CN103222228B - DVB certification based on spot beam - Google Patents

Abstract

In one embodiment, method for certification applicant includes receiving from least one in one group of beam data of spot beam transmission at applicant, apllied least one set beam data is made comparisons with known valid data collection, when the difference of described least one set beam data with known valid data collection is less than certain threshold value, certification the applicant.

Description

DVB certification based on spot beam

Technical field

The present invention relates to electronic communication and network security, more particularly, to can be based on satellite System in order to reduce the authentication techniques of system vulnerability.

Background technology

Along with electronic communication and the data transmission system including network become more inveterately Being socially reintegrated, electronic security(ELSEC) and network security remain an important infrastructure element.So System can be threatened by WWW and its leak our country infrastructure other networks by with Process and general process in substantial amounts of data.Permeate, compromise and/or disable infrastructure unit both at home and abroad The dynamics of element is increasing, therefore to protect these systems to avoid these growing threats, needs Strengthen calculating safety.Unauthorized party's access to these systems, may bring in various degree Social influence, and, although any given attack seems the most hardly important, but it may It is the following predecessor more having autoaggressive attack.Global electronic system is attacked welcoming the network sharply increased Hit.Network attack often comes from network hole, and by pretending to be legal terminal user to carry out.

Lack detection unauthorized user or the existing method of electronic system being cracked, because i.e. Making to be found that attack, the method used by arch-criminal also can hide which unwarranted access originates from In.This problem causes other problem, because if attacking is considered as to originate from, such as, One foreign countries, then cannot verify that the periphery of unauthorized user means that government official The foreign country that the U.S. possibly cannot just carry out this network attack seeks compensation for or applies more aggressive Pressure.

Existing auth method, in the ordinary course of things, be non-dynamically, such as password, individual Identification codes etc., they allow system be more vulnerable to intercept and the attack of other Brute Force methods.

Therefore, it is used for limiting the added technique of unauthorized user's access and certification attempts to access that Electronic communication and a side of network or technology more in many ways can strengthen the safety of these systems existing Property.

Accompanying drawing explanation

Detailed description is described in reference to the drawings.

Fig. 1 is the schematic diagram of satellite-based communication system according to embodiments of the present invention.

Fig. 2 A, 2B and 2C are satellite-based Verification Systems according to embodiments of the present invention Schematic diagram.

Fig. 3 A is the schematic diagram calculating device according to embodiments of the present invention, and it is applicable to reality Existing satellite-based Verification System.

Fig. 3 B is the schematic diagram of the satellite-based communication system of the embodiment of the present invention.

Fig. 4 is a flow chart, it is shown that according to the behaviour in the method for embodiment certification applicant Make.

Summary of the invention

Described herein is for a kind of equipment based on spot beam certification, system and method.? In one or more embodiment, the method for certification applicant includes that passing of satelline spot beam sends solely Special beam data, applicant captures described data from from the transmission of described satellite, and applicant sends institute State the data verifier to the application that can include mediation practices that data are transmitted, then when required When difference between data and known valid data collection is in the threshold value of a definition, verifier certification The applicant.In one or more embodiment, applicant once recognizes via this " unidirectional " Card method is certified, can be provided the access to system or resource.In one or more embodiment In, third party's verifier can complete the certification of the applicant to mainframe network.One or more In individual embodiment, applicant there may be and can receive data and can send again the device of data, and In alternative embodiment, the two function can be comprised in the single hardware being coupled.

In one or more embodiment, data are probably invalid and applicant and are rejected Access.In one or more embodiment, data may be marked as uncertain, and Extra data may be needed to carry out certification applicant.In one or more embodiment, based on The tolerance level specified, data may be marked as uncertain, maybe can be prompted as through recognizing Card or be downgraded to restricted.In one or more embodiment, applicant can transmit additionally Identifier to verifier for certification, wherein identifier can include one of following: satellite identification information, The data of other applicant capture or derived information, it includes that location identifier is (such as seat based on ground Mark etc.), the time, pseudo random code section (authentication authorization and accounting key), the distinctive data of applicant (as password, Key, safety certificate etc.).Term used herein " liveness " refers to the mark of these types Symbol.In one or more embodiments, certification key can be by spot beam transmission and at spot beam Geometry in as the time function change, as such, it is possible to management from change spot beam Code, thus maintain thus obtained optimal correlation properties.This is well understood by the art , how phased aerial array can be used to produce dynamic point wave beam, therefore, implements at least one In example, how phased aerial array can be used for producing spot beam.In one or more embodiment, Shen Person please can send at least one path point benchmark to verifier, wherein be probably movement applicant Time capture take this path point benchmark.In at least one embodiment, when applicant is at least in certain a period of time When carving static, path point benchmark can be captured.

In at least one embodiment, except unidirectional client certificate method, multidirectional authentication method is also It is used between computing electronics carrying out mutual authentication (i.e. two-way authentication, three-dimensional certification etc.). (more than one) computing electronics can include mobile phone, portable computing, computer Network node, server or wireless network node etc..The method can be used for wireless and/or cable network. The method allows device to carry out self-authentication to other device, and such device can be allowed in certification Degree or the scope being agreed access information and/or service is determined after success.Service can include information Access, such as guarantee safe network (such as Internet bank etc.), it is ensured that safety data base, company The services of Email and other oriented mission etc. or other secure resources, be bundled into including those Resource in line, wireless and/or MANET.Additionally, the journey accessed in this multidirectional authentication method It is specific that degree or scope are also likely to be environment to one or more device.

In at least one embodiment, the equipment for certification applicant includes processor and memorizer Module, this memory module includes logical order, and when these logical orders are performed, configuration processes Device receives at least one location identifier provided by applicant and by applicant from defending at applicant The least one set path point data of capture in star multi-beam transmission, by least one location identifier described Compare with known valid data collection with least one set path point data, when described at least one Location identifier and described least one set path point data are fixed at one with the difference of known data set Certification the applicant time in the threshold value of justice.

The most in one embodiment, the system of certification applicant includes at least one Low Earth Orbit Satellite, this satellite is according to known spot beam geometry transmitting satellite wave beam, at least one electronics Device, this electronic installation include from satellite beams receive least one set path point data receiver and Determine the position sensor of described electronic installation position, at least one be communicatively coupled to described at least one The verifier of individual electronic installation, this verifier with by described electronic installation defined location, described extremely Few one group of path point data and given data collection carry out certification applicant.

Detailed description of the invention

In the following description, elaborate that many concrete details are to provide the thorough of various embodiment Understand.It should be understood, however, that those skilled in the art also can be real in the case of not having detail Execute various embodiment.In other cases, it is thus well known that method, program, assembly and element do not have It is described in detail or describes, in order to avoid covering specific embodiment.

Entity or user authentication technique can make third party's verifier be remotely money by one-way authentication method Source acknowledgement user, assets or the identity of device (such as applicant).It is pointed out, however, that This unidirectional method can also be used directly to confirm applicant by host computer system.Entity is probably to be needed Device (such as mobile phone, computer, server etc) to be followed the trail of or assets, and user can be People or other lived/abiotic entity.Entity and/or user may be in whole connection or sessions Duration certified.Entity and/or user may also require re-authentication after original certification. Re-authentication requires to be limited by mainframe network or determine as the case may be.It addition, this system can Message based Verification System for each one single verification process of message calls.This institute The technology stated can be used for conversation-based certification, message based certification or combinations thereof.

Additionally, the method can be applicable to receive device itself, such unilateral authentication need not by remotely Third party but by one or more receive device complete.When this method is real by single assembly Shi Shi, it is still considered as unidirectional authentication method.But, this method can also be applied to many To/multichannel authentication techniques, to allow at least two peer mutual authentication.This unidirectional or many In the device authentication method to device, it is (symmetrical that certification may often rely on a shared key With asymmetric), i.e. two legitimate receipt devices both know about key, and any without permission or rogue Receive device and do not know key.Each device can have a unique certification authority, as self and The password shared between peer or the public private double secret key of the form of safety certificate.If one Device proves that it knows shared key, makes other peer satisfied, and it just have authenticated self, because of This this device is legal.In this multichannel authentication method, once complete between at least two device Certification, then these devices demonstrate the identity of oneself the most to each other.Then these devices may be created Building the certification network of themselves, they may select the network security policy that enforcement it was agreed, with Protection communication and the access to networked resources in the environment of given.

Existing authentication method is likely to be used or combines to generate initial safe key (more than one Individual).Initial safe key, such as, available diffie-hellman graceful (diffie hellman) technology Cooperation generates, or only may be generated and pass through the escape way/process substituted by a peer It is sent to another device.

Under any circumstance, with initial safe key can include some share liveness information (as Defined before).In this application, liveness information is provided by satellite spot-beam, and can It is included in certification this parameter used as timestamp and pseudo random number (PRN).

Sharing liveness information and can be used in derivant, it allows each starter to fill to equity Different safe keys is used when putting certification self.This prevents potential rogue listener-in from opening every time Dynamic device initiates statistical attack time certified, prevents from adding the new message that intercepts to the elder generation in starter In the analysis of the message intercepted during front session.Liveness information and initial safe key can subsequently by A decisive function is passed to as input.Term used herein " decisive " refers to function Output depends entirely on input.This function determined can be distinguished in starter and peer Run.If creating different output during the decisive function of the two plant running, then from this The safe key that function is derived does not mates, and device can not be certified, and therefore this device is consequently not used for It is in communication with each other.

In addition to decisive, the most described function should be intrinsic irreversible.Know The output of function, it should be difficult or impossible to determine its input.Hash table defines a class and determines Property and intrinsic irreversible function, therefore, this class function is generally used for encryption and authentication calculations. The pseudo-random function (PRF) being used together with famous Transport Layer Security (TLS) agreement is to implement The example of available decisive function.

Pseudo-random function PRF is by two famous hash functions: message digest algorithm 5(MD5) and Secure Hash Algorithm 1(SHA-1) result merge.Pseudo-random function use two hash functions with Ensureing safety, prevention is just in case there being people to determine how one of two hash functions of reverse.The two Hash Function produces output, its may the shortest thus for safety and non-optimal.SHA-1 produces 20 bytes Output, MD5 produces the output of 16 bytes.Therefore, to each in the two hash function, Can define one " Data expansion function ", this function uses hash function to produce random length Output.For SHA-1, Data expansion function can be defined as P_SHA-1:

(initial safe is close for=SHA-1 for equation 1:P_SHA-1 (initial safe key, liveness) Key, A (1)+liveness)+SHA-1 (initial safe key, A (2)+liveness)+SHA-1 (initial safe Key, A (3)+liveness)+...

A (0)=liveness herein;

A (i)=SHA-1 (initial safe key, A (i-1));

And "+" symbol represents that character string connects.

The definition being defined similarly as above-mentioned P_SHA-1 of Data expansion function P_MD5, wherein by upper State " SHA-1 " occurred in definition and replace with " MD5 ".Data expansion function can be iterated must The number of times wanting many produces the output of Len req.Required output length can be configured so that one Implement option.The most in one embodiment, the required output length of each hash function is 128 Byte.P_SHA-1 may iterate to A (7), and to obtain total output length 140 byte, (each iteration increases The output length of 20 bytes).Then this output may be truncated to 128 bytes.P_MD5's is every Secondary iteration produces 16 bytes, so it iterates to A (8) will produce 128 words that required nothing is blocked Joint.

In an embodiment for certification based on spot beam, selecting hash function and changing After its Data expansion function to required output length, pseudo-random function is by close for the initial safe of extension Key, the liveness information of label (a predetermined ascii string) and exchange is as input. Pseudo-random function be defined as two hash spread function P_MD5 and P_SHA-1 output by Position XOR (XOR).

Equation 2: pseudo-random function (the initial safe key of extension, label, liveness)=P_MD5 (S1, label+liveness) XOR P_SHA-1 (S2, label+liveness)

Herein, S1 is the first half that the initial safe key extended is measured by byte, and S2 is extension Initial safe key measure by byte the second half.If (the length of the initial safe key of extension Degree is odd number, then its intermediary bytes be last byte of S1 be also the first character of S2 Joint).Because P_MD5 and P_SHA-1 is iterated to produce the output of 128 bytes, thus puppet with The output of machine function is also 128 bytes.

128 byte outputs of this pseudo-random function are divided into the secure session key of four 32 bytes.So Rear each secure session key is truncated the certification by being used and the length of cryptographic protocol needs.Cut Disconnected result is one of one group of new instantaneous secure session key.Deriving of instantaneous secure session key Thing allows starter and peer the most directly to use initial safe key and extension initial safe In key any one, in order to minimize or at least reduce the leakage of secure cryptographic key information.Instantaneous meeting The derivant of words safe key also allows for starter and peer at the interval of rule or is being ordered Making uses secure session key to update the initial safe from extension when preventing statistical analysis by limiting The secure session key that key is derived.

Each certification and the instantaneous secure session key of encryption have purpose in detail below: i) for ensureing secret Property, encryption data exchange from starter to peer;Ii) for ensureing confidentiality, encryption is from right Data exchange in device to starter;Iii) for ensureing integrity, to from starter to equity The data exchange signature of device;Iv) for ensureing integrity, to the number from peer to starter According to exchange signature.

The derivant of the initial safe key of certification based on spot beam can use diffie-hellman Technology, this technology uses agreement and well-known public primitive root generator " g " and prime number mould " p ". Starter and peer select a random secret integer respectively and exchange respective ((g^ (secret Integer)) to p remainder).This exchange allows starter and peer to use diffie hellman skill The initial key that art derivation is shared.

After starter and peer derive the initial key shared in-between, they may Use Data expansion, such as P_SHA-1, the initial key of extension of deriving.Data expansion process Liveness information be probably starter with and the known random value decided through consultation of peer or time Stamp.In certain embodiments, peer may select a random value, then by satellite or ground Torus network sends it to starter.Alternatively, starter and the most reducible timing of peer Between stab because the two is strict time synchronization, therefore can be from shared/public timestamp Value selects during liveness, avoid data to exchange.

It follows that described starter and peer have just had can be used to new one group wink of deriving Time secure session key shared extension initial key.Again, for liveness, starter The random value shared that peer sends or shared/public timestamp can be used with peer Value.Instantaneous secure session key can be activated device and peer for for starter and equity Between device, geographical location information and other environmental information of exchange do encryption further and signature.Ground Reason positional information and other environmental information are considered as secrecy, it is therefore desirable to these information are added Close, to guarantee only can extract the geographical position of exchange through the starter of certification and peer Confidence breath and environmental information.Noting, geographical location information is made by the process described in present patent application With pseudorandom (PRN) code section and unique beam parameters certification.Described shared environmental information can include Other state or the information of control, perform or decision support system for the application of cyber-defence targetedly System.Except encryption, by using instantaneous secure session key to be used for purpose of signing, it is ensured that exchange Geographical location information and the integrity of environmental information, as previously discussed.

Once, in some implementations, Verification System described herein and method can be in order to for brief review With geographic positioning technology for determining the position of applicant, as a part for verification process.One Such geographic positioning technology is in commonly assigned and co-pending U.S. Patent Application Serial Number Defined in 12/756961, the entitled geo-location utilizing spot beam overlapping of this patent application (Geolocation Leveraging Spot Beam Overlap), disclosure of which is by quoting During mode is fully incorporated herein.When needs certification, applicant's device can capture and transmit uniqueness Signature parameter to verifying attachment.Additionally, applicant's device also can transmit the propagation path of its statement (i.e. In each path point (more than one) and time).No matter transmitting device is fixing or mobile , path point all can be transmitted.Calibration equipment can the signature parameter, at least of request for utilization person's statement Time and the beam parameters of capture that one location paths point is relevant to this path point with at least one come Certification the applicant.Such as, if from least one spot beam described and the road of at least one statement The beam parameters of footpath point capture is consistent with known valid data collection, then applicant can recognize with verified person Card.In this way, applicant just can be authenticated to be and be in specific district in the specific time In territory.The signal that composite codes based on these parameters provide an extremely difficult imitation, attack or cheat. Additionally, the received signal power of signal structure and satellite allows this certification at indoor or other decay ring Border uses.This improves the overall utility of this system approach.

The theme of the application is mainly in terms of content at the Low Earth Orbit such as realized by iridium satellite (LEO) described in the context of satellite.But, it will be understood by those skilled in the art that and beg for here The technology of opinion is readily adaptable to other satellite systems, such as Medium-Earth Orbit (MEO) satellite system Or geostationary orbit (GEO) satellite system.Communication system based on such satellite can include or make Use other mobile communication system, such as airborne communication system etc, and include but not limited to ship or honeybee The fixing communications platform of cellular telephone tower.

According to embodiment, Fig. 1 is the schematic diagram of satellite-based communication system 100.In practice, Satellite-based communication system 100 can be made up of at least one satellite 110 on track.For simplicity For the sake of, Fig. 1 illustrate only a satellite.With reference to Fig. 1, in certain embodiments, system 100 includes One or more satellite 110, one or more satellite 110 receive with one or more Device 120 communicates.In certain embodiments, satellite can be embodied in LEO satellite, example in 110 years Such as the satellite in iridium satellite constellation.Satellite (more than one) 110 is positioned on known Earth's orbit, And one or more spot beam 130 can be transmitted in a known pattern to earth surface.Each spot beam 130 can comprise light beam parameters such as pseudorandom (PRN) data and one or more uniqueness (as the time, Satellite ID, time bias, satellite orbit data etc.) information.

Receive device (more than one) and 120 can be implemented as communicator, such as satellite or mobile phone, Or the communication of such as personal computer, notebook, personal digital assistant etc or calculating fill The assembly put.In certain embodiments, receive device (120) can include one or more location or Guider or be similar to the module of the device being used in combination with global positioning system (GPS).

Fig. 2 A, 2B and 2C are the schematic diagrams according to the satellite-based Verification System of embodiment 200.First With reference to Fig. 2 A, in certain embodiments, the satellite 110 on track sends one or more spot beam 130 on earth surface.Receive device 120 can be configured to receive signal from spot beam.At Fig. 2 A Describe embodiment in, receive device be on the ground and can work in fading environments.Lift individual Example, the object 210 on such as roof, building or the like may hinder satellite 110 and receive device Between the part of communication path.

The data that reception device 120 is received by transmitter 220 and/or reception device 120 generates are sent out Deliver to calibration equipment 230.Transmitter 220 described in Fig. 2 is a wireless transmitter, can be by data It is delivered to calibration equipment from receiving device relaying.But, those skilled in the art will appreciate that arrival Wired communication system, wireless communication system or wired and wireless can be passed through from the data receiving device 120 The combination transmission of system.Calibration equipment 230 uses and receives the data that device 120 is captured by spot beam, Proving that receiving device 120 is authorized user by one-way authentication method to calibration equipment 230, Fig. 2 B is also It it is this situation.

Additionally, it can be airborne example that Fig. 2 B depicts reception device 120, such as, receive device 120 It is in aircraft 125.In the embodiment that Fig. 2 B describes, aircraft 125 can keep with satellite 110 Up-link, such as a L-band up-link, and is captured by the reception device 120 in aircraft Data can return satellite 110 by ul transmissions.Described data can be passed to second by satellite 110 Crosslinking satellite 110, this second crosslinking satellite then transmit data to calibration equipment 230.

One embodiment of system diagram that Fig. 2 C describes, in this embodiment two (or more) equity Device 120 can realize two-way authentication technology and carry out mutual authentication.Referring briefly to figure as above 2C, satellite 110 in orbit sends one or more spot beam 130 to earth surface.First Receive device 120A can be configured to receive signal from spot beam.This first receiving device 120A can quilt Configuration, to derive safe key, such as, uses and contains the pseudorandom from spot beam as mentioned above The Diffie-Helman method of data.

Pseudo-random data can also pass to a second device 120B.In certain embodiments, Two devices 120B is likely to be at beyond spot beam 130, and in this case, pseudo-random data can lead to Overcoupling to the calculating device 240 on the second device 120B via communication network transmission.Calculate device 240 are communicably coupled to satellite 110.In the way of for example and not limitation illustratively, meter Calculate device 240 and be probably a server being individually coupled to satellite 110 by communication link.Calculate Machine 240 can associate satellite 110 control network and can thus process the puppet of relating dot wave beam 130 with Machine data.

In operation, first receiving device 120A initiates the request to authentication data, and this request is transmitted Device 120B is received to second.Communication link between the two can be direct or by transmission Network 220 realizes.Second receives device 120B responds this request Concurrency and goes out almost simultaneously right Request from the authentication data of first receiving device 120A.First receiving device 120A certification second The response of the authentication data while of receiving device 120B and send almost receives device to second 120B, this response is used subsequently to certification first receiving device 120A.

As it has been described above, first receiving device 120A and second receives the certification implemented between device 120B Process can be diffie-hellman exchange, and the secret shared in this exchange includes that spot beam 130 sends At least some of pseudo-random data.Therefore, the system described in Fig. 2 C make reception device 120A, The Peer Authentication of 120B is possibly realized.It will be understood by those skilled in the art that this two-way body Part verification method can expand to receive device and server, and other hardware structure, or two Above device.

According to embodiment, Fig. 3 is a schematic diagram calculating system, and this calculating system goes for Realize satellite-based Verification System.Such as, in the embodiment that Fig. 2 A and 2B describes, verification dress Put 230 to be realized by the calculating system described in Fig. 3.With reference to Fig. 3, in one embodiment, system 300 can include calculating device 308 and one or more subsidiary input/output device, and subsidiary is defeated Enter output device and include the display 302 of band screen 304, one or more speaker 306, keyboard 310, one or more other I/O(input/output) device 312 and mouse 314.Other I/O Device (more than one) 312 can include touch screen, the input equipment of acoustic control, trace ball and any permit Permitted system 300 and received other device of user's input.

Calculating device 308 and include system hardware 320 and memorizer 330, memorizer 330 can be implemented as Random access memory and/or read only memory.File memory 380 is communicably coupled to calculate dress Put 308.It is internal that file memory 380 can be at calculating device 308, such as, one or more Hard disk drive, CD CD-ROM driver, DVD CD-ROM driver or other type of deposit Storage device.It is outside that file memory 380 can also be in calculating device 308, such as, one or more Individual external fixed disk drive, network attached storage or individually store network.

System hardware 320 can include one or more processor 322, at least two graphic process unit 324, network interface 326, bus structures 328.In one embodiment, processor 322 can have Body turns to the Intel's Duo can bought to Santa Clara City, California, America Intel company 2(Core2) processor.Term as used herein " processor " refers to any class The computing element of type, calculates such as but not limited to microprocessor, microcontroller, sophisticated vocabulary (CISC) microprocessor, Reduced Instruction Set Computer (RISC) microprocessor, very long instruction word (VLIW) microprocessor or the processor of any other type or process circuit.

Graphic process unit 324 can play the effect of the secondary processor of managing graphic and/or vision operation. Graphic process unit 324 can be integrated on the mainboard of calculating system 300 maybe can be inserted by the expansion on mainboard Groove couples.

In one embodiment, network interface 326 is probably wireline interface, as Ethernet interface (see, Such as IEEE/IEEE802.3-2002) or wave point, such as IEEE802.11 The interface of a, b, g compatibility (see, e.g. the information between IT communication and LAN/metropolitan area network system The ieee standard Part II of exchange: Wireless LAN Medium accesses and controls (MAC) and physics Further higher Data Rate Extension in layer (PHY) specification correction 4:2.4GHz frequency band, 802.11G-2003).Another example of wave point is GPRS (general packet radio service) (GPRS) interface (see, e.g. GPRS hand-held set requirement guilding principle, global system for mobile communications/GSM association, Version 3 .0.1, in December, 2002).

The various assemblies of bus structures 328 connection system hardware 128.In one embodiment, bus Structure 328 is probably one or more of bus structures, including rambus, peripheral bus or outside Bus and/or use and include but not limited to the local bus of following various available bus framework: 11 Bus, industrial standard architectures (ISA), Micro Channel Architecture (MSA), extension ISA (EISA), intelligence are driven Galvanic electricity road (IDE), VESA local bus (VLB), periphery component interconnection (PCI), USB (universal serial bus) (USB), advanced graphics port (AGP), PCMCIA's bus (PCMCIA) With small computer system interface (SCSI).

Memorizer 330 can include operating system 340, for managing the operation calculating device 308.? In one embodiment, operating system 340 includes the hard of an interface providing system-oriented hardware 320 Part interface module 354.Additionally, operating system can include managing for calculating in device 308 operation The file system 350 of file, and management is in the process control calculating the process performed on device 308 Subsystem 352.

Operating system 340 can include (or management) one or more communication interface, and this interface can be in conjunction with System hardware 120 works together, to receive and dispatch the packet from remote source and/or data stream.Operation system System 340 may farther include system call interface module 342, and this module provides operating system 340 And the interface between one or more application module resided in memorizer 330.Operating system 340 can be embodied as UNIX operating system or its any spin-off (such as Linux, Solaris etc.) orThe operating system of brand or other operating system.

In various embodiments, calculate device 308 and can be embodied as personal computer, notebook meter Calculation machine, personal digital assistant, mobile phone, entertainment device or another calculating device.

In one embodiment, memorizer 330 includes that the data that a basis receives from applicant are come The authentication module 362 of certification applicant.In one embodiment, authentication module 362 may be included in non- The logical order of coding in temporary computer-readable medium, this logical order is performed by processor 322 Time so that processor 322 carrys out certification applicant according to the data received from applicant.Additionally, memorizer 330 can include satellite orbit data storehouse 364, and this data base includes being in circumterrestrial planned orbit The orbit information of satellite 110.About the verification process of authentication module 362 enforcement and adding of operation Details are as described below.

In some embodiments, receive device 120 can be embodied as being applicable to conventional computing devices 122 (as Notebook, personal digital assistant or intelligent telephone equipment) satellite communication module that couples.Connect Receiving apparatus 120 can be coupled to calculate device 122, such as, by general by suitably communication connection Universal serial bus (USB) interface, RS-232 interface, optical interface or etc.Describe at Fig. 3 B In embodiment, receiving device 120 and be probably " thin " device, thin meaning refers to that it can wrap Include receiver and limited disposal ability, as special IC (ASIC) or be arranged for carrying out is recognized The field programmable gate array (FPGA) of card program.

In operation, user's available reception device 120 certification of device 122 is calculated with main frame The calculating device 122 of network 390.As it has been described above, the reception device 120 described in Fig. 3 can be from defending Star 110 receives spot beam transmission 130, and satellite 110 includes unique wave beam signature and pseudo random number (PRN).Calculate device 122 and can initiate the access request to mainframe network 390.Access request can include User specific information, such as ID, one or more is from the coordinate system based on the earth Coordinate (as postcode, area code, lat/lon, Universal Transverse Mercator Projection (UTM), Heart ball fixes (ECEF), world geographic reference system (global geographic parameter system lattice) or other are various The system of various kinds, such as postcode) and pseudo-random data at least some of that receive of satellite 110.

Mainframe network 390 can send user access request and ask as certification to calibration equipment 230.? In some embodiments, mainframe network can add additional information so that calibration equipment 230 can to this request Authentication calculations device 122.For example, can provide can be certified about applicant for mainframe network 130 The restriction in place (i.e. from what kind of geographical position).Calibration equipment 230 can verify applicant and to main Machine network 390 provides authentication response.Mainframe network 390 so can give calculate device 122 transfer access ring Should.

Fig. 4 is a flow chart, according to embodiment, it is illustrated that the operation in the method for certification applicant. With reference to Fig. 4, in operation 410, applicant's device determines the physical location of oneself.In some embodiments In, applicant's device 120 can include that one or more position module is to determine applicant's device 120 Position.Unrestricted as an example, it is fixed that applicant's device 120 can include or be communicatively coupled to the whole world Position system (GPS) module determines position according to the signal of global positioning system.Alternatively or separately Outward, applicant's device 120 can include according to from one or more Low Earth Orbit or middle earth rail The signal of road satellite 110 determines the logic of position, as U.S. Patent No. 7489926, 7372400, described in one or more of the patent of 7579987 and 7468696, described patent Respective full content is incorporated herein by.In certain embodiments, applicant's device 120 Position can represent with latitude/longitude coordinates or another coordinate system based on the earth.

In operation 415, applicant's device 120 receives spot beam transmission from satellite 110.Real at some Executing in example, applicant's device 120 extracts the beam parameters of one or more uniqueness (such as time, satellite ID, wave beam ID, time deviation, satellite orbit data etc.), it includes the puppet from satellite spot-beam Random code section.In certain embodiments, beam parameters can be stored in storage by applicant's device 120 In device module, this memory module is in applicant's device 120 or is communicatively coupled to applicant's device 120.In one or more embodiment, operation 415 can with its before operation 410 almost simultaneously Occur.

In operation 420, applicant's device 120 can continue to generate one or more path point data Snapshot, its positional information potentially including the applicant's device 120 from operation 410 and operation 420 Recorded in one or more unique beam parameters transmitted by satellite spot-beam.At some In embodiment, path point data snapshot can be stored memory module, this memory module is positioned at In applicant's device 120 or be communicatively coupled to applicant's device 120.

In certain embodiments, can to collect one group of path point data in time fast for applicant's device 120 According to.Such as, one group of path point data snapshot can be by elapsing from through applicant's device 120 in time Multiple satellites 110 receive spot beam build.Alternatively, or additionally, one group of path point data snapshot Can build by moving applicant's device 120 relative to satellite 110, such as described by Fig. 2 B Applicant's device 120 is placed in aircraft 125.Another one example includes may bag as checking Entity containing hazardous material or applicant's device of the tracker of the course of assets.Applicant fills Putting can be polled to provide path point data to verify that intended path is mated with Actual path.Application Person's device can be by random polling.

In operation 420, path point data snapshot (more than one) is sent by applicant's device 120 To calibration equipment 230.Giving an example, in the embodiment that Fig. 2 A describes, path point data snapshot is (many In one) transmitter 220 or another communication network transmission can be passed through.In the embodiment that Fig. 2 B describes In, path point data snapshot (more than one) can be sent to satellite 110 from aircraft 125, then Calibration equipment 230 can be transferred to by satellite network.

In operation 425, calibration equipment 230 is receiving position data and path at applicant's device 120 Point data.In operation 430, calibration equipment 230 by positional information and path point data with at one The corresponding data that known valid data are concentrated is made comparisons with certification applicant.Give an example, lowly Ball orbiter, such as iridium satellite constellation, the circumaviate earth on known track, its approximation parameters can carry Front acquisition.Calibration equipment 230 can include satellite orbit data storehouse 364 or be communicatively coupled to satellite orbit Data base 364, and this data base is included in the track letter of the satellite 110 on circumterrestrial known track Breath.

In certain embodiments, from applicant's device receive position data and path point data with The position data of primary data collection compare with path point data (operation 430) determine applicant's device 120, it is true that whether be in the reasonable threshold value in anticipated geographical position apart from interior in expeced time. Unrestricted as an example, satellite orbit data storehouse 364 may be searched corresponding to filling from applicant Put the data record of the 120 special beam parameters transmitted.When the record of coupling is found, since The orbital data of the record that track database 364 obtains can be used for receiving with from applicant's device 120 Data make comparisons.For example, as it is known that data can include the centre coordinate of spot beam 130 and at the earth The radius instruction of the spot beam 130 on surface.The coordinate received at applicant's device 120 can be with a ripple The position of bundle makes comparisons to determine the data received whether this is indicate that at the number received at applicant's device It is in the region that spot beam limits according to time applicant's device 120 of middle instruction.At least a reality Executing in example, spot beam can be irregular shape.The most in one embodiment, applicant's device May be higher than in the height above sea level of earth surface.

If, in operation 435, the data received from applicant's device 120 show with from Time applicant's device 120 that the data of applicant's device are associated is covered at the spot beam of satellite 110 In the geographic area of lid, then applicant's device 120 can be considered as through certification.In certification system In system, controlling to then go to operate 440, applicant is allowed access to resource.As an example rather than limit System, calibration equipment 230 can authorize token to the applicant's device 120 through certification.This token can quilt Remote system is used for authorizing access resource.

Contrary, if the data received from applicant's device 120 show with from applicant Time applicant's device 120 that the data of device 120 are associated is not at the spot beam from satellite 110 In the geographic area covered, then applicant's device 120 can be not qualified as through certification.? In Verification System, controlling to then go to operate 440, applicant is denied access to resource.As an example And unrestricted, calibration equipment 230 is rejected by authorizing token to applicant's device 120 of certification.Without order Applicant's device of board can be denied access to by the resource of remote system administration.

Therefore, the system architecture described in Fig. 1-3 and the method described in Fig. 4 make one or more Shen Please the satellite-based certification of person's device 120 be possibly realized.It is right that Verification System can be used to allow or refuse The access of one or more resource managed by remote computing system.In certain embodiments, Shen Please be probably static by person's device (more than one), and applicant's device is (many in other embodiments In one) it is probably movement, and verification process can be time-based, location-based Or both combinations.

In certain embodiments, this system can be used to realize conversation-based certification, in this certification In, applicant's device (more than one) 120 certified and be whole session use resource.At other In embodiment, this system can realize message based certification, and in this certification, applicant's device is (many In one) 120 must be transferred to remote resource for from applicant's device (more than one) 120 Each information is the most certified.

In an example implementation, Verification System described herein can be used for the calculating for accessing safety Resource, such as enterprise email system, enterprise network, military or civilian infrastructure network or electricity Sub-bank infrastructure provides certification.In other example implementation, Verification System can be used in logistics system The routing of the middle confirmation vehicles.Give an example, mobile entity such as truck, train, ship Or aircraft can include one or more applicant's device 120.Thing during the process of preplanned mission Streaming system can be periodically polled applicant's device (more than one) 120, and applicant's device can be used The authentication data response obtained from satellite 110.Authentication data can be collected and used in logistics system Confirm that applicant's device (more than one) is in ad-hoc location according to logistics plan in the scheduled time.

In another example, the realization of Verification System described herein can be used for checking and is associated with prison The position of applicant's device (more than one) of Ore-controlling Role (such as putting under house arrest monitoring system).At this Planting in embodiment, applicant's device (more than one) potentially includes one or more bio-sensing Device, such as fingerprint biometric sensors, for the user of Verification System, and Verification System can be used to confirm Applicant's device the predetermined time be in predetermined position (i.e. applicant is in correct place, In the correct time, and it is correct people).Certification device also can compare the definition column of approval position The position of table look-up applicant's device, this definition list can be by Verification System by approved to impinging upon Time period (more than one) approval position (more than one) set check applicant dress Position and the time put improve further.Additionally, this system can be used for following the tracks of the property being reported in case Offender.

In certain embodiments, satellite 110 can be low earth orbit satellite system such as anIridium satellite constellation A part, such applicant's device (more than one) can be by confirming that applicant's device is being specified Time is in the spot beam specified certified, described low earth orbit satellite system, such as iridium satellite star Seat, runs around the earth on known track, and sends the spot beam with known geometries. Therefore, applicant to may utilize single signal source (such as single satellite 110) certified.Again because lowly Ball orbiter such as anIridium satellite constellation and Medium Earth-Orbiting Satellite send the signal of relative high powers level, So this system can be used to certification, one or more is in blockage environment, such as indoor or position, city The applicant's device put.And, low earth-orbit satellite and the relatively high letter of Medium Earth-Orbiting Satellite Number intensity makes these signals be susceptible to the impact of interference.

Mention " embodiment " in the description or " some embodiments " means to combine this reality Specific function, structure or the feature of executing example description are included at least one realization.Phrase " In one embodiment " in this manual the appearance in each place be probably or be not likely to be finger same Individual embodiment.

Although describing embodiment with the language specific to architectural feature and/or methodology behavior, but need Should be appreciated that claimed theme is not limited to specific features or the behavior described.Contrary, Specific characteristic and behavior are disclosed as realizing the sample form of claimed theme.

Claims (23)

1. a method for certification electronic installation, including:

One or more unique ripple of the spot beam transmission corresponding to satellite is received at verifier device Bundle parameter, wherein said one or more unique beam parameters include pseudo noise code and timestamp,

The primary importance information of the position of instruction electronic installation is received at described verifier device；

Second position information is determined based on one or more unique beam parameters, described second Positional information indicates the position of the center of projection of described spot beam transmission；And

Difference between the center of projection of the position of described electronic installation and described spot beam transmission is little When certain threshold value, electronic installation described in certification.

Method the most according to claim 1, wherein said spot beam transmission is from the low earth At least one in orbiter, Medium Earth-Orbiting Satellite, geo-synchronous orbit satellite or pseudo satellite, pseudolite Launch.

Method the most according to claim 1, wherein electronic installation described in certification includes performing Unilateral authentication process.

Method the most according to claim 1, wherein electronic installation described in certification includes performing Multidirectional verification process.

Method the most according to claim 4, wherein electronic installation described in certification includes performing Multidirectional peer verification process.

Method the most according to claim 1, farther includes to receive from described electronic installation Second timestamp, wherein said second timestamp corresponds to described primary importance information.

Method the most according to claim 1, wherein said primary importance information is based on ground Spherical coordinate system.

Method the most according to claim 7, wherein said earth-based coordinate system include longitude, Latitude, highly, geographic locator or its combination in any.

Method the most according to claim 1, wherein said one or more unique wave beam ginsengs Number also include: timing code segment, the vehicle identity symbol of spot beam transmission, beam identifier, Time deviation parameter, the vehicles track data of spot beam transmission or its combination in any.

Method the most according to claim 1, wherein

Each message that described electronic installation sends for described electronic installation is by independent authentication.

11. methods according to claim 1, wherein:

Described electronic installation and remote-control device set up communication session；And

Described electronic installation is certified at least one times for this communication session.

12. methods according to claim 1, wherein:

Described primary importance information corresponds to described electronic installation at least two position of different time Put, and the center of projection of wherein said at least two position and described spot beam transmission is described Make comparisons at least two position of different time.

13. methods according to claim 1, farther include when described electronic installation Described electronic installation is made to be able to access that service time certified.

The equipment of 14. 1 kinds of certification electronic installations, including:

Processor；And

Including the memory module of instruction, cause institute when described instruction is performed by described processor Stating processor and perform operation, described operation includes:

Receive one or more unique beam parameters of the spot beam transmission corresponding to satellite, wherein One or more unique beam parameters include pseudo noise code and timestamp,

Receive the primary importance information of the position of instruction electronic installation；

Second position information is determined based on one or more unique beam parameters, described second Positional information indicates the position of the center of projection of described spot beam transmission；And

Difference between the center of projection of the position of described electronic installation and described spot beam transmission is little Electronic installation described in certification when threshold value.

15. equipment according to claim 14, wherein said unique beam parameters also includes: Timing code segment, the vehicle identity symbol of spot beam transmission, time deviation parameter, wave beam mark Know symbol, the vehicles track data of spot beam transmission or its combination in any.

16. equipment according to claim 14, wherein said electronic installation is for described electricity Each message that sub-device sends is by independent authentication.

17. equipment according to claim 14, wherein: described electronic installation and remotely dress Set up vertical communication session；And described electronic installation is certified at least one times for this communication session.

18. equipment according to claim 14, described operation farther includes when described electricity Sub-device makes described electronic installation be able to access that the clothes that distance host provides time the most certified Business.

The system of 19. 1 kinds of certification electronic installations, including:

It is configured to transmit at least one signal source of spot beam transmission according to spot beam geometry；

Electronic installation, this electronic installation includes that receiver, wherein said receiver are configured to connect Receive the one or more unique beam parameters corresponding to described spot beam transmission, wherein said one Or more unique beam parameters includes pseudo noise code and timestamp；And

Being communicatively coupled to the verifier device of described electronic installation, wherein this verifier device is joined It is set to: receive one or more unique beam parameters；Receive and indicate described electronic installation The primary importance information of position；Second is determined based on one or more unique beam parameters Confidence ceases, and described second position information indicates the position of the center of projection of described spot beam transmission； And difference between the center of projection of the position of described electronic installation and described spot beam transmission is little Electronic installation described in certification when threshold value.

20. systems according to claim 19, wherein said electronic installation is configured to really Its position fixed.

21. systems according to claim 19, wherein said electronic installation includes: mobile Phone, portable computing, computer network node, server, wireless gateway node or Its combination in any or bio-identification checking system.

22. systems according to claim 19, wherein said verifier device further by It is configured to compare described primary importance information with described second position information, wherein said electronics Difference between position and the center of projection of described spot beam transmission of device is based on described comparison.

The system of 23. 1 kinds of certification electronic installations, including:

It is configured to the reception device communicated with electronic installation with mainframe network device, wherein said Receive device be configured to receive the pseudo noise code that associates with the spot beam transmission of the vehicles and time Between stab；And

It is configured to the certificate server communicated with described mainframe network device, wherein this reception dress Put and be configured to send an authentication request to described mainframe network device from described electronic installation, described Certification request includes described pseudo noise code and described timestamp, and wherein said certificate server Including instruction, being when executed by, described instruction causes described processor to perform operation, Described operation includes:

Receive one or more unique beam parameters from described electronic installation, wherein said one or More unique beam parameters include described pseudo noise code and described timestamp,

Receive the primary importance information of the position indicating described electronic installation；

Second position information is determined based on one or more unique beam parameters, described second Positional information indicates the position of the center of projection of described spot beam transmission；And

Difference between the center of projection of the position of described electronic installation and described spot beam transmission is little Electronic installation described in certification when threshold value.