Abstract
Mobile devices are increasingly used in security-sensitive contexts such as physical access control and authorization of payment transactions. In this paper we contribute a mechanism to verify whether a mobile device currently resides within a geographical area at a given time, thus enabling the use of the location as an additional authentication factor. Trustworthiness, privacy, and practicability are central to our mechanism. In particular, to provide trustworthy location information, our mechanism uses the location of the phone as detected by the Mobile Network Operator instead of relying on the location detected by the phone itself, which can be manipulated. We have followed a privacy-by-design approach to ensure that sensitive information, e.g., location and subscriber data, are only revealed to parties with a need to know. Privacy safeguards are realized using anonymous credentials, an established privacy-enhancing technology. Finally, our mechanism is practical and has little requirements on the mobile phone beyond the ability to run computations on anonymous credentials, as well as Internet and mobile network connectivity. These requirements are fulfilled by most smartphones in the market.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.