Search

EP-4184863-B1 - PROVIDING SECURE INTERNET ACCESS TO A CLIENT DEVICE IN A REMOTE LOCATION

EP4184863B1EP 4184863 B1EP4184863 B1EP 4184863B1EP-4184863-B1

Inventors

  • GAGLIARDONI, TOMMASO

Dates

Publication Date
20260506
Application Date
20211123

Claims (15)

  1. A system for providing a client device (102) in a remote location secure access to the internet via a satellite connection, the system including: a client device; a satellite system (104) configured to provide the client device with access to the internet; and an internet service provider, ISP, (106), wherein, during a registration process: the satellite system is configured to receive a first blockchain state signal which encodes information about a first state of a blockchain (108), and to generate and transmit a first RF broadcast signal encoding the information about the first state of the blockchain; the client device is configured to receive the first RF broadcast signal, to generate a registration request (10) based on the information about the state of the blockchain, the registration request including a public key ID (20) associated with the client device, and to be transmitted to an electronic address corresponding to a blockchain associated with the ISP, and to transmit the registration request to the satellite system; the satellite system is configured to receive the registration request, and to transmit it to the electronic address associated with the ISP; the ISP is configured to determine whether the registration request is a valid request, and if the registration request is a valid request, to add the public key ID to an authorized list (210), wherein when a public key ID is on the authorized list, the client device or user thereof is permitted to access the internet via the satellite system.
  2. The system according to claim 1, wherein: the electronic address is an electronic address of a blockchain wallet associated with the ISP; the registration request includes authentication data comprising one or more of: a deterministic transformation of the contents of a previous block of the blockchain, or a portion thereof; and a signature (14) generated using a private signature key of the client device from which the registration request is received; and the public key ID is the public verification key which corresponds to the private signature key used to generate the signature.
  3. The system according to claim 1 or claim 2, wherein: the ISP or the satellite system includes, or has associated therewith, an access management system (200) to manage access, via the satellite system, to the internet, the access management system comprising a request management module (202) configured to: receive the registration request from the satellite system or a satellite of the satellite system; and determine whether the registration request received at the electronic address meets a validation criterion, wherein: if the request management module determines that the request received at the electronic provider address meets the validation criterion, it is determined that the request is a valid request; and if the request management module determines that the request received at the electronic provider address does not meet the validation criterion, it is determined that the request is not a valid request.
  4. The system according to any one of claims 1 to 3, wherein: the satellite system is configured to transmit an i th RF broadcast signal at a time t i ,0 , and re-transmit the i th RF broadcast signal a plurality N times, where the j th retransmission takes place at t i , j .
  5. The system according to claim 4, wherein: after missing a transmission of the i th RF broadcast signal at a time t i,0 , the client device is configured to: receive a retransmitted version of the RF broadcast signal from a subsequent history H m at a time t i,m where m > 0, the retransmitted version of the RF broadcast signal encoding information about the i th state of the blockchain; and store the information about the i th state of the blockchain in a memory of the client device.
  6. The system according to any one of claims 1 to 5, wherein: the registration request comprises a public encryption key associated with the client device.
  7. A system for providing a client device in a remote location secure access to the internet via a satellite connection, the system including: a client device; a satellite system configured to provide the client device with access to the internet; and an internet service provider, ISP, wherein, during a connection process: the client device is configured to generate a connection request including a public key ID associated with that client device, and to transmit the connection request to the satellite system via an RF signal; in response to receiving the connection request, the satellite system is configured to either: determine whether the public key ID is on an authorized list; or transmit the connection request to the ISP, and the ISP is configured to determine whether the public key ID is on the authorized list; and if it is determined that the public key ID is on the authorized list, the satellite system is configured to grant access to the internet via an internet access broadcast signal.
  8. The system according to claim 7, wherein: the ISP or the satellite system comprises an authorization module; and the authorization module is configured to grant the client device access to the internet by encrypting a connection session key with a public encryption key associated with the client device, to generate an encrypted connection session key, and sending the encrypted connection session key to the client device, the encrypted connection session key being decryptable by a user using a private decryption key which is complementary to the public encryption key, and the decrypted connection session key being usable to access the internet.
  9. The system according to claim 8, wherein: the session key is a rotating session key.
  10. The system according to any one of claims 7 to 9, wherein: the connection request comprises the public encryption key associated with the client device.
  11. The system according to any one of claims 1 to 10, wherein: the satellite system comprises a Geosynchronous or Mid-Earth Orbit satellite.
  12. A method of providing a client device in a remote location secure access to the internet via a satellite connection, the method comprising: at a satellite system: receiving a first blockchain state signal which encodes information about a first state of a blockchain; and generating and transmitting a first RF broadcast signal encoding information about the first state of the blockchain; at a client device: receiving the first RF broadcast signal; generating a registration request including a public key ID associated with the client device; and transmitting the registration request to the satellite system; at the satellite system: receiving the registration request; and transmitting the registration request to an electronic address corresponding to a blockchain associated with an internet service provider, ISP; and at the ISP: determining whether the registration request is a valid registration request, and if the registration request is a valid request, adding the public key ID to an authorized list, wherein when a public key ID is on the authorized list, the client device or user thereof is permitted to access the internet via the satellite system.
  13. A method of providing a client device in a remote location secure access to the internet via a satellite connection, the method comprising, at a client device: generating a connection request including a public key ID associated with the client device; and transmitting the connection request to the satellite system via an RF signal; at a satellite system: receiving the connection request; the satellite system is configured to either determine whether the public key ID is on an authorized list; or transmit the connection request to the ISP, and at an ISP: determine whether the public key ID is present on the authorized list; and if it is determined that the public key ID is on the authorized list, at the satellite system: grant access to the internet via an internet broadcast signal.
  14. A satellite system configured to facilitate secure internet access to a client device in a remote location via a satellite connection, the satellite system configured to: receive a first blockchain state signal, encoding information about a first state of a blockchain, and to generate and transmit a first RF broadcast signal encoding the information about the first state of the blockchain; receive a registration request from a client device, the registration request comprising a public key ID associated with the client device; transmit the registration request to an internet service provider which is configured to determine whether the registration request is a valid request, and if the registration request is a valid request, to add the public key ID to an authorized list, wherein when a public key ID is on the authorized list, the client device or user thereof is permitted to access the internet via the satellite system; receive a connection request from a client device; and either: determine whether the public key ID is on the authorized list; or transmit the public key to the ISP, the ISP configured to determine whether the public key ID is on the authorized list, wherein: if it is determined that the public key ID is on the authorized list, the satellite system is configured to grant access to the internet via an internet access broadcast signal.
  15. A method performed by a satellite system to facilitate secure internet access to a client device in a remote location via a satellite connection, the method comprising the steps of: receiving a first blockchain state signal, encoding information about a first state of a blockchain, and generating and transmitting a first RF broadcast signal encoding the information about the first state of the blockchain; receiving a registration request from a client device, the registration request comprising a public key ID associated with the client device; transmitting the registration request to an internet service provider which is configured to determine whether the registration request is a valid request, and if the registration request is a valid request, adding the public key ID to an authorized list, wherein when a public key ID is on the authorized list, the client device or user thereof is permitted to access the internet via the satellite system; receiving a connection request from a client device; and either: determining whether the public key ID is on the authorized list; or transmitting the public key to the ISP, the ISP configured to determine whether the public key ID is on the authorized list, wherein: if it is determined that the public key ID is on the authorized list, the method further comprises granting access to the internet via an internet access broadcast signal.

Description

TECHNICAL FIELD OF THE INVENTION The present invention relates to methods and systems for providing a client device in a remote location with secure internet access via a satellite connection. Additional aspects of the invention relate to a satellite system, a client device, and methods performed by those components. BACKGROUND TO THE INVENTION When a user wishes to access the internet, the internet service provider invariably requires that the user registers a new account. Generally, this requires the user to provide a personal (valid) email address, a suitable username, and a password. Often, the user must also receive an authentication code via email. The user must then remember the username and password for subsequent access. Often, the user also needs to provide a valid mobile phone number, credit card details, and even a copy of their ID or proof of address. This is cumbersome for the user and the internet service provider, and requires that the user expose their personal data. This is undesirable for privacy regulations, and also represents a liability for the service provider. In addition to this, it is often desirable for users to access the internet from remote locations (defined later in the application in more detail), in which no internet connectivity is available. This is often challenging. The present invention aims to provide ways in which a user can connect securely to the internet from a remote location, without the need to submit various pieces of personal data. US2006/248600 relates to a process for preventing fraudulent internet account access and relies on an authorized list which comprises pre-authorized network addresses. US 2019/342085 is directed to the tracking of products and product information during a supply chain. SUMMARY OF THE INVENTION Aspects of the present invention relate to various systems via which a client device may connect to the internet in a secure manner, and in a remote location, without having to submit any of their personal details to an internet service provider. Broadly speaking, this is achieved by providing internet access via a satellite connection, wherein registration is granted to those users who have submitted a valid registration request, and subsequently granting internet access only to those client device whose public key IDs are present on an authorized list. In order to facilitate the exchange of requests by the client device from a remote location, the client device may be configured to transmit and receive RF signals. A first aspect of the invention relates to a system configured to perform a registration process, and a second aspect of the invention relates to the same system configured to perform a connection process. A third aspect of the invention provides a system configured to perform both processes. Fourth, fifth, and sixth aspects of the invention provide methods performed by the first, second, and third aspects of the invention respectively. Further aspects relate to specific components of the system and the methods performed by those components. It must be stressed at the outset that the invention includes the combination of the aspects and preferred features described except where such a combination is clearly impermissible or expressly avoided. In a first aspect of the invention a system for providing a client device in a remote location secure access to the internet via a satellite connection is provided, the system including: a client device; a satellite system configured to provide the client device with access to the internet; and an internet service provider (ISP), wherein, during a registration process: the satellite system is configured to receive a first blockchain state signal which encodes information about a first state of a blockchain, and to generate and transmit a first RF broadcast signal encoding the information about the first state of the blockchain; the client device is configured to receive the first RF broadcast signal, to generate a registration request based on the information about the state of the blockchain, the registration request including a public key ID associated with the client device, and to be transmitted to an electronic address corresponding to a blockchain associated with the ISP, and to transmit the registration request to the satellite system; the satellite system is configured to receive the registration request, and to transmit it to the electronic address associated with the ISP; the ISP is configured to determine whether the registration request is a valid request, and if the registration request is a valid request, to add the public key ID to an authorized list, wherein when a public key ID is on the authorized list, the client device or user thereof is permitted to access the internet via the satellite system. We now set out various optional features, as well as clarifying the meaning of various terms set out above. In the context of the present application, a client device may be inter