Computer networks, and in particular Wide Area Networks (WANs) such as the Internet, provide opportunities for the misuse and abuse of communications traveling thereover. For example, two users (e.g., a human user and an enterprise server) communicating via the WAN may have their communications intercepted and/or altered. Also, it is possible for one user to misrepresent his, her, or its identity to another user.
Thus, there is a need for both privacy and authentication between users of the network communicating with one another. In other words, users should be able to rely on the fact that their transmissions will not be intercepted or altered, and that transmissions from someone purporting to be a particular user do in fact originate from that user.
In many secure communication applications, a seed is required in order to perform certain cryptographic operations such as encryption, decryption, authentication, etc. The seed may comprise, by way of example, a symmetric key or other secret shared by two or more entities.
One such application is in authentication tokens, such as the RSA SecurID® authentication token commercially available from RSA, The Security Division of EMC, of Bedford, Mass., U.S.A. The RSA SecurID® authentication token is used to provide two-factor authentication. As used herein token generator and OTP generator may be used interchangeably. Authorized users are issued individually-registered tokens that generate one time passcodes (OTPs), which change based upon any of a variety of algorithms including, but not limited to, a time code algorithm. (Other algorithms include counter-based and challenge-response.) OTPs may be used for various forms of authentication such as user, machine, transaction and message authentication. For example, a different OTP may be generated every 60 seconds. In a given two-factor authentication session, the user is required to enter a personal identification number (PIN) plus the current OTP from his or her authentication token. This information is supplied to an OTP validation entity. The OTP validation entity may be a server or other processing device equipped with RSA Authentication Manager® software, available from RSA, The Security Division of EMC. The PIN and current OTP may be transmitted to the OTP validation entity via an encryption agent equipped with RSA Authentication Agent® software, also available from RSA, The Security Division of EMC. If the PIN and current OTP are determined to be valid, the user is granted access appropriate to his or her authorization level. Thus, the OTPs are like temporary passwords that cannot be guessed by an attacker, with other than a negligible probability.
A given RSA SecurID® token typically contains one or more seeds that are utilized in computing the token outputs. The OTP validation entity performing the verification of the token outputs requires access to one or more seeds associated with the token in question. Typically, such authentication entities have access to the same seed or set of seeds that the token uses to generate its output.
Market adoption of wireless technology has exploded, as users from a wide range of backgrounds and vertical industries have brought this technology into their homes, offices, and increasingly into the public air space.
The rapid proliferation of lightweight, portable devices has enabled users to remain connected to various wireless sources, while roaming throughout a building or other physical location. The mobility afforded by wireless sources has generated a lot of interest in applications and services that are a function of a mobile user's physical location. Examples of such applications include: locating a mobile user and displaying a map of the immediate surroundings.
The use of radio signals to estimate the location of a wireless device or node is known. For example, a Global Positioning System (GPS) receiver obtains location information by triangulating its position relative to four satellites that transmit radio signals. The GPS receiver estimates the distance between each satellite based on the time it takes for the radio signals to travel from the satellite to the receiver (i.e., Time Difference Of Arrival (TDOA) calculations). Signal propagation time is assessed by determining the time shift required to synchronize the pseudo-random signal transmitted by the satellite and the signal received at the GPS receiver. Although triangulation only requires distance measurements from three points, at least one additional distance measurement from at least one additional satellite is used for error correction.
The distance between a wireless transmitter and a receiver can also be estimated based on the strength of the received signal, or more accurately the observed attenuation of the radio signal. Signal attenuation refers to the weakening of a signal over its path of travel due to various factors like terrain, obstructions and environmental conditions. Generally speaking, the magnitude or power of a radio signal weakens as it travels from its source. The attenuation undergone by an electromagnetic wave in transit between a transmitter and a receiver is referred to as path loss. Path loss may be due to many effects such as free-space loss, refraction, reflection, and absorption.
In some environments, location-tracking systems may be based on RF triangulation or RF fingerprinting techniques, or on cell tower triangulation. RF triangulation calculates a mobile station's location based upon the detected signal strength of nearby access points (APs). It assumes that signal strength is a factor of proximity, which is true in certain RF environments. However, the multipath phenomenon encountered in indoor RF environments, which include walls, windows, and other RF obstructions, does present certain difficulties for location systems using triangulation, since reflection and absorption of RF signals affects the correlation between signal strength and proximity. RF fingerprinting compares a mobile station's, or access point's, view of the RF environment (i.e., the strength of signals transmitted by the infrastructure access points, or the mobile station) with a database that contains an RF physical model of the coverage area.
With the development of integrated circuits (IC), both AM and FM radio circuits have been integrated into one chip. Conventional radio chips with a frequency scan function implement a frequency-lock-loop in a manner to achieve only a forward (i.e., band-up) electronic tuning function. Such a scan function drives the radio chip, starting at its presently tuned frequency, to a higher frequency by increasing the radio's intermediate frequency. The scan function stops at the next higher transmitting station frequency that is detected and received by the IC radio.
There are IC FM radios having the forward (band-up) scan function available in the marketplace. Known FM radio chips include the TDA7088T, manufactured by Philips Semiconductors (The Netherlands), and the SC1088, manufactured by Hangzhou Silan Microelectronics Joint-Stock Co., Ltd. (Taiwan). The SC1088 and TDA7088T are each bipolar technology integrated circuits used for mono-channel portable radios. Each circuit comprises a frequency-lock-loop (FLL) system having an intermediate frequency of about 70 KHz. Selectivity is obtained from an active RC filter. For both these IC FM radios, electrical tuning is realized by a uni-directional (band-up) tuning function. The scanning circuit fast tunes the receiver and results in a very small waiting time for the radio to find the next higher occupied frequency.