BlackBerry patent would use E911 tech for secure e-commerce

Posted Aug 31st 2006 5:08PM by Russell Shaw
Filed under: RIM, Security, Patents


A newly published BlackBerry patent application describes a system for authenticating e-commerce transactions over BlackBerry by means of using E911-like presence detection technology to ascertain the precise geographical location of the purchaser.

The description for how this would work is contained in U.S. Patent Application 20060194592, "Method and system for enhanced security using location-based wireless authentication."

"In many transactions, it would be helpful if the location of the device was verified to ensure that the transaction was occurring at a logical place," the Patent app states. "For example, if a user is using a mobile device to perform a transaction at a physical store, location metrics that indicate that the device is actually physically located in a different city, part of the country, or part of the world than the store would provide an indicator that the transaction should not proceed."

Maybe you are thinking, "ah, yes, GPS can do that."

But oh, no, better not go there. I will excerpt from the app why this isn't a good idea, and what is being proposed instead.

"Various methods to providing geographic locations have been proposed. These include a paper entitled "Location-based Authentication: Grounding Cyberspace for Better Security", Dorothy E. Denning and Peter F. McDorran, Computer Fraud and Security, 1996, Elsevier Science Ltd., which proposes to use global positioning system signals from a network of satellites in order to provide the physical location of a mobile device," the literature says. The problem with this and other similar solutions is that the location information is conveyed from the mobile device.

"This creates various issues. As described in the above-mentioned reference, the device is required to contain global positioning system receivers that are specially built in order to avoid spoofing. This is a costly technical solution that would require the modification of commercial mobile devices, such as cellular telephones, mobile data devices, or other current wireless devices. Without the use of special GPS-based receivers, the author admits that commercial GPS receivers are readily spoofed. Thus the above uses either expensive modifications or adds little security."

RIM has a better idea. Use E911-type location awareness tech.

"The present system and method provide enhanced security by adding geographic data to a transaction request," the patent app states. "The system and method use a carrier rather than a mobile device to add geographic information to a transaction. The geographic information is available for wireless communications based on the enhanced 911 (E911) system for mobile devices that is now required by the U.S. Federal Communications Commission (US FCC).

"The same technology can be used to validate transactions," RIM declares.

So why is this safer?

"The present system and method provide enhanced security since the geographic information is added by the carrier, and is therefore impossible to spoof from the mobile device. Further, since the technology is commercially available and is required in wireless devices, no additional hardware is required in the mobile devices. "

Now, what's involved? Essentially what I am showing you in Figure 1 is described this way:

"The present application therefore provides a system for enhanced security using location-based wireless authentication comprising: a mobile device, the mobile device having a unique identifier associated therewith and capable of sending a message with the unique identifier appended thereto; a base station, the base station capable of receiving the message from the mobile device and having: a location detection system to locate the mobile device, the base station forwarding the message through a data network; and means to append a location identifier to said message; and a recipient, the recipient receiving the message through the data network and having means to authenticate the message, the means to authenticate the message including a checking means to check whether the location identifier corresponds with an expected location for the mobile device. "

The message path informed by this method is also a security-enhancer.

"The present application further provides a method for enhancing security using location-based wireless authentication for a mobile device comprising the steps of: sending from the mobile device to a base station a message, the message having a unique identifier associated with the mobile device; appending, at the base station, a location identifier to said message; sending the message to a recipient; and authenticating the message at the recipient, said authenticating step confirming that the location identifier appended at the base station corresponds with an expected location for the message."

In diagram form the process looks like this:


General
Blackberry Multimedia (102)
Patents (38)
Rumors (116)
BlackBerry Internet Service (11)
Ask BBHUB (8)
BlackBerry OS 4.x (103)
BlackBerry Enterprise Server (327)
Competitors (280)
Fun (720)
Gear (191)
Health (94)
RIM (1198)
Promotions (172)
Security (201)
Software (1150)
Support (390)
Stories (768)
Tips (470)
Developers (13)
Providers
Bell Canada (5)
Cingular-AT&T (313)
International (213)
Miscellaneous (30)
Nextel (95)
Rogers Communications (58)
Sprint (60)
SprintNextel (61)
T-Mobile (211)
Verizon (98)
Vodafone (43)
Models
8703 (23)
8705 (3)
8707 (3)
8800 (28)
Pearl 8100 (314)
7100i (25)
7130e (71)
8700 (264)
7100 (55)
7100t (94)
7100g (95)
7100r (41)
7100x (29)
7100v (49)
7700 (10)
7730 (26)
7750 (27)
7780 (17)
7500 (11)
7510 (22)
7520 (86)
7200 (15)
7230 (42)
7250 (71)
7270 (22)
7280 (27)
7290 (119)
6700 (5)
6710 (7)
6720 (6)
6750 (9)
6200 (6)
6220 (6)
6230 (7)
6280 (6)
5800 (5)
5820 (5)
RIM Partners
3COM (3)
Nortel (4)
Siemens (4)
Sony Ericsson (9)
Features
Interviews (5)
Hardware Hacks (4)

RESOURCES

RSS NEWSFEEDS

Powered by Blogsmith