Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020109569 - SECURE BEACONS

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

[ EN ]

CLAIMS

1. A computer-implemented method for securing a beacon signal in a network (10) comprising a transmitter (la, lb) for broadcasting the beacon signal and one or more receivers (3) for receiving the beacon signal, wherein the beacon signal comprises a data packet (103), the data packet including a payload (106), wherein the payload comprises a first field (203) containing broadcast information from the transmitter and a second field (204) for storing authentication information, the method comprising:

computing, using a secret key, a message authentication code over at least a part of the payload;

extracting a predefined number of bytes from the message authentication code to obtain the authentication information, the number of bytes being equal to or less than the length of the second field; and

encrypting at least part of the first field using a symmetric cipher which takes as parameter the secret key and a nonce, wherein the nonce comprises the authentication information, the encrypting resulting in an encrypted first field,

wherein the resulting secure beacon signal (200) comprises the data packet, wherein the payload comprises the encrypted first field (203) and the second field (204) contains the authentication information.

2. The method according to claim 1, wherein the symmetric cipher is a length preserving symmetric cipher which takes as parameter the secret key and the nonce.

3. The method according to claim 1 or 2, wherein the data packet further comprises a sequence number field (201) for storing a sequence number, wherein the sequence number is incremented for each new beacon signal transmitted by the transmitter, and wherein the nonce is based on the authentication information and the sequence number, the nonce preferably comprising a concatenation of the authentication information and the sequence number and padded with zeros to obtain the nonce having a predetermined length.

4. The method according to any one of the claims 1-3, wherein the data packet further comprises an identification field (202) containing an identifier of the transmitter, and wherein the secret key is associated with the identifier of the transmitter.

5. The method according to any one of the claims 1-4, wherein the data packet is a Bluetooth Low-Energy advertising packet data unit.

6. A computer-implemented method for processing a received secure beacon signal in a network (10) comprising a transmitter (la, lb) for broadcasting the secure beacon signal and one or more receivers (3) for receiving the secure beacon signal, wherein the secure beacon signal comprises a data packet (103), the data packet including a payload (106), wherein the payload comprises a first field (203) comprising encrypted broadcast information and a second field (204) containing authentication information, the method comprising:

receiving the secure beacon signal in a receiver; and

decrypting the encrypted first field using a symmetric cipher which takes as parameter a secret key and a nonce, wherein the nonce comprises the authentication information, the decrypting resulting in a decrypted first field.

7. The method according to claim 6, wherein the symmetric cipher is a length preserving symmetric cipher which takes as parameter the secret key and the nonce

8. The method according to claim 6 or 7, wherein the data packet further comprises a sequence number field (201) comprising a sequence number, and wherein the nonce is based on the authentication information and the sequence number, the nonce preferably comprising a concatenation of the authentication information and the sequence number and padded with zeros to obtain the nonce having a predetermined length.

9. The method according to any one of the claims 6-8, wherein the data packet further comprises an identification field (202) containing an identifier of the transmitter, wherein the secret key is associated to the identifier of the transmitter, and wherein the method further comprises obtaining the secret key based on the identifier.

10. The method according to any one of the claims 6-9, further comprising:

computing a message authentication code over at least a part of the payload after decrypting, and using the secret key;

extracting a predefined number of bytes from the message authentication code to obtain further authentication information, the number of bytes being equal to or less than the length of the second field; and

comparing the further authentication information with the authentication information to verify an authenticity of the data packet.

11. The method according to claim 10, wherein the second field is set to a predetermined value other than the authentication information before computing the message authentication code, the predetermined value preferably being zero.

12. The method according to any one of the claims 6-11, wherein the data packet is a Bluetooth Low-Energy advertising packet data unit.

13. A transmitter (la, lb) configured for securing a beacon signal, wherein the transmitter comprises:

a processor configured to perform the method of any one of the claims 1-5;

an antenna for broadcasting the secure beacon signal to one or more receivers (3).

14. A receiver (3) configured for processing a received secure beacon signal, wherein the receiver comprises:

an antenna for receiving the secure beacon signal broadcast from a transmitter (la, lb);

a processor configured to perform the method of any one of the claims 6-12.

15. A secure beacon signal comprising a data packet (103), the data packet including a payload (106), wherein the payload comprises an encrypted first field (203) containing broadcast information from a transmitter (la, lb) and a second field (294) containing authentication information, wherein at least a part of the first field is encrypted, and wherein the secure beacon signal has been generated according to the method of any one of the claims 1-5.