Browse Prior Art Database

Using Global Positioning for Location-Based Computer Security

IP.com Disclosure Number: IPCOM000021182D
Original Publication Date: 2003-Dec-31
Included in the Prior Art Database: 2003-Dec-31
Document File: 3 page(s) / 209K

Publishing Venue

IBM

Abstract

A Global Positioning Satellite (GPS) receiver is used to determine the location of the PC and restrict access to one or more features based on a previously-defined security policy. The GPS receiver is bound to a secure and/or unique component of the PC (e.g., a Trusted Platform Module (TPM)) to ensure that the receiver is not replaced with another, unapproved GPS receiver. A location-based security policy is used to specify security zones and the restrictions that are imposed when the the computer is within or outside of the zones. During normal use, the GPS card is automatically used to verify the location of the PC and access to various features is either granted or blocked based on the location-based security policy. Advantages of this method include: accurate implementation of the "where you are" paradigm, reduction of concern regarding forgotten passwords or stolen tokens, and implementation of multiple zone-specific security policies.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 3

Using Global Positioning for Location-Based Computer Security

    Computer and data theft are a critical threat to security. Often, a computer is stolen and transported to a different location where the attacker attempts to access the data in the PC. In other situations, data can be compromised when it is accessed in inappropriate areas, such as crowded public areas where others could view the data. The current computer security paradigm provides security based on who you are (e.g., finger print), what you have (e.g., smart card), or what you know (e.g., password). Unfortunately, tokens can be stolen and passwords can be guessed. Data access based on the computer's location is needed for more complete data security.

    The invention employs a Global Positioning Satellite (GPS) receiver to determine the location of the PC and restrict access to one or more features based on a previously-defined security policy. The initial setup of the location-based security system is shown below in Figure 1. First, installation of a GPS receiver is required if one is not integrated into the computer. After installation, the GPS receiver is bound to a secure and/or unique component of the PC (e.g., the Trusted Platform Module (TPM), the serial number of the system, or the MAC address of the integrated network adapter), establishing a trusted path for GPS data. This binding process ensures that an attacker cannot replace the GPS receiver with another device that mimics the GPS receiver but sends spoofed or false GPS data. Finally, the administrator defines a security policy that includes, but is not limited to, defining specific security zones for computer use, the restrictions imposed when the computer is inside or outside each security zone, the frequency of position checking, and the procedure for resetting the computer once restrictions have been imposed. The security zones can be defined based on a variety of location-related information provided by the GPS receiver, such as position (e.g., restricting use to a 100 meter radius from a specific spot), or altitude (e.g., restricting use when leaving a specific floor of a building or during air travel) or time of day (e.g., restricting use during non-business hours). The restrictions imposed when the computer is inside or...