WO2020172706A1 - Transactions électroniques de vérification de proximité - Google Patents

Transactions électroniques de vérification de proximité Download PDF

Info

Publication number
WO2020172706A1
WO2020172706A1 PCT/AU2020/050165 AU2020050165W WO2020172706A1 WO 2020172706 A1 WO2020172706 A1 WO 2020172706A1 AU 2020050165 W AU2020050165 W AU 2020050165W WO 2020172706 A1 WO2020172706 A1 WO 2020172706A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
mobile device
adjusted
approximate position
positioning
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/AU2020/050165
Other languages
English (en)
Inventor
Adrian James
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Whitecoat Operating Pty Ltd
Original Assignee
Whitecoat Operating Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2019900596A external-priority patent/AU2019900596A0/en
Application filed by Whitecoat Operating Pty Ltd filed Critical Whitecoat Operating Pty Ltd
Priority to AU2020228071A priority Critical patent/AU2020228071B2/en
Publication of WO2020172706A1 publication Critical patent/WO2020172706A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4015Transaction verification using location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • H04W12/64Location-dependent; Proximity-dependent using geofenced areas
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/023Services making use of location information using mutual or relative location information between multiple location based services [LBS] targets or of distance thresholds
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S2205/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S2205/01Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations specially adapted for specific applications
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/02Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
    • G01S5/0205Details
    • G01S5/0215Interference

Definitions

  • the present disclosure relates to authorising electronic transactions.
  • systems and methods for authorising electronic transactions on the basis of an accurate location determination are provided.
  • Location is an important aspect of reducing fraud in relation to electronic transactions. That is, transactions that occur within a certain distance of a provider have been shown to reduce instances of fraud.
  • a mobile device is actually where it reports its location, and a device, using relatively easy to access tools, can simply spoof its location. Therefore there is little assurance that a device is actually in the location that it is reported to be in.
  • GPS Global Positioning System
  • Bluetooth beacons or Wi-Fi access points, can be moved and collusion (a type of insurance fraud) can occur.
  • Bluetooth also requires significant battery usage and can cause battery life degradation. As a result, device positioning systems can be inaccurate and electronic transaction systems cannot always rely on the location results provided to authorise electronic transactions.
  • a computer implemented method for authorisation via proximity detection of an electronic transaction by a mobile device at a terminal comprising: determining one or more local transmission services available to the mobile device; determining an approximate position of the mobile device based on one or more generic device positioning systems; determining one or more local transmission services available to the terminal; determining an approximate position of the terminal based on one or more generic device positioning systems; calculating an adjusted and/or assured position of the mobile device by adjusting or assuring the approximate position of the mobile device using bespoke device positioning or position adjusting or assurance systems based on the one or more local transmission services available to the mobile device; calculating an adjusted or assured position of the terminal by adjusting and/or assuring the approximate position of the terminal using bespoke device positioning or position assurance systems based on the one or more local transmission services available to the terminal; and authorising the electronic transaction by the mobile device if the adjusted and/or assured position of the mobile device and the adjusted and/or assured position of the terminal are within an authorised operating location.
  • the adjusted and/or assured position of the terminal or the adjusted and/or assured position of the mobile device is determined based on one or more adjustments including: a data fingerprint of data produced by the terminal; device signal availability; and device variability.
  • using bespoke device positioning and/or position assurance systems may comprise: determining one or more local transmission services available to a second mobile device; determining an approximate position of the second mobile device based on one or more generic device positioning systems; storing one or more measurements of the local transmission services made by the second mobile device in combination with the approximate position; and determining the adjusted and/or assured position of the mobile device based on the one or more stored measurements if the approximate position of the second mobile device is similar to the approximate position of the mobile device.
  • using bespoke device positioning systems comprise: determining one or more local transmission services available to a second terminal; determining an approximate position of the second terminal based on one or more generic device positioning systems; storing one or more measurements of the local transmission services made by the second terminal in combination with the approximate position; and determining the adjusted position of the terminal based on the one or more stored measurements if the approximate position of the second terminal is similar to the approximate position of the terminal.
  • using bespoke device positioning systems may further comprise: determining one or more adjustments for calculating the adjusted position of the second mobile device; storing the one or more adjustments in combination with the approximate position of the second mobile device; and determining the adjusted position of the mobile device based on the one or more stored adjustments if the approximate position of the second mobile device is similar to the approximate position of the mobile device.
  • using bespoke device positioning systems may further comprise: determining one or more adjustments for calculating the adjusted position of the second terminal; storing the one or more adjustments in combination with the approximate position of the second terminal; and determining the adjusted position of the terminal based on the one or more stored adjustments if the approximate position of the second terminal is similar to the approximate position of the terminal.
  • the one or more mobile device positions systems and one or more terminal positions systems include: Network-based positioning; Device- based positioning; or any combination of the above.
  • network-based positioning comprises: triangulation; trilateration; multilateration; cell identification; cell tower triangulation; and advanced forward link trilateration.
  • device-based positioning comprises: Global Navigation Satellite Systems; Global positioning system (GPS); Global Navigational Satellite System (GLONASS); Enhanced Observed Time Difference (E-OTD); network fingerprinting; raw radio measurements; local positioning system; Wi-Fi based positioning; and Local service based positioning.
  • GPS Global positioning system
  • GLONASS Global Navigational Satellite System
  • E-OTD Enhanced Observed Time Difference
  • network fingerprinting raw radio measurements; local positioning system; Wi-Fi based positioning; and Local service based positioning.
  • an authorised operating location is a specified horizontal distance from a point location associated with the provider.
  • the method may further comprise authorising the electronic transaction if one or more specific functional thresholds are met.
  • the one or more specific functional thresholds include: time of day; blacklist; whitelist; and confidence intervals.
  • the one of more specific functional thresholds have a specified default value.
  • a server system comprising: a memory; and a processor to: determine one or more local transmission services available to the mobile device; determine an approximate position of the mobile device based on one or more generic device positioning systems; determine one or more local transmission services available to the terminal; determine an approximate position of the terminal based on one or more generic device positioning systems; calculate an adjusted and/or assured position of the mobile device by adjusting and/or assuring the approximate position of the mobile device using bespoke device positioning or position assurance systems based on the one or more local transmission services available to the mobile device; calculate an adjusted and/or assured position of the terminal by adjusting and/or assuring the approximate position of the terminal using bespoke device positioning or position assurance systems based on the one or more local transmission services available to the terminal; and authorise the electronic transaction by the mobile device if the adjusted and/or assured position of the mobile device and the adjusted and/or assured position of the terminal are within an authorised operating location.
  • Figure 1 a is an illustration of an example environment for authorisation via proximity detection of an electronic transaction by a mobile device at a terminal;
  • Figure 1 b is a block diagram of an example server system
  • Figure 2 is an illustration of an example method for authorisation via proximity detection of an electronic transaction by a mobile device at a terminal;
  • Figure 3a is an illustration of determining approximate locations of a mobile device and a terminal
  • Figure 3b is an illustration of an authorised operating location
  • Figure 4 is an example illustration of a scenario with a Wi-Fi service
  • Figure 5 is an example illustration of the scenario of figure 4 with an adjusted location of the terminal
  • Figure 6 is an example illustration of a scenario with a Wi-Fi service and a Bluetooth service
  • Figure 7 is an example illustration of the scenario of figure 6 with an adjusted location of the mobile device.
  • Figure 8 is an example illustration of a scenario where other user devices can be used to adjust the location of a user device.
  • the present disclosure relates to a method and system for authorising a transaction based on a geolocation.
  • An accurate geolocation on mobile devices is calculated to determine whether a provider and user are within an acceptable proximity to each other. Further the system also determines whether the provider is within an acceptable proximity to the authorised operating location.
  • Example environment Figure 1 illustrates an example proximity proofing environment 100 in which embodiments and features of the present disclosure are implemented.
  • the example environment 100 includes a communications network 130 which interconnects a user device 102, a provider device (also referred to in this disclosure as a terminal) 104, a server system 120, and third party location services 140.
  • a user who is a patient in a medical practice is attempting to make a transaction to a medical services provider via a provider device.
  • the user device 102 is associated with the user, and the provider device (terminal) 104 is associated with the provider.
  • User device 102 is a computer processing system with a user module 1 12, which is a proximity proofing client application.
  • the proximity proofing client application 1 12 When executed by the user device 102 (e.g. by a processor thereof), the proximity proofing client application 1 12 configures the user device 102 to provide client-side proximity proofing system functionality by communicating (using a communication interface similar to the communications interface 164 described below) with the proximity proofing server system 120 (and, in particular, the proximity proofing server module 122).
  • Proximity proofing client application 1 12 may be a dedicated client application that communicates with a proximity proofing application server using an API.
  • Proximity proofing client application 1 12 may be a web browser (such as Chrome, Safari, Internet Explorer, Firefox, or an alternative web browser) which communicates with a proximity proofing web server module 122 using http/https protocols.
  • provider device 104 is a computer processing system with a provider module 1 14, which is a proximity proofing provider application.
  • the proximity proofing provider application works much the same way as the proximity proofing client application 112 described above.
  • the proximity proofing provider application 1 12 configures the provider device 104 to provide provider-side proximity proofing system functionality by communicating (using a communication interface similar to the communications interface 164 described below) with the proximity proofing server system 120 (and, in particular, the proximity proofing server module 122).
  • User device 102 may be any form of computing device.
  • user device 102 will be a mobile device - e.g. a mobile phone, although it is possible tablets or other mobile devices could be used. While a single user device 102 has been illustrated, an environment would typically include multiple user devices 102 interacting with the proximity proofing server system 120.
  • the proximity proofing server system 120 includes a proximity proofing server module 122 and a proximity proofing database server 124 and data store 126, which may be a shared data store.
  • the proximity proofing server module 122 configures the proximity proofing server system 120 to provide server side proximity proofing system functionality - e.g. by receiving and responding to requests from proximity proofing clients (e.g. client 1 12) and storing/retrieving data from the proximity proofing data store 126 as required.
  • Proximity proofing server 120 may be a web server (for interacting with web browser clients) or an application server (for interacting with dedicated application clients). While proximity proofing server system 120 has been illustrated with a single server 122, environment 100 may provide multiple servers (e.g. one or more web servers and/or one or more application servers).
  • proximity proofing server system 120 is a scalable system including multiple distributed server nodes connected to the shared data store 126 (e.g. a shared file server). Depending on demand from clients (and/or other performance requirements), proximity proofing server system 120 server nodes can be provisioned/de-provisioned on demand to increase/decrease the number of servers offered by the proximity proofing server system 120.
  • Each proximity proofing server module 122 may run on a separate computer system and include one or more application programs, libraries, APIs or other software that implement server-side functionality.
  • the proximity proofing database server 124 may run on the same computer system as an proximity proofing server 122, or may run on its own dedicated system (accessible to proximity proofing server(s) 122 either directly or via a communications network).
  • the proximity proofing server 122 (running on the proximity proofing server system 120), proximity proofing client application 1 12 (running on user device 102), and proximity proofing provider application 114 (running on provider device 104) operate together to provide the proximity proofing system functionality.
  • operations described herein as proximity proofing operations or operations being performed by the proximity proofing system may be performed by the proximity proofing client 112 (operating on user device 102), proximity proofing provider 1 12 (operating on provider device 104) the proximity proofing server module 122 (operating on proximity proofing server system 120) or the proximity proofing client 1 12, proximity proofing provider 1 14 and proximity proofing server module 122 in cooperation.
  • Proximity proofing operations involving the display of user information involve the user device 102 as controlled by the proximity proofing client 1 12.
  • the data displayed may be generated by the proximity proofing client 1 12 itself, or generated by the proximity proofing server 122 communicated to the proximity proofing client 1 12. Equally, the same applies to the display of provider information.
  • proximity proofing operations involving user input involve the user device 102 receiving user input (e.g. at an input device) and passing that input to the proximity proofing client 1 12.
  • the information input may be processed by the proximity proofing client 1 12 itself, or communicated by the proximity proofing client 1 12 to the proximity proofing server 122 to be processed by the proximity proofing server 122.
  • Proximity proofing operations involving writing data to the proximity proofing data store 126 via the database server 124 involve the proximity proofing server 122.
  • the data written to the proximity proofing data store 124 may, however, be communicated to the proximity proofing server 122 by the proximity proofing client 112.
  • Third party location services 140 may be used to provide some of the location operations described in the present disclosure. Typically, such third party location services 140 are internet accessible and provide a publicly accessible API. In this disclosure, a third party location service 140 can be provided inputs such as location measurements performed by the user device 102 or the provider device 104. The third part location services 140 will typically return a point location in the form of a latitude and longitude as well as a degree of accuracy, which would typically be a distance measured in metres.
  • Proximity proofing server system The present invention is necessarily implemented using a server system 120.
  • the server system 120 is, or will include, a computer processing system.
  • Figure 1 b provides a block diagram of one example of a computer processing system 120.
  • System 120 as illustrated in Figure 1 b is a general-purpose computer processing system. It will be appreciated that Figure 1 b does not illustrate all functional or physical components of a computer processing system. For example, no power supply or power supply interface has been depicted, however system 120 will either carry a power supply or be configured for connection to a power supply (or both). It will also be appreciated that the particular type of computer processing system will determine the appropriate hardware and architecture, and alternative computer processing systems suitable for implementing aspects of the invention may have additional, alternative, or fewer components than those depicted, combine two or more components, and/or have a different configuration or arrangement of components.
  • the computer processing system 120 includes at least one processing unit 152.
  • the processing unit 152 may be a single computer-processing device (e.g. a central processing unit, graphics processing unit, or other computational device), or may include a plurality of computer processing devices. In some instances all processing will be performed by processing unit 152, however in other instances processing may also, or alternatively, be performed by remote processing devices accessible and useable (either in a shared or dedicated manner) by the system 100.
  • system 120 includes a system memory 154 (e.g. a BIOS), volatile memory 156 (e.g. random access memory such as one or more DRAM modules), and non-volatile memory 158 (e.g. one or more hard disk or solid state drives).
  • system memory 154 e.g. a BIOS
  • volatile memory 156 e.g. random access memory such as one or more DRAM modules
  • non-volatile memory 158 e.g. one or more hard disk or solid state drives.
  • System 120 also includes one or more interfaces, indicated generally by 160, via which system 120 interfaces with various devices and/or networks.
  • other devices may be physically integrated with system 120, or may be physically separate.
  • connection between the device and system 120 may be via wired or wireless hardware and communication protocols, and may be a direct or an indirect (e.g. networked) connection.
  • Wired connection with other devices/networks may be by any appropriate standard or proprietary hardware and connectivity protocols.
  • system 120 may be configured for wired connection with other devices/communications networks by one or more of: USB; FireWire; eSATA; Thunderbolt; Ethernet; OS/2; Parallel; Serial; HDMI; DVI; VGA; SCSI; AudioPort. Other wired connections are, of course, possible.
  • Wireless connection with other devices/networks may similarly be by any appropriate standard or proprietary hardware and communications protocols.
  • system 100 may be configured for wireless connection with other devices/communications networks using one or more of: infrared; Bluetooth; Wi-Fi; near field communications (NFC); Global System for Mobile Communications (GSM), Enhanced Data GSM Environment (EDGE), long term evolution (LTE), wideband code division multiple access (W-CDMA), code division multiple access (CDMA).
  • GSM Global System for Mobile Communications
  • EDGE Enhanced Data GSM Environment
  • LTE long term evolution
  • W-CDMA wideband code division multiple access
  • CDMA code division multiple access
  • Other wireless connections are, of course, possible.
  • the devices to which system 120 connects - whether by wired or wireless means - allow data to be input into/received by system 120 for processing by the processing unit 152, and data to be output by system 120.
  • Example devices are described below, however it will be appreciated that not all computer-processing systems will include all mentioned devices, and that additional and alternative devices to those mentioned may well be used.
  • system 120 may include or connect to one or more input devices by which information/data is input into (received by) system 120.
  • input devices may include physical buttons, alphanumeric input devices (e.g. keyboards), pointing devices (e.g. mice, track pads and the like), touchscreens, touchscreen displays, microphones, accelerometers, proximity sensors, GPS devices and the like.
  • System 100 may also include or connect to one or more output devices controlled by system 100 to output information.
  • output devices may include devices such as indicators (e.g. LED, LCD or other lights), displays (e.g. CRT displays, LCD displays, LED displays, plasma displays, touch screen displays), audio output devices such as speakers, vibration modules, and other output devices.
  • System 100 may also include or connect to devices which may act as both input and output devices, for example memory devices (hard drives, solid state drives, disk drives, compact flash cards, SD cards and the like) which system 100 can read data from and/or write data to, and touch-screen displays which can both display (output) data and receive touch signals (input).
  • memory devices hard drives, solid state drives, disk drives, compact flash cards, SD cards and the like
  • touch-screen displays which can both display (output) data and receive touch signals (input).
  • System 120 may also connect to communications networks (e.g. the Internet, a local area network, a wide area network, a personal hotspot etc.) to communicate data to and receive data from networked devices, which may themselves be other computer processing systems.
  • communications networks e.g. the Internet, a local area network, a wide area network, a personal hotspot etc.
  • system 120 may be any suitable computer processing system such as, by way of non-limiting example, a desktop computer, a laptop computer, a netbook computer, tablet computer, a smart phone, a Personal Digital Assistant (PDA), a cellular telephone, a web appliance.
  • system 120 will include at least user input and output devices 162 and (if the system is to be networked) a communications interface 164 for communication with a network 130.
  • the number and specific types of devices which system 100 includes or connects to will depend on the particular type of system 120. For example, if system 120 is a desktop computer it will typically connect to physically separate devices such as (at least) a keyboard, a pointing device (e.g. mouse), a display device (e.g. a LCD display).
  • system 120 is a laptop computer it will typically include (in a physically integrated manner) a keyboard, pointing device, a display device, and an audio output device. Further alternatively, if system 120 is a tablet device or smartphone, it will typically include (in a physically integrated manner) a touchscreen display (providing both input means and display output means), an audio output device, and one or more physical buttons.
  • System 120 stores or has access to instructions and data which, when processed by the processing unit 102, configure system 120 to receive, process, and output data.
  • Such instructions and data will typically include an operating system such as Microsoft Windows®, Apple OSX, Apple IOS, Android, Unix, or Linux.
  • System 120 also stores or has access to instructions and data (i.e. software) which, when processed by the processing unit 152, configure system 120 to perform various computer-implemented processes/methods in accordance with embodiments of the invention (as described below). It will be appreciated that in some cases part or all of a given computer-implemented method will be performed by system 120 itself, while in other cases processing may be performed by other devices in data communication with system 120. Instructions and data are stored on a non-transient machine-readable medium accessible to system 120. For example, instructions and data may be stored on non transient memory 158. Instructions may be transmitted to/received by system 120 via a data signal in a transmission channel enabled (for example) by a wired or wireless network connection.
  • instructions and data i.e. software
  • Generic positioning systems are those types of device positioning systems that can be offered by third parties, such as the third party location services 140 illustrated in figure 1 a.
  • third parties include Google, Apple and Microsoft.
  • Generic positioning systems are able to provide an approximate position of a device such as a mobile device or a terminal, but are unable to provide an adjusted position of the device or any assurance that the device is in fact where the device reports it is.
  • Bespoke device positioning or position assurance systems are device positioning systems that can make specific adjustments to an approximate location in certain circumstances or locations, in order to make the location more accurate or to give an assurance that a device is where the device reported it to be.
  • adjustments There are a number of adjustments that can be made to an approximate location determined by generic positioning systems. These include adjustments based on a data fingerprint, device variability and device signal availability. These adjustments are described in more detail below.
  • the bespoke device positioning system can store one or more measurements of the local transmission services made by another mobile device (or the same device earlier) in a previous transaction. In combination with the approximate position this can be used by the bespoke device positioning systems to determine the adjusted position of the mobile device based on the one or more stored measurements if the approximate position of the earlier mobile device is similar to the approximate position of the mobile device.
  • a similar approach can be applied to determine the adjusted position of the terminal. That is, the measurements made to determine an approximate position for one device can be used to determine an adjusted position for other devices, or the same device at a later time. Further, bespoke device positioning systems can keep track of the adjustments for calculating the adjusted position of other mobile devices or terminals.
  • These adjustments can be stored in combination with the approximate position of the other mobile device. Later the adjustments can be used by the bespoke device positioning systems to determine the adjusted position of the mobile device based on the stored adjustments if the approximate position of the mobile device is similar to the approximate position of one or more of the other mobile devices. That is, the position adjustments made for one device can be made for other devices, or the same device at a later time.
  • Figure 2 is an illustration of an example method 200 for authorisation via proximity detection of an electronic transaction by a mobile device at a terminal.
  • Method 200 involves a first step of determining one or more local transmission services available to the mobile device.
  • Many user devices 102 have Global Positioning System (GPS) functionality enabled. Similarly many such devices 102 have Wi-Fi and Bluetooth functionality.
  • GPS Global Positioning System
  • User devices 102 when attempting to determine the location of the device 102 will typically scan all the publicly available information that can be used to identify a local transmission service such as a Wi-Fi or Bluetooth service. This information is can be communicated to the proximity proofing server 120 and stored along with any location data subsequently determined by the device 102. Therefore a Wi-Fi or Bluetooth service can be later used to provide location information about any other user device that is near enough to these services that they can be scanned by the user device.
  • a second step of the method 200 is to determine 204 an approximate position of the mobile device based on one or more generic mobile device positioning systems.
  • the position can be calculated by reference to the local transmission services that have been identified, GPS, or any combination.
  • the third party location services 140 can also be used to calculate the approximate position.
  • a third step of the method 200 is to determine 206 one or more local transmission services available to the terminal.
  • a terminal much like the user devices described above have Global Positioning System (GPS) functionality enabled.
  • GPS Global Positioning System
  • a terminal 104 generally has Wi-Fi and Bluetooth functionality.
  • a terminal 102 when attempting to determine the location of the terminal 102 can scan all the publicly available information that can be used to identify a local transmission service such as a Wi-Fi or Bluetooth service. Further, the terminal will generally produce a consistent set of data, which can be stored by the proximity proofing server system 120 along with the location that the terminal determines. This may help to identify and locate the terminal in circumstances where the location is inaccurate or outside the usual location for the terminal.
  • the next step is to determine 208 an approximate position of the terminal based on one or more terminal positioning systems. Similar to the above, the approximate position can be calculated by reference to the local transmission services that have been identified, GPS, or any combination.
  • the third party location services 140 can be used to calculate the approximate position of the terminal.
  • a fifth step of the method 200 is to calculate 210 an adjusted position of the mobile device by adjusting the approximate position of the mobile device using bespoke device positioning systems based on the one or more local transmission services available to the mobile device.
  • the approximate position provided above may not be accurate enough for the purposes of authorisation. As a result, there may need to be adjustments made. Even where adjustments are not required, this effectively amounts to an assurance process that can add to a level of assurance that the device is where it is reportedly located. Examples of adjustments are described below.
  • a sixth step of the method 200 is to calculate 212 an adjusted position of the terminal by adjusting the approximate position of the terminal using bespoke device positioning systems based on the one or more local transmission services available to the terminal.
  • the approximate position of the terminal provided above may not be accurate enough for the purposes of authorisation. As a result, there may need to be adjustments made. Even where adjustments are not required, the adjustment or assurance process can add to a level of assurance that the device is where it is reportedly located. Examples of adjustments are described below.
  • a final step is authorising 214 the electronic transaction by the mobile device if the adjusted position of the mobile device and the adjusted position of the terminal are within an authorised operating location.
  • the medical services provider has a geolocation associated with it which is the authorised operating location. That is, a transaction involving a medical services provider where a user device 102 associated with a user and a provider device 104 associated with a provider are within the authorised operating location. Where one or both devices are outside the authorised operating location, then the transaction may not be authorised. There are a number of options that may be implemented in such circumstances. The transaction in one example may simply fail or the user may be requested to move to the operating location or notified to turn on one or more services which may assist to more accurately identify the location.
  • a local transmission service (such as a nearby wireless service) that has been recorded previously by a user device can be used to provide a location for any other user device.
  • the more user devices that determine a location will make the location associated with the wireless service more accurate.
  • many third party solutions for this data exist, including Google, Apple and Microsoft. Google for example will track a unique identifier of a Wi-Fi access point - the media access control (MAC) address - along with the location determined by a user device.
  • MAC media access control
  • the user device 102 determines an approximate position 312 for the user device and terminal 104 determines an approximate position 322 for the terminal.
  • the approximate position of the user device 102 is initially provided by a calculation based on one or more available wireless services. Examples of available wireless services include Wi-Fi, Bluetooth, and cellular services. Each of these wireless services has a signal, the strength of which can be measured at the device.
  • the user device 102 determines an approximate position.
  • Each of the wireless services that are available provides a degree of accuracy, therefore the more wireless services available the more likely the approximate position is accurate. It is possible to determine the approximate position accurately with multiple wireless services such that no adjustments are required.
  • the location of the terminal 104 is initially provided by a calculation based on one or more wireless services available to the terminal.
  • the approximate position 322 of the terminal 104 is initially provided by a calculation based on one or more available wireless services.
  • available wireless services include Wi-Fi, Bluetooth, and cellular services. Each of these wireless services has a signal, the strength of which can be measured at the terminal.
  • the user device can utilise an application programmable interface (API) of an online third party service 140 such as Google to calculate an approximate position. That is, the measurements of the wireless services are inputted into the online service and a result is returned to the user device.
  • API application programmable interface
  • the result in this example is a combination of latitude, longitude and a degree of accuracy. The accuracy in this case is measured in metres.
  • the elements of an approximate position form a circle, where the latitude and longitude make the centre of the circle 312 and the accuracy is the radius of the circle 344.
  • a second circle 322 is formed by the location of the terminal 104. That is, the terminal has a latitude and longitude, which in this example is fixed. It is possible that a terminal has a variable latitude and longitude, such as where the terminal is mobile. However whether the terminal is fixed or mobile does not affect how the calculation is performed. That is, a similar calculation to the above describing the user device may be made to determine the terminal location. If the terminal is fixed, then for the reasons described above, the location is more likely to be calculated with greater accuracy.
  • the system 120 determines if there is sufficient overlap between the user device location, terminal location and the authorised operating location 302. If there is sufficient overlap between the two, and the provider device is within the authorised operating location as well, then the transaction made by the user is authorised by the system.
  • the system 120 may also calculate the distance 330 between the mobile device 102 and the terminal 104. In some embodiments, this distance 330 may also form an authorisation requirement, such as where the terminal and mobile device must be within 5 metres of each other.
  • the authorised operating location 302 is depicted as a rectangle.
  • the authorised operating location 302 may be a latitude and longitude along with a horizontal distance.
  • Figure 3b is an illustration of this example authorised operating location 340.
  • the authorised operating location 340 is a defined by a horizontal distance 350 and a centre point 360. This does not necessarily completely correspond with the physical properties of the provider’s location (such as the medical centre). This means that, as depicted, there could be parts of the physical medical centre that are within the authorised operating location 340, and parts that are not within the physical medical centre that are also within the authorised operating location.
  • FIG 4 is an example illustration where a user is attempting to perform a transaction.
  • the approximate positions 312 and 322 of the mobile device 102 and terminal 104 respectively were used they would be determined by the system 120 to be outside the authorised operating location 302. Therefore in this example, adjustments would be required.
  • a terminal or provider device typically transmits a consistent set of data which can be considered a data fingerprint. This data would identify the provider device using a pin pad ID (PPID) which is a unique number associated with provider device such as a terminal. The PPID can be used to ensure fraudulent devices can be identified.
  • PPID pin pad ID
  • the data fingerprint would also indicate the provider device is not moving and is in a constant location. That is, the measurements that the provider device makes are generally likely to be the same or similar if it is a legitimate device that does not move much within the authorised operating location. Wi-Fi, Bluetooth, and cell services do not typically move so their measurements can be used alone or in combination with the identification data to determine the data fingerprint for a provider device.
  • the approximate position of the provider device may continually be calculated with low accuracy or the provider device may be reported to be outside its authorised operating location. If the system recognises the data fingerprint, the system can adjust the position of the provider device to a location known by the system to be associated with a particular data fingerprint before calculating the proximity threshold.
  • Figure 5 is the same example as Figure 4 above but where a user is attempting to perform a transaction after typical business hours at a time such as 5pm.
  • the same nearby Wi-Fi service 402 operated is not available. This is because the service only operates between the hours of 9am and 4pm, which are the operating hours of the bank.
  • the provider in this case is a medical practice that operates until 6pm - that is, the medical practice accepts transactions until 6pm.
  • the wireless services that would have been available during earlier business hours have been turned off.
  • the lack of wireless services mean that, in this example, the terminal location is determined with less accuracy and therefore the system determines the device location to be outside the authorised operating location. However, the terminal 104 in reality is still in the same location it was earlier in the day as it has not moved. If the approximate position 322 is utilised, then the transaction would not be authorised when it otherwise might have been.
  • the system 120 may adjust the approximate position 322 of Figure 4 by detecting the data fingerprint of the terminal 104, noting it is consistent with one or more transactions that occurred earlier in the day and adjusting the location of the terminal on this basis to the adjusted location 422 with the new accuracy of 424. Adjusting the location in this example means that the terminal 104 is now determined to be within the authorised operating location 302 and the transaction can be authorised.
  • FIG. 6 is an illustration of another example 600 where a user is attempting to perform a transaction in a scenario with a Wi-Fi service 602 and a Bluetooth service 604.
  • the user device 102 measures the available wireless services nearby.
  • the location 312 that is determined is less accurate because the user device is a low cost ZTE handset.
  • the ZTE handset is known to have a limitation in its Bluetooth capabilities that it does not detect Bluetooth signals that are greater than 10 metres away.
  • the device 120 has not been able to detect the Bluetooth signal 604 as it is further than 10 metres away from it. This is problematic, for example, if the wireless signals are measured such that the Bluetooth signal provides significant location information and that a lack of the Bluetooth signal is determined to mean that the device is not in the location that it actually is.
  • FIG 7 is an illustration of a further example 700 where a user is attempting to perform a transaction in a scenario as outlined in relation to Figure 6 above with a Wi-Fi service 402 and a Bluetooth service 604.
  • the system 120 has found ZTE handsets that have been used in previous transactions and identified that all ZTE handsets operate the same way. Therefore the system 120 recognises the same ZTE handset and adjusts the location 312 on the basis of the Bluetooth limitation to the adjusted position 712 with the adjusted accuracy 744.
  • the system 120 may discount the Bluetooth signal 604 as providing any location information.
  • a user device may have certain services turned on or off in various combinations. The availability of these services affects the location calculation.
  • a user device 104 measures and submits the cell tower and GPS data to provide an approximate position 312. However, it does not measure and submit the Wi-Fi 402 and Bluetooth 604 measurements. This is because, in this example, the user’s device 104 has the Wi-Fi and Bluetooth services turned off.
  • the system in this case may recognise that no Wi-Fi and Bluetooth services have been submitted, which is distinct from the services being turned on on the device but where no services were detected.
  • the system 120 may fill in the missing services by determining a likely default value or measurement for the missing services. To do this, the system 120 keeps track of measurements for user devices in the same or similar location.
  • another second user device 802 performed a transaction in a similar approximate position and reported a Wi-Fi service 402 and its signal strength was approximately -80dBm.
  • the system 120 recognises this and utilises then this value for this Wi-Fi service 402 can be substituted for the missing values and the location is adjusted on this basis.
  • a similar calculation can be performed for the Bluetooth service 604 on the basis of the strength reported by second device 802.
  • the values for the missing services can be substituted based on a specified default value, or the default value may be calculated based on the other available wireless services.
  • the system may also impose some functional thresholds to authorising transactions.
  • the functional thresholds provide a way in which certain transactions may be authorised or not, even if the location requirements are met.
  • the system keeps track of the time of day as different wireless services may be available at different times.
  • a provider may only accept transactions between certain times, such as business hours between 9am and 5pm.
  • Other functional thresholds may be defaults in relation to where a location of the user device or provider device (terminal) is not available.
  • the provider device may simply be unable to measure any signals that would provide location information.
  • the functional threshold may be to simply allow this transaction anyway or to block the transaction because the location of the provider device could not be calculated.
  • Other functional thresholds include maintaining a blacklist for services that will not be authorised, and whitelists for services that will be authorised. Further services may have specific thresholds around edge cases, such as where a user device is right on the boundary of an authorised operating location.
  • the functional threshold of a confidence interval may require the user device to be no closer than, say, half a metre from the boundary to have a greater confidence that the user is actually within the authorised operating location.
  • the confidence interval may be set by the provider or be imposed by the health insurer in relation to which a transaction is being made.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé mis en œuvre par ordinateur destiné à autoriser une transaction en garantissant une détermination précise du dispositif mobile et du terminal. L'invention concerne en outre des transactions qui doivent se produire à l'intérieur d'une proximité spécifiée. Le procédé comprend le calcul d'une position ajustée et/ou garantie du dispositif mobile par ajustement et/ou assurance de la position approximative du dispositif mobile à l'aide de systèmes de positionnement ou d'assurance de position de dispositif sur mesure sur la base du ou des services de transmission locaux disponibles pour le dispositif mobile, le calcul d'une position ajustée ou assurée du terminal en assurant la position approximative du terminal à l'aide de systèmes d'assurance ou de réglage de position de dispositif sur mesure sur la base du ou des services de transmission locaux disponibles pour le terminal et autoriser la transaction électronique par le dispositif mobile si la position réglée et/ou assurée du dispositif mobile et la position réglée et/ou assurée du terminal se trouvent dans un emplacement de fonctionnement autorisé.
PCT/AU2020/050165 2019-02-25 2020-02-25 Transactions électroniques de vérification de proximité Ceased WO2020172706A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2020228071A AU2020228071B2 (en) 2019-02-25 2020-02-25 Proximity proofing electronic transactions

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2019900596 2019-02-25
AU2019900596A AU2019900596A0 (en) 2019-02-25 Proximity proofing electronic transactions

Publications (1)

Publication Number Publication Date
WO2020172706A1 true WO2020172706A1 (fr) 2020-09-03

Family

ID=72238235

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2020/050165 Ceased WO2020172706A1 (fr) 2019-02-25 2020-02-25 Transactions électroniques de vérification de proximité

Country Status (2)

Country Link
AU (1) AU2020228071B2 (fr)
WO (1) WO2020172706A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100022254A1 (en) * 2008-07-22 2010-01-28 Bank Of America Corporation Location-Based Authentication of Mobile Device Transactions
US20130185166A1 (en) * 2010-07-20 2013-07-18 Moqom Limited Cardholder mobile device positioning system and method
US20140032346A1 (en) * 2012-07-12 2014-01-30 Tencent Technology (Shenzhen) Company Limited Method and system for controlling mobile data terminals
US20160232531A1 (en) * 2005-04-26 2016-08-11 Bpriv Llc Method for detecting misuse of identity in electronic transactions
WO2016201267A1 (fr) * 2015-06-12 2016-12-15 Offerup, Inc. Systèmes, procédés et dispositifs pour transactions locales basées sur ordinateur

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160232531A1 (en) * 2005-04-26 2016-08-11 Bpriv Llc Method for detecting misuse of identity in electronic transactions
US20100022254A1 (en) * 2008-07-22 2010-01-28 Bank Of America Corporation Location-Based Authentication of Mobile Device Transactions
US20130185166A1 (en) * 2010-07-20 2013-07-18 Moqom Limited Cardholder mobile device positioning system and method
US20140032346A1 (en) * 2012-07-12 2014-01-30 Tencent Technology (Shenzhen) Company Limited Method and system for controlling mobile data terminals
WO2016201267A1 (fr) * 2015-06-12 2016-12-15 Offerup, Inc. Systèmes, procédés et dispositifs pour transactions locales basées sur ordinateur

Also Published As

Publication number Publication date
AU2020228071A1 (en) 2021-03-04
AU2020228071B2 (en) 2021-05-27

Similar Documents

Publication Publication Date Title
AU2015307379B2 (en) Method for managing beacon, terminal device, server and storage medium
US10178555B2 (en) Securing a wireless mesh network via a chain of trust
EP2681581B1 (fr) Positionnement intérieur basé sur rssi en présence de points d'accès de commande de puissance d'émission dynamique
US8738037B1 (en) Identifying mobile access points
AU2015259667B2 (en) Verifying a secure connection between a network beacon and a user computing device
KR102439746B1 (ko) 전자 기기의 위치 판단 방법 및 장치
CN105306204B (zh) 安全验证方法、装置及系统
USRE48698E1 (en) Method and apparatus for providing location information
US9154910B2 (en) Terminal location obtaining method, device, and system
KR102092057B1 (ko) 전자 장치의 위치 정보 공유 방법 및 장치
US10817827B1 (en) Drive-thru system implementing location tracking
US20170013416A1 (en) Systems and methods for providing geolocation services in a mobile-based crowdsourcing platform
US11451539B2 (en) Identity identification and preprocessing
KR102705617B1 (ko) 위치 정보 제공 방법 및 그 장치
WO2011072075A1 (fr) Filtrage de configurations pour l'estimation de position de station mobile
US20190028995A1 (en) Information processing device, portable device, and system
US9094912B2 (en) Apparatus and method of providing connection source recommendations using a database of historic data on connectivity
AU2020228071B2 (en) Proximity proofing electronic transactions
US20170155980A1 (en) A method for controlling a sensing frequency in an electronic device and the electronic device thereof
CN108093373A (zh) 定位控制方法、装置、存储介质及终端设备
US9332434B1 (en) Policy based location collection for authentication
KR102612792B1 (ko) 전자 장치 및 전자 장치의 관심 영역 진입 판단 방법
US8612756B1 (en) Methods and devices for adjusting the precision of location information
US10419443B2 (en) Authentication server, authentication method in authentication server, and non-transitory computer readable medium storing authentication process program of authentication server
KR20250141636A (ko) 디지털 치료 기기의 로컬 시간의 변경을 감지하고 대응하기 위한 방법 및 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20763513

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020228071

Country of ref document: AU

Date of ref document: 20200225

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20763513

Country of ref document: EP

Kind code of ref document: A1