It is often necessary to identify the user of a remote device to facilitate a transaction. However, spoofing often occurs to fake digital credentials or the identity of a user. Further, basic security means such as a numerical personal identification number may not provide the level of security required for a transaction.
No method of authentication is foolproof. Passwords and personal identification numbers can be cracked through guessing or brute force computation techniques. Devices can be stolen. Security information can be intercepted and replayed at a future time.
In many transactions, it would be helpful if the location of the device was verified to ensure that the transaction was occurring at a logical place. For example, if a user is using a mobile device to perform a transaction at a physical store, location metrics that indicate that the device is actually physically located in a different city, part of the country, or part of the world than the store would provide an indicator that the transaction should not proceed.
Various methods to providing geographic locations have been proposed. These include a paper entitled “Location-based Authentication: Grounding Cyberspace for Better Security”, Dorothy E. Denning and Peter F. McDorran, Computer Fraud and Security, 1996, Elsevier Science Ltd., which proposes to use global positioning system signals from a network of satellites in order to provide the physical location of a mobile device. The problem with this and other similar solutions is that the location information is conveyed from the mobile device. This creates various issues. As described in the above-mentioned reference, the device is required to contain global positioning system receivers that are specially built in order to avoid spoofing. This is a costly technical solution that would require the modification of commercial mobile devices, such as cellular telephones, mobile data devices, or other current wireless devices. Without the use of special GPS-based receivers, the author admits that commercial GPS receivers are readily spoofed. Thus the above uses either expensive modifications or adds little security.