Comment Meatspace Co-ordinate Verification (Score 1) 159
This can be accomplished via digital signatures, timestamps, and biometrics.
1) The GPS data coming off the satelites must be digitally signed by a certificate from a publicly verifiable CA. This allows our GPS reciever to know that it's not being spoofed.
2) Next we need a way to bind the user to the GPS reciever, this can be accomplished by your favorite biometric (thumbprint, retinal scan, etc ).
3) We also need to verify "when" so we need a timestamp from a trusted Timestamp service.
Finally we need a way to tie all of these inputs together. We can use a "black box" that takes each of these three pieces as inputs ( in hardware, the destructively tamperproof box would contain the gps reciever, biometric input, and its own cert. ) and digitally signs them using it's (the blackbox's) certificate. This certificate would be verifiable up to a public CA aswell. You then package all of this data up and send it to whomever cares to parse/verify it.
The verifing party checks the digital signature from the blackbox, checks the timestamp & its associated digital signature, checks the gps vectors, and their signatures, and finally verifys your biometric identification agianst, a trusted database of bioIDs. ( or for those paranoid people out there, you could also obtain a copy of the biometric data yourself during a face to face meeting for future verifications.
1) The GPS data coming off the satelites must be digitally signed by a certificate from a publicly verifiable CA. This allows our GPS reciever to know that it's not being spoofed.
2) Next we need a way to bind the user to the GPS reciever, this can be accomplished by your favorite biometric (thumbprint, retinal scan, etc ).
3) We also need to verify "when" so we need a timestamp from a trusted Timestamp service.
Finally we need a way to tie all of these inputs together. We can use a "black box" that takes each of these three pieces as inputs ( in hardware, the destructively tamperproof box would contain the gps reciever, biometric input, and its own cert. ) and digitally signs them using it's (the blackbox's) certificate. This certificate would be verifiable up to a public CA aswell. You then package all of this data up and send it to whomever cares to parse/verify it.
The verifing party checks the digital signature from the blackbox, checks the timestamp & its associated digital signature, checks the gps vectors, and their signatures, and finally verifys your biometric identification agianst, a trusted database of bioIDs. ( or for those paranoid people out there, you could also obtain a copy of the biometric data yourself during a face to face meeting for future verifications.
