Selecting anonymous users based on user location history
First Claim
1. A tangible, non-transitory, machine-readable memory storing instructions, that when executed, cause one or more processors to perform operations comprising:
- sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days;
determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations;
determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history;
storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device;
receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device;
in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device;
determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein;
the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, andthe second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and
after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that a user of the mobile computing device has an option to answer questions related to the survey, wherein determining reduced resolution versions of the time-stamped geolocations in the location history and determining the first set of cryptographic hash values comprises, for a given time-stamped geolocation in the location history;
reducing a granularity of a location of the given time-stamped geolocation to a predetermined location granularity;
reducing a granularity of a time of the given time-stamped geolocation to a predetermined time granularity;
combining a resulting reduced-granularity location and reduced-granularity time into a string; and
hashing the string with the cryptographic hash function.
0 Assignments
0 Petitions
Accused Products
Abstract
Provided is a process for selecting candidates for participating in a market-research survey, or receiving other offers, based on location history while protecting privacy of the candidates. In some cases, the process includes: obtaining, at a survey-participant identification system, location histories from client devices, and the location histories indicating locations of the client device over time; associating each of the location histories with an anonymous pseudonym of the survey candidate; storing the location histories and the association with the anonymous pseudonyms in memory accessible to the server; obtaining, at the survey-participant identification system, criteria by which to select survey candidates, the criteria specifying locations relevant to a survey; selecting, with the survey-participant identification system, anonymous pseudonyms in memory that are associated with a location history that satisfies the criteria; and sending messages to the client devices inviting survey candidates corresponding to the selected anonymous pseudonyms to further identify themselves to participate in the survey.
14 Citations
27 Claims
-
1. A tangible, non-transitory, machine-readable memory storing instructions, that when executed, cause one or more processors to perform operations comprising:
-
sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days; determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations; determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history; storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device; receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device; in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device; determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein; the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, and the second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that a user of the mobile computing device has an option to answer questions related to the survey, wherein determining reduced resolution versions of the time-stamped geolocations in the location history and determining the first set of cryptographic hash values comprises, for a given time-stamped geolocation in the location history; reducing a granularity of a location of the given time-stamped geolocation to a predetermined location granularity; reducing a granularity of a time of the given time-stamped geolocation to a predetermined time granularity; combining a resulting reduced-granularity location and reduced-granularity time into a string; and hashing the string with the cryptographic hash function. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days; determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations; determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history; storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device; receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device; in response to receiving the location criteria, accessing, with one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device; determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein; the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, and the second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that a user of the mobile computing device has an option to answer questions related to the survey, wherein determining whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server comprises; obtaining survey criteria expressed as alternative criteria; determining one or more combined time-stamps and locations for each alternative criteria; and determining the second set of cryptographic hash values comprises determining a cryptographic hash value of each of the one or more combined time-stamps and locations determined for each alternative criteria, the cryptographic hash values determined with the cryptographic hash function being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history. - View Dependent Claims (15, 16)
-
-
17. A mobile computing device, comprising:
-
one or more processors; a location detector coupled to the one or more processors; a wireless interface coupled to the one or more processors; and memory coupled to the one or more processors, the memory storing instructions that when executed by the one or more processors cause the one or more processors to perform operations comprising; sensing, with the location detector of the mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days; determining, with the one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations; determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history; storing in the memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device; receiving, at the mobile computing device, from a remote server, via the wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device; in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device; determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein; the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, and the second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that the user of the mobile computing device has an option to answer questions related to the survey, wherein; the location criteria are expressed as alternative criteria and a range of encrypted location/time values are compared to the first set of cryptographic hash values, the second set of cryptographic hash values are each determined the with one or more processors of the mobile computing device, a given one of the location criteria specifies multiple time ranges; and the second set of cryptographic hash values comprises multiple hash values each based on the given one of the location criteria and a different one of the multiple time ranges. - View Dependent Claims (18, 19)
-
-
20. A tangible, non-transitory, machine-readable memory storing instructions, that when executed, cause one or more processors to perform operations comprising:
-
sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days; determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations; determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history; storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device; receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to an offer, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device; in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device; determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the offer from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein; the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, and the second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and upon determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that an offer is available to the user of the mobile computing device, wherein; the location criteria comprises a plurality of locations and a time range, and the different subsets of the location criteria comprise permutations of the plurality of locations and times within the time range, each permutation corresponding to a different cryptographic hash value in the second set of cryptographic hash values. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A tangible, non-transitory, machine-readable memory storing instructions, that when executed, cause one or more processors to perform operations comprising:
-
sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days; determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations; determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history; storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device; receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device; in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device; determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein; the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, and the second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that a user of the mobile computing device has an option to answer questions related to the survey, wherein; the location criteria comprises a plurality of locations and a time range, and the different subsets of the location criteria comprise permutations of the plurality of locations and times within the time range, each permutation corresponding to a different cryptographic hash value in the second set of cryptographic hash values. - View Dependent Claims (26, 27)
-
Specification