Location-based authentication using a unique digital ID device

Field

The present disclosure is directed towards location-based authentication, and more specifically to location-based authentication using a unique digital ID device that self-terminates if compromised.

Traditionally, authentication works on the principle of Multi-Factor Authentication (MFA) based on something possessed by a user, such as bank/credit card, phone, and email addresses, user feature such as facial recognition, fingerprint, and something known by a user, such as PIN numbers, password, one-time passcode, authenticator apps etc.

People are using their smartphones for One-time passcode (OTP) apps, email, texts and online banking. This raises the security issue of using just one device - a smartphone - to authenticate the user. If an attacker compromises that one device, they then would have bypassed all the layers of authentication. Mobile companies are making the device even more of a target by seeking to make the mobile device a digital wallet, and locking down any third-party repairs. The convergence of all user authentication factors on to one device is the Achilles heel of the current security architecture. It is crucial to have physical access to a separate device for authentication purposes.

Further, existing authentication techniques based on the mobile phone authenticates the user not the location. Also, authentication techniques based on IP addresses are inaccurate and masked/spoofed by Virtual Private Networks (VPNs). Furthermore, the location is being defined as analogue in a digital world. Some current examples of location addresses include postal address, Eircode, GPRN, MPRN, Folio number and GPS. The first five are analogue and need to be entered manually online. The sixth, GPS, can be digital - but the accuracy of GPS indoors can range from 5-30 meters, and the GPS location is not granular enough. Also, in some places a GPS signal may be unobtainable. Both GPS and Eircodes are non-unique, that may describe a location but not necessarily the sub-divisions within that location, apartment blocks being a classic example. Therefore, a digital proof of location is unavailable. Some utility providers have started to implement a digital version of their meters to accommodate digital location, but these companies have built closed systems and generate their own proprietary numbers.

EP 3664483 discloses a wireless communication device that includes a decryption unit and an authentication unit. The decryption unit decrypts encrypted node position information with a private key of the wireless communication device itself. The encrypted node position information is information included in transmission information transmitted by one-way communication from a node. The authentication unit authenticates the node with an authentication condition that the decrypted node position information indicates inside of a predetermined area. However, in said document, the power input is battery, and the device is pre-programmed for a pre-determined area which means that the device must be pre-set with a location to begin with and the device must then establish it in the appropriate location. Said device is also designed to just be a one-off device with its own set of keys.

WO 201 1/015885 describes a data communication authentication system and method. One or more locator nodes are installable at a location, the or each locator node including an identifier and a communication system and being arranged to provide said identifier via said communication system. The communication authentication system is arranged to generate an authentication code for the location in dependence on identifiers from the one or more locator nodes at the location and is arranged to provide said authentication code on demand for inclusion in a data communication originating locally to said location. However, said device has its unique identifier pre-programmed/hard-coded to the device, therefore the device does not specify a distinct unique location but specifies a unique device at any location. This means that the device is not tied to any location, and doesn’t uniquely identify a location and all the devices at that location.

Hence, in view of the above, there is a need for a location-based authentication system and method that overcomes the disadvantages associated with the existing systems.

According to the invention there is provided, as set out in the appended claims, a system for performing location-based authentication of a mobile device. The system includes an identification device that comprises a memory to store one or more instructions, a processor to execute the one or more instructions to: sequentially determine an initial geo-location, wireless and mobile communication data of the identification device, when the identification device is powered up; generate a unique geo-location ID based on the initial geo-location, wireless communication data and mobile communication data, when the identification device is connected to a communication network; register the mobile device with the identification device using near field communication (NFC), and transmit the unique geo-location ID and details of the registered mobile device to a remote authentication server through the communication network; self-terminate and disable the identification device, when the identification device is moved away from the initial geo-location. The system further includes the remote authentication server for performing location-based authentication of the mobile device, based on a current location of the mobile device, and the unique geolocation ID of corresponding identification device.

In an embodiment of the present invention, the identification device comprises an activation tag, which when pulled away, leads to powering up of the identification device, and the identification device self-terminates and disables itself when moved after pulling away the tag.

In an embodiment of the present invention, the identification device further comprises: a battery; a GPS receiver that enables determination of geo-location; an NFC card that constitutes the wireless communication data, and enables connecting with the mobile device using the NFC; a network interface card (NIC) that enables network communication with the remote authentication server; and an internal SIM card that constitutes the mobile communication data, and enables network communication with the remote authentication server in absence or failure of the NIC.

In an embodiment of the present invention, the identification device further comprises: a Bluetooth™ receiver that enables wireless communication with an external SIM card in absence of the internal SIM card, such that the external SIM card constitutes the mobile communication data and enables network communication with the remote authentication server in absence or failure of the NIC.

In an embodiment of the present invention, the processor is further configured to send a termination status of the identification device to the remote authentication server through the internal or external SIM card, when the identification device self-terminates.

In an embodiment of the present invention, the processor is further configured to monitor the geo-location of the identification device at shorter intervals of time when the identification device uses the battery as a power source.

In an embodiment of the present invention, the processor is further configured to monitor the geo-location of the identification device at longer intervals of time, when the identification device uses a mains supply as a power source.

In an embodiment of the present invention, the mobile communication data includes a current mobile number of the internal or external SIM card, and the wireless communication data includes a unique ID on an NFC card of the device.

In an embodiment of the present invention, the unique geo-location ID is represented as a QR code on an external surface of the identification device. In an embodiment of the present invention, the remote authentication server maintains a remote master list that includes one or more unique geo-location IDs of one or more geo-location digital ID devices, and one or more mobile devices registered with each geo-location ID.

In an embodiment of the present invention, the remote authentication server uses Dynamic DNS to allow the mobile device to authenticate whilst on the move, when the mobile device has been initially registered with the geo-location digital ID device using NFC.

In an embodiment of the present invention, the mobile device runs an application of the remote authentication server, and wherein the application enables the mobile device to scan the QR code on the identification device, and associate the mobile device with corresponding geo-location ID at the remote master list.

In another embodiment of the present invention, there is provided a method for performing location-based authentication of a mobile device. The method includes sequentially determining an initial geo-location, wireless and mobile communication data of an identification device, when the identification device is powered up; generating a unique geo-location ID based on the initial geolocation, wireless communication data and mobile communication data, when the identification device is connected to a communication network; registering the mobile device with the identification device using near field communication (NFC), and transmitting the unique geo-location ID and details of the registered mobile device to a remote authentication server through the communication network; self-terminating and disabling the identification device, when the identification device is moved away from the initial geo-location; and performing location-based authentication of the mobile device by the remote authentication server, based on a current location of the mobile device, and the unique geolocation ID of corresponding identification device. There is also provided a computer program comprising program instructions for causing a computer program to carry out the above method which may be embodied on a record medium, carrier signal or read-only memory.

Various embodiments of the present invention provide a unique identification device which is a closed box with only one function of creating digital data for the physical location. The identification device creates data that is digital, precise and globally applicable, and self-terminates if interfered with or compromised in any way. The unique identification device creates clean, granular digitally useable data that cannot be spoofed by VPNs. The unique identification device digitally describes location (GPS), with unique sub-division in that location (SIM card) and requires physical access to register a device at that location (NFC card), thereby providing an innovative and novel approach to being able to provide proof-of-address in a digital world. When the GPS signal changes from non-obtainable to visible, the unique identification device knows it has been moved. The unique identification device enables location-based authentication which has the effect of grounding cyberspace in the physical world, so that the physical locations of network entities can be reliably determined. For example, it would be impossible for an intruder based in London to access any secured bank server in Los Angeles while pretending to come from a trusted bank branch in New York.

The unique identification device allows for a location to have many devices and have these devices registered with their own set of keys. The identification device allows two-way communication between the devices at its location to allow each device to generate its own public and private keys. The unique identification device has a master key to allow the device’s internal keys to be encrypted, backed up and sent to a cloud backup.

Brief Description of the Drawings

The invention will be more clearly understood from the following description of an embodiment thereof, given by way of example only, with reference to the accompanying drawings, in which:- FIG. 1 illustrates an identification device for performing location-based authentication of a user, in accordance with a first embodiment of the present invention;

FIG. 2 illustrates generation of geo-location ID for location authentication, in accordance with an embodiment of the present invention;

FIGs. 3A and 3B are a flowchart that illustrates a method of generating the unique geo-location ID, in accordance with a second embodiment of the present invention;

FIG. 4 illustrates an identification device for performing location-based authentication of a user, in accordance with a second embodiment of the present invention; and

FIG. 5 illustrates performing location-based authentication of the mobile devices using the geo-location ID, in accordance with an embodiment of the present invention.

Detailed Description of the Drawings

FIG.1 illustrates an identification device 100 for performing location-based authentication of a mobile device, in accordance with an embodiment of the present invention.

The identification device 100 includes a GPS receiver (not shown), a SIM card (not shown), an NFC card (not shown) for connecting with one or more NFC devices, a memory (not shown) to store one or more instructions, and a processor (not shown) to execute the one or more instructions to perform one or more functions. The processor is capable of receiving and processing a GPS signal to determine a geo-location of the device 100. The processor is further configured to process the signals received by the SIM card, and the NFC devices, and create a unique geolocation ID based on the GPS signal, the NFC card, and the SIM card.

In the context of the present invention, the identification device 100 is an integrated computing device that includes a mains input, motherboard, data storage memory, Random Access Memory (RAM), an operating system, processor, communication chips, network controller, dedicated power cycle battery, a backup power supply source and indicator lights. It would be apparent to one of ordinary skill in the art, that the device 100 may include other things as well.

In an embodiment of the present invention, the processor runs an application that is configured for creating the unique geolocation ID for a physical location, is selfterminating if moved, and turns physical locations into digital data. The unique geo-location ID may also be referred to as GeoDigital ID.

FIG. 2 illustrates generation of the unique geo-location ID for location-based authentication of the mobile devices, in accordance with an embodiment of the present invention. The identification device 100 is provided with a tab, which when pulled apart, leads to powering up of the device 100. When the device 100 is powered up, the processor of the device 100 seeks GPS signal, and signals from corresponding SIM card and NFC cards, and generate a unique number for a geographical location of the geo-location ID using an algorithm based on the GPS signal, and signals from the SIM card and NFC cards. The devices at that geographic location may be registered with the device 100 via NFC. Also, the device 100 checks its GPS location intermittently. When the GPS location of the device 100 changes, the device 100 ceases to function, and the SIM card of the device 100 sends a termination status to a remote authentication server.

FIGs. 3A and 3B are a flowchart that illustrate a method 300 of generating a unique geo-location ID, by the device 100, in accordance with an embodiment of the present invention.

At step 302a, the device 100 checks the power cycle to see if it is mains powered. If there is no mains power, then at step 302b, the device 100 switches over to a dedicated internal backup power source, and it is checked whether the battery is turned on. A small battery is dedicated for this purpose and would only be engaged when the mains power is not turned on. If there is no mains power or no battery engaged, then no lights are illuminated, and it is determined at step 302c that the device 100 is dormant and inactive. If there is a mains power source, a dedicated light is activated to indicate mains power is present. The dedicated light changes colour to indicate its backup power supply state. In an embodiment of the present invention, the battery is non-accessible, i.e. the device 100 would be a sealed unit, that is tamper proof. The battery functionality is to work as a temporary uninterruptible power supply (UPS) should the mains power fail, and also to be a security feature to allow to the device 100 to continue to monitor GPS location should it be removed from the mains supply and be moved.

At step 304a, it is checked if an activation tag of the device 100 is pulled apart, when the mains or battery is powered on. The device 100 is off/inactive until the tag is pulled to turn on/activate the device 100. The pulling the tag is the only way of turning on the device 100. In one embodiment of the present invention, the device 100 has a plastic activation tag that is necessary to be removed to engage the device 100 in active mode. When the plastic activation tag is not pulled, then at step 304b, it can be ascertained that the device 100 is dormant and inactive. If the tag is removed, the device 100 would create an electrical circuit by engaging a battery dedicated to monitor power cycles. The device 100 would check to see it there is a mains power. If so, it will illuminate a dedicated light to indicate the power input. When the tag is removed and there is no mains power, the device 100 activates the dedicated internal backup power source and the dedicated light is illuminated in a different colour to indicate the power input. When the tag has been removed, the power cycle battery is operational and the power source is established, then step 306a is performed.

At step 306a, the operating system of the device 100 uses the processor to activate corresponding GPS receiver, and a dedicated light flashes to indicate that the device 100 is seeking its location data. The GPS determines the device’s approximate geographical location to within 5 metres of its actual location. When a GPS signal is established, the device 100 turns the dedicated light that is flashing to a solid state, to indicate it has received a geographical signal. When the device 100 is unable to receive a geographical location via the onboard GPS, then at step 306b, the device 100 may seek to wirelessly communicate with an external device to use its most recent GPS data to use as a proxy for the internal receiver. The device 100 may turn the dedicated light a different colour and flash to indicate it has failed to establish a geographical signal internally. When the device 100 is unable to receive a geographical location via the onboard GPS receiver, and there is no proxy device made available within two minutes of the dedicated light changing colour and flashing, then at step 306c, the device 100 may use a default/loopback address for the geographical location. The dedicated light changes to a different solid colour to indicate the geographical data source. When the device 100 has received its geographical data, it uses the operating system and the processor to store this data in its data storage memory at step 306d. It then checks at step 306e to see if this is the first time the data is being stored. If this is new data, it stores it and marks it as the device’s geographical location. It also then enables the wireless communication chips for the first time. If the data is not new, then at step 306f, the device 100 uses the operating system and the processor to compare the data it has received with the established geographical location data. If there is no change, then at step 308a, the device 100 continues to allow the wireless communication chips to operate. When the GPS data is changed, then at step 306g, the switch would be killed, and the device 100 would self-terminate. Thus, the device 100 has a GPS location that is its baseline, and that any deviation from that baseline data means the device 100 is no longer in its original location and so should begin to initiate its security protocols.

It is to be noted that steps 302a-302c would constitute power test, the steps 304a and 304b would constitute active status check test, and the steps 306a-306g would constitute GPS data test. In an embodiment of the present invention, the power test, having established if it’s on mains, would have programmed the device 100 to check for a GPS signal every 60 minutes. In an embodiment of the present invention, when the power switches from mains to battery, the device 100 begins to check for a GPS signal every 5 minutes - the assumption being that it may have been removed from a mains supply and is on the move. The power test serves various functions. With a tag installed, but unpulled, the device 100 can be moved into any location without the box’s security devices being activated. If moved after pulling out the tag, the device 100 would self-terminate. Once the tag 100 is pulled, the device 100 switches from a non-working state to a live state. It can now no longer be moved. Further, having the power test performed means that irrespective of whether the box is mains powered or not, the act of pulling the tag is, in effect, pushing the on button of the device 100. Furthermore, once the device 100 begins to do a power test, it indicates that it is in its final location and begin to acquire a GPS signal. Any change in that GPS signal would initiate a self-termination security feature. If the device 100 is on mains power and the geographical location data changes, the device 100 goes into shutdown mode and is disabled. If the device 100 is on internal backup power and the geographical location data changes, the device 100 goes into shutdown mode and is disabled. The device 100 is designed to be a digital description of a physical location. So, by design, once the device 100 is in-situ, it is not intended to be moved. This is the digital equivalent of a utility meter, i.e. once it is installed, it can never be moved from that premises.

Thus, at step 308a, the device 100 uses the operating system and the processor to activate the NFC module, when the activation tag has been removed, and the geographical location has been established. If the device 100 has received its NFC data, it uses the operating system and the processor to store this data in its data storage memory. At step 308b, it is checked, if the NFC record is existing and whether this is the first time the NFC data has been stored. If this is new data, then at step 308c, the NFC record is created, and stored as the device’s NFC data, and then proceeds towards enabling the mobile communication from step 310a. When there is an existing NFC record, and the data is not new, the device continues to proceed towards enabling the mobile communication from step 310a.

At step 310a, the device checks SIM card status, and checks at step 310b to see there is an existing SIM registration, and if this is the first time the data is being stored. If there is no existing SIM registration, then at step 310c, new SIM record is created, and marked as the device’s mobile communications data. When there is an existing SIM registration, the device 100 uses the operating system and the processor to compare the data it has received with the established mobile communications data. If there is no change then the device continues to allow the data link communication at step 312a.

At step 312a, the network status is checked, and at step 312b, it is checked whether the network status is live. When the network status is live, then at step 312c, metadata is generated which is used to create the device’s unique geolocation ID. This unique geolocation ID may be created using an algorithm combining the device’s geographical location data, wireless communication data and mobile communication data. When the network status is not live, then at step 312d, SIM data status is checked. When SIM data status is live at step 312e, then step 312c is performed.

In an example, a simple unique geo-location ID would be:

52.666921 , -8.63051 1 , 0851278212, 044F7132214B80

Where, examples of the data used to create this unique geolocation ID:

GPS: -52.666921 , -8.63051 1

SIM: - 0851278212 NFC: - 044F7132214B80

The GPS data is the current geo-location of the device 100, obtained for example, via Google™ Maps. The SIM data may be the current mobile number of the device 100. The NFC data may be an example of the manufacturer’s unique ID on an NFC card of the device 100. Thus, the unique ID may be created using the device’s geographical location data, wireless communication data and mobile telecommunications data.

The unique geolocation ID can also be displayed as a QR code on the device 100.

In an embodiment of the present invention, when the device 100 gets compromised and goes into self-termination mode, then a new device may be specially designed to inherit the existing unique geolocation ID for a location and re-installed at that location.

Table I illustrates various dedicated lights of the device 100, during various stages of the operation:

Table I

Referring back to FIG.1 , the identification device 100 may include a micro-SD (not shown) to have a master key written into it, after the tab has been pulled. When a mobile device registers with the identification device 100, two keys can be created - a public key stored on the registering device and a private key stored on the identification device 100. This public key can be displayed as a QR code in an app on the device that has registered. The private key is created for each mobile device that is stored locally in the identification device 100 for encryption, and then sent to a remote master list, so that the information on the remote master list is of no use to either a hacker breaking into the list remotely or an insider, in charge of the list, stealing the information internally.

An example of private keys for different devices is a house that has 4 cars registered to it - each car has a logbook with a registered owner - so the logbook is the private key and the house is the unique identification device 100 that stores private keys for the devices that were registered to it, then these keys need to be backed up somewhere - but that backup would need to be encrypted, so that both the person storing them or hackers breaking into that backup storage would not have access to private keys. An example of the public key would be the licence plate of a car something which is shared publicly, the logbook for the car is the private key, something only the owner of the car would possess, and the keys to house is master key which contains access to logbook for the car. Therefore, a master key is created at the time, the tab is pulled to activate the identification device 100, and that master key is created by an algorithm on the operating system of the unique identification device 100. The algorithm has three inputs, a random number generator, the time and date of when the tab is pulled (expressed as a number) and the third and final input is the unique ID the identification device 100 creates. The algorithm uses these three inputs to create the master key. The master key is written into the micro-SD card.

The master key is the only way any data that has been backed up to the remote master list can be retrieved. The data getting backed up to the remote master list is encrypted before being backed up there - so that even if someone was to hack the remote master list it is useless to them, as the data is encrypted. The only way the data for the device that backed it up there can be decrypted is by having the original master key - which is on the micro-SD card. Keeping the micro-SD card safe - in a burnproof box or a fireproof safe - means that even if the premises were to burn down and the original identification device 100 gets destroyed (or someone robs the original device 100, etc.), one can always recover the data to a new box and then decrypt it with the master key from microSD card, even if the device 100 is disabled. The backup may be unencrypted by the person who owns the device 100 if they ever needed to replace their device 100 but recover their private keys. The micro-SD card including the master key enables re-installing the encrypted private keys from the cloud backup and then inserting the master key to unencrypt them.

The best way to explain the difference between the master keys and private keys is to use a simple example - six people live in a house, five of them drive and one doesn’t. The five people all give their keys to the sixth person who keeps the keys in a safe which they are the only person who has a key to open. The five people all trust the sixth person with their keys because that sixth person doesn’t drive, so their keys are safe with them. Nobody gets anybody else’s keys; they can only get their own keys and only via the sixth person. So, the master key is the sixth person with the key to the safe, and the private keys are the keys for the cars.

With the encryption facility enabled, the device 100 box has an NFC card so it can be an ATM for digital currency. Also, the device 100 can act as a “cold wallet”. In crypto terms, one can have a hot wallet or a cold wallet - a hot wallet is normally an app, stored on the phone and requires a password to access, a cold wallet is normally a piece of hardware (like a USB key), stored at the location and requires physical access to it for people’s encryption needs.

In an embodiment of the present invention, the identification device 100 may further include an accelerometer/gyroscope to indicate movement and to reduce the number of times the device 100 has to poll the GPS signal to see if it’s moving, thus requiring a smaller battery.

FIG.4 illustrates an identification device 400 for performing location-based authentication of one or more mobile devices, in accordance with another embodiment of the present invention. The device 400 does not have a mobile telecommunications module. When the activation tab has been removed, the geographical location has been established and the wireless communication module enabled, then the Bluetooth™ module becomes operational. The device 400 uses the operating system, the processor and a Bluetooth™ connection to link to an external mobile communication device 402 and receive data from it. If the device 400 has activated its mobile communications via Bluetooth™, it uses the operating system and the processor to generate metadata which is used to create the device’s unique geo-location ID. The device 400 could use the mobile phone number of the mobile device connecting via Bluetooth™ as part of the unique geo-location ID to be generated. FIG.5 illustrates using the identification device 500 (similar to the devices 100 and 400) for location-based authentication of the mobile data devices 502, 504 and 506, in accordance with an embodiment of the present invention.

The device 500 communicates the unique geolocation ID to a remote authenticating authority 508, for storing the same in a remote master list. The remote master list is a database containing the unique geo-location ID of one or more digital ID devices, and remote mobile devices registered with each identification device. The remote authenticating authority 508 may be a remote secure server. The remote authenticating authority 508 would be the entity in charge of maintaining the remote master list. The authenticating authority maintains the database containing the unique IDs and the associated devices registered to those unique IDs.

In an embodiment of the present invention, the identification device 500 establishes a data link to communicate its unique geolocation ID to the remote authenticating authority 508. When the device 500 has a network connection, it illuminates a dedicated light to indicate its data link status. In one embodiment, the device 500 has a network interface card. The device 500 checks, via it’s onboard operating system and processor, to see if a network cable is attached to the network interface card. If the device 500 has a network cable attached to the network interface card, it can use the onboard operating system and processor to obtain a local address via DHCP for establishing a connection with the remote authenticating authority 508.

In another embodiment, the device 500 has no network connection but does have an internal SIM card module. The device 500 checks, via it’s onboard operating system and processor, to see if a network cable is attached to the network interface card. If the device 500 does not have a network cable attached to the network interface card, then it uses the onboard operating system and processor to check the SIM card status for data connectivity. If the SIM card is active for data connectivity, then it obtains an IP address, via the SIM card. If the device 500 does not have a network connection, but does have an internal SIM card, it illuminates the dedicated light a different colour to indicate its data link status.

In one embodiment, the device 500 neither has a network connection nor an internal SIM card. In such case, the device 500 checks, via it’s onboard operating system and processor, to see if a Bluetooth™ connection can be established to an external mobile communications device. In such case, the device 500 illuminates the dedicated light a different colour and flashes for the duration of the Bluetooth™ connection to indicate its data link status. The device 500 uses its operating system and processor to check the external mobile communication device for data connectivity. If the external mobile communication device is active for data connectivity, then it obtains an IP address, via the external mobile communication device for establishing a connection with the remote authenticating authority 508.

In an embodiment of the present invention, the mobile data devices 502, 504 and 506 may be registered with the identification device 500 using NFC only. The NFC requires physical proximity to the identification device 500 to ensure that only a person within range can register their devices 502, 504 and 506 to that location. Each of the mobile devices 502, 504 and 506 may run a mobile application of the remote authenticating authority 508 to register themselves with the identification device 500. In an embodiment of the present invention, the remote authenticating authority 508 may store the unique geolocation ID of the identification device 500 and mobile data devices 502, 504 and 506 registered with the identification device 500.

The remote authenticating authority 508 may continuously receive and verify GPS location of the mobile data devices 502, 504 and 506 for the purpose of authenticating them based on their location. If the location information of the mobile devices 502, 504 and 506 do not match with that of the identification device 500, then the mobile devices 502, 504 and 506 cannot be authenticated. Also, in case, the location of the identification device 500 changes, corresponding SIM also acts as an alarm feature, and notifies the authenticating authority 508, that the identification device 500 has been compromised.

In an example, a bank may implement a security protocol that requires three bank personnel to login from three distinct, verifiable geographical locations (New York, London and Berlin) at the same time to authorise a significant transaction. The purpose of the security protocol is to prevent kidnapping/hostage taking compromising three personnel at one location. To implement this, each personnel may have an identification device and a mobile device registered to that identification device in that location. Therefore, the remote master list would include three unique geo-location IDs of three identification devices, and corresponding three mobile devices of three personnel. The bank has the list of unique geo-location IDs and mobile devices from the remote authorising authority. At the appointed time, the bank may allow the mobile devices to connect, checking the unique geo-location IDs and device metadata and also contacting the individual identification device (to ascertain that they are not compromised) and requesting confirmation that the mobile devices are looking to connect. The user at each of the mobile devices has to be authorised to log in to the mobile device by the bank’s own MFA (biometric + one-time passcode) at which point they get prompted to confirm they are looking to connect. Each identification device has to send a confirmation to the bank for completing the security protocol. So the mobile devices need to confirm their geographical location and the users of such devices need to confirm their biometric and onetime passcode.

If a mobile device has been authenticated to a location but is remote from that location then the identification device can use Dynamic DNS to allow the mobile device to authenticate whilst on the move.

In the case of commercial use, say a financial institution or healthcare facility, the option of a mobile device authenticating on the move would be disabled, as the security model would require the mobile device to be authenticated to be physically present in the same location as the authentication device. In the case of domestic use, say for a media company, the option of a mobile device authenticating on the move would be enable. A real-world example of this is security cameras - a commercial install of a security camera system would, in best practice, have a closed system that is only monitored on-site by a dedicated security team, whereas a domestic install of modern security cameras allows you to monitor your cameras remotely using an app on your phone.

In an exemplary commercial application, an authentication device would be installed in a hospital, which has patient records on file and those records are on the network in the hospital, but can only be accessed by devices that are in the location where the authentication device is. This means that if a network was compromised, the records would still be inaccessible to a remote hacker. The hacker would have to be physically present at the hospital, in possession of a device that has been authorised by the authentication device and they would also need the other multi-factor authentication credentials to then access the device.

In an exemplary domestic application, a streaming service, may use geo-digital ID, instead of a username and password, to authorise all the devices for that location. Some of the devices may be fixed to the location (TVs, PCs, etc). Some devices (laptops, tablets, phones, etc) would be mobile. Having authorised the devices to that location, a domestic version of the authentication device would have Dynamic DNS enabled to allow the mobile devices that roam to be able to authorise themselves remotely as being registered to a certain location and then still be able to stream content on the move.

Thus, the identification device establishes geographically where a mobile device has been registered - who sits on the other side of that mobile device is solely the job of the other MFA steps. Once in place, the identification device can register mobile devices as being present and authenticated at that location (via its NFC card). These mobile devices can then continue to be authenticated, as registered at that location, even on the move, via Dynamic DNS. In the specification the terms "comprise, comprises, comprised and comprising" or any variation thereof and the terms include, includes, included and including" or any variation thereof are considered to be totally interchangeable, and they should all be afforded the widest possible interpretation and vice versa.

The invention is not limited to the embodiments hereinbefore described but may be varied in both construction and detail.