The present invention relates to transaction evidencing systems, and in particular to a method and apparatus for providing trusted evidence that a transaction has occurred using location information.
Many transactions either require or would be augmented by the accurate and trusted recording of the location of the transaction. One such application is the calculation of sales and/or use tax for items purchased over the internet. In particular, the proper calculation of such a tax is typically based upon either the location of the sale in the case of a sales tax or the location of the use of the item in the case of a use tax. Normally, the merchant will calculate the tax for transactions based upon the shipping address provided by the purchaser. Unfortunately, with an increasingly mobile society, the increasing sale of digital content, and increasing interest in anonymous digital payment technologies, a shipping address is often incorrect or not provided, thus making the proper calculation of such taxes difficult. Other example transactions that either require or would be augmented by the accurate and trusted recording of the location of the transaction include the notarization of a document, the execution of contracts, and card present payment card transactions. Unfortunately, a simple recording of the location of an event is susceptible to modification and is thus not trustworthy. Accordingly, a system is needed which is able to accurately and securely establish the location of a transaction in a manner which may be trusted by the interested parties.
In one embodiment, an apparatus for evidencing an occurrence of a transaction is provided that includes a tamper indicating housing, a processing unit provided within the tamper indicating housing, and a cryptographic module also provided within the tamper indicating housing. The processing unit is adapted to: (i) determine current location information indicating a current location of the apparatus, (ii) obtain transaction information relating to the transaction, and (iii) compile a data block including at least the current location information and the transaction information. The cryptographic module is adapted to generate cryptographic evidence based on the data block. Preferably, the cryptographic evidence comprises a digital signature of the data block. Also, the cryptographic module is preferably a cryptographic coprocessor operatively coupled to the processing unit that is structured to receive the data block from the processing unit.
The processing unit may also be adapted to obtain current time information, and the data block may further include the current time information. The processing unit may also be adapted to obtain user authentication information, such as biometric information, and the data block may further include the user authentication information.
In one particular embodiment, the apparatus further includes a plurality of location indicating modules provided within the tamper indicating housing, each of the location indicating modules being structured to provide location indicating data to the processing unit, wherein the processing unit is adapted to determine the current location information based on the location indicating data received from one of the location indicating modules. In another particular embodiment, the apparatus further includes an internal navigation module provided within the tamper indicating housing and operatively coupled to the processing unit, the internal navigation module being structured to provide internal navigation data to the processing unit, a GPS receiver provided within the tamper indicating housing and operatively coupled to the processing unit, the GPS receiver being adapted to provide GPS location data to the processing unit, and a mobile phone receiver/transmitter module provided within the tamper indicating housing and operatively coupled to the processing unit, the mobile phone receiver/transmitter module being adapted to provide mobile phone triangulation location data to the processing unit, wherein the processing unit is adapted to determine the current location information based one of the internal navigation data, the GPS location data and the mobile phone triangulation location data.
In another embodiment, a method of evidencing an occurrence of a transaction is provided that includes securely determining current location information indicating a current location of a party to the transaction, obtaining transaction information relating to the transaction, securely compiling a data block including at least the current location information and the transaction information, and securely generating cryptographic evidence, such as a digital signature, based on the data block. Preferably, the securely determining current location information comprises receiving location indicating data from a plurality of sources and determining the current location information based on the location indicating data received from one of the sources. Also, the plurality of sources preferably includes a GPS source, a mobile phone triangulation source and an internal navigation source. The method may further include obtaining current time information, wherein the data block further includes the current time information, and/or obtaining user authentication information, such as, without limitation, biometric information, wherein the data block further includes the user authentication information.
In another embodiment, an apparatus for evidencing a current location of an individual is provided that includes a tamper indicating housing, one or more I/O devices structured to receive user authentication information from the individual, a processing unit provided within the tamper indicating housing and operatively coupled to the one or more I/O devices, the processing unit being adapted to: (i) determine current location information indicating a current location of the apparatus, (ii) obtain the user authentication information, and (iii) compile a data block including at least the current location information and the user authentication information, and a cryptographic module provided within the tamper indicating housing, the cryptographic module being adapted to generate cryptographic evidence based on the data block. In one particular embodiment, the user authentication information includes biometric information such as a fingerprint, a retinal scan, an image of he individual's face, or a recording of the individual's voice. Preferably, the data block also includes current time information obtained by the processing unit.
Therefore, it should now be apparent that the invention substantially achieves all the above aspects and advantages. Additional aspects and advantages of the invention will be set forth in the description that follows, and in part will be obvious from the description, or may be learned by practice of the invention. Moreover, the aspects and advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out in the appended claims.
The accompanying drawings illustrate presently preferred embodiments of the invention, and together with the general description given above and the detailed description given below, serve to explain the principles of the invention. As shown throughout the drawings, like reference numerals designate like or corresponding parts.
As employed herein, the statement that two or more parts or components are “coupled” together shall mean that the parts are joined or operate together either directly or through one or more intermediate parts or components.
As employed herein, the term “number” shall mean one or an integer greater than one (i.e., a plurality).
As seen in
As also described in greater detail herein, the apparatus 2 is adapted to provide evidence of the physical location where a transaction occurred, and does so by establishing its current physical location of the apparatus 2 and digitally signing certain transaction information along with at least the current location information and, preferably, current time information. The digital signature that is created is the evidence that, in a secure and trusted manner, establishes that the transaction took place at the particular location. In the preferred embodiment of the invention, the current location information is established using data relating to the current location of the apparatus 2 based on a combination of one or more of multiple different methods of determining location that are provided as part of the apparatus 2. In the particular, non-limiting embodiment shown in
Referring again to
The apparatus 2 further includes a number of I/O devices 20 for inputting information into the apparatus 2 and/or outputting information from the apparatus 2. For example, the I/O devices 20 may include, without limitation, a keyboard or touchscreen for manually inputting information into the apparatus 2, a scanner for scanning data such as documents and creating an image thereof which may later be processed by the processing unit 8 using, for example, optical character recognition (OCR) software, a wireless communications element, such as an RF transceiver or an infrared transceiver, for wirelessly receiving data from an external source such as another electronic device, or a wired connection port, such, without limitation, a USB connection, for receiving data from another source, such as another external electronic device, via a wired connection. The I/O devices 20 may further include a WiFi connection element and/or a broadband connection element for allowing the apparatus 2 to selectively wirelessly connect to the Internet in order to download data from and/or upload data to the Internet. Still further, the I/O devices 20 may include a mechanism for receiving biometric information of a user, such as a fingerprint reading device for scanning fingerprints, a retinal scanning device for generating a retinal scan, or a digital camera for capturing an image of the face of the user. The particular types of I/O devices 20 just described are meant to be exemplary, and it should be understood that other types of I/O devices 20 are also possible. As described in greater detail elsewhere herein, the main purpose of the I/O devices 20 is to enable transaction information relating to the transaction in question (i.e., the one being evidenced) to entered into the apparatus 2 so that it may be further processed as described elsewhere herein.
Finally, the apparatus 2 includes a battery 22 for providing power to the components of the apparatus 2 described above. Preferably, the battery 22 is a rechargeable battery such as, without limitation, a rechargeable lithium ion battery.
Next, at step 42, the processing unit 8 obtains current time information. In a preferred embodiment, the current time information includes both current date information and current time of day information. In an alternate embodiment, the current time information includes only the current date information. As is known, the GPS signals received by the GPS receiver 10 provide an accurate indication of the current date and current time of day. Thus, when the GPS receiver 10 is receiving GPS signals from the satellite system, the GPS data provided to the processing unit 8 based on the GPS signals may be used to provide the current time information in step 42. However, as is known, there are times wherein, depending upon the particular location of the apparatus 2, the GPS receiver 10 will not be able to receive GPS signals. In order to provide accurate time information in such situations (i.e., where the GPS receiver 10 is not receiving GPS signals), the processing unit 8 is, in the preferred embodiment, provided with an internal free running clock that is used to provide the current time information used in step 42 whenever the GPS receiver 10 is not receiving GPS signals. Preferably, this free running clock is synchronized to the time contained within the GPS data provided by the GPS receiver 10 whenever the GPS receiver 10 is currently receiving GPS signals. In addition, the mobile phone receiver/transmitter module 12 may also receive time information from the mobile phone network to which it is connected. That time information may also be used to synchronize the internal free running clock of the processing unit 8 when the GPS receiver 10 is not receiving GPS signals.
Following step 42, the method proceeds to step 44, wherein transaction information for the current transaction is obtained. Specifically, selected transaction information that is particular to the transaction in question is obtained by the processing unit 8 through one or more of the I/O devices 20. For example, and without limitation, in the case of a purchase transaction, the transaction information may include the amount of the transaction, the payee (e.g., merchant) name or location, and an identification of the items that are purchased. In addition, that information can be manually entered using, for example, a keyboard provided as one of the I/O devices 20, can be obtained by scanning a document, such a receipt, that includes that information using a scanner provided as one of the I/O devices 20 in cooperation with OCR software that is executed by the processing unit 8, can be received wirelessly or via a wired connection through one of the I/O devices 20 from an external electronic device, such as a point-of-sale terminal, or may be downloaded through one of the I/O devices 20 from a website from which the purchase was made. Alternatively, in the case of a transaction that comprises the execution of a contract, the transaction information can include all or part of the contract that is scanned using a scanner provided as one of the I/O devices 20 in cooperation with OCR software executable by the processing unit 8, or that is received wirelessly or via a wired connection from another device through one of the I/O devices 20. As still a further alternative, in the case of a notary transaction, the transaction information may include the one or more documents used for establishing the identity of the signer and/or all or part of the document that is being notarized, and such information may be received in the same manner or manners as the contract information just described. It should be understood that the types of transaction information and the methods for obtaining same just described are meant to be exemplary only and that other suitable types of transaction information and methods of obtaining such transaction information are possible without departing from the scope of the present invention.
Next, at step 46, the processing unit 8 compiles a data block from the obtained information items, namely the current location information obtained in step 40, the current time information obtained in step 42, and the transaction information obtained in step 44. The method then proceeds to step 48, wherein the data block is provided to the cryptographic coprocessor 16 by the processing unit 8. The cryptographic coprocessor 16 then creates a digital signature of the data block using the stored private key. Next, the method proceeds to step 50, wherein the data block and the digital signature of the data block is stored in the nonvolatile storage 18 and/or printed using an external printer through an I/O device 20. For example, the data block and the digital signature may be printed on the contract that is the subject of the transaction or on the document that is being notarized. Furthermore, while in the preferred embodiment both the data block and the digital signature are stored and/or printed, in an alternative embodiment, only the digital signature may be stored and/or printed.
Thus, the method shown in
The method shown in either
As described elsewhere herein, the apparatus 2 employs several methods/modules for determining the location of the apparatus 2. Those methods include GPS (the location indicating module comprising the GPS receiver 10), triangulation by multiple phone towers (the location indicating module comprising the mobile phone receiver/transmitter module 12) and internal navigation (the location indicating module comprising accelerometer array 14) using a form of dead reckoning by calculating position in the processing unit 8 based upon speed, time and direction data (the location indicating module comprising accelerometer array 14). However, each of these three systems of obtaining location information has its shortcomings. In particular, GPS is very accurate but relies upon the reception of satellite signals which may be too weak to be used within certain structures such as buildings. Triangulation based upon signals received from multiple mobile phone towers employs signal timing and strength that is less accurate than GPS. The signals, however, may be able to be used within buildings where a GPS signal is not able to be received. Internal navigation as just described requires no external input and therefore may be used deep within a structure such as a building. However, small positioning errors build up over time and such positional errors, if not corrected, may produce unreliable positioning information.
In order to overcome the shortcomings particular to each of the three location determining methodologies just described, the present invention, according to one particular embodiment, employs all three methodologies in the apparatus 2 and processes the data according to the method shown in
The method beings at step 60, wherein a determination is made as to whether a GPS signal is available to the GPS receiver 10. In particular, the processing unit 8 will determine whether it is able to receive current GPS data from the GPS receiver 10. If the answer is yes, then, at step 62, the current location of the apparatus 2 is determined based upon the GPS data received from the GPS receiver 10. Next, at step 64, the current location of the internal navigation system is reset based on the current GPS data. This step corrects for errors that may occur and build up over time in the internal navigation system as described elsewhere herein. Following step 64, the method returns to step 60. If the answer at step 60 is no, meaning that the GPS signal is not currently available, then, at step 66, a determination is made as to whether triangulation data indicating the current location based upon triangulation by multiple mobile phone towers is available. The actual triangulation may take place within the mobile phone receiver/transmitter module 12 (or, alternatively, within the processing unit 8 based upon data received from the mobile phone receiver/transmitter module 12), or by a mobile service provider as a third party service, in which case the triangulation data indicating the current location will be transmitted to the apparatus 2 through the mobile phone receiver/transmitter module 12. If the answer at step 66 is yes, then, at step 68, the current location of the apparatus 2 is determined based upon the current triangulation data that is present in the processing unit 8. Next, at step 70, the location of the internal navigation system is reset based on the current triangulation data present in the processing unit 8. Again, as was the case in step 40, step 70 resets the internal navigation system location in order to compensate for errors that may have built up over time in the internal navigation system. Following step 70, the method returns to step 60. If the answer at step 66 is no, meaning that neither the GPS data nor the triangulation data is available, then the method proceeds to step 72, wherein the current location of the apparatus 2 is determined based on the current data of the internal navigation system. The method then returns to step 60.
As just described, in one embodiment three methods for establishing current location are specified along with their selection criteria. In addition, input from all three (GPS, cell towers, internal navigation) can be used to detect GPS/cell tower signal spoofing. If there is a big discrepancy in their readings, the apparatus 2 can warn user or lock itself.
As a further alternative, an additional location indicating module may comprise manual entry of location using one of the I/O devices 20. This type of entry might be useful if the GPS/cell tower location systems do not work (no connection) for a longer period of time. In such a case, instead of trusting the internal navigation system which might have accumulated too many errors to be relied upon, the manually entered location will be used. For example, the user can be presented with an internal map of the “guessed region” on one of the I/O devices 20 (e.g., a touch screen), and do his/her own corrections (or confirmation) of location.
Furthermore, in one particular embodiment, meta-data is preferably included in the location information used to create the digital signature which indicates the way the location information used to create the digital signature was gathered (all 3 location methods, only the internal navigation, the internal navigation plus the user entered data, etc.)
While preferred embodiments of the invention have been described and illustrated above, it should be understood that these are exemplary of the invention and are not to be considered as limiting. Additions, deletions, substitutions, and other modifications can be made without departing from the spirit or scope of the present invention. Accordingly, the invention is not to be considered as limited by the foregoing description but is only limited by the scope of the appended claims.