6

I need to come up with digital proof that two physical devices are in the same (approximate) location whenever that transaction occurs.

This could be:

  • A digital ID and the authenticator
  • A consumer and a merchant
  • A digital key for a door, and a lock

Is there any way to prove that the devices are in the same location?

One way I was thinking of making this work, is to read environmental data (RF noise, bluetooth signal distance) and include this data in the verification channel. Since the devices are somewhat near each other, this environmental data should be almost the same.

Question

  • If it makes sense to include environmental data to prove two devices are in the same location, what data should be used?

  • Since the environmental data will likely never be numerically identical, but very similar, how can this be included in an authentication protocol? (this is the crypto aspect of the question)

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • By, "prove" do you mean prove to a third party? Or just to the devices themselves? The former seems very difficult, given that I can record environmental information with any device, and that information could then be sent to any other device I want, anywhere in the world, which could then easily use that data to forge its location. The latter, on the other hand, could easily be done with Bluetooth or NFC. – Ajedi32 Jan 05 '15 at 16:50

2 Answers2

10

There are schemes (1 and 2) that use environmental sensors like accelerators to generate a shared secret.

Two devices are shaken while held together. The specific time, pattern and magnitude of shaking should be unique to these two devices.

This data can be used to calculate a secret value only these two devices should know.

shamer
  • 131
  • 3
1

Use a Bluetooth or BLE chip on one device, and you can configure the separate device to receive data input from the BLE chip. Setup the BLE chip on the device to constantly broadcast and have the first device constantly listen.

If it makes sense to include environmental data to prove two devices are in the same location, what data should be used?

The data returned by the BLE chip. They typically return HEX values that you use and parse in the programming language of your choice on the second device.

Since the environmental data will likely never be identical, but very similar, how can this be included in an authentication protocol? (this is the crypto aspect of the question)

Setup the authentication protocol in the software that pings and receives data from the BLE chip on the other device.

Henry F
  • 626
  • 1
  • 6
  • 13
  • 1
    This can be cracked by two Bluetooth devices acting as a bridge, just like conventional NFC. What the author asked for is something that can't be "bridged" like that. –  Jan 05 '15 at 11:21
  • @AndréDaniel Very good point, I agree. I'm not very familiar with the term "bridged" yet. – Henry F Jan 06 '15 at 05:28