DESC:CROSS REFERENCE TO REALTED APPLCATIONS
This application claims the priority benefit of provisional patent application No. 202321063202, filed on September 20, 2023, which is incorporated herein by reference in its entirety.
FIELD OF INVENTION
This invention generally relates to a field of location encryption, and more particularly to a method to generate a digital location based secure certificate in a hierarchy system for encrypting a user identity.
BACKGROUND
Nowadays, more and more consumers are participating in transactions over electronic networks. For example, consumers routinely purchase products and services from merchants and individuals alike. The transactions in these purchases may take place directly between an on-line merchant or retailer and the consumer, and payment is typically made by entering a credit card or other financial information. Such digital transactions may also take place with the aid of an on-line or mobile payment service provider. The payment service providers can make transactions easier and safer for the parties involved. The ease in the process of performing transactions with the assistance of a payment service provider is one of the main reason why the number of on-line/mobile transactions is growing rapidly.
The growing area of digital transactions involves the exchange of information during the transaction, which allows other parties (i.e. banks and 3rd party aggregators) to extract user information based on the transactions. The digital transactions may be centralized (e.g., controlled by one or more cooperating entities), or decentralized (e.g., controlled by non-cooperating entities). However, the digital transactions suffer from a number of issues. For example, during digital transactions performed on a conventional system the transactions can be traced and the actual geographical location of the user can be traced very easily.
Further, the existing systems use a proxy server to provide protection of personal identifiable information. The user data such as location data, service requests, and privacy policies are encoded in XML by the mobile terminal and forwarded to a proxy server placed between the mobile terminal and the location based service(s). Further, a suitable architecture in the mobile terminal and in the proxy, can hide the mobile device's network location, hide the identity of its user, and, in some cases, provide misleading physical location(s).
Further, the digital certificates are cryptographic tools that underpin the security and trustworthiness of digital communications and transactions. The digital certificate operates based on the principles of asymmetric cryptography, which involves the use of two mathematically related but distinct keys: a public key and a private key. These keys are used to encrypt and decrypt data, as well as to verify the authenticity of digital signatures. The process begins with an entity, such as a website or an individual, generating a key pair comprising a public key and a private key. The public key is shared openly, while the private key is kept confidential. In order to establish the trust and ensure that an entity's public key indeed belongs to them, digital certificates come into play. The entities seeking to secure their online presence send a certificate request, along with their public key and identity information, to a trusted Certificate Authority (CA). The CAs are entities that are widely recognized and trusted to issue digital certificates. The CA then conducts a thorough identity verification process, which may involve document checks, domain ownership validation or even in-person verification. Once the CA is satisfied with the entity's identity, it issues a digital certificate. This certificate contains crucial information, including the entity's identity details, its public key, and a digital signature from the CA itself. Importantly, this signature verifies that the certificate has been issued by a trusted source.
Further, the digital certificates are not static. The digital certificates have a limited validity period and must be periodically renewed to remain valid. Additionally, if a certificate is compromised or no longer needed, it can be revoked by the issuing CA before its expiration date. This mechanism helps maintain the integrity of the certificate ecosystem. So, the digital certificates are essential tools for establishing trust and securing digital communications and transactions. The digital certificates enable entities to verify each other's identities, ensuring that data exchanged over the internet remains confidential and tamper-proof. Whether used in web browsers, email clients, or online services, digital certificates play a fundamental role in the modern digital landscape.
The conventional system introduces the hierarchical trust structure of digital certificates, where the integrity of the system relies on globally recognized and trusted root Certificate Authorities (CAs). These root CAs are responsible for issuing certificates for intermediate CAs, which, in turn, extend their issuance to end entities – the likes of websites and individuals. The bedrock of trust in a specific entity's certificate is rooted in the trust vested in the CA that birthed it.
When secure communication is sought between two entities, such as a web browser and a website, the recipient meticulously scrutinizes the digital certificate tendered by the sender. This scrutiny encompasses the validation of the certificate's digital signature and an assurance that it has not been revoked. Upon deeming the certificate trustworthy, the recipient can leverage the sender's public key to establish a secure communication channel, often involving data encryption.
In today's digital landscape, secure and precise management of location-based data is of paramount importance. Traditional Public Key Infrastructure (PKI) models have limitations in seamlessly integrating location details, using geo-location coordinates, into the authentication process.
In US Patent application US20180287803A1 having title “Public Key Infrastructure & Method of Distribution” discloses a computer-implemented method for validating the respective identities of co-operating entities on a computer network, and comprises generating, transmitting or exchanging a signed digital certificate. The certificate includes a public key associated with an entity on the network and an arbitrary identifier associated with the public key. The identifier is arbitrary such that the identity of the entity cannot be, or is unlikely to be, discerned from the identifier alone, and/or its generation is random or pseudo-random, and/or selection of the identifier is not related to the identity of the entity or the public key.
In US Patent application US20220200811A1 having title “Network system, device, and processing method” discloses a network system including a plurality of devices can acquire authenticated location information of a device and provides various services using the authenticated location information. Each of the plurality of devices includes a communication unit for performing data communication with another device. Further, a storage unit that stores a digital certificate including a public key for determining an IP address of the device. Further, a determination unit that determines an IP address of another device based on a public key included in a digital certificate received from another device. The digital certificate includes location information associated with a corresponding device.
In US Patent application US20070101438A1 having title “Location-based authentication” discloses a method and system to configure data, such that access to data is protected based on a location. Once the data is configured, it can only be accessed from authorized locations, which are locations from which the location protected data is allowed to be accessed. Moreover, the location protected data is encrypted by using Data Encryption Keys (DEKs). DEKs are encrypted by using the authorized location information. A method and system for managing access to the location protected data is also disclosed. A request is received to access the location protected data from a location. Access to the location protected data is granted when the location is an authorized location. Once access is granted, DEKs are retrieved and the location protected data is decrypted. DEKs are periodically replaced with newly generated DEKs.
In US Patent application US2002051540A1 having title “Cryptographic system and method for geolocking and securing digital information” discloses A method and apparatus for controlling access to digital information utilizes a location identity attribute that defines a specific geographic location. The location identity attribute is associated with the digital information such that the digital information can be accessed only at the specific geographic location. The location identity attribute further includes a location value and a proximity value. The location value corresponds to the location of an intended recipient appliance of the digital information, and may be further defined in terms of latitude, longitude and altitude dimensions. The digital information is encrypted using a geolocking key based at least in part on the location identity attribute. The geolocking key is based on a shape parameter that is determined from the location identity attribute and is included with the encrypted digital information.
Therefore, although there have been attempts made in the past to provide a secured framework for facilitating transactions and/or access of confidential data using digital certificate encrypting user identifiable information including the user location, however, there exists several challenges with such systems including, but are not limited, as below:
In the existing systems, the location data included is the exact and/or precise location of the user, and therefore any third-party is likely to know the exact location of the user involved in the transaction and/or data exchange using the certificate.
In the existing systems, the location data included is limited to use of coordinates such as x and y coordinates, and hence there are chances that multiple locations are matched with these coordinates thereby resulting in the compromising of the accuracy of the determined location and thereby the security of the users.
In the existing systems, the validation of the certificate is limited to verification of data/contents pertaining to only one entity i.e., certification authority (CA) that generates the certificate and does not include verification of data/contents pertaining to intermediate parties that may be involved (e.g., ICA, vendor, consumer) in the transaction.
Thus, there exists a long-felt need for more robust security framework that can generate the secure certificate containing the location information that is not easily traceable and/or discerned by the third-parties and/or unauthorized parties and further the location information in the secured certificate be verified and/or validated at multiple levels in the hierarchical system.
OBJECTIVE OF THE INVENTION
It is a principal objective of the present invention to provide a system to generate a digital location based secure certificate in a hierarchy system.
Yet another objective of the present invention to provide a method to generate a digital location based secure certificate in a hierarchy system by integrating either 2D or coordinate reference system (CRS) or also taking elevation data into a Location Intelligence Service Protocol Secure (LISPS) framework.
Yet another objective of the invention to integrate an elevation data (z- coordinate) into 2D coordinate reference system (CRS) module to obtain a 3D CRS.
Yet another objective of the invention to integrate the 3D CRS into the hierarchy system.
Still another objective of the invention is to secure location-based data using CRS integration within the LISPS framework.
Still another objective of the invention is to secure location-based data by ciphering or masking the location-based data in the digital location based secure certificate such that the location-based data is not discernible to the unauthorized users.
SUMMARY
This summary is provided to introduce concepts related to systems and methods to generate a digital location based secure certificate in a hierarchical system and the concepts are further described below in the detailed description. This summary is not intended to identify essential features of the claimed subject matter nor it is intended for use in determining or limiting the scope of the claimed subject matter.
In one embodiment, a system for generating and validating a digital location-based secure certificate in a hierarchical system is disclosed. The system comprises a processor and a memory coupled to the processor, wherein the processor is configured to execute a plurality of modules stored in the memory. The plurality of modules comprises a coordinate reference system (CRS) configured to represent a geo-location data for an entity hierarchy in the hierarchical system, wherein the geo-location data comprises at least one of a location identifier and a geo-location coordinates, and wherein the geo-location coordinates includes two or more of geo-location coordinates selected from a x-coordinate, a y-coordinate, and a z-coordinate corresponding to a plurality of entities in the entity hierarchy. Further, the plurality of modules comprises a certificate generator module configured to generate a secure certificate using the CRS based upon one or more entity instructions received from the one or more entities to a certificate authority (CA) in the entity hierarchy, wherein the one or more entity instructions comprises at least an entity identification, a public key, and one or more geographic details associated with the one or more entities. Furthermore, plurality of modules comprises a certificate validator module configured to validate the secure certificate based upon one or more user instructions received from one or more users via a public key associated with the certificate authority (CA).
In another embodiment, a method for generating and validating a digital location-based secure certificate in a hierarchical system is disclosed. The method comprises a processor implemented step of defining a geographic extent of a plurality of entities within an entity hierarchy. Further, the method comprises a processor implemented step of accurately representing, via a coordinate reference system (CRS) module, a geo-location data within the defined extent, wherein the geo-location data comprises at least one of a location identifier and a geo-location coordinates, and wherein the geo-location coordinates includes two or more of a x-coordinate, a y-coordinate, and a z-coordinate corresponding to the plurality of entities. The method further comprises a processor implemented step of generating, via a certificate generator module, a pair of cryptographic keys as a private key and a public key, for each entity within the defined extent. Further, the method comprises a processor implemented step of encrypting, via the certificate generator module, the geo-location data with the private key. The method further comprises a processor implemented step of submitting, via the certificate generator module, the certificate and one or more entity instructions to a certificate authority (CA) that corresponds to the geographic extent, wherein the one or more entity instructions comprises at least an entity identification, a public key, and one or more geographic details, wherein the CA further issues a secure certificate that is signed by a private key associated with the certificate authority (CA). The method further comprises a processor implemented step of sharing the public key and the secure certificate of the entities with other parties involved in transactions or data exchanges. Furthermore, the method comprises a processor implemented step of verifying the entities geographic extents align correctly within the entity hierarchy (108) to ensure a location associated with the parties involved in transactions or data exchanges falls within the boundaries defined by the certificate authority (CA) for that region.
In accordance with an embodiment of the present subject matter, the CRS module include a 2D CRS and a 3D CRS, wherein the 2D CRS includes the x-coordinate and the y-coordinate, and wherein the 3D CRS includes the x-coordinate, the y-coordinate and the z-coordinate, an intermediate certificate authority (ICA). Further, the certificate authority (CA) is configured to revoke the secure certificate when the private key is compromised and when the secure certificate crosses an expiration date.
In accordance with an embodiment of the present subject matter, the secure certificate encrypts the geo-location data via a private key associated with the certificate authority (CA).
In accordance with an embodiment of the present subject matter, the entity hierarchy (108) comprises the certificate authority (CA) including a root certificate authority (RCA) and an intermediate certificate authority (ICA), a vendor, and a customer.
In accordance with an embodiment of the present subject matter, the certificate authority (CA) is configured to revoke the secure certificate when the private key is compromised or the secure certificate crosses an expiration date.
In accordance with an embodiment of the present subject matter, the geo-location data is in ciphered form, and wherein the location identifier is at least one of a physical address, an IP address, and a MAC address associated with the one or more entities.
In accordance with an embodiment of the present subject matter, the ciphered form includes the geo-location data in form of randomly generated alphanumeric characters applicable for a particular transaction and for a predefined expiry time.

BRIEF DESCRIPTION OF DRAWINGS
The accompanying drawings illustrate various embodiments of systems, methods, and embodiments of various other aspects of the disclosure. Any person with ordinary skills in the art will appreciate that the illustrated element boundaries (e.g., boxes, groups of boxes, or other shapes) in the figures represent one example of the boundaries. It may be that in some examples one element may be designed as multiple elements or that multiple elements may be designed as one element. In some examples, an element shown as an internal component of one element may be implemented as an external component in another, and vice versa. Furthermore, elements may not be drawn to scale. Non-limiting and non-exhaustive descriptions are described with reference to the following drawings. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating principles.
The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the drawings to refer like features and components.
FIG. 1 illustrates a network implementation (100) of a system (102) to generate a digital based secure certificate, according to an embodiment of the present subject matter.
FIG. 2 illustrates a flow chart of a method (200) implemented by the system (102) to generate a secure certificate by integrating either 2D or coordinate reference system (CRS) or also taking elevation data into a Location Intelligence Service Protocol Secure (LISPS) framework, according to an embodiment of the present subject matter.
FIG. 3 illustrates working of the system (102) to generate a digital based secure certificate, according to an exemplary embodiment of the present subject matter.
DETAILED DESCRIPTION OF THE INVENTION
Reference throughout the specification to “various embodiments,” “some embodiments,” “one embodiment,” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. Thus, appearances of the phrases “in various embodiments,” “in some embodiments,” “in one embodiment,” or “in an embodiment” in places throughout the specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures or characteristics may be combined in any suitable manner in one or more embodiments.
Some embodiments of this disclosure, illustrating all its features, will now be discussed in detail. The words “comprising,” “having,” “containing,” and “including,” and other forms thereof, are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items or meant to be limited to only the listed item or items.
It must also be noted that as used herein and in the appended claims, the singular forms “a,” “an,” and “the” include plural references unless the context clearly dictates otherwise. Although any systems and methods similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present disclosure, the preferred, systems and methods are now described.
Embodiments of the present disclosure will be described more fully hereinafter with reference to the accompanying drawings in which like numerals represent like elements throughout the several figures, and in which example embodiments are shown. Embodiments of the claims may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. The examples set forth herein are non-limiting examples and are merely examples among other possible examples.
In the present invention, a hierarchy system to generate a secure certificate, according to an embodiment is disclosed herein. The hierarchy system establishes a Location Intelligence Service Protocol Secure (LISPS) framework that seamlessly integrates a location-based data, including elevation, into the secure digital certificate issuance and validation process. Further, the hierarchy system enhances security, privacy, and trust in location-based secure certificate for a wide range of applications, including financial services, urban planning, emergency services, infrastructure management, and environmental monitoring. In one example, these secure certificates may enable merchandise gateways (Payment Interface) and consumers to perform transactions with enhanced security and complete privacy, as the secure certificate is authenticated at each and every step.
In the contemporary digital landscape, the adept and precise management of location-based data emerges as a paramount necessity. However, traditional Public Key Infrastructure (PKI) models grapple with limitations when seamlessly integrating location details, using geo-location coordinates, both in two-dimensional (2D) and three-dimensional (3D) spaces, into the authentication process. Recognizing this challenge, the present invention offers a pioneering approach by harmoniously merging the standard PKI framework with both 2D and 3D Coordinate Reference System(CRS) integration, respectively.
The absence of location coordinates in transactions poses challenges such as limited accuracy, heightened fraud risk, and compliance issues. Adopting a 2D and 3D coordinate reference system (CRS) resolves these challenges by offering heightened accuracy in horizontal validation (2D), enhanced security through vertical location data (3D), and improved regulatory compliance. This dual-layered approach ensures a more precise and secure digital transaction environment.
In present system, the digital certificates are organized into a hierarchical trust structure. At the top of this hierarchy are root CAs, which are globally recognized and trusted. These root CAs issue certificates for intermediate CAs, which, in turn, issue certificates for end entities, such as websites and individuals. The trust in a particular entity's certificate is derived from trust in the CA that issued it. When two entities wish to communicate securely, such as a web browser and a website, the recipient checks the digital certificate provided by the sender. This verification process includes ensuring that the certificate's digital signature is valid and that it has not been revoked. If the certificate is deemed trustworthy, the recipient may use the sender's public key to establish a secure communication channel, often involving data encryption.
Thus, the integration of PKI framework with either 2D or 3D CRS enhances the security, precision, and flexibility of location-based data management across various domains and industries.
While aspects of described system and method for generating and validating a digital location-based secure certificate in a hierarchical system may be implemented in any number of different computing systems, environments, and/or configurations, the embodiments are described in the context of the following exemplary system.
Referring now to Fig.1, a system (102) for generating and validating a digital location-based secure certificate in a hierarchical system is illustrated, in accordance with an embodiment of the present subject matter. Although the present subject matter is explained considering that the system (102) is implemented on a server, it may be understood that the system (102) may also be implemented in a variety of computing systems, such as a laptop computer, a desktop computer, a notebook, a workstation, a mainframe computer, a server, a network server, a cloud computing environment, and the like. It will be understood that the system (102) may be accessed by multiple users through one or more user devices (110-1, 110-2…110-N), collectively referred to as user (110) hereinafter, or applications residing on the user devices (110). Examples of the user devices (110) may include, but are not limited to, a portable computer, a personal digital assistant, a handheld device, and a workstation. The user devices (110) are communicatively coupled to the system (102) through a network (106).
In one implementation, the network (106) may be a wireless network, a wired network or a combination thereof. The network (106) can be implemented as one of the different types of networks, such as intranet, local area network (LAN), wide area network (WAN), the internet, and the like. The network (106) may either be a dedicated network or a shared network. The shared network represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), Wireless Application Protocol (WAP), and the like, to communicate with one another. Further the network (106) may include a variety of network devices, including routers, bridges, servers, computing devices, storage devices, and the like.
The aforementioned devices may support communication over one or more types of networks in accordance with the described embodiments. For example, some computing devices and networks may support communications over a Wide Area Network (WAN), the Internet, a telephone network (e.g., analog, digital, POTS, PSTN, ISDN, xDSL), a mobile telephone network (e.g., CDMA, GSM, NDAC, TDMA, E-TDMA, NAMPS, WCDMA, CDMA-2000, UMTS, 3G, 4G, 5G), a radio network, a television network, a cable network, an optical network (e.g., PON), a satellite network (e.g., VSAT), a packet-switched network, a circuit-switched network, a public network, a private network, and/or other wired or wireless communications network configured to carry data. Computing devices and networks also may support wireless wide area network (WWAN) communications services including Internet access such as EV-DO, EV-DV, CDMA/1×RTT, GSM/GPRS, EDGE, HSDPA, HSUPA, and others.
The aforementioned devices and networks may support wireless local area network (WLAN) and/or wireless metropolitan area network (WMAN) data communications functionality in accordance with Institute of Electrical and Electronics Engineers (IEEE) standards, protocols, and variants such as IEEE 802.11 (“WiFi”), IEEE 802.16 (“WiMAX”), IEEE 802.20x (“Mobile-Fi”), and others. Computing devices and networks also may support short range communication such as a wireless personal area network (WPAN) communication, Bluetooth® data communication, infrared (IR) communication, near-field communication, electromagnetic induction (EMI) communication, passive or active RFID communication, micro-impulse radar (MIR), ultra-wide band (UWB) communication, automatic identification and data capture (AIDC) communication, and others.
Now referring to Fig. 1, the system (102) may include a processor (104) and a memory (105), and I/O interface (not shown). The processor (104) may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the processor (104) is configured to fetch and execute computer-readable instructions stored in the memory (105).
The I/O interface may include a variety of software and hardware interfaces, for example, a web interface, a graphical user interface, and the like. The I/O interface may allow the system (104) to interact with a user directly or through the client devices (110). Further, the I/O interface may enable the system (104) to communicate with other computing devices, such as web servers and external data servers (not shown). The I/O interface can facilitate multiple communications within a wide variety of networks and protocol types, including wired networks, for example, LAN, cable, etc., and wireless networks, such as WLAN, cellular, or satellite. The I/O interface may include one or more ports for connecting a number of devices to one another or to another server.
The memory (105) may include any computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes. The memory (105) may include a plurality of modules. The modules include routines, programs, objects, components, data structures, etc., which perform particular tasks or implement particular abstract data types. In one implementation, the modules may include a coordinate reference system (CRS) module (112), a certificate generator module (114), and a certificate validator module (114), and database (118).
As shown in FIG. 1, the database (118) may include suitable logic, circuitry, and/or interfaces that may be configured to store a machine code and/or a computer program with at least one code section executable by the processor (104). Examples of implementation of the database (118) may include, but are not limited to, Random Access Memory (RAM), Read Only Memory (ROM), Hard Disk Drive (HDD), and/or a Secure Digital (SD) card. Further, the database (118) may be configured to execute set of instruction received by the network (106) from the entity hierarchy (108) or the one or more users (110). It must be noted herein that the components including system (102), the users or user devices (110), the network (106) and the entity hierarchy (108) will be collectively referred to as a hierarchical system (100) or a hierarchy system (100) interchangeably. The one or more users (110) corresponds to a user 1, a user 2 and user 3 etc. Further, the processor (104) may be configured to execute the instructions obtained from the database (118) and/or the plurality of the modules. The processor (104) may be further configured to execute the real time commands received from the entity hierarchy (108) and a one or more users (110), to generate or validate the secure certificate.
In an embodiment, the processor (104) is coupled to the CRS module (112). The CRS module (112) comprises the different geo-location extents of entities, such as governments, merchants, consumers, and vendors. The geolocation extents involve specifying the regions, boundaries, or areas of operation for each entity. The CRS module (112) is configured to represent a geo-location data within the defined extent which includes x coordinate, y coordinate and an elevation data representing a z-coordinate. The representation of geo-location data may be in 2D CRS or in 3D CRS. The CRS module (112) ensures consistent location representation and mapping. Further, the CRS module (112) with location-based access control, encompassing a root certificate authority (RCA), an intermediate certificate authority (ICA), and entities with the option to define geographic extent, including x, y, and z coordinates. The entities may be a Government body, a Merchant and a Consumer which opt to utilize the CRS module (112), encompassing either x, y coordinate to generate 2D CRS or also include an elevation data as z- coordinate to generate 3D CRS. The CRS module (112) allows precise geographic scope definition in two or three dimensions.
In an embodiment, the 2D CRS considers only the x and y coordinate values from a 2D coordinate map, whereas 3D CRS considers the x and y coordinate values and the elevation data z- coordinate of the location. It may be noted that the z- coordinate may be just the value representing the altitude of the location from the mean sea level or a location at a height in a building (e.g., may be a multi storied building). It must be noted herein that the incorporation of height factor (z-coordinate) in the CRS facilitates in achieving improved accuracy in the verification and/or validation of the desired target location. This is because there may be possibilities/scenarios wherein multiple locations may match with the co-ordinates restricted with x and y-coordinates only. In such scenarios, the accuracy of the location may be compromised thereby affecting the security. However, the incorporation of the z-coordinate can easily distinguish between the two or more locations having identical x and y-coordinates based on the height factor (i.e., the z-coordinate). For example, consider a commercial/residential building having multiple floors, wherein in this case although the building having multiple floor share the common x and y coordinates, the desired target location, e.g., a specific floor can be easily differentiated from the other floors in the same building based upon the distinct height (represented via z-coordinate) associated to each floor thereby facilitating the robust security framework. Further, the CRS module (112) may be used for generation of secure certificates for 2D location data. The confidentiality and integrity of 2D location data while allowing it to be validated at every step within the hierarchy system (100). The handling of 2D location data finds application across various sectors. Some notable use cases include financial transactions, where secure certificates enhance customer security by preventing fraudulent transactions originating from unauthorized locations. Additionally, the hierarchy system (100) supports urban planning, allowing precise definition of development zones within city planning, aligning construction and zoning regulations with geographic boundaries. The hierarchy system (100) accommodates 3D location data, including elevation values, within a specialized Coordinate reference (CRS) module (112). The comprehensive CRS module (112) integrates x and y coordinates with elevation data (z-coordinate) to generate the 3D CRS. The CRS is pivotal in accurately representing 3D geographic locations. Further, the secure certificates generated with elevation values enhanced security and privacy for transactions.
Thus, the CRS scheduled for the entities, ICAs, or the RCA may initiate scheduled changes to the CRS for the entities and the ICAs. The modifications in 2D or 3D CRS may cascade down the hierarchy to maintain consistency. The secure certificate thus generated in the hierarchy system (100), encompass either 2D or 3D geographic scope including x, y, and z coordinates and validation ensures adherence to defined 3D boundaries within the hierarchy system (100). Further. the handling of 3D location data with elevation values opens doors to a range of use cases where precision is paramount such as infrastructure management, environmental monitoring, and telecommunications. For instance, the telecommunications companies may adapt to changing network coverage requirements by scheduling modifications to their 3D CRS, ensuring alignment with evolving service areas and improving security while safeguarding customer privacy. In one embodiment, the geo-location data in 2D or 3D CRS is in ciphered form. In an embodiment, the geo-location data is further a combination of the geo-location coordinates and at least one of a physical address, an IP address, and a MAC address associated with the one or more entities in ciphered form. In an embodiment, the ciphered form includes the geo-location data in form of randomly generated alphanumeric characters applicable for a particular transaction and for a predefined expiry time.
In an embodiment, the processor (104) is configured to encrypt the location data for each entity via a pair of cryptographic keys having a private key and a public key. Further, the pair of cryptographic keys may be used for encryption, decryption, and authentication.
Further, the processor (104) is coupled to the certificate generator module (114). The certificate generator module (114) is configured to generate the secure certificate using the CRS module (112) by the certificate authority on one or more instructions submitted by an entity to their geographic extent. The one or more instructions contains an entity identification, public key, and geographic details to a certificate authority (CA). The CA issues a secure certificate that is signed by a CA private key. The secure certificate is configured to use an existing protocol with embedded proxy geolocation for the entity. Further, the public key and secure certificate of the entities with other parties involved in transactions or data exchanges.
Further, the processor (104) is coupled to the certificate validator module (116). The certificate validator module (116) is configured to validate the secure certificate via the public key that is stored in the database (118). The certificate validator module (116) includes different layers the Root Certificate Authority (RCA), the Intermediate Certificate Authority (ICA), a vendor entity, and a customer entity. The secure certificate in the certificate validator module (116) is validated by the secure certificates issued by subordinate layers. The certificate validator module (116) is configured to validate the secure certificate by checking the digital signature on the entity's certificate using the ICA's public key obtained from a trusted source. Further, the certificate validator module (116) verifies the ICA's certificate in the same way, using the RCA's public key as the trust anchor. Further, the certificate validator module (116) confirms that the RCA's certificate is trusted and part of the hierarchy system's (100) trust database (118).
Furthermore, the secure certificates are validated using established processes and cryptographic techniques. The secure certificate storage relies on secure repositories, file systems or hardware security modules to protect certificate data. The secure certificate validation may include checking digital signatures, verifying certificate chains and ensuring the trustworthiness of certificates using cryptographic algorithms, trust anchors, and revocation checking mechanisms. Further, the hierarchy system is configured to comply with certificate policies and practice statements for proper certificate validation. In one example, these secure certificates may enable merchandise gateways (Payment Interface) and consumers to perform transactions with enhanced security and complete privacy, as the secure certificate is authenticated at each and every step.
Further, the utilization of CRS module (112) ensures that entities within the LISPS framework have the flexibility to choose the most suitable CRS for their geographic scope while maintaining alignment with the higher-level authority's CRS. Further, the automated mechanism for scheduled modifications of CRS module (112), ensures consistency in geographic scope definition throughout the LISPS hierarchy and further ensuring inaccessibility to the real location or tracking by any other entity. The computer-readable medium storing instructions for executing the steps of securing location-based data using the CRS module (112) integration within the LISPS framework. The CRS module (112) dynamic approach accommodates different geographic requirements and allows for adaptability over time, all within a structured and consistent framework.
Further, the hierarchy system (100) may be configured to validate one or more features. The one or more features may be integrated with a 3rd party ecosystem such as a finance ecosystem, an identity management ecosystem, a tax collection ecosystem, a transportation ecosystem, a service provider ecosystem and an online services ecosystem etc. Further, the one or more features may include a multi-factor authentication integration for verifying user identity and location, enhancing the security of digital transactions. The multi-factor authentication integration may comprise different layer of authentication such as a Root Certificate Authority (RCA) authentication, an Intermediate Certificate Authority (ICA) authentication and a vendor authentication. Further, the one or more features may include a Location-Based Fraud Detection for real-time fraud detection and prevention, utilizing location data to identify and mitigate fraudulent activities within the 3rd party payment ecosystem. Further one or more features may include a Geo-Fencing Capabilities to establish a virtual boundaries and securing transactions within defined geographical areas. As, every secure certificate is encrypted with a geo location information. Further one or more features may include a Location-Based User Analytics with built-in analytics tools for 3rd party ecosystem to derive valuable insights from location data, aiding in strategic decision-making, and user behaviour analysis. Further one or more features may include a Transaction Risk Assessment with transaction risk assessment algorithms that analyse location data to assess the risk level of a digital transaction, enabling proactive risk management in 3rd party ecosystem. Further one or more features may include a Cross-Border Transaction Security that is adapted to provide enhanced security for cross-border digital transactions, ensuring compliance with international payment standards and regulations. Further one or more features may include an Integration with National Identity Systems that is designed to seamlessly integrate with national identity systems or identity management ecosystem, enabling identity management ecosystem to strengthen identity verification processes during digital payments. Further one or more features may include a User Privacy Dashboard featuring a user-friendly privacy dashboard for users to have granular control over their location data sharing and access permissions, fostering trust in 3rd party ecosystem. Further one or more features may include a Geographic Data Sharing Consent Mechanisms incorporating innovative mechanisms for users to grant consent for sharing their geographic data with specific parties, aligning with evolving data privacy laws. Further one or more features may include a Location Data Anonymization for Regulatory Compliance with a module that anonymizes location data to meet the requirements of data protection regulations. Further one or more features may include a Secure Mobile Wallet Integration that is designed for seamless integration with finance ecosystem, ensuring that users' financial transaction are secured using the hierarchical location-based secure certificate. Further one or more features may include a Blockchain-Based Location Verification incorporating a block chain technology to provide a tamper-proof and transparent ledger for verifying the location of entities within 3rd party ecosystem. Further one or more features may include a Secure IoT Payment Transactions that is adapted to support secure Internet of Things (IoT) payment transactions, ensuring that IoT devices can securely engage in digital transactions within 3rd party ecosystem. It must be noted to the person skilled in the art that the aforementioned technologies including, but not limited to, block chain technology, Internet of Things (IoT), Mobile Wallet, multi-factor authentication, data anonymization, etc are well known in the art and the person skilled in the art can be easily integrate these technologies with the present system (101).
For example, the hierarchy system (100) may be used in the identity management ecosystem to authenticate information based on secure location-based authentication. The hierarchy system (100) may be integrated with a national identity system to prevent location-based fraud. As, the identity management ecosystem often requires verification of physical location associated to the users to enhance security and prevent fraudulent activities. Further, the hierarchy system (100) may be used in the tax collection ecosystem to secure data exchanges and multi-factor authentication. As the tax collection ecosystem ensure secure data transfer and user identity verification, which is crucial for compliance with tax system requirements. Also, the location data help in determining the applicability of taxes and ensuring that transactions are appropriately taxed based on their geographic origin. Further, the hierarchy system (100) may be used in the transportation ecosystem to secure financial transactions. Also, the location data is crucial for transportation ecosystem to verify and authenticate the location of vehicles during toll transactions, via the hierarchy system (100). Thus, the hierarchy system (100) ensures that toll charges are correctly applied based on the location of vehicle entry and exit. Further, the hierarchy system (100) may be used in the online services ecosystem to secure digital commerce transactions and geo-fencing capabilities. As, the online services ecosystem facilitate secure digital commerce transactions and help establish the virtual boundaries for enhanced security. Also, knowing the location of a user or vendor is essential for ensuring that transactions occur within the designated geographic area and for enhancing the overall security of digital commerce. Further, the hierarchy system(100) may be used in the service provider ecosystem to interoperable data exchanges. Also, the location-based data may be exchanged seamlessly and securely between various participants in the digital economy.
Further, the generation of secure certificates may involve a combination of manual and automated processes. It may be noted that the entry level certificate such as the RCA and ICA may be generated via the automated process to streamline the process and ensure consistency and security. The entry level certificate may be generated based on the user’s one or more instructions. Further, the RCA and ICA certificates are typically generated by administrators such as government body. Further, the RCA and ICA certificates issued in the hierarchy system (100) are used to authenticate the secure certificate at different layers of the hierarchy system (100). Further, the RCA certificate is trusted inherently, and its trust is propagated down the hierarchy system (100) to authenticate the end-entity secure certificate. The end-entity secure certificate may be customer secure certificate. Further, the RCA certificate trust chain ensures that the end-entity secure certificate may be trusted by the relying party. Further, the end-entity may be the vendor entity or customer entity.
FIG. 2 illustrate, a flow chart of a method 200 to generate a digital location based secure certificate in a hierarchy system (100) by integrating the coordinate reference system (CRS) module (112) and elevation data into a Location Intelligence Service Protocol Secure (LISPS) framework, according to an embodiment of the present subject matter. The method 200 in FIG. 2 respectively, may be described in a stepwise manner. In this regard, each block may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the blocks may occur out of the order noted in the drawings. Any process descriptions or blocks in flowcharts should be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps in the process, and alternate implementations are included within the scope of the example embodiments in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved.
The method (200) includes defining a geographic extent of a plurality of entities within the different layers of the hierarchy system (100), at step 202. For example, the plurality of entities may include a government entity, a merchant entity, a consumer entity, and a vendor entity. Further, the entities defined in each layer may have its specified regions, boundaries, or areas of operation.
Successively, the method 200 includes accurately representing via coordinate reference system(CRS) module (112) the geo-location data within the defined extent, at step 204. In one embodiment, the geo-location data comprises at least one of a location identifier and a geo-location coordinates, and wherein the geo-location coordinates includes two or more of x coordinate, y coordinate and z- coordinate. In one embodiment, the CRS module (112) ensures consistent location representation and mapping by encompassing x, y coordinate along with an elevation data as z- coordinate to generate 3D CRS.
Successively, the method 200 includes generating a pair of cryptographic keys as a private key and a public key, for each entity within the defined extent, at step 206. The entities within the different layers of the hierarchy system (100) may be governments, merchants, consumers, and vendors. Further, the keys generated may be used for encryption, decryption, and authentication.
Successively, the method (200) includes encrypting the geographic location with the private key, at step 208. The private key is configured to keep the location information confidential and secure.
Successively, the method (200) includes submitting the certificate and one or more instructions to the appropriate a certificate authority (CA) that corresponds to the geographic extent at step 210, wherein the one or more entity instructions includes entity identification, public key, and geographic details. Further, the entities within the different layers of the hierarchy system (100) submits the secure certificate and the one or more entity instructions to the Intermediate Certificate Authority (ICA) that corresponds to their geographic extent. Further, the secure certificate and the one or more entity instructions includes the parameters such as entity identification, public key, and geographic details. Further, ICA’s verify the secure certificate and the one or more entity instructions to ensure they align with the defined geographic extent. If the verification is successful, ICAs issue digital secure certificate for the entity, signed by the ICA's private key.
Successively, the method (200) includes sharing the public keys and the secure certificates of the entities with other parties involved in transactions or data exchanges, at step 212. Further, the sharing allows secure communication and validation of the entities' identities within different layers of the hierarchy system (100).
Successively, the method 200 includes verifying the entities geographic extents align correctly within the hierarchy system (100) to ensure a location fall within the boundaries defined by the certificate authority (CA) for that region, at step 214. Further, the recipient entity may validate the secure certificate's authenticity using the following steps of checking the digital signature on the entity's secure certificate using the ICA's public key that is obtained from a trusted source. Further, the validation steps include verifying the ICA's certificate in the same way, using the Root CA's public key as the trust anchor. Further, the validation steps include confirming that the Root CA's certificate is trusted and part of the hierarchy system's (100) trust store.
Further, the secure certificate includes an expiration date to the secure certificate issued in the hierarchy system (100). Further, the entities may periodically renew their certificates to ensure continued trust and security within the hierarchy system. (100).
Further, if the entity's private key is compromised or if its authorization is revoked, the issuing Certificate Authority (CA) may revoke the entity's secure certificate. Further, the revocation lists are maintained to track invalidated certificates.
Referring to FIG. 3 illustrates the working of the system (102) to generate a digital based secure certificate, according to an exemplary embodiment of the present subject matter. The secure certificate comprises a root certificate authority (Root CA) that may correspond to an entire country/region such as Asia. The Root CA may include an issuer name, a valid date, a valid root location and a public key that is self-signed. In one implementation, the Root CA may use the CRS module (112) root to create Asia_1 as a file name.
Further, the secure certificate comprises an intermediate certificate authority (Intermediate CA) that may correspond to a sub region country/region such as India. The Intermediate CA may include an issuer name, a valid date, a valid sub location extent and a public key that is self-signed by Root CA. In one implementation, the Intermediate CA may use the CRS module (112) ICA to create India_1 as a file name.
Further, the secure certificate comprises a vendor entity that may correspond to scope of vendor such as a particular Extent (e.g., Extent_1). The vendor entity may include an issuer name, a valid date, a valid registered location extent and a public key that is self-signed by ICA. In one implementation, the vendor entity may use CRS_ICA/ CRS_Vendor to create Extent_1 as a file name.
Further, the secure certificate comprises a customer entity that may comprise customer such as Location Extent. The customer entity may include an issuer name, a valid date, a valid registered location extent and a public key that is self-signed by ICA. In one implementation, the customer entity may use CRS_ICA/ CRS_Vendor to validate the owner of secure certificate.
Further, the flow of secure certificate validated by validating the India_1 belongs to Asia_1 for signing the ICA certificate. Further, the CRS_ICA and India_1 is encrypted using Root CA and issue the ICA certificate. Further, the CRS and Extent_1 are encrypted using ICA certificate and issue the vendor certificate. Further, the CRS and Extent is encrypted using ICA certificate and vendor certificate for transaction.
In another example, at the highest level, the Root CA Authority operates with a broad geographical scope, encompassing the entire country of India. Further, the corresponding coordinates for this extensive region are encrypted using the private key corresponding to the said Root CA Authority (e.g., Indian in this case). Moving to the Intermediate Authority (ICA), it narrows down its focus to a specific state, for instance, Maharashtra, and further encrypts the corresponding coordinates using the private key corresponding to the said ICAy (e.g., Maharashtra in this case). Further, the Vendor, operating within a specific city like Mumbai, encrypts its localized coordinates using its private key (e.g. GST-based) and ensures that Mumbai falls within the predefined boundaries of Maharashtra. As for the end-user, represented by the Customer, located in a shop within Mumbai, a digital certificate request is initiated for the transaction. This request, including the encrypted location within Mumbai, traverses through the hierarchy, reaching the Root CA Authority, which meticulously validates the coordinates at each level (Root, ICA, Vendor) to guarantee the authorization of the transaction. In one embodiment, the digital certificates generated by the present system 101 may be implemented in the cashless payment services covered under the financial institutes regulated by Federal or Government bodies in India or also in other countries across the globe. In some embodiments, the cashless payment services may include debit card/credit card transactions, NFC payment, internet banking, mobile banking, etc. to validate the transactions. For example, in an Unified Payment Interface (UPI) service available in the Indian territory, the consumer by scanning a QR code or via an UPI number associated to a vendor may initiate the transaction and submit a digital certificate, wherein the Root CA Authority validates the coordinates at each level (Root, ICA, Vendor) in the digital certificate used by the consumer in order to authorize the transaction and thereby complete the transaction.
Moreover, the overall system follows the process of encryption, validation and authorization at each entity level. At each level, the entity encrypts its specific location using the respective private key. Further, the coordinates are validated at each level to ensure the transaction aligns with authorized geographic extents. Once all validations pass, the transaction is authorized, ensuring security and integrity from Root to end-user levels.
Thus, embedding the coordinate reference system at each level of hierarchy ensures a more granular and secure approach. It allows for precise validation of the location of entities within their designated scopes, enhancing the overall security and accuracy of the digital certificate system. This hierarchical embedding ensures that each level is authenticated within its defined geographic extent, adding an extra layer of verification and preventing unauthorized transactions or access. This comprehensive workflow ensures that at every stage, encryption, validation, and authorization occur seamlessly, safeguarding the security and integrity of the transaction from the Root to the end-user levels.
Therefore, the present invention revolutionizes location-based data management by integrating 3D coordinate reference system (CRS) and elevation data into the hierarchy system (100) for generating a digital location based secure certificate. The entities are configured to define their geographic scope with unprecedented precision, accounting for both horizontal and vertical extents. Further, the hierarchy system (100) scheduled modifications for 3D CRS and elevation, ensuring adaptability and consistency. The hierarchy system enhances security, privacy, and trust for governments, merchandise institutions, and consumers across diverse use cases. The hierarchy system (100) involves defining geographic extents, generating cryptographic keys, encrypting location data, requesting and issuing certificates, validating certificate chains, sharing public keys, and ensuring boundary verification. The system aims to provide secure and privacy-conscious location-based data management and transactions within a hierarchical certificate authority framework.
The hierarchy system ensures precise access control, flexibility, and consistency while addressing security, privacy, and compliance needs across a wide range of industries and use cases. For example, the application area of the hierarchy system are as follows:
Enhanced Security and Access Control: Government bodies can securely access classified information and critical infrastructure based on precise geographic boundaries, enhancing national security. Furthermore, financial institutions can implement location-based access control to prevent fraudulent transactions originating from unauthorized or high-risk locations, enhancing customer security. This also supports offline transactions or misuse in case of theft of payment instruments namely cards/mobiles.
Precision in Geographic Scope: City planners can use custom CRS to precisely define development zones, ensuring that construction and zoning regulations align with geographic boundaries.
Flexibility and Adaptability: Telecommunication companies can adapt to changing network coverage requirements by scheduling CRS modifications to align with expanding or evolving service areas. Furthermore, the healthcare providers can adjust geographic scopes based on the location of medical facilities, ensuring that patient records and telehealth services are accessible only within the relevant areas.
Consistency and Data Integrity: E-commerce platforms can maintain consistent access control by enforcing alignment with predefined or custom CRS, ensuring that customer accounts and transactions are secure and trustworthy. Furthermore, environmental agencies can ensure consistent data collection and analysis by using standardized CRS for tracking natural phenomena across various geographic regions.
Compliance with Geographic Regulations: Businesses can ensure compliance with taxation and regulatory requirements by defining geographic scopes that align with specific jurisdictions and reporting obligations. Furthermore, immigration and border control agencies can implement strict access controls based on geographic boundaries, enhancing border security and immigration enforcement.
,CLAIMS:WE CLAIM:
1. A system for generating and validating a digital location-based secure certificate in a hierarchical system (100) characterized in that, the hierarchical system (100) comprises:
a processor (104); and
a memory (105) coupled to the processor (104), wherein the processor (104) is configured to execute a plurality of modules stored in the memory (106), the plurality of modules comprising:
a coordinate reference system (CRS) module (112) configured to represent a geo-location data for an entity hierarchy (108) in the hierarchical system, wherein the geo-location data comprises at least one of a location identifier and a geo-location coordinates, wherein the geo-location coordinates includes two or more of geo-location coordinates selected from a x-coordinate, a y-coordinate, and a z-coordinate corresponding to a plurality of entities in the entity hierarchy (108),
a certificate generator module (114) configured to generate a secure certificate using the CRS module (112) based upon one or more entity instructions received from the one or more entities to a certificate authority (CA) in the entity hierarchy (108), wherein the one or more entity instructions comprises at least an entity identification, a public key, and one or more geographic details associated with the one or more entities, and
a certificate validator module (116) configured to validate the secure certificate based upon one or more user instructions received from one or more users (110) via a public key associated with the certificate authority (CA).
2. The hierarchy system (100) as claimed in claim 1, wherein the CRS module (112) include a 2D CRS and a 3D CRS, wherein the 2D CRS includes the x-coordinate and the y-coordinate, and wherein the 3D CRS includes the x-coordinate, the y-coordinate and the z-coordinate.
3. The hierarchy system (100) as claimed in claim 1, wherein the secure certificate encrypts the geo-location data via a private key associated with the certificate authority (CA).
4. The hierarchy system (100) as claimed in claim 1, wherein the entity hierarchy (108) comprises the certificate authority (CA) including a root certificate authority (RCA) and an intermediate certificate authority (ICA), a vendor, and a customer.
5. The hierarchy system (100) as claimed in claim 1, wherein the certificate authority (CA) is configured to revoke the secure certificate when the private key is compromised or the secure certificate crosses an expiration date.
6. The hierarchy system (100) as claimed in claim 1, wherein the geo-location data is in ciphered form, and wherein the location identifier is at least one of a physical address, an IP address, and a MAC address associated with the one or more entities.
7. The hierarchy system (100) as claimed in claim 6, wherein the ciphered form includes the geo-location data in form of randomly generated alphanumeric characters applicable for a particular transaction and for a predefined expiry time.
8. The hierarchy system (100) as claimed in claim 1, wherein the secure certificate is further generated based upon one or more features received from the one or more entities, wherein the one or more features are selected from:¬¬
a. a multi-factor authentication integration for verifying user identity and location, enhancing the security of digital transactions,
a Location-Based Fraud Detection for real-time fraud detection and prevention, utilizing location data to identify and mitigate fraudulent activities within a 3rd party payment ecosystem,
b. a Geo-Fencing Capabilities to establish a virtual boundaries and securing transactions within defined geographical areas,
a Location-Based User Analytics with built-in analytics tools for 3rd party ecosystem to derive valuable insights from location data, aiding in strategic decision-making, and user behaviour analysis,
c. a Transaction Risk Assessment with transaction risk assessment algorithms that analyse location data to assess the risk level of a digital transaction, enabling proactive risk management in 3rd party ecosystem,
d. a Cross-Border Transaction Security that is adapted to provide enhanced security for cross-border digital transactions, ensuring compliance with international payment standards and regulations,
e. an Integration with National Identity Systems that is designed to seamlessly integrate with an identity management ecosystem, enabling to strengthen identity verification processes during digital payments,
f. a User Privacy Dashboard featuring a user-friendly privacy dashboard for users to have granular control over their location data sharing and access permissions, fostering trust in 3rd party ecosystem,
g. a Geographic Data Sharing Consent Mechanisms incorporating innovative mechanisms for users to grant consent for sharing their geographic data with specific parties, aligning with evolving data privacy laws,
h. a Location Data Anonymization for Regulatory Compliance with a module that anonymizes location data to meet the requirements of data protection regulations,
i. a Secure Mobile Wallet Integration that is designed for seamless integration with a finance ecosystem, ensuring that users' mobile wallets are secured using the hierarchical location-based secure certificate,
j. a Blockchain-Based Location Verification incorporating a block chain technology to provide a tamper-proof and transparent ledger for verifying the location of entities within 3rd party ecosystem, and
k. a Secure IoT Payment Transactions that is adapted to support secure Internet of Things (IoT) payment transactions, ensuring that IoT devices can securely engage in digital transactions within 3rd party ecosystem.
9. A method (200) for generating and validating a digital location-based secure certificate in a hierarchical system, characterized in that, the method (200) comprises a processor implemented steps of:
defining a geographic extent of a plurality of entities within an entity hierarchy (108);
accurately representing, via a coordinate reference (CRS) module (112), a geo-location data within the defined extent, wherein the geo-location data comprises at least one of a location identifier and a geo-location coordinates, wherein the geo-location data includes two or more of a x-coordinate, a y-coordinate, and a z-coordinate corresponding to the plurality of entities;
generating a pair of cryptographic keys as a private key and a public key, for each entity within the defined extent;
encrypting the geo-location data with the private key;
submitting the certificate and one or more entity instructions to a certificate authority (CA) that corresponds to the geographic extent, wherein the one or more entity instructions comprises at least an entity identification, a public key, and one or more geographic details, wherein the CA further issues a secure certificate that is signed by a private key associated with the certificate authority (CA);
sharing the public key and the secure certificate of the entities with other parties involved in transactions or data exchanges; and
verifying the entities geographic extents align correctly within the entity hierarchy (108) to ensure a location associated with the parties involved in transactions or data exchanges falls within the boundaries defined by the certificate authority (CA) for that region.
10. The method (200) as claimed in claim 9, wherein the method (200) comprises
encrypting the geo location data with a private key associated with the certificate authority (CA) in the secure certificate, and
validating the secure certificate via a public key associated with the certificate authority (CA).
11. The method (200) as claimed in claim 9, wherein the method (200) comprises revoking the secure certificate, by the certificate authority (CA), when the private key is compromised or the secure certificate crosses an expiration date.
12. The method (200) as claimed in claim 9, wherein the method (200) comprises ciphering the geo-location data, and wherein the location identifier is at least one of a physical address, an IP address, and a MAC address associated with the one or more entities.
13. The method (200) as claimed in claim 12, wherein the ciphered form represents the geo-location data in form of randomly generated alphanumeric characters applicable for a particular transaction and for a predefined expiry time.
14. The method (200) as claimed in claim 9, wherein the secure certificate is further generated based upon one or more features received from the one or mor entities, wherein the one or more features are selected from:
a. a multi-factor authentication integration for verifying user identity and location, enhancing the security of digital transactions,
a Location-Based Fraud Detection for real-time fraud detection and prevention, utilizing location data to identify and mitigate fraudulent activities within a 3rd party payment ecosystem,
b. a Geo-Fencing Capabilities to establish a virtual boundaries and securing transactions within defined geographical areas,
a Location-Based User Analytics with built-in analytics tools for 3rd party ecosystem to derive valuable insights from location data, aiding in strategic decision-making, and user behaviour analysis,
c. a Transaction Risk Assessment with transaction risk assessment algorithms that analyse location data to assess the risk level of a digital transaction, enabling proactive risk management in 3rd party ecosystem,
d. a Cross-Border Transaction Security that is adapted to provide enhanced security for cross-border digital transactions, ensuring compliance with international payment standards and regulations,
e. an Integration with National Identity Systems that is designed to seamlessly integrate with an identity management ecosystem, enabling to strengthen identity verification processes during digital payments,
f. a User Privacy Dashboard featuring a user-friendly privacy dashboard for users to have granular control over their location data sharing and access permissions, fostering trust in 3rd party ecosystem,
g. a Geographic Data Sharing Consent Mechanisms incorporating innovative mechanisms for users to grant consent for sharing their geographic data with specific parties, aligning with evolving data privacy laws,
h. a Location Data Anonymization for Regulatory Compliance with a module that anonymizes location data to meet the requirements of data protection regulations,
i. a Secure Mobile Wallet Integration that is designed for seamless integration with a finance ecosystem, ensuring that users' mobile wallets are secured using the hierarchical location-based secure certificate,
j. a Blockchain-Based Location Verification incorporating a block chain technology to provide a tamper-proof and transparent ledger for verifying the location of entities within 3rd party ecosystem, and
k. a Secure IoT Payment Transactions that is adapted to support secure Internet of Things (IoT) payment transactions, ensuring that IoT devices can securely engage in digital transactions within 3rd party ecosystem.
Dated this 20th day of September 2023

Abhijeet Gidde
Agent for the Applicant
IN-PA-4407