O'Reilly logo

Mobile Intelligence by Bala Srinivasan, Ling Tan, Jianhua Ma, Agustinus Borgy Waluyo, Laurence T. Yang

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

19.3 BASIC SCENARIO AND CONCEPTS

19.3.1 Location-based Access Control Architecture

In a LBAC scenario, there are more parties involved than in conventional access control systems. A LBAC system evaluating a policy does not have direct access to location information; rather, it sends location requests to external services, called location services (LSs), and waits for the corresponding answers [6]. The characteristics of these location services will depend on the communication environment where the user transaction takes place. Here, we focus on the mobile network, where location service is provided by mobile phone operators. Typically, a LBAC scenario involves the following three entities (see Figure 19.1).

User. It is the entity whose access request to a service must be authorized by a LBAC system. We make no assumption about users, besides the fact that they carry terminals enabling authentication and some form of location verification.

images

Figure 19.1 Basic location-based access control architecture.

Access control engine (ACE). It is the entity that implements the LBAC system. It is responsible for evaluating access requests according to some policies containing location-based conditions. The ACE must communicate with a location service for acquiring location information, and it is not restricted to a particular access control model and authorization language.

Location service

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required