radio samples for the radio map may be collected with special software tools or crowd-sourced from the user devices. While automated crowd-sourcing can enable indoor localization in large number of buildings, manual data collection using special software tools may be the best option, when the highest accuracy is desired.
  • Yet another aspect of the modern Bluetooth radio node respectively beacon systems is beacon monitoring and management.
  • Hubs are deployed throughout the venue so that each beacon can communicate with at least one hub.
  • the hubs are connected to a
  • a gateway hub respectively a gateway device, which is essentially a wired/wireless router.
  • the hubs may be connected to the gateway hub through cable (e.g. Ethernet) or wirelessly (e.g. Wi-Fi, Cellular).
  • the gateway hub may for instance be connected to a beacon monitoring and/or
  • the beacon monitoring refers to monitoring the beacon characteristics most typically via one-way communications by the hubs.
  • the beacons may e.g. periodically broadcast their battery states, which transmissions are captured by the hubs and further routed to the monitoring/management server for analysis and visualization.
  • the beacon management refers to being able to perform two-way
  • the server managing/monitoring the hub and/or beacon constellations can be a virtual server operated in a cloud (e.g. AWS, Azure), or it can be also a physical local server constituting a self-hosted, high-security system.
  • tag devices transmitting information carried by advertisement packets have a drawback that those advertisement packets can be captured by anyone as the advertisement packet format needs to follow Bluetooth standard.
  • the actual payload (e.g. Bluetooth beacon IDs and optionally measurements) description may not be public, it can be easily be obtained (e.g. hacked) by a third party respectively person.
  • an object of the invention to achieve a solution for enhancing security of transmission in such indoor positioning systems.
  • a first method is disclosed, performed and/or controlled by at least one first apparatus, the first method comprising:
  • each of the one or more identification information at least partially comprises an identification enabling the at least one first apparatus to be identified
  • This method may for instance be performed and/or controlled by a low-capability device, for instance a tag device.
  • the method may be performed and/or controlled by using at least one processor of the tag device.
  • a computer program is disclosed, the computer program when executed by a processor causing an apparatus, for instance a tag device, to perform and/or control the actions of the first method according to the first exemplary aspect of the present invention.
  • the computer program may be stored on computer-readable storage medium, in particular a tangible and/or non-transitory medium.
  • the computer readable storage medium could for example be a disk or a memory or the like.
  • the computer program could be stored in the computer readable storage medium in the form of instructions encoding the computer-readable storage medium.
  • the computer readable storage medium may be intended for taking part in the operation of a device, like an internal or external memory, for instance a Read-Only Memory (ROM) or hard disk of a computer, or be intended for distribution of the program, like an optical disc.
  • ROM Read-Only Memory
  • an apparatus configured to perform and/or control or comprising respective means for performing and/or controlling the first method according to the first exemplary aspect of the present invention.
  • the means of the apparatus can be implemented in hardware and/or software. They may comprise for instance at least one processor for executing computer program code for performing the required functions, at least one memory storing the program code, or both. Alternatively, they could comprise for instance circuitry that is designed to implement the required functions, for instance implemented in a chipset or a chip, like an integrated circuit. In general, the means may comprise for instance one or more processing means or processors.
  • a first apparatus comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus, for instance the apparatus, at least to perform and/or to control the first method according to the first exemplary aspect of the present invention.
  • the above-disclosed apparatus may be a module or a component for a device, for example a chip.
  • the disclosed apparatus according to any aspect of the invention may comprise only the disclosed components, for instance means, processor, memory, or may further comprise one or more additional components.
  • a second method is disclosed, performed and/or controlled by at least one second apparatus, the second method comprising:
  • the extracted identification does match one or more stored identifications, wherein the one or more received beacon measurements are rejected in case the extracted identification accompanying the one or more received beacon measurements does not match at least one of the stored one or more identifications.
  • This method may for instance be performed and/or controlled by a gateway device, for instance a mobile device or a radio node to name but a few non-limiting examples.
  • the method may be performed and/or controlled by using at least one processor of the gateway device.
  • a computer program when executed by a processor causing an apparatus, for instance a mobile device, or a radio node, to perform and/or control the actions of the second method according to the second exemplary aspect of the present invention.
  • the computer program may be stored on computer-readable storage medium, in particular a tangible and/or non-transitory medium.
  • the computer readable storage medium could for example be a disk or a memory or the like.
  • the computer program could be stored in the computer readable storage medium in the form of instructions encoding the computer-readable storage medium.
  • the computer readable storage medium may be intended for taking part in the operation of a device, like an internal or external memory, for instance a Read-Only Memory [ROM) or hard disk of a computer, or be intended for distribution of the program, like an optical disc.
  • ROM Read-Only Memory
  • an apparatus configured to perform and/or control or comprising respective means for performing and/or controlling the second method according to the second exemplary aspect of the present invention.
  • the means of the apparatus can be implemented in hardware and/or software. They may comprise for instance at least one processor for executing computer program code for performing the required functions, at least one memory storing the program code, or both. Alternatively, they could comprise for instance circuitry that is designed to implement the required functions, for instance implemented in a chipset or a chip, like an integrated circuit. In general, the means may comprise for instance one or more processing means or processors.
  • a second apparatus comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus, for instance the apparatus, at least to perform and/or to control the second method according to the second exemplary aspect of the present invention.
  • the above-disclosed apparatus according to any aspect of the invention may be a module or a component for a device, for example a chip.
  • the disclosed apparatus according to any aspect of the invention may be a device, for instance a gateway device, a mobile device or a radio node.
  • the disclosed apparatus according to any aspect of the invention may comprise only the disclosed components, for instance means, processor, memory, or may further comprise one or more additional components.
  • a system comprising:
  • At least one first apparatus e.g a tag device
  • At least one second apparatus e.g. a gateway device, a mobile device or a radio node
  • a gateway device e.g. a mobile device or a radio node
  • the at least one first apparatus may for instance be or be part of a tag device.
  • the at least one first apparatus may not comprise or may not be connected to a user interface, and/or may not comprise or may not be connectable to a display.
  • Such a tag device may for instance comprise or be connectable to a transmitter and/or a receiver, in particular a transceiver providing means for transmitting and for receiving, e.g. according to wireless local area networks (WLAN), to Bluetooth (BT) or to Bluetooth Low Energy (BLE) communication standard.
  • WLAN wireless local area networks
  • BT Bluetooth
  • BLE Bluetooth Low Energy
  • Such a tag device may for instance broadcast standard signals in order to advertise their presence. In some cases, they may advertise in this way availability to mobile devices seeking a connection, e.g. via broadcasting signals.
  • the signals may convey the information in the form of packets of pre-defined format.
  • the information may for instance be the one or more beacon measurements and may include or comprise at least an
  • the at least one first apparatus may be visible to any mobile device with suitable radio interface, regardless of whether or not they are known to the mobile device.
  • a tag device may for instance be of low capability (also referred to as low-capability device), e.g. not comprising or being connectable to a user input device (e.g. keypad, touchpad, or the like to name but a few non-limiting examples), and/or a display, e.g. for displaying information, e.g. to a user.
  • the one or more identification information may for instance be transmitted, e.g. to the at least one second apparatus (e.g. gateway device, mobile device, or radio node).
  • the one or more identification information may for instance be transmitted via a wire- bound communication connection, e.g. according to LAN (Local Area Network) specification to name but one non-limiting example.
  • the one or more identification information may for instance be transmitted via a wireless
  • WLAN- Wireless Local Area Network
  • BT Bluetooth
  • BLE Bluetooth Low Energy
  • NFC Near Field Communication
  • Each of the one or more identification information at least partially comprises an identification enabling the at least one first apparatus to be identified.
  • the identification enabling the at least one first apparatus to be identified may for instance be a UUID (Universally Unique Identifier), a SSID (Service Set Identifier), or a MAC (Medium Access Control) address to name but a few non-limiting examples.
  • UUID Universally Unique Identifier
  • SSID Service Set Identifier
  • MAC Medium Access Control
  • the one or more beacon measurements may for instance be one or more signal strength values.
  • the one or more beacon measurements may for instance be determined by measuring the one or more signal strength values based on sent beacon signals of one or more beacon devices.
  • Such one or more beacon devices may for instance be comprised by a venue, e.g. by an infrastructure of the venue.
  • a respective beacon device of such one or more beacon devices may for instance be a radio node, e.g. of the venue.
  • a respective beacon device may for instance be used for indoor positioning and/or floor detection, e.g. according to BT- (Bluetooth) and/or BLE- (Bluetooth Low Energy) specification, or may for instance be a Wi-Fi Access Point for indoor positioning and/or floor detection, e.g. according to the WLAN- (Wireless Local Area Network) specification).
  • BT- Bluetooth
  • BLE- Bluetooth Low Energy
  • Such a beacon device of the one or more beacon devices may for instance comprise or be connectable to a transceiver, e.g. according to the BT-, BLE, and/or WLAN-specification to provide wireless-based communication.
  • Each beacon device of the one or more beacon devices may for instance use such a transceiver for transmitting and/or broadcasting one or more beacon signals, e.g. comprising one or more information.
  • the one or more beacon signals may for instance comprise an identifier of the respective beacon device, e.g. a UUID, a SSID, or a MAC address to name but a few non-limiting examples, enabling a receiving device (e.g. the at least one first apparatus) to identify the respective beacon device.
  • the venue may for instance be a building, shopping mall, office complex, public accessible location (e.g. station, airport, university or the like), to name but a few non- limiting examples.
  • One of the one or more signal strength values may for instance be represented by a received signal strength value (RSS).
  • RSS received signal strength value
  • Such a received signal strength value may for instance represent the power of a received radio positioning support signal (e.g. at the at least one first apparatus), wherein such a radio positioning support signal may for instance be sent (e.g. periodically) from each beacon device of the abovementioned one or more beacon devices, e.g. of a venue.
  • An example of a received signal strength parameter is a received signal strength indicator (RSSI) or a representation of a physical receiving power level value (e.g. a Rx power level value) in dBm.
  • the one or more beacon measurements may for instance represent one or more signal strength measurement of observable signal strengths of one or more beacon signals receivable at the location of the measurement.
  • the one or more beacon measurements may for instance be transmitted together or accompanied with the identification representation of the identification of the at least one first apparatus. At least partially based on the identification representation, the at least one first apparatus may be identifiable.
  • the one or more beacon measurements may for instance be transmitted by broadcasting the one or more beacon measurements.
  • the one or more beacon measurements may for instance be broadcasted by one or more broadcasts (e.g. carried by one or more data packet, e.g. advertisement packets).
  • the transmitted one or more beacon measurements may for instance enable, e.g. together with the identification representation of the at least one first apparatus, a determining of a position of the at least one first apparatus based at least partially on the one or more one or more beacon measurements.
  • the position of the at least one first apparatus may then for instance be determined by a (further) device that obtained (e.g. received) the one or more beacon measurements (e.g. the second apparatus), or the device that obtained the one or more beacon measurements may for instance trigger the determining of the position of the at least one first apparatus, e.g. by requesting the determining of the position from a server.
  • the first method further comprises: receiving one or more allowance identification information, wherein each of the one or more allowance identification information at least partially comprises one or more identifications of one or more second apparatuses; extracting the one or more identifications of the one or more second
  • Each of the one or more identification of the one or more second apparatuses may for instance enable the at least second apparatus to be identified, wherein the one or more allowance identification information at least partially comprise such an identification.
  • the identification enabling the at least second apparatus to be identified may for instance be a MAC (Medium Access Control) address to name but one non-limiting example.
  • Each of the one or more allowance identification information may for instance be indicative of a device (e.g. one or more of the second apparatuses) that may trigger or request the one or more beacon measurements to be transmitted.
  • a device e.g. one or more of the second apparatuses
  • the at least one first apparatus may for instance store such corresponding information prior to transmitting the one or more beacon measurements.
  • the received one or more allowance identification information at least partially comprise one or more identifications of one or more second apparatuses (e.g. one or more of the second apparatuses). Those one or more identifications of the one or more second apparatuses are extracted out of the received one or more allowance identification information. Then, the extracted one or more identifications of the one or more second apparatuses may for instance be stored, e.g. in a memory. Such a memory may for instance be comprised by or being connectable to the at least one first apparatus (e.g. the tag device).
  • the first method further comprises:
  • the at least one first apparatus may for instance transmit the one or more beacon measurements based on a request. Such a request may for instance be transmitted to the at least one first apparatus from the at least one second apparatus.
  • the at least one first apparatus may for instance determine whether or not the request is fulfilled, thus the one or more beacon measurements are transmitted, or the request is rejected.
  • Such a request of the one or more requests may for instance be accompanied with an identification of the originator (e.g. the at least one second apparatus) of the request.
  • the identification of the originator may for instance be comprised by the received request, or in case such an identification is not comprised by the received request, the identification may for instance be received subsequently to receiving the request.
  • the identification may for instance be requested by the at least one first apparatus from the originator of the received request. In case the identification cannot be obtained, the received request may for instance be rejected.
  • the received request stems from a device that is allowed to obtain (e.g. receive) the one or more beacon measurements, the one or more beacon measurements are transmitted.
  • the first method further comprises:
  • the at least one first apparatus in case the unique secret matches a secret information comprised by the at least one first apparatus, the at least one first apparatus is enabled to receive the one or more allowance identification information, otherwise the one or more received allowance identification information are rejected.
  • one or more password information are received, which are indicative of a unique secret enabling the one or more identifications of the one or more second apparatuses to be acquired. Only in case the unique secret, of which the one or more password information are indicative of, matches a secret information comprised (e.g. stored) by the at least one first apparatus, one or more allowance identification information are receivable. Otherwise, in case one or more allowance identification information that are received, may for instance be rejected.
  • a determining of whether or not the unique secret, of which the one or more password information are indicative of, matches a secret information comprised (e.g. stored) by the at least one first apparatus may for instance be performed prior to receiving the one or more allowance identification information. Alternatively, such a determining may for instance be performed and/or controlled (by the at least one first apparatus) upon receiving the one or more allowance identification information.
  • the one or more identifications of the one or more second apparatuses are only extracted and stored in case the determining of whether or not the unique secret matches the secret information, e.g. stored by the at least one first apparatus, has a positive result. Otherwise, e.g. the one or more identifications of the one or more second apparatuses are not extracted and not stored. It will be
  • the password information may be comprised by the received one or more allowance identification information as well, or may be obtained (e.g. received) upon a request transmitted by the at least one first apparatus after receiving the one or more allowance
  • identification information e.g. by a request indicative of requesting the password information, wherein the request may for instance be transmitted to the originator of the one or more received allowance identification information.
  • the at least one first apparatus comprises an encryption information enabling the one or more beacon measurements to be encrypted prior to transmitting the one or more beacon measurements based at least partially on the encryption information.
  • the encryption information may for instance be indicative of an individual encryption key. Further, the encryption information may for instance be indicative of a symmetric encryption key. The encryption information may for instance be comprised (e.g.
  • the encryption information may for instance be stored in a memory comprised by the at least one first apparatus.
  • the encryption information may for instance be stored in the memory prior to performing and/or controlling the first method according to all aspects of the present invention.
  • the encryption information may for instance be stored in the memory during the manufacturing of the at least one first apparatus.
  • the encryption information may for instance be used for encrypting information, e.g. the one or more beacon measurements, transmitted by the at least one first apparatus It will be understood that the encryption information may be used for encrypting other information transmitted by the at least one first apparatus as well. Further, the encryption information may for instance be used to decrypt one or more information received by the at least one first apparatus as well. For instance, the encryption information may for instance be known by another device (e.g. the at least one second apparatus) as well, so that a bidirectional communication between those two devices (the at least one first apparatus and the at least one second apparatus) may for instance be encrypted at least partially based on the encryption information.
  • another device e.g. the at least one second apparatus
  • the encryption information is received prior to the receiving of the one or more allowance identification information.
  • the encryption information may not be stored in a memory of the at least one first apparatus during the manufacturing of the at least one first apparatus, the encryption information may at least be received prior to receiving the one or more allowance identification information. This may for instance enhance security, e.g. by preventing that one or more allowance identification information of fraudulent devices are received. For instance, in case the allowance identification information may not be encrypted, or it may not be possible to decrypt the one or more received allowance identification information, it may be likely that fraudulent one or more allowance identification information are received. In such a case, the one or more received allowance identification information may for instance be rejected. According to an exemplary embodiment of all exemplary aspects of the present invention, the received encryption information is received only in case the encryption information is transmitted by at least one second apparatus located in close proximity to the at least one first apparatus.
  • the encryption information may for instance be received via a NFC communication connection.
  • a NFC communication connection may for instance be established between the at least one first apparatus, and another device (e.g. the at least one second apparatus), wherein the other device may for instance transmit the encryption information to the at least one first apparatus.
  • the close proximity between the at least one first apparatus and the at least one second apparatus may for instance be given in case the two apparatuses are in a visual distance, or may even be closer, e.g. touch each other.
  • the one or more beacon measurements are transmitted in the form of radio signal, in particular a Bluetooth radio signal.
  • the one or more beacon measurements are transmitted (e.g.
  • advertisement packet may for instance carry the one or more beacon measurements.
  • the at least one first beacon device respectively the transmitter represented by or connectable to the at least one first apparatus may for instance be configured to broadcast the one or more beacon measurements represented by one or more advertising packets using a pre-determined or determined according to pre-defined rules format.
  • a pre-determined or determined according to pre-defined rules format may for instance be an advertisement packet, e.g. a BT- or BLE advertisement packet.
  • the BT advertisement packet may for instance be according to BT-, or BLE- specification.
  • the BT- or BLE advertisement packet may for instance be according to a BT-, or BLE-communication standard of a certain version, e.g. according to BT v4.2, or BT v5.0 to name but a few non-limiting examples.
  • the BT-, or BLE-specification or the BT-, or BLE communication standard may for instance define such a BT advertisement packet. It may for instance be defined e.g. the size of an header part and/or a payload information part of such an advertisement packet [e.g. BT-, or BLE-advertisement packet).
  • the Bluetooth wireless communication may for instance be according to a WPAN (Wireless Personal Area Network) communication enabling such a wireless communication connection in a broadcasting manner.
  • the advertisement packet may for instance be transmitted via one or more broadcasts regardless whether or not another device may receive the transmitted broadcast in formation.
  • an encryption information (e.g. encryption key) may be set for the transmission so that unauthorized user(s) cannot utilize the transmission of payload (e.g. the one or more beacon measurements) carried by one or more advertisement packets (according to the Bluetooth specification), which may comprise respectively contain one or more beacon measurements.
  • the one or more beacon measurements are broadcasted periodically.
  • the one or more beacon measurements may for instance be broadcasted repeatedly, e.g. after the lapse of a pre-defined time interval. Further, for instance in case more than one beacon measurements should be transmitted, the more than one beacon measurements may for instance be needed to be carried by more than one
  • the more than one advertisement packets may for instance be transmitted (e.g. broadcasted) again.
  • the one or more beacon measurements are carried by or are part of a data packet, in particular a Bluetooth advertisement packet.
  • the at least one second apparatus may for instance be an electronic device, e.g. a gateway device, a mobile device or a radio node.
  • the mobile device may for instance be portable (e.g. weigh less than 5, 4, 3, 2, or 1 kg).
  • the mobile device may for instance comprise or be connectable to a display, e.g. for displaying a route that is
  • the mobile device may for instance comprise or be connectable to means for outputting sound, e.g. in form of spoken commands or information.
  • the mobile device may for instance comprise or be connectable to one or more sensor for determining the devices position, such as for instance a Global Navigation Satellite System (GNSS) receiver, e.g. in the form of a Global Positioning System (GPS) receiver.
  • GNSS Global Navigation Satellite System
  • GPS Global Positioning System
  • the mobile device may for instance comprise or be
  • the mobile device may for instance comprise or be connectable a receiver and/or a transmitter (e.g. a transceiver) for receiving and/or sending information, e.g. broadcasted by a first apparatus (e.g. tag device). Based on the obtained information, the at least one position of the first apparatus (e.g. from that the one or more beacon measurements are obtained (e.g. received)) can be determined.
  • the mobile device may for instance be suitable for outdoor and for indoor navigation respectively positioning or for indoor navigation respectively positioning.
  • the at least one second apparatus may for instance be one of at least two devices taking part in a communication.
  • the other device of the at least two devices taking part in such a communication e.g. in the venue, may for instance be another entity, e.g. a radio map and positioning server.
  • the radio map and positioning server may for instance comprise or be connectable to a transceiver, e.g. according to the BT-, BLE, and/or WLAN-specification to provide wireless-based communication.
  • one or more embodiments according to the second exemplary aspect of the present invention may for instance be performed and/or controlled by at least one second apparatus and the another entity, e.g. the radio map and positioning server.
  • the radio map and positioning server may for instance determine a position of the at least one first apparatus at least partially based on the one or more beacon measurements.
  • Exemplary aspects of the first method according to the first exemplary aspect of the present invention apply to the second method according to the second exemplary aspect of the present invention as well.
  • information e.g. one or more identification information, one or more allowance identification information, one or more requests, one or more password information, encryption information
  • information may for instance be transmitted from the at least one first apparatus to the at least one second apparatus, or from the at least one second apparatus to the at least one first apparatus
  • those aspects described in conjunction with the first method according to the first exemplary aspect of the present invention apply explicitly to the second method according to the second exemplary aspect of the present invention as well.
  • the one or more identification information may for instance be received from the at least one first apparatus.
  • the identification comprised by the one or more received identification information may for instance enable the at least one second apparatus to identify the at least one first apparatus based at least partially on the identification representing the at least one first apparatus that is comprised by the one or more received identification information.
  • the identification comprised by the one or more received identification information is extracted out of the one or more received identification information. Additionally, the extracted identification may for instance be stored, e.g. in a memory comprised by or being connectable to the at least one second apparatus.
  • a binding process between the at least one first and second apparatus may for instance be enabled.
  • Such a binding process enables the at least one first and second apparatus to establish a trust so that fraudulent devices, which may for instance be not known (e.g. their respective identification may for instance be not comprised or stored in the respective memory) may not be able to communicate with the at least one first and/or second apparatus.
  • the at least one second apparatus may comprise or be connectable to a memory comprising one or more identification of one or more first apparatuses, e.g. in the form of a list.
  • the identification representation accompanying the one or more received beacon measurements is for instance comprised in such a list, the originator of the one or more beacon measurements is known.
  • the originator of the one or more beacon measurements is unknown to the at least one second apparatus, the one or more beacon measurements may not be of interest for the at least one second apparatus, and thus may for instance be rejected.
  • the second method further comprises: transmitting an allowance identification information, wherein the allowance identification information at least partially comprises at least one identification of the at least one second apparatus.
  • the at least one identification of the at least one second apparatuses may for instance enable the at least one second apparatus to be identified. For instance, the
  • identification enabling the at least one second apparatus to be identified may for instance be a MAC (Medium Access Control) address to name but one non-limiting example.
  • MAC Medium Access Control
  • the allowance identification information may for instance be transmitted to at least one first apparatus, e.g. a tag device.
  • the at least one first apparatus may as a result of receiving the allowance identification information store the identification of the at least one second apparatus.
  • the at least one first apparatus may for instance know the at least one second apparatus, and may for instance reject requests (e.g. requesting the transmitting of one or more beacon measurements) which do not stem from the at least one second apparatus.
  • the second method further comprises:
  • one or more beacon measurements may for instance be requested, e.g. from the at least one first apparatus that position is to be determined.
  • a request indicative of requesting the one or more beacon measurements to be transmitted may for instance be transmitted in case the at least one first apparatus does not transmit the one or more beacon measurements, e.g. periodically without such a request.
  • the one or more requests are accompanied by the at least one identification (e.g. MAC address) of the at least one second apparatus.
  • the at least one identification accompanying the one or more requests may for instance be the same or a different identification than the at least one identification of the at least one second apparatus that is comprised by the transmitted allowance identification information, as described in more detail above.
  • the at least one identification accompanying the one or more requests may for instance be a different identification in case the
  • identification of the at least one second apparatus may have changed (e.g. due to another configuration, to name but one non-limiting example). Both aforementioned identifications may be suitable to enable the at least one second apparatus to be identified.
  • the at least one first apparatus may for instance be enabled to determine whether or not the originator of the one or more requests, at hand the at least one second apparatus, is trustworthy (e.g.
  • the second method further comprises:
  • the at least one second apparatus may transmit one or more password information prior to transmitting the one or more allowance identification
  • the at least one first apparatus may for instance determine whether or not the originator of the one or more allowance identification information, which may be transmitted by the at least one second apparatus after the one or more password information, can be authorized.
  • the at least one first apparatus may reject one or more allowance identification information in case one or more password information received by the at least one first apparatus prior or together with the one or more allowance identification information does not match a secret information comprised (e.g. stored) by the at least one first apparatus.
  • the second method further comprises:
  • the encryption information may for instance be used by the at least one first apparatus, which may for instance obtain (e.g. receive) the transmitted encryption information, to encrypt one or more beacon measurements, which are transmitted by the at least one first apparatus (after the encryption) to the at least one second apparatus.
  • the at least one first apparatus may for instance obtain (e.g. receive) the transmitted encryption information, to encrypt one or more beacon measurements, which are transmitted by the at least one first apparatus (after the encryption) to the at least one second apparatus.
  • the encryption information may for instance be stored, e.g. in a memory comprised by or being connectable to the at least one second apparatus.
  • the at least one second apparatus may for instance use the stored encryption information to decrypt the one or more received beacon measurements.
  • the encryption information is transmitted prior to the transmitting of the one or more allowance identification information.
  • the encryption information may also be used to encrypt (the at least one second apparatus transmitting the one or more allowance identification information) respectively decrypt (the at least one first apparatus receiving the one or more allowance identification information) the one or more allowance identification information.
  • the one or more allowance identification information cannot be monitored (e.g. eavesdropped) by another device, which may in case the one or more allowance identification information are not encrypted prior to the transmission, inject its own identification to trick the at least one first apparatus into storing an identification of a device that is a fraudulent device.
  • Fig. 1 a schematic block diagram of a system according to the third exemplary aspect of the present invention
  • FIG. 2 a flowchart showing an example embodiment of a first method
  • FIG. 3 a flowchart showing an example embodiment of a second method
  • Fig. 4 a schematic block diagram of a first apparatus configured to perform the first method according to the first exemplary aspect of the present invention.
  • Fig. 5 a schematic block diagram of a second apparatus configured to perform the second method according to the second exemplary aspect of the present invention.
  • FIG. 1 is a schematic high-level block diagram of a system 100 according to an exemplary aspect of the present invention.
  • a system 100 may for instance represent a generic system architecture as used by one or more exemplary
  • System 100 comprises an optional server 110, an optional database 120, one or more mobile devices, at hand a single mobile device 130 (e.g. a smartphone, tablet, portable navigation device, IoT (Internet of Things) device to name but a few non-limiting examples), one or more beacon devices 140, e.g. radio nodes 140-1 to 140-5, one or more tag devices, at hand a single tag device 150, and an optional communication network 160.
  • a single mobile device 130 e.g. a smartphone, tablet, portable navigation device, IoT (Internet of Things) device to name but a few non-limiting examples
  • IoT Internet of Things
  • the server 110 may alternatively be embodied as a server cloud (e.g. a plurality of servers connected, e.g. via the Internet (e.g. comprised by communication network 160) and providing services at least partially jointly).
  • the server 110 which may for instance be embodied as a monitoring respectively management server for the beacon devices 140, may for instance be further configured to provide radio maps and positioning services (e.g. indoor positioning and/or floor detection services), e.g. to one or more mobile devices, e.g. mobile device 130.
  • the server 110 may be connected to the mobile device 130 e.g. via the internet or via a wirebound or wireless communication connection (e.g. according to the Wi-Fi, BT, and/or BLE
  • the database 120 may for instance be optional.
  • the database 120 may for instance be comprised by or connectable to the server 110.
  • the database 120 may for instance comprise a memory, e.g. for storing one or more radio maps, and/or one or more positions (e.g. in the form of coordinates) of the beacon devices 140 associated with one or more identifier information of the beacon devices 140.
  • a memory e.g. for storing one or more radio maps, and/or one or more positions (e.g. in the form of coordinates) of the beacon devices 140 associated with one or more identifier information of the beacon devices 140.
  • the position e.g. in the form of coordinates, e.g. in the venue
  • the respective beacon device 140 may for instance be obtainable from the database 120.
  • the server 110 may for instance be optional.
  • mobile device 130 may for instance provide functionalities and/or services with respect to provide positioning services, e.g. to determine a position of the tag device 150.
  • the tag device may for instance be configured to perform and/or control the first method according to the first exemplary aspect of the present invention.
  • the mobile device 130 may for instance be configured to perform and/or control the second method according to the second exemplary aspect of the present invention.
  • the server 110 may for instance be configured to perform and/or control to determine a position of the tag device 150 at least partially based on one or more beacon measurements provided by the tag device, and e.g. received from the mobile device 130.
  • the mobile device 130 may for instance be configured, together with the server 110, to perform and/or control the second method according to the second exemplary aspect of the present invention.
  • the tag device 150, together with the mobile device 130, or with the server 110, or with the mobile device 130 and the server 110 may for instance be configured to perform and/or control the first and the second method according to the first and second exemplary aspect of the present invention.
  • Fig. 2 shows a flowchart 200 showing an example embodiment of a first method according to the first exemplary aspect of the present invention. This flowchart 200 may for instance be performed by the tag device 150 of Fig. 1.
  • a first step 201 one or more identification information are transmitted.
  • an identification of the tag device may be performed by the receiving device, e.g. the mobile device 130 of Fig. 1.
  • the mobile device 130 may be able to determine whether or not received one or more beacon measurements were gathered (e.g. measured) by the respective tag device whose position is to be determined.
  • a second step 202 one or more beacon measurements are transmitted.
  • the one or more beacon measurements are transmitted together with an identification representation of an identification of the tag device, for enabling a determining of a position of the tag device based at least partially on the one or more beacon measurements.
  • the one or more beacon measurements are gathered (e.g. measured) based on one or more beacon signals received by the tag device.
  • the one or more beacon signals are transmitted by one or more beacon devices (e.g. beacon devices 140-1 to 140-5 of Fig. 1).
  • Fig. 3 shows a flowchart 300 showing an example embodiment of a second method according to the second exemplary aspect of the present invention. This flowchart 300 may for instance be performed by the mobile device 130 of Fig. 1.
  • a first step 301 one or more identification information comprising an identification e.g. of the tag device 150 of Fig. 1 are received. Based on the received one or more identification, the originator of the one or more identification information may be identified. In this way, e.g. a binding between a tag device (e.g. tag device 150 of Fig. 1) and the mobile device may be performed, and then optionally be checked.
  • a tag device e.g. tag device 150 of Fig. 1
  • the mobile device may be performed, and then optionally be checked.
  • the identification e.g. of the tag device 150
  • the extracted one or more identification information may for instance enable performing a determining whether or not the received one or more identification stem from a device (e.g. a tag device, for instance tag device 150 of Fig. 1) which was binded to the mobile device beforehand to receiving the one or more identification information.
  • a third step 303 one or more beacon measurements originating e.g. from the tag device 150 whose identification is extracted (sees step 302) are received.
  • the one or more beacon measurements, which are received, may for instance be the one or more beacon measurements sent by the tag device (see step 202 of Fig. 2).
  • a fourth step 304 it is determined whether or not the extracted identification (step 302) matches one or more stored identification.
  • the stored identification may for instance be e.g. of one or more, or a plurality of tag devices (e.g. such as tag device 150 of Fig. 1).
  • the stored one or more identifications may for instance be stored in the form of a list, so that the mobile device 130 of Fig. 1 can compare the extracted identification (step 302) to the ones of the list.
  • a position of the tag device can be determined (e.g. estimated).
  • the determining of the position of the tag device may for instance be performed by another device, which has received the transmitted one or more beacon measurements, e.g. the mobile device 130 of Fig. 1, or server 110 of Fig. 1, wherein prior to the determining of the position of the tag device 150 the mobile device 130 may for instance have relayed the received one or more beacon measurements to the server 110, e.g. via the communication network 160 of Fig. 1.
  • Fig. 4 is a schematic block diagram of an apparatus 400 according to an exemplary aspect of the present invention, which may for instance represent the at least one first apparatus, e.g. the tag device 150 of Fig. 1.
  • Apparatus 400 comprises a processor 410, working memory 420, program memory 430, data memory 440, and a communication interface(s) 450.
  • Apparatus 400 may for instance be configured to perform and/or control or comprise respective means (at least one of 410 to 450) for performing and/or controlling the first method according to the first exemplary aspect.
  • Apparatus 400 may as well constitute an apparatus comprising at least one processor (410) and at least one memory (420) including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus, e.g. apparatus 400 at least to perform and/or control the first method according to the first exemplary aspect of the present invention.
  • Processor 410 may for instance comprise an identification information determiner 411 as a functional and/or structural unit. Identification information determiner 411 may for instance be configured to determine (e.g. extract) one or more identification information of one or more mobile devices (e.g. mobile device 130 of Fig. 1). Processor 410 may for instance comprise an optional beacon signal measurer 412 as a functional and/or structural unit. Beacon signal measurer 412 may for instance be configured to determine (e.g. measure) one or more beacon measurements, e.g. based on one or more beacon signals transmitted (e.g. sent) by the one or more beacon devices (e.g. beacon devices 140-1 to 140-5 of Fig. 1). Processor 410 may for instance further control the memories 420 to 440, and/or the communication interface(s) 450.
  • Identification information determiner 411 may for instance be configured to determine (e.g. extract) one or more identification information of one or more mobile devices (e.g. mobile device 130 of Fig. 1).
  • Processor 410 may for
  • Processor 410 may for instance execute computer program code stored in program memory 430, which may for instance represent a computer readable storage medium comprising program code that, when executed by processor 410, causes the processor 410 to perform the first method according to the first exemplary aspect of the present invention.
  • Processor 410 may be a processor of any suitable type.
  • Processor 410 may comprise but is not limited to one or more microprocessor(s), one or more processor(s) with accompanying one or more digital signal processor(s), one or more processor(s) without accompanying digital signal processor(s), one or more special-purpose computer chips, one or more field-programmable gate array(s) (FPGA(s)), one or more controller(s), one or more application-specific integrated circuit(s) (ASIC(s)), or one or more computer(s).
  • FPGA field-programmable gate array
  • ASIC application-specific integrated circuit
  • Processor 410 may for instance be an application processor that runs an operating system.
  • Program memory 430 may also be included into processor 410. This memory may for instance be fixedly connected to processor 410, or be at least partially removable from processor 410, for instance in the form of a memory card or stick. Program memory 430 may for instance be non-volatile memory. It may for instance be a FLASH memory (or a part thereof), any of a ROM, PROM, EPROM and EEPROM memory (or a part thereof) or a hard disc (or a part thereof), to name but a few examples. Program memory 430 may also comprise an operating system for processor 410. Program memory 430 may also comprise a firmware for apparatus 400.
  • Apparatus 400 comprises a working memory 420, for instance in the form of a volatile memory. It may for instance be a Random Access Memory (RAM) or Dynamic RAM (DRAM), to give but a few non-limiting examples. It may for instance be used by processor 410 when executing an operating system and/or computer program.
  • RAM Random Access Memory
  • DRAM Dynamic RAM
  • Data memory 440 may for instance be a non-volatile memory. It may for instance be a FLASH memory (or a part thereof), any of a ROM, PROM, EPROM and EEPROM memory (or a part thereof) or a hard disc (or a part thereof), to name but a few examples.
  • Communication interface(s) 450 enable apparatus 400 to communicate with other entities, e.g. with mobile device 130 of Fig. 1.
  • the communication interface(s) 450 may for instance comprise a wireless interface, e.g. a BT-, and/or BLE radio communication interface and/or a WLAN interface).
  • Communication interface(s) may enable apparatus 400 to communicate with other entities, for instance with one or more of the beacon devices 140-1 to 140-5 of Fig. 1.
  • Fig. 5 is a schematic block diagram of an apparatus 500 according to an exemplary aspect of the present invention, which may for instance represent the at least one second apparatus, e.g. the mobile device 130 of Fig. 1.
  • Apparatus 500 comprises a processor 510, working memory 520, program memory 530, data memory 540, communication interface(s) 550, an optional user interface 560 and an optional sensor(s) 570.
  • Apparatus 500 may for instance be configured to perform and/or control or comprise respective means (at least one of 510 to 570] for performing and/or controlling the second method according to the second exemplary aspect.
  • Apparatus 500 may as well constitute an apparatus comprising at least one processor (510) and at least one memory (520) including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus, e.g. apparatus 500 at least to perform and/or control the second method according to second exemplary aspect of the present invention.
  • Processor 510 may for instance comprise an identification extractor 511 as a functional and/or structural unit.
  • Identification extractor 511 may for instance be configured to extract one or more identification information out of received one or more identification information (see step 302 of Fig. 3).
  • Processor 510 may for instance comprise an identification matching determiner 512 as a functional and/or structural unit.
  • Identification matching determiner 512 may for instance be configured to determine whether or not an extracted identification matches one or more stored identification (e.g. stored in data memory 540) (see step 304 of Fig. 3).
  • Processor 510 may for instance further control the memories 520 to 540, the communication interface(s) 550, the optional user interface 560 and the optional sensor(s) 570.
  • Processor 510 may for instance execute computer program code stored in program memory 530, which may for instance represent a computer readable storage medium comprising program code that, when executed by processor 510, causes the processor 510 to perform the second method according to the second exemplary aspect of the present invention.
  • Processor 510 may be a processor of any suitable type.
  • Processor 510 may comprise but is not limited to one or more microprocessor(s), one or more processor(s) with accompanying one or more digital signal processor(s), one or more processor(s) without accompanying digital signal processor(s), one or more special-purpose computer chips, one or more field-programmable gate array(s) (FPGA(s)), one or more controller(s), one or more application-specific integrated circuit(s) (ASIC(s)), or one or more computer(s).
  • FPGA field-programmable gate array
  • ASIC application-specific integrated circuit
  • Processor 510 may for instance be an application processor that runs an operating system.
  • Program memory 530 may also be included into processor 510. This memory may for instance be fixedly connected to processor 510, or be at least partially removable from processor 510, for instance in the form of a memory card or stick. Program memory 530 may for instance be non-volatile memory. It may for instance be a FLASH memory (or a part thereof), any of a ROM, PROM, EPROM and EEPROM memory (or a part thereof) or a hard disc (or a part thereof), to name but a few examples. Program memory 530 may also comprise an operating system for processor 510. Program memory 530 may also comprise a firmware for apparatus 500.
  • Apparatus 500 comprises a working memory 520, for instance in the form of a volatile memory. It may for instance be a Random Access Memory (RAM) or Dynamic RAM (DRAM), to give but a few non-limiting examples. It may for instance be used by processor 510 when executing an operating system and/or computer program.
  • RAM Random Access Memory
  • DRAM Dynamic RAM
  • Data memory 540 may for instance be a non-volatile memory. It may for instance be a FLASH memory (or a part thereof), any of a ROM, PROM, EPROM and EEPROM memory (or a part thereof) or a hard disc (or a part thereof), to name but a few examples.
  • Communication interface(s) 550 enable apparatus 500 to communicate with other entities, e.g. with server 110 of Fig. 1, or with the tag device 150 of Fig. 1.
  • the communication interface(s) 550 may for instance comprise a wireless interface, e.g. a cellular radio communication interface, a BT- and/or BLE and/or a WLAN interface) and/or wire-bound interface, e.g. an IP-based interface, for instance to communicate with entities via the Internet.
  • Communication interface(s) may enable apparatus 500 to communicate with other entities, for instance with server 110 of Fig. 1. Further, communication interface(s) may enable apparatus 500 to communicate with at least two different other entities, e.g. simultaneously, for instance with 110 of Fig. 1 and with tag device 150 of Fig. 1.
  • User interface 560 is optional and may comprise a display for displaying information to a user and/or an input device (e.g. a keyboard, keypad, touchpad, mouse, etc.) for receiving information from a user.
  • an input device e.g. a keyboard, keypad, touchpad, mouse, etc.
  • Sensor(s) 570 are optional and may for instance comprise a barometric sensor, e.g. to gather pressure information.
  • Some or all of the components of the apparatus 500 may for instance be connected via a bus. Some or all of the components of the apparatus 500 may for instance be combined into one or more modules.
  • a method to bind the tag to an authenticated user (or users) and set the encryption key for the transmissions so that unauthorized user(s) cannot utilize the tag advertisement transmissions containing the beacon measurements is disclosed.
  • the user can be provided with an app that shows the locations of the user’s tags.
  • the binding to the app can be done e.g. using NFC - touch the tag with the mobile device (e.g. tablet, phone) running the app and the app retrieves the tag MAC address over NFC after which the app can follow that tag.
  • the mobile device e.g. tablet, phone
  • the binding to the specific tag can be shared between the devices running the app with the same login.
  • the tag can be set to respond to Scan Response Requests only from certain devices.
  • This set of devices can be set over the NFC during the binding process.
  • the tag only responds, when a certain whitelisted device requests for Scan Response. This is because the Scan Response Request package sent by the device contains the device MAC address.
  • the Scan Response packet then contains the Bluetooth Beacon measurements.
  • a password can be set to the tag so that only authorized persons can set whitelisted device MAC addresses to the tag.
  • each tag is programmed with an individual
  • the NFC messaging also carries the encryption key. However, this happens only the first time - if a new binding attempt is made, the tag would not respond with the encryption key. This guarantees that no one else can find out the encryption key after the tag has been claimed by an owner.
  • the tag After binding, the tag starts to broadcast beacon measurements in the advertisement packages. The data payload is encrypted with key. Therefore, only the authorized users can decrypt the messages.
  • the encryption key can be shared across the devices running the locator app with the same account so that all the users can track the tag.
  • An alternative approach is that during the binding process the encryption key is set by the app provided for binding.
  • the key can be generated on the fly.
  • the key can be changed later by devices knowing the current encryption key.
  • Encrypting a message with an AES algorithm using a symmetric key does not required much computational resources and can, thus, be easily done in the tag.
  • any presented connection in the described embodiments is to be understood in a way that the involved components are operationally coupled.
  • the connections can be direct or indirect with any number or combination of intervening elements, and there may be merely a functional relationship between the components.
  • any of the methods, processes and actions described or illustrated herein may be implemented using executable instructions in a general-purpose or special- purpose processor and stored on a computer-readable storage medium (e.g., disk, memory, or the like) to be executed by such a processor.
  • a computer-readable storage medium e.g., disk, memory, or the like
  • References to a 'computer- readable storage medium' should be understood to encompass specialized circuits such as FPGAs, ASICs, signal processing devices, and other devices.
  • the expression “A and/or B” is considered to comprise any one of the following three scenarios: (i) A, (ii) B, (iii) A and B.
  • the article “a” is not to be understood as “one”, i.e. use of the expression “an element” does not preclude that also further elements are present.
  • the term “comprising” is to be understood in an open sense, i.e. in a way that an object that "comprises an element A” may also
  • the statement of a feature comprises at least one of the subsequently enumerated features is not mandatory in the way that the feature comprises all subsequently enumerated features, or at least one feature of the plurality of the subsequently enumerated features. Also, a selection of the enumerated features in any combination or a selection of only one of the enumerated features is possible. The specific combination of all subsequently enumerated features may as well be considered. Also, a plurality of only one of the enumerated features may be possible.
  • the sequence of all method steps presented above is not mandatory, also alternative sequences may be possible. Nevertheless, the specific sequence of method steps exemplarily shown in the figures shall be considered as one possible sequence of method steps for the respective embodiment described by the respective figure.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Inter alia, a method is disclosed comprising: transmitting one or more identification information, wherein each of the one or more identification information at least partially comprises an identification enabling the at least one first apparatus to be identified; and transmitting one or more beacon measurements together with an identification representation of the one or more identification information for enabling determining of a position of the at least one first apparatus based at least partially on the one or more beacon measurements. It is further disclosed an according apparatus, computer program and system.

Description

Enhancing security of tag devices
FIELD
The following disclosure relates to the field of indoor positioning systems, and more particularly relates to systems, apparatuses, and methods for enhancing security of such indoor positioning systems.
BACKGROUND
Indoor positioning requires novel systems and solutions that are specifically developed and deployed for this purpose. The "traditional" positioning technologies, which are mainly used outdoors, for instance satellite and cellular positioning technologies, cannot deliver such performance indoors that would enable seamless and equal navigation experience in both environments.
The required positioning accuracy (within 2 to 3 meters), coverage (~100 %) and floor detection are challenging to achieve with satisfactory performance levels with the systems and signals that were not designed and specified for the indoor use cases in the first place. Satellite-based radio navigation signals simply do not penetrate through the walls and roofs for the adequate signal reception and the cellular signals have too narrow bandwidth for accurate ranging by default.
Several indoor-dedicated solutions have already been developed and commercially deployed during the past years, for instance solutions based on pseudolites (Global Positioning System (GPS)-like short-range beacons), ultra-sound positioning, Bluetooth Low Energy (BLE) signals (e.g. High-Accuracy Indoor Positioning, HA1P) and Wi-Fi fingerprinting. What is typical to these solutions is that they require either deployment of totally new infrastructure (radio nodes or radio beacons, or tags to name but a few non-limiting examples) or manual exhaustive radio surveying of the buildings including all the floors, spaces and rooms. This is rather expensive and will take a considerable number of time to build the coverage to the commercially expected level, which in some cases narrowed the potential market segment only to very thin customer base, for instance for health care or dedicated enterprise solutions. Also, the diversity of these technologies makes it difficult to build a globally scalable indoor positioning solution, and the integration and testing will become complex if a large number of technologies needs to be supported in the consumer devices (e.g. smartphones).
For an indoor positioning solution to be commercially successful, that is, i) being globally scalable, ii) having low maintenance and deployment costs, and iii) offering acceptable end-user experience, the solution needs to be based on an existing infrastructure in the buildings and on existing capabilities in the consumer devices. This leads to an evident conclusion that the indoor positioning needs to be based on Wi-Fi- and/or Bluetooth (BT) -technologies that are already supported in every smartphone, tablet, laptop and even in the majority of feature phones. It is, thus, required to find a solution that uses the Wi-Fi- and BT-radio signals in such a way that makes it possible to achieve 2 to 3 meter horizontal positioning accuracy, close to 100% floor detection with the ability to quickly build the global coverage for this approach.
Further, a novel approach for radio-based indoor positioning that models for instance the Wi-Fi-radio environment (or any similar radio e.g. Bluetooth) from observed Received Signal Strength (RSS)-measurements as two-dimensional radio maps and is hereby able to capture the dynamics of the indoor radio propagation environment in a compressable and highly accurate way. This makes it possible to achieve
unprecedented horizontal positioning accuracy with the Wi-Fi signals only within the coverage of the created radio maps and also gives highly reliable floor detection.
To setup indoor positioning in a building, the radio environment in the building needs to be surveyed. This phase is called radio mapping. In the radio mapping phase samples containing geolocation (like latitude-, longitude-, altitude-; or x-, y-, z- (floor) coordinates) and radio measurements (Wi-Fi and/or Bluetooth radio node identities and signal strengths). Having these samples allows understanding how the radio signals behave in the building. This understanding is called a radio map. The radio map enables localization capability to devices. When they observe varying radio signals, the signals can be compared to the radio map resulting in the location information.
The radio samples for the radio map may be collected with special software tools or crowd-sourced from the user devices. While automated crowd-sourcing can enable indoor localization in large number of buildings, manual data collection using special software tools may be the best option, when the highest accuracy is desired.
Yet another aspect of the modern Bluetooth radio node respectively beacon systems is beacon monitoring and management.
Hubs are deployed throughout the venue so that each beacon can communicate with at least one hub. The hubs, on the other hand, are connected to a
monitoring/management server via a gateway hub respectively a gateway device, which is essentially a wired/wireless router. The hubs may be connected to the gateway hub through cable (e.g. Ethernet) or wirelessly (e.g. Wi-Fi, Cellular). The gateway hub may for instance be connected to a beacon monitoring and/or
management server.
The beacon monitoring refers to monitoring the beacon characteristics most typically via one-way communications by the hubs. The beacons may e.g. periodically broadcast their battery states, which transmissions are captured by the hubs and further routed to the monitoring/management server for analysis and visualization. The beacon management, on the other hand, refers to being able to perform two-way
communication with the hubs and beacons. With a beacon management system e.g. the beacon transmit power can be re-configured remotely or the advertisement message changed, when needed. The server managing/monitoring the hub and/or beacon constellations can be a virtual server operated in a cloud (e.g. AWS, Azure), or it can be also a physical local server constituting a self-hosted, high-security system.
SUMMARY OF SOME EXAMPLPE EMBODIMENTS OF THE INVENTION
However, tag devices transmitting information carried by advertisement packets have a drawback that those advertisement packets can be captured by anyone as the advertisement packet format needs to follow Bluetooth standard. Moreover, although the actual payload (e.g. Bluetooth beacon IDs and optionally measurements) description may not be public, it can be easily be obtained (e.g. hacked) by a third party respectively person. Thus, there is a need to enhance security of such
transmissions performed by tag devices.
It is thus, inter alia, an object of the invention to achieve a solution for enhancing security of transmission in such indoor positioning systems.
According to a first exemplary aspect of the present invention, a first method is disclosed, performed and/or controlled by at least one first apparatus, the first method comprising:
transmitting one or more identification information,
wherein each of the one or more identification information at least partially comprises an identification enabling the at least one first apparatus to be identified; and
transmitting one or more beacon measurements together with an identification representation of the one or more identification information for enabling determining of a position of the at least one first apparatus based at least partially on the one or more beacon measurements.
This method may for instance be performed and/or controlled by a low-capability device, for instance a tag device. For instance, the method may be performed and/or controlled by using at least one processor of the tag device. According to a further exemplary aspect of the invention, a computer program is disclosed, the computer program when executed by a processor causing an apparatus, for instance a tag device, to perform and/or control the actions of the first method according to the first exemplary aspect of the present invention.
The computer program may be stored on computer-readable storage medium, in particular a tangible and/or non-transitory medium. The computer readable storage medium could for example be a disk or a memory or the like. The computer program could be stored in the computer readable storage medium in the form of instructions encoding the computer-readable storage medium. The computer readable storage medium may be intended for taking part in the operation of a device, like an internal or external memory, for instance a Read-Only Memory (ROM) or hard disk of a computer, or be intended for distribution of the program, like an optical disc.
According to a further exemplary aspect of the invention, an apparatus is disclosed, configured to perform and/or control or comprising respective means for performing and/or controlling the first method according to the first exemplary aspect of the present invention.
The means of the apparatus can be implemented in hardware and/or software. They may comprise for instance at least one processor for executing computer program code for performing the required functions, at least one memory storing the program code, or both. Alternatively, they could comprise for instance circuitry that is designed to implement the required functions, for instance implemented in a chipset or a chip, like an integrated circuit. In general, the means may comprise for instance one or more processing means or processors.
According to a further exemplary aspect of the invention, a first apparatus is disclosed, comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus, for instance the apparatus, at least to perform and/or to control the first method according to the first exemplary aspect of the present invention.
The above-disclosed apparatus according to any aspect of the invention may be a module or a component for a device, for example a chip. The disclosed apparatus according to any aspect of the invention may comprise only the disclosed components, for instance means, processor, memory, or may further comprise one or more additional components.
According to a second exemplary aspect of the present invention, a second method is disclosed, performed and/or controlled by at least one second apparatus, the second method comprising:
receiving one or more identification information comprising an identification of at least one first apparatus;
extracting the identification of the at least first apparatus out of the received one or more identification information, wherein the identification enables the at least one first apparatus to be identified; and
receiving one or more beacon measurements; and
determining whether or not the extracted identification does match one or more stored identifications, wherein the one or more received beacon measurements are rejected in case the extracted identification accompanying the one or more received beacon measurements does not match at least one of the stored one or more identifications.
This method may for instance be performed and/or controlled by a gateway device, for instance a mobile device or a radio node to name but a few non-limiting examples. For instance, the method may be performed and/or controlled by using at least one processor of the gateway device.
According to a further exemplary aspect of the invention, a computer program is disclosed, the computer program when executed by a processor causing an apparatus, for instance a mobile device, or a radio node, to perform and/or control the actions of the second method according to the second exemplary aspect of the present invention.
The computer program may be stored on computer-readable storage medium, in particular a tangible and/or non-transitory medium. The computer readable storage medium could for example be a disk or a memory or the like. The computer program could be stored in the computer readable storage medium in the form of instructions encoding the computer-readable storage medium. The computer readable storage medium may be intended for taking part in the operation of a device, like an internal or external memory, for instance a Read-Only Memory [ROM) or hard disk of a computer, or be intended for distribution of the program, like an optical disc.
According to a further exemplary aspect of the invention, an apparatus is disclosed, configured to perform and/or control or comprising respective means for performing and/or controlling the second method according to the second exemplary aspect of the present invention.
The means of the apparatus can be implemented in hardware and/or software. They may comprise for instance at least one processor for executing computer program code for performing the required functions, at least one memory storing the program code, or both. Alternatively, they could comprise for instance circuitry that is designed to implement the required functions, for instance implemented in a chipset or a chip, like an integrated circuit. In general, the means may comprise for instance one or more processing means or processors.
According to a further exemplary aspect of the invention, a second apparatus is disclosed, comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus, for instance the apparatus, at least to perform and/or to control the second method according to the second exemplary aspect of the present invention. The above-disclosed apparatus according to any aspect of the invention may be a module or a component for a device, for example a chip. Alternatively, the disclosed apparatus according to any aspect of the invention may be a device, for instance a gateway device, a mobile device or a radio node. The disclosed apparatus according to any aspect of the invention may comprise only the disclosed components, for instance means, processor, memory, or may further comprise one or more additional components.
According to a third exemplary aspect of the invention, a system is disclosed, comprising:
at least one first apparatus (e.g a tag device) according to any aspect of the invention as disclosed above, and
at least one second apparatus (e.g. a gateway device, a mobile device or a radio node) according to any aspect of the invention as disclosed above.
In the following, exemplary features and exemplary embodiments of all aspects of the present invention will be described in further detail.
The at least one first apparatus may for instance be or be part of a tag device. For example, the at least one first apparatus may not comprise or may not be connected to a user interface, and/or may not comprise or may not be connectable to a display.
Such a tag device may for instance comprise or be connectable to a transmitter and/or a receiver, in particular a transceiver providing means for transmitting and for receiving, e.g. according to wireless local area networks (WLAN), to Bluetooth (BT) or to Bluetooth Low Energy (BLE) communication standard. Such a tag device may for instance broadcast standard signals in order to advertise their presence. In some cases, they may advertise in this way availability to mobile devices seeking a connection, e.g. via broadcasting signals. The signals may convey the information in the form of packets of pre-defined format. The information may for instance be the one or more beacon measurements and may include or comprise at least an
identification representation of the at least one first apparatus (e.g. tag device). The at least one first apparatus may be visible to any mobile device with suitable radio interface, regardless of whether or not they are known to the mobile device. Such a tag device may for instance be of low capability (also referred to as low-capability device), e.g. not comprising or being connectable to a user input device (e.g. keypad, touchpad, or the like to name but a few non-limiting examples), and/or a display, e.g. for displaying information, e.g. to a user.
The one or more identification information may for instance be transmitted, e.g. to the at least one second apparatus (e.g. gateway device, mobile device, or radio node). The one or more identification information may for instance be transmitted via a wire- bound communication connection, e.g. according to LAN (Local Area Network) specification to name but one non-limiting example. Alternatively, the one or more identification information may for instance be transmitted via a wireless
communication connection, e.g. according to WLAN- (Wireless Local Area Network), or a short range communication specification, e.g. according to BT (Bluetooth), BLE (Bluetooth Low Energy), and/or NFC (Near Field Communication) specification to name but a few non-limiting examples.
Each of the one or more identification information at least partially comprises an identification enabling the at least one first apparatus to be identified. For instance, the identification enabling the at least one first apparatus to be identified may for instance be a UUID (Universally Unique Identifier), a SSID (Service Set Identifier), or a MAC (Medium Access Control) address to name but a few non-limiting examples. A representation of such an identification of the at least one first apparatus may accompany (e.g. be transmitted together) with the one or more beacon
measurements.
The one or more beacon measurements may for instance be one or more signal strength values. The one or more beacon measurements may for instance be determined by measuring the one or more signal strength values based on sent beacon signals of one or more beacon devices.
Such one or more beacon devices may for instance be comprised by a venue, e.g. by an infrastructure of the venue. A respective beacon device of such one or more beacon devices may for instance be a radio node, e.g. of the venue. A respective beacon device may for instance be used for indoor positioning and/or floor detection, e.g. according to BT- (Bluetooth) and/or BLE- (Bluetooth Low Energy) specification, or may for instance be a Wi-Fi Access Point for indoor positioning and/or floor detection, e.g. according to the WLAN- (Wireless Local Area Network) specification).
Such a beacon device of the one or more beacon devices, e.g. of the venue, may for instance comprise or be connectable to a transceiver, e.g. according to the BT-, BLE, and/or WLAN-specification to provide wireless-based communication. Each beacon device of the one or more beacon devices, e.g. of the venue, may for instance use such a transceiver for transmitting and/or broadcasting one or more beacon signals, e.g. comprising one or more information. In particular, the one or more beacon signals may for instance comprise an identifier of the respective beacon device, e.g. a UUID, a SSID, or a MAC address to name but a few non-limiting examples, enabling a receiving device (e.g. the at least one first apparatus) to identify the respective beacon device.
The venue may for instance be a building, shopping mall, office complex, public accessible location (e.g. station, airport, university or the like), to name but a few non- limiting examples.
One of the one or more signal strength values may for instance be represented by a received signal strength value (RSS). Such a received signal strength value may for instance represent the power of a received radio positioning support signal (e.g. at the at least one first apparatus), wherein such a radio positioning support signal may for instance be sent (e.g. periodically) from each beacon device of the abovementioned one or more beacon devices, e.g. of a venue. An example of a received signal strength parameter is a received signal strength indicator (RSSI) or a representation of a physical receiving power level value (e.g. a Rx power level value) in dBm. The one or more beacon measurements may for instance represent one or more signal strength measurement of observable signal strengths of one or more beacon signals receivable at the location of the measurement.
After determining the one or more beacon measurements, the one or more beacon measurements may for instance be transmitted together or accompanied with the identification representation of the identification of the at least one first apparatus. At least partially based on the identification representation, the at least one first apparatus may be identifiable.
The one or more beacon measurements may for instance be transmitted by broadcasting the one or more beacon measurements. The one or more beacon measurements may for instance be broadcasted by one or more broadcasts (e.g. carried by one or more data packet, e.g. advertisement packets).
The transmitted one or more beacon measurements may for instance enable, e.g. together with the identification representation of the at least one first apparatus, a determining of a position of the at least one first apparatus based at least partially on the one or more one or more beacon measurements. The position of the at least one first apparatus may then for instance be determined by a (further) device that obtained (e.g. received) the one or more beacon measurements (e.g. the second apparatus), or the device that obtained the one or more beacon measurements may for instance trigger the determining of the position of the at least one first apparatus, e.g. by requesting the determining of the position from a server.
According to an exemplary embodiment of the first exemplary aspect of the present invention, the first method further comprises: receiving one or more allowance identification information, wherein each of the one or more allowance identification information at least partially comprises one or more identifications of one or more second apparatuses; extracting the one or more identifications of the one or more second
apparatuses out of the received one or more allowance identification information; and
storing the extracted one or more identifications of the one or more second apparatuses.
Each of the one or more identification of the one or more second apparatuses may for instance enable the at least second apparatus to be identified, wherein the one or more allowance identification information at least partially comprise such an identification. For instance, the identification enabling the at least second apparatus to be identified may for instance be a MAC (Medium Access Control) address to name but one non-limiting example.
Each of the one or more allowance identification information may for instance be indicative of a device (e.g. one or more of the second apparatuses) that may trigger or request the one or more beacon measurements to be transmitted. For the at least one first apparatus to know whether or not a device (e.g. the at least one second apparatus) is allowed to receive the one or more beacon measurements, the at least one first apparatus may for instance store such corresponding information prior to transmitting the one or more beacon measurements.
The received one or more allowance identification information at least partially comprise one or more identifications of one or more second apparatuses (e.g. one or more of the second apparatuses). Those one or more identifications of the one or more second apparatuses are extracted out of the received one or more allowance identification information. Then, the extracted one or more identifications of the one or more second apparatuses may for instance be stored, e.g. in a memory. Such a memory may for instance be comprised by or being connectable to the at least one first apparatus (e.g. the tag device).
According to an exemplary embodiment of the first exemplary aspect of the present invention, the first method further comprises:
receiving one or more requests indicative of requesting the one or more beacon measurements to be transmitted, wherein the one or more received requests are rejected in case an identification representation of the one or more of the one or more second apparatuses accompanying the one or more received requests does not match one of the stored one or more identification of the one or more second apparatuses, and wherein the one or more beacon measurements are transmitted in case the identification accompanying the one or more received requests does match one of the stored one or more identification of the one or more second apparatuses.
The at least one first apparatus may for instance transmit the one or more beacon measurements based on a request. Such a request may for instance be transmitted to the at least one first apparatus from the at least one second apparatus.
Based on the one or more allowance identification information, which may for instance be obtained (e.g. received) from the at least one first apparatus prior to receiving such a request, the at least one first apparatus may for instance determine whether or not the request is fulfilled, thus the one or more beacon measurements are transmitted, or the request is rejected.
Such a request of the one or more requests may for instance be accompanied with an identification of the originator (e.g. the at least one second apparatus) of the request. The identification of the originator may for instance be comprised by the received request, or in case such an identification is not comprised by the received request, the identification may for instance be received subsequently to receiving the request. Alternatively, in case such an identification is not comprised by the received request, the identification may for instance be requested by the at least one first apparatus from the originator of the received request. In case the identification cannot be obtained, the received request may for instance be rejected.
In this way, it may for instance be possible to perform and/or control an
authentication of the originator of such a received request. Further, only in case the received request stems from a device that is allowed to obtain (e.g. receive) the one or more beacon measurements, the one or more beacon measurements are transmitted.
According to an exemplary embodiment of the first exemplary aspect of the present invention, wherein prior to receiving the one or more allowance identification information, the first method further comprises:
receiving one or more password information indicative of a unique secret enabling the one or more identifications of the one or more second
apparatuses to be acquired;
in case the unique secret matches a secret information comprised by the at least one first apparatus, the at least one first apparatus is enabled to receive the one or more allowance identification information, otherwise the one or more received allowance identification information are rejected.
In order to prevent fraudulent usage, e.g. by one or more allowance identification information being received, which may comprise one or more identification of one or more devices that are not allowed to receive the one or more beacon measurements, one or more password information are received, which are indicative of a unique secret enabling the one or more identifications of the one or more second apparatuses to be acquired. Only in case the unique secret, of which the one or more password information are indicative of, matches a secret information comprised (e.g. stored) by the at least one first apparatus, one or more allowance identification information are receivable. Otherwise, in case one or more allowance identification information that are received, may for instance be rejected. A determining of whether or not the unique secret, of which the one or more password information are indicative of, matches a secret information comprised (e.g. stored) by the at least one first apparatus, may for instance be performed prior to receiving the one or more allowance identification information. Alternatively, such a determining may for instance be performed and/or controlled (by the at least one first apparatus) upon receiving the one or more allowance identification information.
Then, for instance the one or more identifications of the one or more second apparatuses are only extracted and stored in case the determining of whether or not the unique secret matches the secret information, e.g. stored by the at least one first apparatus, has a positive result. Otherwise, e.g. the one or more identifications of the one or more second apparatuses are not extracted and not stored. It will be
understood that for the aforementioned alternative embodiment, e.g. the password information may be comprised by the received one or more allowance identification information as well, or may be obtained (e.g. received) upon a request transmitted by the at least one first apparatus after receiving the one or more allowance
identification information, e.g. by a request indicative of requesting the password information, wherein the request may for instance be transmitted to the originator of the one or more received allowance identification information.
According to an exemplary embodiment of the first exemplary aspect of the present invention, the at least one first apparatus comprises an encryption information enabling the one or more beacon measurements to be encrypted prior to transmitting the one or more beacon measurements based at least partially on the encryption information.
The encryption information may for instance be indicative of an individual encryption key. Further, the encryption information may for instance be indicative of a symmetric encryption key. The encryption information may for instance be comprised (e.g.
stored) by the at least one first apparatus. For instance, the encryption information may for instance be stored in a memory comprised by the at least one first apparatus. The encryption information may for instance be stored in the memory prior to performing and/or controlling the first method according to all aspects of the present invention. For instance, the encryption information may for instance be stored in the memory during the manufacturing of the at least one first apparatus.
The encryption information may for instance be used for encrypting information, e.g. the one or more beacon measurements, transmitted by the at least one first apparatus It will be understood that the encryption information may be used for encrypting other information transmitted by the at least one first apparatus as well. Further, the encryption information may for instance be used to decrypt one or more information received by the at least one first apparatus as well. For instance, the encryption information may for instance be known by another device (e.g. the at least one second apparatus) as well, so that a bidirectional communication between those two devices (the at least one first apparatus and the at least one second apparatus) may for instance be encrypted at least partially based on the encryption information.
According to an exemplary embodiment of the first exemplary aspect of the present invention, the encryption information is received prior to the receiving of the one or more allowance identification information.
In case the encryption information may not be stored in a memory of the at least one first apparatus during the manufacturing of the at least one first apparatus, the encryption information may at least be received prior to receiving the one or more allowance identification information. This may for instance enhance security, e.g. by preventing that one or more allowance identification information of fraudulent devices are received. For instance, in case the allowance identification information may not be encrypted, or it may not be possible to decrypt the one or more received allowance identification information, it may be likely that fraudulent one or more allowance identification information are received. In such a case, the one or more received allowance identification information may for instance be rejected. According to an exemplary embodiment of all exemplary aspects of the present invention, the received encryption information is received only in case the encryption information is transmitted by at least one second apparatus located in close proximity to the at least one first apparatus.
The encryption information may for instance be received via a NFC communication connection. Such a NFC communication connection may for instance be established between the at least one first apparatus, and another device (e.g. the at least one second apparatus), wherein the other device may for instance transmit the encryption information to the at least one first apparatus.
The close proximity between the at least one first apparatus and the at least one second apparatus may for instance be given in case the two apparatuses are in a visual distance, or may even be closer, e.g. touch each other.
According to an exemplary embodiment of the all aspects of the present invention, the one or more beacon measurements are transmitted in the form of radio signal, in particular a Bluetooth radio signal.
For example, the one or more beacon measurements are transmitted (e.g.
broadcasted) via a Bluetooth advertisement packet, wherein the Bluetooth
advertisement packet may for instance carry the one or more beacon measurements..
The at least one first beacon device, respectively the transmitter represented by or connectable to the at least one first apparatus may for instance be configured to broadcast the one or more beacon measurements represented by one or more advertising packets using a pre-determined or determined according to pre-defined rules format. Such a pre-determined or determined according to pre-defined rules format may for instance be an advertisement packet, e.g. a BT- or BLE advertisement packet. The BT advertisement packet may for instance be according to BT-, or BLE- specification. Further, the BT- or BLE advertisement packet may for instance be according to a BT-, or BLE-communication standard of a certain version, e.g. according to BT v4.2, or BT v5.0 to name but a few non-limiting examples.
The BT-, or BLE-specification or the BT-, or BLE communication standard may for instance define such a BT advertisement packet. It may for instance be defined e.g. the size of an header part and/or a payload information part of such an advertisement packet [e.g. BT-, or BLE-advertisement packet).
The Bluetooth wireless communication may for instance be according to a WPAN (Wireless Personal Area Network) communication enabling such a wireless communication connection in a broadcasting manner. Thus, the advertisement packet may for instance be transmitted via one or more broadcasts regardless whether or not another device may receive the transmitted broadcast in formation.
In this way, a solution is provided for binding the at least one beacon device (e.g. low- capability or tag device) to an authenticated device (e.g. the at least one second apparatus) respectively its user (or a plurality of users). Further, an encryption information (e.g. encryption key) may be set for the transmission so that unauthorized user(s) cannot utilize the transmission of payload (e.g. the one or more beacon measurements) carried by one or more advertisement packets (according to the Bluetooth specification), which may comprise respectively contain one or more beacon measurements.
According to an exemplary embodiment of the all aspects of the present invention, the one or more beacon measurements are broadcasted periodically.
The one or more beacon measurements may for instance be broadcasted repeatedly, e.g. after the lapse of a pre-defined time interval. Further, for instance in case more than one beacon measurements should be transmitted, the more than one beacon measurements may for instance be needed to be carried by more than one
advertisement packet for transmitting them. After the lapse of the pre-defined time interval, the more than one advertisement packets may for instance be transmitted (e.g. broadcasted) again.
According to an exemplary embodiment of the all aspects of the present invention, the one or more beacon measurements are carried by or are part of a data packet, in particular a Bluetooth advertisement packet.
The at least one second apparatus may for instance be an electronic device, e.g. a gateway device, a mobile device or a radio node. The mobile device may for instance be portable (e.g. weigh less than 5, 4, 3, 2, or 1 kg). The mobile device may for instance comprise or be connectable to a display, e.g. for displaying a route that is
guided/navigated to a user. The mobile device may for instance comprise or be connectable to means for outputting sound, e.g. in form of spoken commands or information. The mobile device may for instance comprise or be connectable to one or more sensor for determining the devices position, such as for instance a Global Navigation Satellite System (GNSS) receiver, e.g. in the form of a Global Positioning System (GPS) receiver. The mobile device may for instance comprise or be
connectable to one or more sensors, e.g. in the form of an accelerometer and/or a gyroscope for obtaining information. The mobile device may for instance comprise or be connectable a receiver and/or a transmitter (e.g. a transceiver) for receiving and/or sending information, e.g. broadcasted by a first apparatus (e.g. tag device). Based on the obtained information, the at least one position of the first apparatus (e.g. from that the one or more beacon measurements are obtained (e.g. received)) can be determined. The mobile device may for instance be suitable for outdoor and for indoor navigation respectively positioning or for indoor navigation respectively positioning.
The at least one second apparatus may for instance be one of at least two devices taking part in a communication. The other device of the at least two devices taking part in such a communication, e.g. in the venue, may for instance be another entity, e.g. a radio map and positioning server. The radio map and positioning server may for instance comprise or be connectable to a transceiver, e.g. according to the BT-, BLE, and/or WLAN-specification to provide wireless-based communication. In the aforementioned case, one or more embodiments according to the second exemplary aspect of the present invention may for instance be performed and/or controlled by at least one second apparatus and the another entity, e.g. the radio map and positioning server. The radio map and positioning server may for instance determine a position of the at least one first apparatus at least partially based on the one or more beacon measurements.
Exemplary aspects of the first method according to the first exemplary aspect of the present invention apply to the second method according to the second exemplary aspect of the present invention as well. For instance, since information (e.g. one or more identification information, one or more allowance identification information, one or more requests, one or more password information, encryption information) may for instance be transmitted from the at least one first apparatus to the at least one second apparatus, or from the at least one second apparatus to the at least one first apparatus, those aspects described in conjunction with the first method according to the first exemplary aspect of the present invention apply explicitly to the second method according to the second exemplary aspect of the present invention as well.
The one or more identification information may for instance be received from the at least one first apparatus. The identification comprised by the one or more received identification information may for instance enable the at least one second apparatus to identify the at least one first apparatus based at least partially on the identification representing the at least one first apparatus that is comprised by the one or more received identification information. Then, the identification comprised by the one or more received identification information is extracted out of the one or more received identification information. Additionally, the extracted identification may for instance be stored, e.g. in a memory comprised by or being connectable to the at least one second apparatus.
Together with the first method according to all aspects of the present invention, in particular as disclosed above, and that is performed and/or controlled by the at least first apparatus, a binding process between the at least one first and second apparatus may for instance be enabled. Such a binding process enables the at least one first and second apparatus to establish a trust so that fraudulent devices, which may for instance be not known (e.g. their respective identification may for instance be not comprised or stored in the respective memory) may not be able to communicate with the at least one first and/or second apparatus.
Upon receiving the one or more beacon measurements, which may for instance be accompanied by an identification representation of the corresponding originator (e.g. the at least one first apparatus), it may for instance be determined at least partially based on the identification representation accompanying the one or more received beacon measurements whether or not the originator of the one or more beacon measurements is known by the at least one second device. For instance, the at least one second apparatus may comprise or be connectable to a memory comprising one or more identification of one or more first apparatuses, e.g. in the form of a list. In case the identification representation accompanying the one or more received beacon measurements is for instance comprised in such a list, the originator of the one or more beacon measurements is known. In case the originator of the one or more beacon measurements is unknown to the at least one second apparatus, the one or more beacon measurements may not be of interest for the at least one second apparatus, and thus may for instance be rejected.
According to an exemplary embodiment of the second exemplary aspect of the present invention, the second method further comprises: transmitting an allowance identification information, wherein the allowance identification information at least partially comprises at least one identification of the at least one second apparatus.
The at least one identification of the at least one second apparatuses may for instance enable the at least one second apparatus to be identified. For instance, the
identification enabling the at least one second apparatus to be identified may for instance be a MAC (Medium Access Control) address to name but one non-limiting example.
The allowance identification information may for instance be transmitted to at least one first apparatus, e.g. a tag device.
As disclosed with respect to the first method according to the first exemplary aspect of the present invention, after the allowance identification information is transmitted (by the at least one second apparatus) e.g. to the at least one first apparatus, the at least one first apparatus may as a result of receiving the allowance identification information store the identification of the at least one second apparatus. In this way, the at least one first apparatus may for instance know the at least one second apparatus, and may for instance reject requests (e.g. requesting the transmitting of one or more beacon measurements) which do not stem from the at least one second apparatus.
According to an exemplary embodiment of the second exemplary aspect of the present invention, the second method further comprises:
transmitting one or more requests indicative of requesting the one or more beacon measurements to be transmitted, wherein the one or more requests are accompanied by at least one identification of the at least one second apparatus.
In order to determine or trigger the determining of a position of the at least one first apparatus, at first, one or more beacon measurements may for instance be requested, e.g. from the at least one first apparatus that position is to be determined. Such a request indicative of requesting the one or more beacon measurements to be transmitted, may for instance be transmitted in case the at least one first apparatus does not transmit the one or more beacon measurements, e.g. periodically without such a request.
The one or more requests are accompanied by the at least one identification (e.g. MAC address) of the at least one second apparatus. The at least one identification accompanying the one or more requests may for instance be the same or a different identification than the at least one identification of the at least one second apparatus that is comprised by the transmitted allowance identification information, as described in more detail above. The at least one identification accompanying the one or more requests may for instance be a different identification in case the
identification of the at least one second apparatus may have changed (e.g. due to another configuration, to name but one non-limiting example). Both aforementioned identifications may be suitable to enable the at least one second apparatus to be identified.
At least partially based on the at least one identification of the at least one second apparatus accompanying the one or more requests, the at least one first apparatus may for instance be enabled to determine whether or not the originator of the one or more requests, at hand the at least one second apparatus, is trustworthy (e.g.
authorized) to receive the one or more beacon measurements.
According to an exemplary embodiment of the second exemplary aspect of the present invention, wherein prior to transmitting the one or more allowance identification information, the second method further comprises:
transmitting one or more password information indicative of a unique secret enabling the at least one identification of the at least one second apparatus to be authenticated. To enable the at least one first apparatus to authenticate one or more second apparatuses, the at least one second apparatus may transmit one or more password information prior to transmitting the one or more allowance identification
information.
At least partially based on the one or more password information, the at least one first apparatus may for instance determine whether or not the originator of the one or more allowance identification information, which may be transmitted by the at least one second apparatus after the one or more password information, can be authorized.
As disclosed with respect to the first method according to the first exemplary aspect of the present invention, the at least one first apparatus may reject one or more allowance identification information in case one or more password information received by the at least one first apparatus prior or together with the one or more allowance identification information does not match a secret information comprised (e.g. stored) by the at least one first apparatus.
According to an exemplary embodiment of the second exemplary aspect of the present invention, the second method further comprises:
transmitting an encryption information enabling the one or more beacon measurements to be encrypted based at least partially on the encryption information, wherein the encrypted one or more beacon measurements are received.
The encryption information may for instance be used by the at least one first apparatus, which may for instance obtain (e.g. receive) the transmitted encryption information, to encrypt one or more beacon measurements, which are transmitted by the at least one first apparatus (after the encryption) to the at least one second apparatus. In this way, even if the one or more beacon measurements are monitored by another device, which may not be authenticated to acquire those one or more beacon measurements, due to the used encryption, this other device is not able to decrypt the monitored data.
The encryption information may for instance be stored, e.g. in a memory comprised by or being connectable to the at least one second apparatus. The at least one second apparatus may for instance use the stored encryption information to decrypt the one or more received beacon measurements.
According to an exemplary embodiment of the second exemplary aspect of the present invention, the encryption information is transmitted prior to the transmitting of the one or more allowance identification information.
In this way, the encryption information may also be used to encrypt (the at least one second apparatus transmitting the one or more allowance identification information) respectively decrypt (the at least one first apparatus receiving the one or more allowance identification information) the one or more allowance identification information. Thus, the one or more allowance identification information cannot be monitored (e.g. eavesdropped) by another device, which may in case the one or more allowance identification information are not encrypted prior to the transmission, inject its own identification to trick the at least one first apparatus into storing an identification of a device that is a fraudulent device.
The features and example embodiments of the invention described above may equally pertain to the different aspects according to the present invention.
It is to be understood that the presentation of the invention in this section is merely by way of examples and non-limiting.
Other features of the invention will become apparent from the following detailed description considered in conjunction with the accompanying drawings. It is to be understood, however, that the drawings are designed solely for purposes of illustration and not as a definition of the limits of the invention, for which reference should be made to the appended claims. It should be further understood that the drawings are not drawn to scale and that they are merely intended to conceptually illustrate the structures and procedures described herein.
BRIEF DESCRIPTION OF THE FIGURES
In the figures show:
Fig. 1 a schematic block diagram of a system according to the third exemplary aspect of the present invention;
Fig. 2 a flowchart showing an example embodiment of a first method
according to the first exemplary aspect of the present invention, for instance performed by tag device 150 of Fig. 1;
Fig. 3 a flowchart showing an example embodiment of a second method
according to the second exemplary aspect of the present invention, for instance performed by mobile device 130 of Fig. 1;
Fig. 4 a schematic block diagram of a first apparatus configured to perform the first method according to the first exemplary aspect of the present invention; and
Fig. 5 a schematic block diagram of a second apparatus configured to perform the second method according to the second exemplary aspect of the present invention.
DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS OF THE INVENTION
The following description serves to deepen the understanding of the present invention and shall be understood to complement and be read together with the description as provided in the above summary section of this specification. Fig. 1 is a schematic high-level block diagram of a system 100 according to an exemplary aspect of the present invention. Such a system 100 may for instance represent a generic system architecture as used by one or more exemplary
embodiments according to all exemplary aspects of the present invention.
System 100 comprises an optional server 110, an optional database 120, one or more mobile devices, at hand a single mobile device 130 (e.g. a smartphone, tablet, portable navigation device, IoT (Internet of Things) device to name but a few non-limiting examples), one or more beacon devices 140, e.g. radio nodes 140-1 to 140-5, one or more tag devices, at hand a single tag device 150, and an optional communication network 160. One or more of the aforementioned entities of the system 100 may for instance be comprised (e.g. installed and/or located) in a venue.
The server 110 may alternatively be embodied as a server cloud (e.g. a plurality of servers connected, e.g. via the Internet (e.g. comprised by communication network 160) and providing services at least partially jointly). The server 110, which may for instance be embodied as a monitoring respectively management server for the beacon devices 140, may for instance be further configured to provide radio maps and positioning services (e.g. indoor positioning and/or floor detection services), e.g. to one or more mobile devices, e.g. mobile device 130. The server 110 may be connected to the mobile device 130 e.g. via the internet or via a wirebound or wireless communication connection (e.g. according to the Wi-Fi, BT, and/or BLE
communication standard), e.g. represented in Fig. 1 by the communication network 160.
The database 120 may for instance be optional. The database 120 may for instance be comprised by or connectable to the server 110. The database 120 may for instance comprise a memory, e.g. for storing one or more radio maps, and/or one or more positions (e.g. in the form of coordinates) of the beacon devices 140 associated with one or more identifier information of the beacon devices 140. For instance, based on an identifier information of a beacon device 140(e.g. a UUID), the position (e.g. in the form of coordinates, e.g. in the venue) of the respective beacon device 140 may for instance be obtainable from the database 120.
The server 110 may for instance be optional. In this case, mobile device 130 may for instance provide functionalities and/or services with respect to provide positioning services, e.g. to determine a position of the tag device 150.
The tag device may for instance be configured to perform and/or control the first method according to the first exemplary aspect of the present invention. Further, the mobile device 130 may for instance be configured to perform and/or control the second method according to the second exemplary aspect of the present invention. Alternatively, the server 110 may for instance be configured to perform and/or control to determine a position of the tag device 150 at least partially based on one or more beacon measurements provided by the tag device, and e.g. received from the mobile device 130. Alternatively, the mobile device 130 may for instance be configured, together with the server 110, to perform and/or control the second method according to the second exemplary aspect of the present invention. The tag device 150, together with the mobile device 130, or with the server 110, or with the mobile device 130 and the server 110 may for instance be configured to perform and/or control the first and the second method according to the first and second exemplary aspect of the present invention.
Fig. 2 shows a flowchart 200 showing an example embodiment of a first method according to the first exemplary aspect of the present invention. This flowchart 200 may for instance be performed by the tag device 150 of Fig. 1.
In a first step 201, one or more identification information are transmitted. By transmitting the one or more identification information, an identification of the tag device may be performed by the receiving device, e.g. the mobile device 130 of Fig. 1. In this way, the mobile device 130 may be able to determine whether or not received one or more beacon measurements were gathered (e.g. measured) by the respective tag device whose position is to be determined. ln a second step 202, one or more beacon measurements are transmitted. The one or more beacon measurements are transmitted together with an identification representation of an identification of the tag device, for enabling a determining of a position of the tag device based at least partially on the one or more beacon measurements. The one or more beacon measurements are gathered (e.g. measured) based on one or more beacon signals received by the tag device. The one or more beacon signals are transmitted by one or more beacon devices (e.g. beacon devices 140-1 to 140-5 of Fig. 1).
Fig. 3 shows a flowchart 300 showing an example embodiment of a second method according to the second exemplary aspect of the present invention. This flowchart 300 may for instance be performed by the mobile device 130 of Fig. 1.
In a first step 301, one or more identification information comprising an identification e.g. of the tag device 150 of Fig. 1 are received. Based on the received one or more identification, the originator of the one or more identification information may be identified. In this way, e.g. a binding between a tag device (e.g. tag device 150 of Fig. 1) and the mobile device may be performed, and then optionally be checked.
In a second step 302, the identification, e.g. of the tag device 150, is extracted out of the received one or more identification information. The extracted one or more identification information may for instance enable performing a determining whether or not the received one or more identification stem from a device (e.g. a tag device, for instance tag device 150 of Fig. 1) which was binded to the mobile device beforehand to receiving the one or more identification information.
In a third step 303, one or more beacon measurements originating e.g. from the tag device 150 whose identification is extracted (sees step 302) are received. The one or more beacon measurements, which are received, may for instance be the one or more beacon measurements sent by the tag device (see step 202 of Fig. 2).
In a fourth step 304, it is determined whether or not the extracted identification (step 302) matches one or more stored identification. The stored identification may for instance be e.g. of one or more, or a plurality of tag devices (e.g. such as tag device 150 of Fig. 1). The stored one or more identifications may for instance be stored in the form of a list, so that the mobile device 130 of Fig. 1 can compare the extracted identification (step 302) to the ones of the list.
At least partially based on the one or more beacon measurements, a position of the tag device can be determined (e.g. estimated). The determining of the position of the tag device may for instance be performed by another device, which has received the transmitted one or more beacon measurements, e.g. the mobile device 130 of Fig. 1, or server 110 of Fig. 1, wherein prior to the determining of the position of the tag device 150 the mobile device 130 may for instance have relayed the received one or more beacon measurements to the server 110, e.g. via the communication network 160 of Fig. 1.
Fig. 4 is a schematic block diagram of an apparatus 400 according to an exemplary aspect of the present invention, which may for instance represent the at least one first apparatus, e.g. the tag device 150 of Fig. 1.
Apparatus 400 comprises a processor 410, working memory 420, program memory 430, data memory 440, and a communication interface(s) 450.
Apparatus 400 may for instance be configured to perform and/or control or comprise respective means (at least one of 410 to 450) for performing and/or controlling the first method according to the first exemplary aspect. Apparatus 400 may as well constitute an apparatus comprising at least one processor (410) and at least one memory (420) including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus, e.g. apparatus 400 at least to perform and/or control the first method according to the first exemplary aspect of the present invention.
Processor 410 may for instance comprise an identification information determiner 411 as a functional and/or structural unit. Identification information determiner 411 may for instance be configured to determine (e.g. extract) one or more identification information of one or more mobile devices (e.g. mobile device 130 of Fig. 1). Processor 410 may for instance comprise an optional beacon signal measurer 412 as a functional and/or structural unit. Beacon signal measurer 412 may for instance be configured to determine (e.g. measure) one or more beacon measurements, e.g. based on one or more beacon signals transmitted (e.g. sent) by the one or more beacon devices (e.g. beacon devices 140-1 to 140-5 of Fig. 1). Processor 410 may for instance further control the memories 420 to 440, and/or the communication interface(s) 450.
Processor 410 may for instance execute computer program code stored in program memory 430, which may for instance represent a computer readable storage medium comprising program code that, when executed by processor 410, causes the processor 410 to perform the first method according to the first exemplary aspect of the present invention.
Processor 410 (and also any other processor mentioned in this specification) may be a processor of any suitable type. Processor 410 may comprise but is not limited to one or more microprocessor(s), one or more processor(s) with accompanying one or more digital signal processor(s), one or more processor(s) without accompanying digital signal processor(s), one or more special-purpose computer chips, one or more field-programmable gate array(s) (FPGA(s)), one or more controller(s), one or more application-specific integrated circuit(s) (ASIC(s)), or one or more computer(s). The relevant structure/hardware has been programmed in such a way to carry out the described function. Processor 410 may for instance be an application processor that runs an operating system. Program memory 430 may also be included into processor 410. This memory may for instance be fixedly connected to processor 410, or be at least partially removable from processor 410, for instance in the form of a memory card or stick. Program memory 430 may for instance be non-volatile memory. It may for instance be a FLASH memory (or a part thereof), any of a ROM, PROM, EPROM and EEPROM memory (or a part thereof) or a hard disc (or a part thereof), to name but a few examples. Program memory 430 may also comprise an operating system for processor 410. Program memory 430 may also comprise a firmware for apparatus 400.
Apparatus 400 comprises a working memory 420, for instance in the form of a volatile memory. It may for instance be a Random Access Memory (RAM) or Dynamic RAM (DRAM), to give but a few non-limiting examples. It may for instance be used by processor 410 when executing an operating system and/or computer program.
Data memory 440 may for instance be a non-volatile memory. It may for instance be a FLASH memory (or a part thereof), any of a ROM, PROM, EPROM and EEPROM memory (or a part thereof) or a hard disc (or a part thereof), to name but a few examples.
Communication interface(s) 450 enable apparatus 400 to communicate with other entities, e.g. with mobile device 130 of Fig. 1. The communication interface(s) 450 may for instance comprise a wireless interface, e.g. a BT-, and/or BLE radio communication interface and/or a WLAN interface). Communication interface(s) may enable apparatus 400 to communicate with other entities, for instance with one or more of the beacon devices 140-1 to 140-5 of Fig. 1.
Some or all of the components of the apparatus 400 may for instance be connected via a bus. Some or all of the components of the apparatus 400 may for instance be combined into one or more modules. Fig. 5 is a schematic block diagram of an apparatus 500 according to an exemplary aspect of the present invention, which may for instance represent the at least one second apparatus, e.g. the mobile device 130 of Fig. 1.
Apparatus 500 comprises a processor 510, working memory 520, program memory 530, data memory 540, communication interface(s) 550, an optional user interface 560 and an optional sensor(s) 570.
Apparatus 500 may for instance be configured to perform and/or control or comprise respective means (at least one of 510 to 570] for performing and/or controlling the second method according to the second exemplary aspect. Apparatus 500 may as well constitute an apparatus comprising at least one processor (510) and at least one memory (520) including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus, e.g. apparatus 500 at least to perform and/or control the second method according to second exemplary aspect of the present invention.
Processor 510 may for instance comprise an identification extractor 511 as a functional and/or structural unit. Identification extractor 511 may for instance be configured to extract one or more identification information out of received one or more identification information (see step 302 of Fig. 3). Processor 510 may for instance comprise an identification matching determiner 512 as a functional and/or structural unit. Identification matching determiner 512 may for instance be configured to determine whether or not an extracted identification matches one or more stored identification (e.g. stored in data memory 540) (see step 304 of Fig. 3). Processor 510 may for instance further control the memories 520 to 540, the communication interface(s) 550, the optional user interface 560 and the optional sensor(s) 570.
Processor 510 may for instance execute computer program code stored in program memory 530, which may for instance represent a computer readable storage medium comprising program code that, when executed by processor 510, causes the processor 510 to perform the second method according to the second exemplary aspect of the present invention.
Processor 510 (and also any other processor mentioned in this specification) may be a processor of any suitable type. Processor 510 may comprise but is not limited to one or more microprocessor(s), one or more processor(s) with accompanying one or more digital signal processor(s), one or more processor(s) without accompanying digital signal processor(s), one or more special-purpose computer chips, one or more field-programmable gate array(s) (FPGA(s)), one or more controller(s), one or more application-specific integrated circuit(s) (ASIC(s)), or one or more computer(s). The relevant structure/hardware has been programmed in such a way to carry out the described function. Processor 510 may for instance be an application processor that runs an operating system.
Program memory 530 may also be included into processor 510. This memory may for instance be fixedly connected to processor 510, or be at least partially removable from processor 510, for instance in the form of a memory card or stick. Program memory 530 may for instance be non-volatile memory. It may for instance be a FLASH memory (or a part thereof), any of a ROM, PROM, EPROM and EEPROM memory (or a part thereof) or a hard disc (or a part thereof), to name but a few examples. Program memory 530 may also comprise an operating system for processor 510. Program memory 530 may also comprise a firmware for apparatus 500.
Apparatus 500 comprises a working memory 520, for instance in the form of a volatile memory. It may for instance be a Random Access Memory (RAM) or Dynamic RAM (DRAM), to give but a few non-limiting examples. It may for instance be used by processor 510 when executing an operating system and/or computer program.
Data memory 540 may for instance be a non-volatile memory. It may for instance be a FLASH memory (or a part thereof), any of a ROM, PROM, EPROM and EEPROM memory (or a part thereof) or a hard disc (or a part thereof), to name but a few examples.
Communication interface(s) 550 enable apparatus 500 to communicate with other entities, e.g. with server 110 of Fig. 1, or with the tag device 150 of Fig. 1. The communication interface(s) 550 may for instance comprise a wireless interface, e.g. a cellular radio communication interface, a BT- and/or BLE and/or a WLAN interface) and/or wire-bound interface, e.g. an IP-based interface, for instance to communicate with entities via the Internet. Communication interface(s) may enable apparatus 500 to communicate with other entities, for instance with server 110 of Fig. 1. Further, communication interface(s) may enable apparatus 500 to communicate with at least two different other entities, e.g. simultaneously, for instance with 110 of Fig. 1 and with tag device 150 of Fig. 1.
User interface 560 is optional and may comprise a display for displaying information to a user and/or an input device (e.g. a keyboard, keypad, touchpad, mouse, etc.) for receiving information from a user.
Sensor(s) 570 are optional and may for instance comprise a barometric sensor, e.g. to gather pressure information.
Some or all of the components of the apparatus 500 may for instance be connected via a bus. Some or all of the components of the apparatus 500 may for instance be combined into one or more modules.
The following embodiments shall also be considered to be disclosed:
A method to bind the tag to an authenticated user (or users) and set the encryption key for the transmissions so that unauthorized user(s) cannot utilize the tag advertisement transmissions containing the beacon measurements is disclosed. A:
As the first step, the user can be provided with an app that shows the locations of the user’s tags. The binding to the app can be done e.g. using NFC - touch the tag with the mobile device (e.g. tablet, phone) running the app and the app retrieves the tag MAC address over NFC after which the app can follow that tag.
Note that if the app has some type of login/account, the binding to the specific tag can be shared between the devices running the app with the same login.
However, this does provide the means of discriminating between transmissions from multiple tags.
B:
By the same approach as above (NFC-based binding with tag), the tag can be set to respond to Scan Response Requests only from certain devices. This set of devices (their MAC addresses) can be set over the NFC during the binding process. After this, the tag only responds, when a certain whitelisted device requests for Scan Response. This is because the Scan Response Request package sent by the device contains the device MAC address. When the tag responds, the Scan Response packet then contains the Bluetooth Beacon measurements.
By the same token, also a password can be set to the tag so that only authorized persons can set whitelisted device MAC addresses to the tag.
When higher security is required, the following can be considered:
1) When tags are manufactured, each tag is programmed with an individual
symmetric encryption key. When doing the binding as described above, the NFC messaging also carries the encryption key. However, this happens only the first time - if a new binding attempt is made, the tag would not respond with the encryption key. This guarantees that no one else can find out the encryption key after the tag has been claimed by an owner. After binding, the tag starts to broadcast beacon measurements in the advertisement packages. The data payload is encrypted with key. Therefore, only the authorized users can decrypt the messages. Again, the encryption key can be shared across the devices running the locator app with the same account so that all the users can track the tag.
2] An alternative approach is that during the binding process the encryption key is set by the app provided for binding. The key can be generated on the fly. Moreover, the key can be changed later by devices knowing the current encryption key.
Encrypting a message with an AES algorithm using a symmetric key does not required much computational resources and can, thus, be easily done in the tag.
Thus, simple binding of the tag and the device/account with security.
In the present specification, any presented connection in the described embodiments is to be understood in a way that the involved components are operationally coupled. Thus, the connections can be direct or indirect with any number or combination of intervening elements, and there may be merely a functional relationship between the components.
Moreover, any of the methods, processes and actions described or illustrated herein may be implemented using executable instructions in a general-purpose or special- purpose processor and stored on a computer-readable storage medium (e.g., disk, memory, or the like) to be executed by such a processor. References to a 'computer- readable storage medium' should be understood to encompass specialized circuits such as FPGAs, ASICs, signal processing devices, and other devices. The expression "A and/or B" is considered to comprise any one of the following three scenarios: (i) A, (ii) B, (iii) A and B. Furthermore, the article "a” is not to be understood as "one”, i.e. use of the expression "an element” does not preclude that also further elements are present. The term "comprising" is to be understood in an open sense, i.e. in a way that an object that "comprises an element A” may also comprise further elements in addition to element A.
It will be understood that all presented embodiments are only exemplary, and that any feature presented for a particular example embodiment may be used with any aspect of the invention on its own or in combination with any feature presented for the same or another particular example embodiment and/or in combination with any other feature not mentioned. In particular, the example embodiments presented in this specification shall also be understood to be disclosed in all possible combinations with each other, as far as it is technically reasonable and the example embodiments are not alternatives with respect to each other. It will further be understood that any feature presented for an example embodiment in a particular category
(method/apparatus/computer program/system) may also be used in a corresponding manner in an example embodiment of any other category. It should also be
understood that presence of a feature in the presented example embodiments shall not necessarily mean that this feature forms an essential feature of the invention and cannot be omitted or substituted.
The statement of a feature comprises at least one of the subsequently enumerated features is not mandatory in the way that the feature comprises all subsequently enumerated features, or at least one feature of the plurality of the subsequently enumerated features. Also, a selection of the enumerated features in any combination or a selection of only one of the enumerated features is possible. The specific combination of all subsequently enumerated features may as well be considered. Also, a plurality of only one of the enumerated features may be possible. The sequence of all method steps presented above is not mandatory, also alternative sequences may be possible. Nevertheless, the specific sequence of method steps exemplarily shown in the figures shall be considered as one possible sequence of method steps for the respective embodiment described by the respective figure.
The invention has been described above by means of example embodiments. It should be noted that there are alternative ways and variations which are obvious to a skilled person in the art and can be implemented without deviating from the scope of the appended claims.

Claims

C l a i m s
1. A first method, performed by at least one first apparatus, comprising:
transmitting one or more identification information,
wherein each of the one or more identification information at least partially 5 comprises an identification enabling the at least one first apparatus to be
identified; and
transmitting one or more beacon measurements together with an identification representation of the one or more identification information for enabling
I determining of a position of the at least one first apparatus based at least
L0 partially on the one or more beacon measurements.
2. The first method according to claim 1, further comprising:
receiving one or more allowance identification information, wherein each of the I one or more allowance identification information at least partially comprises one
L5 or more identifications of one or more second apparatuses;
extracting the one or more identifications of the one or more second apparatuses out of the received one or more allowance identification information; and storing the extracted one or more identifications of the one or more second : apparatuses.
!O
3. The first method according to claim 2, further comprising:
receiving one or more requests indicative of requesting the one or more beacon measurements to be transmitted, wherein the one or more received requests are : rejected in case an identification representation of the one or more of the one or
!5 more second apparatuses accompanying the one or more received requests does not match one of the stored one or more identification of the one or more second apparatuses, and wherein the one or more beacon measurements are transmitted in case the identification accompanying the one or more received requests does match one of the stored one or more identification of the one or more second apparatuses.
4. The first method according to claim 2 or claim 3, wherein prior to receiving the one or more allowance identification information, the first method further comprises:
receiving one or more password information indicative of a unique secret enabling the one or more identifications of the one or more second apparatuses to be acquired;
in case the unique secret matches a secret information comprised by the at least one first apparatus, the at least one first apparatus is enabled to receive the one or more allowance identification information, otherwise the one or more received allowance identification information are rejected.
5. The first method according to any of the preceding claims, wherein the at least one first apparatus comprises an encryption information enabling the one or more beacon measurements to be encrypted prior to transmitting the one or more beacon measurements based at least partially on the encryption information.
6. The first method according to claim 5, wherein the encryption information is received prior to the receiving of the one or more allowance identification information.
7. The first method according to claim 6, wherein the received encryption
information is received only in case the encryption information is transmitted by at least one second apparatus located in close proximity to the at least one first apparatus.
8. The first method according to any of the preceding claims, wherein the one or more beacon measurements are transmitted in the form of radio signal.
9. The first method according to any of the preceding claims, wherein the one or
5 more beacon measurements are broadcasted periodically.
10. The first method according to any of the preceding claims, wherein the one or more beacon measurements are carried by or are part of a data packet.
L0
11. A second method, performed by at least one second apparatus, comprising:
receiving one or more identification information comprising an identification of at least one first apparatus;
extracting the identification of the at least first apparatus out of the received one or more identification information, wherein the identification enables the at least
L5 one first apparatus to be identified;
receiving one or more beacon measurements; and
determining whether or not the extracted identification does match one or more stored identifications, wherein the one or more received beacon measurements are rejected in case the extracted identification accompanying the one or more
10 received beacon measurements does not match at least one of the stored one or more identifications.
12. The second method according to claim 11, further comprising:
transmitting an allowance identification information, wherein the allowance
IS identification information at least partially comprises at least one identification of the at least one second apparatus.
13. The second method according to claim 11 or claim 12, further comprising:
transmitting one or more requests indicative of requesting the one or more
10 beacon measurements to be transmitted, wherein the one or more requests are accompanied by at least one identification of the at least one second apparatus.
14. The second method according to claim 12 or claim 13, wherein prior to transmitting the one or more allowance identification information, the second method further comprises:
transmitting one or more password information indicative of a unique secret enabling the at least one identification of the at least one second apparatus to be authenticated.
15. The second method according to any of the claims 11 to 14, further comprising: transmitting an encryption information enabling the one or more beacon measurements to be encrypted based at least partially on the encryption information, wherein the encrypted one or more beacon measurements are received.
16. The second method according to claim 14 or claim 15, wherein the encryption information is transmitted prior to the transmitting of the one or more allowance identification information.
17. The second method according to claim 16, wherein the encryption information is transmitted only in case the encryption information is transmitted to at least one first apparatus located in close proximity to the at least one second apparatus.
18. The second method according to any of the claims 11 to 17, wherein the one or more beacon measurements are received in the form of radio signal.
19. The second method according to any of the claims 11 to 18, wherein the one or more beacon measurements are received via one or more broadcasts, wherein the one or more broadcasts are periodically receivable.
20. The second method according to any of the claims 11 to 19, wherein the one or more beacon measurements are carried by or are part of a data packet.
21. A first apparatus comprising at least one processor and at least one memory
including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the first
5 apparatus to at least perform the steps of the method of any of the claims 1 to 10.
22. A second apparatus comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the second
L0 apparatus to at least perform the steps of the method of any of the claims 11 to
20.
23. A first apparatus configured to perform and/or control or comprising respective means for performing and/or controlling the method of any of the claims 1 to 10.
L5
24. A second apparatus configured to perform and/or control or comprising
respective means for performing and/or controlling the method of any of the claims 11 to 20.
JO 25. A system, comprising:
at least one first apparatus according to claim 21 or 23; and
at least one second apparatus according to claim 22 or 24.
26. A first computer program, the computer program when executed by a processor
15 causing an apparatus to perform and/or control the actions of the first method according to any of the claims 1 to 10.
27. A second computer program, the computer program when executed by a
processor causing an apparatus to perform and/or control the actions of the
50 second method according to any of the claims 11 to 20.
28. A first tangible computer-readable medium storing computer program code, the computer program code when executed by a processor causing an apparatus to perform and/or control the actions of the first method according to any of the claims 1 to 10.
29. A second tangible computer-readable medium storing computer program code, the computer program code when executed by a processor causing an apparatus to perform and/or control the actions of the second method according to any of the claims 11 to 20.
PCT/EP2017/081871 2017-12-07 2017-12-07 Enhancing security of tag devices WO2019110111A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/EP2017/081871 WO2019110111A1 (en) 2017-12-07 2017-12-07 Enhancing security of tag devices
EP17809319.1A EP3721251A1 (en) 2017-12-07 2017-12-07 Enhancing security of tag devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2017/081871 WO2019110111A1 (en) 2017-12-07 2017-12-07 Enhancing security of tag devices

Publications (1)

Publication Number Publication Date
WO2019110111A1 true WO2019110111A1 (en) 2019-06-13

Family

ID=60582612

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2017/081871 WO2019110111A1 (en) 2017-12-07 2017-12-07 Enhancing security of tag devices

Country Status (2)

Country Link
EP (1) EP3721251A1 (en)
WO (1) WO2019110111A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116528359B (en) * 2023-06-30 2023-09-29 广东省新一代通信与网络创新研究院 Indoor positioning method, system and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013033464A2 (en) * 2011-08-30 2013-03-07 Qualcomm Incorporated Generic broadcast of location assistance data
WO2014189841A1 (en) * 2013-05-22 2014-11-27 Qualcomm Incorporated Methods and apparatuses for protecting positioning related information
WO2017051062A1 (en) * 2015-09-23 2017-03-30 Nokia Technologies Oy Positioning method
US20170103410A1 (en) * 2006-09-05 2017-04-13 Nexrf, Corp. Network based indoor positioning and geofencing system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170103410A1 (en) * 2006-09-05 2017-04-13 Nexrf, Corp. Network based indoor positioning and geofencing system and method
WO2013033464A2 (en) * 2011-08-30 2013-03-07 Qualcomm Incorporated Generic broadcast of location assistance data
WO2014189841A1 (en) * 2013-05-22 2014-11-27 Qualcomm Incorporated Methods and apparatuses for protecting positioning related information
WO2017051062A1 (en) * 2015-09-23 2017-03-30 Nokia Technologies Oy Positioning method

Also Published As

Publication number Publication date
EP3721251A1 (en) 2020-10-14

Similar Documents

Publication Publication Date Title
US8750267B2 (en) Detection of falsified wireless access points
US11221389B2 (en) Statistical analysis of mismatches for spoofing detection
US11765580B2 (en) Enabling flexible provision of signature data of position data representing an estimated position
US10341853B2 (en) Methods and systems for enabling control of privacy for crowdsourcing
US9503856B2 (en) Method for determining wireless device location based on proximate sensor devices
US11115814B2 (en) Use of encryption to provide positioning support services
US11226391B2 (en) Floor levels of a venue
US11153842B2 (en) Determining radio node identifiers
US11531081B2 (en) Assisted positioning for indoor positioning services
WO2019110111A1 (en) Enhancing security of tag devices
EP3754358A1 (en) Generating a radio map for indoor positioning
EP3699644A1 (en) Usage of dynamically changing radio environments and radio maps to estimate user location
US11415659B2 (en) Privacy sensitive positioning
US11388572B2 (en) Configuration of a communication connection
EP3721249A1 (en) Positioning of low-capability devices in indoor positioning systems
WO2019101344A1 (en) Services using radio node identifiers

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17809319

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2017809319

Country of ref document: EP

Effective date: 20200707