Beacon spoofing prevention
First Claim
Patent Images
1. A method comprising:
- at a server configured to communicate with a mobile device over a network;
receiving, from the mobile device, information derived by the mobile device from a proximity beacon signal transmitted to the mobile device by a beacon device, the information including;
a unique identifier representing a serial number of the beacon device;
non-unique identifiers including a major code indicative of a first location area and a minor code indicative of a second location area that is a subset of the first location area; and
a beacon authentication value that increments from an initial seed value based on time according to a security algorithm;
incrementing a local verification value from the initial seed value based on a clock according to the security algorithm;
performing a comparison of the beacon authentication value to a past incremented local verification value, instead of a current incremented local verification value, to account for time delays caused by transmission of the proximity beacon signal to the beacon device and transmission of the information from the mobile device to the server;
if the comparison indicates a match, providing access to a location service based on at least one of the unique identifier and the non-unique identifiers, and providing the location service to the mobile device based on the comparison; and
if the comparison does not indicate a match, removing the unique identifier received so that no location service is applied in the future for the beacon device.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a beacon signal is received from a beacon device. Either a mobile device or a server identifies a beacon authentication value from the beacon signal. Either the mobile device or the server calculates a local verification value from a security algorithm. A comparison of the authentication value to the local verification value is performed, and a location service is provided based on the comparison.
23 Citations
18 Claims
-
1. A method comprising:
-
at a server configured to communicate with a mobile device over a network; receiving, from the mobile device, information derived by the mobile device from a proximity beacon signal transmitted to the mobile device by a beacon device, the information including;
a unique identifier representing a serial number of the beacon device;
non-unique identifiers including a major code indicative of a first location area and a minor code indicative of a second location area that is a subset of the first location area; and
a beacon authentication value that increments from an initial seed value based on time according to a security algorithm;incrementing a local verification value from the initial seed value based on a clock according to the security algorithm; performing a comparison of the beacon authentication value to a past incremented local verification value, instead of a current incremented local verification value, to account for time delays caused by transmission of the proximity beacon signal to the beacon device and transmission of the information from the mobile device to the server; if the comparison indicates a match, providing access to a location service based on at least one of the unique identifier and the non-unique identifiers, and providing the location service to the mobile device based on the comparison; and if the comparison does not indicate a match, removing the unique identifier received so that no location service is applied in the future for the beacon device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus comprising:
-
a processor; and a memory comprising one or more instructions executable by the processor to perform; receiving, from a mobile device, information derived by the mobile device from a proximity beacon signal transmitted to the mobile device by a beacon device, the information including;
a unique identifier representing a serial number of the beacon device;
a major code indicative of a first location area, and a minor code indicative of a second location area that is a subset of the first location area; and
a beacon authentication value that increments from an initial seed value based on time according to a security algorithm;incrementing a local verification value from the initial seed value based on a clock according to the security algorithm; performing a comparison of the beacon authentication value to a past incremented local verification value, instead of a current incremented local verification value, to account for time delays caused by transmission of the proximity beacon signal to the beacon device and transmission of the information from the mobile device to the server; if the comparison indicates a match, providing access to a location service based on at least one of the unique identifier and the non-unique identifiers, and providing the location service to the mobile device based on the comparison; and if the comparison does not indicate a match, removing the unique identifier received so that no location service is applied in the future for the beacon device. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable medium including instructions that when executed are configured to cause a processor of a server to communicate with a mobile device over a network to perform:
-
receiving, from the mobile device, information derived by the mobile device from a proximity beacon signal transmitted to the mobile device by a beacon device, the information including;
a unique identifier representing a serial number of the beacon device;
a major code indicative of a first location area, and a minor code indicative of a second location area that is a subset of the first location area; and
a beacon authentication value that increments from an initial seed value based on time according to a security algorithm;incrementing a local verification value from the initial seed value based on a clock according to the security algorithm; performing a comparison of the beacon authentication value to a past incremented local verification value, instead of a current incremented local verification value, to account for time delays caused by transmission of the proximity beacon signal to the beacon device and transmission of the information from the mobile device to the server; if the comparison indicates a match, providing access to a location service based on at least one of the unique identifier and the non-unique identifiers, and providing the location service to the mobile device based on the comparison; and if the comparison does not indicate a match, removing the unique identifier received so that no location service is applied in the future for the beacon device. - View Dependent Claims (18)
-
Specification