Selecting anonymous users based on user location history

US 10,643,222 B2
Filed: 09/27/2012
Issued: 05/05/2020
Est. Priority Date: 09/27/2012
Status: Active Grant

First Claim

Patent Images

1. A tangible, non-transitory, machine-readable memory storing instructions, that when executed, cause one or more processors to perform operations comprising:

sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days;

determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations;

determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history;

storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device;

receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device;

in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device;

determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein;

the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, andthe second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and

after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that a user of the mobile computing device has an option to answer questions related to the survey, wherein determining reduced resolution versions of the time-stamped geolocations in the location history and determining the first set of cryptographic hash values comprises, for a given time-stamped geolocation in the location history;

reducing a granularity of a location of the given time-stamped geolocation to a predetermined location granularity;

reducing a granularity of a time of the given time-stamped geolocation to a predetermined time granularity;

combining a resulting reduced-granularity location and reduced-granularity time into a string; and

hashing the string with the cryptographic hash function.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a process for selecting candidates for participating in a market-research survey, or receiving other offers, based on location history while protecting privacy of the candidates. In some cases, the process includes: obtaining, at a survey-participant identification system, location histories from client devices, and the location histories indicating locations of the client device over time; associating each of the location histories with an anonymous pseudonym of the survey candidate; storing the location histories and the association with the anonymous pseudonyms in memory accessible to the server; obtaining, at the survey-participant identification system, criteria by which to select survey candidates, the criteria specifying locations relevant to a survey; selecting, with the survey-participant identification system, anonymous pseudonyms in memory that are associated with a location history that satisfies the criteria; and sending messages to the client devices inviting survey candidates corresponding to the selected anonymous pseudonyms to further identify themselves to participate in the survey.

14 Citations

27 Claims

1. A tangible, non-transitory, machine-readable memory storing instructions, that when executed, cause one or more processors to perform operations comprising:
- sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days;
  
  determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations;
  
  determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history;
  
  storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device;
  
  receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device;
  
  in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device;
  
  determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein;
  
  the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, andthe second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and
  
  after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that a user of the mobile computing device has an option to answer questions related to the survey, wherein determining reduced resolution versions of the time-stamped geolocations in the location history and determining the first set of cryptographic hash values comprises, for a given time-stamped geolocation in the location history;
  
  reducing a granularity of a location of the given time-stamped geolocation to a predetermined location granularity;
  
  reducing a granularity of a time of the given time-stamped geolocation to a predetermined time granularity;
  
  combining a resulting reduced-granularity location and reduced-granularity time into a string; and
  
  hashing the string with the cryptographic hash function.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The memory of claim 1, wherein displaying that the user has an option to answer questions related to the survey comprises inviting the user to provide data relating to criteria other than location to determine whether the user is a candidate for the survey.
  - 3. The memory of claim 1, comprising:
    - sending a message to the remote server indicating that the location history satisfies the location criteria.
  - 4. The memory of claim 3, the operations comprising:
    - receiving the survey; and
      
      administering the survey to the user; and
      
      sending survey results obtained by administering the survey.
  - 5. The memory of claim 1, the operations comprising:
    - periodically obtaining locations from a global-positioning system (GPS) device of the mobile computing device; and
      
      sending at least part of the location history to the remote server in response to receiving a user election to answer the questions.
  - 6. The memory of claim 1, comprising:
    - upon ascertaining that the location history satisfies the location criteria, displaying a reward for participating in the survey.
  - 7. The memory of claim 1, wherein:
    - determining whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server comprises;
      
      obtaining survey criteria expressed as alternative criteria;
      
      determining one or more combined time-stamps and locations for each alternative criteria; and
      
      determining the second set of cryptographic hash values comprises determining a cryptographic hash value of each of the one or more combined time-stamps and locations determined for each alternative criteria, the cryptographic hash values determined with the cryptographic hash function being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history.
  - 8. The memory of claim 7, wherein:
    - the survey criteria include N alternative times and M alternative geolocations, where N and M are integer values greater than one;
      
      determining the second set of cryptographic hash values comprises determining a cryptographic hash value of each of alternative criteria comprises determining N times M cryptographic hash values corresponding to each combination of the alternative times and alternative geolocations.
  - 9. The memory of claim 1, wherein receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria comprises:
    - obtaining the location criteria via an anonymizing proxy server with a pull request.
  - 10. The memory of claim 1, wherein:
    - sensing locations comprises obtaining locations with steps for obtaining locations.
  - 11. The memory of claim 1, wherein:
    - receiving location criteria comprises performing steps for obtaining survey criteria.
  - 12. The memory of claim 1, wherein:
    - the operations comprise sending at least part of the location history to the remote server after ascertaining the location history in memory satisfies the location criteria in response to a user providing permission to send the at least part of the location history.
  - 13. The memory of claim 1, wherein determining reduced resolution versions of the time-stamped geolocations in the location history comprises:
    - selecting an identifier from a set of identifiers to reduce the granularity of a location of a given time-stamped geolocation responsive to coordinates of the location indicating a geographic area corresponding to the identifier, wherein;
      
      the location of the given time-stamped geolocation includes the coordinates, as measured by the location detector, andthe set of identifiers have a predetermined granularity less than location coordinates and each identifier in the set corresponds to a given geographic area.

14. A method, comprising:
- sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days;
  
  determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations;
  
  determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history;
  
  storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device;
  
  receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device;
  
  in response to receiving the location criteria, accessing, with one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device;
  
  determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein;
  
  the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, andthe second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and
  
  after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that a user of the mobile computing device has an option to answer questions related to the survey, wherein determining whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server comprises;
  
  obtaining survey criteria expressed as alternative criteria;
  
  determining one or more combined time-stamps and locations for each alternative criteria; and
  
  determining the second set of cryptographic hash values comprises determining a cryptographic hash value of each of the one or more combined time-stamps and locations determined for each alternative criteria, the cryptographic hash values determined with the cryptographic hash function being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history.
- View Dependent Claims (15, 16)
- - 15. The method of claim 14, wherein:
    - determining the first set of cryptographic hash values comprises;
      
      for a given time-stamped geolocation in the location history;
      
      reducing a granularity of a location of the given time-stamped geolocation to a predetermined granularity;
      
      reducing a granularity of a time of the given time-stamped geolocation to a predetermined granularity;
      
      combining a resulting reduced-granularity location and reduced-granularity time into a string; and
      
      hashing the string with means for cryptographically hashing the string.
  - 16. The method of claim 14, wherein determining reduced resolution versions of the time-stamped geolocations in the location history comprises:
    - selecting an identifier from a set of identifiers to reduce the granularity of a location of a given time-stamped geolocation responsive to coordinates of the location indicating a geographic area corresponding to the identifier, wherein;
      
      the location of the given time-stamped geolocation includes the coordinates, as measured by the location detector, andthe set of identifiers have a predetermined granularity less than location coordinates and each identifier in the set corresponds to a given geographic area.

17. A mobile computing device, comprising:
- one or more processors;
  
  a location detector coupled to the one or more processors;
  
  a wireless interface coupled to the one or more processors; and
  
  memory coupled to the one or more processors, the memory storing instructions that when executed by the one or more processors cause the one or more processors to perform operations comprising;
  
  sensing, with the location detector of the mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days;
  
  determining, with the one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations;
  
  determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history;
  
  storing in the memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device;
  
  receiving, at the mobile computing device, from a remote server, via the wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device;
  
  in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device;
  
  determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein;
  
  the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, andthe second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and
  
  after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that the user of the mobile computing device has an option to answer questions related to the survey, wherein;
  
  the location criteria are expressed as alternative criteria and a range of encrypted location/time values are compared to the first set of cryptographic hash values,the second set of cryptographic hash values are each determined the with one or more processors of the mobile computing device,a given one of the location criteria specifies multiple time ranges; and
  
  the second set of cryptographic hash values comprises multiple hash values each based on the given one of the location criteria and a different one of the multiple time ranges.
- View Dependent Claims (18, 19)
- - 18. The device of claim 17, wherein:
    - determining the first set of cryptographic hash values comprises;
      
      for a given time-stamped geolocation in the location history;
      
      reducing a granularity of a location of the given time-stamped geolocation to a predetermined granularity;
      
      reducing a granularity of a time of the given time-stamped geolocation to a predetermined granularity;
      
      combining a resulting reduced-granularity location and reduced-granularity time into a string; and
      
      hashing the string with means for cryptographically hashing the string.
  - 19. The device of claim 17, wherein determining reduced resolution versions of the time-stamped geolocations in the location history comprises:
    - selecting an identifier from a set of identifiers to reduce the granularity of a location of a given time-stamped geolocation responsive to coordinates of the location indicating a geographic area corresponding to the identifier, wherein;
      
      the location of the given time-stamped geolocation includes the coordinates, as measured by the location detector, andthe set of identifiers have a predetermined granularity less than location coordinates and each identifier in the set corresponds to a given geographic area.

20. A tangible, non-transitory, machine-readable memory storing instructions, that when executed, cause one or more processors to perform operations comprising:
- sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days;
  
  determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations;
  
  determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history;
  
  storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device;
  
  receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to an offer, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device;
  
  in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device;
  
  determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the offer from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein;
  
  the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, andthe second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and
  
  upon determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that an offer is available to the user of the mobile computing device, wherein;
  
  the location criteria comprises a plurality of locations and a time range, andthe different subsets of the location criteria comprise permutations of the plurality of locations and times within the time range, each permutation corresponding to a different cryptographic hash value in the second set of cryptographic hash values.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The memory of claim 20, wherein:
    - determining the first set of cryptographic hash values comprises;
      
      for a given time-stamped geolocation in the location history;
      
      reducing a granularity of a location of the given time-stamped geolocation to a predetermined granularity;
      
      reducing a granularity of a time of the given time-stamped geolocation to a predetermined granularity;
      
      combining a resulting reduced-granularity location and reduced-granularity time into a string; and
      
      hashing the string with means for cryptographically hashing the string.
  - 22. The memory of claim 20, wherein determining reduced resolution versions of the time-stamped geolocations in the location history comprises:
    - selecting an identifier from a set of identifiers to reduce the granularity of a location of a given time-stamped geolocation responsive to coordinates of the location indicating a geographic area corresponding to the identifier, wherein;
      
      the location of the given time-stamped geolocation includes the coordinates, as measured by the location detector, andthe set of identifiers have a predetermined granularity less than location coordinates and each identifier in the set corresponds to a given geographic area.
  - 23. The memory of claim 20, wherein:
    - determining whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server comprises;
      
      obtaining survey criteria expressed as alternative criteria;
      
      determining one or more combined time-stamps and locations for each alternative criteria; and
      
      determining the second set of cryptographic hash values comprises determining a cryptographic hash value of each of the one or more combined time-stamps and locations determined for each alternative criteria, the cryptographic hash values determined with the cryptographic hash function being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history.
  - 24. The memory of claim 23, wherein:
    - the survey criteria include N alternative times and M alternative geolocations, where N and M are integer values greater than one;
      
      determining the second set of cryptographic hash values comprises determining a cryptographic hash value of each of alternative criteria comprises determining N times M cryptographic hash values corresponding to each combination of the alternative times and alternative geolocations.

25. A tangible, non-transitory, machine-readable memory storing instructions, that when executed, cause one or more processors to perform operations comprising:
- sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days;
  
  determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations;
  
  determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history;
  
  storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device;
  
  receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device;
  
  in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device;
  
  determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein;
  
  the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, andthe second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and
  
  after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that a user of the mobile computing device has an option to answer questions related to the survey, wherein;
  
  the location criteria comprises a plurality of locations and a time range, andthe different subsets of the location criteria comprise permutations of the plurality of locations and times within the time range, each permutation corresponding to a different cryptographic hash value in the second set of cryptographic hash values.
- View Dependent Claims (26, 27)
- - 26. The memory of claim 25, wherein:
    - determining the first set of cryptographic hash values comprises;
      
      for a given time-stamped geolocation in the location history;
      
      reducing a granularity of a location of the given time-stamped geolocation to a predetermined location granularity;
      
      reducing a granularity of a time of the given time-stamped geolocation to a predetermined time granularity;
      
      combining a resulting reduced-granularity location and reduced-granularity time into a string; and
      
      hashing the string with means for cryptographically hashing the string.
  - 27. The memory of claim 25, wherein determining reduced resolution versions of the time-stamped geolocations in the location history comprises:
    - selecting an identifier from a set of identifiers to reduce the granularity of a location of a given time-stamped geolocation responsive to coordinates of the location indicating a geographic area corresponding to the identifier, wherein;
      
      the location of the given time-stamped geolocation includes the coordinates, as measured by the location detector, andthe set of identifiers have a predetermined granularity less than location coordinates and each identifier in the set corresponds to a given geographic area.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
David Cristofaro
Original Assignee
David Cristofaro
Inventors
Cristofaro, David
Primary Examiner(s)
Epstein, Brian M
Assistant Examiner(s)
Robinson, Allison M

Application Number

US13/629,353
Publication Number

US 20140089049A1
Time in Patent Office

2,777 Days
Field of Search

705 711- 742
US Class Current
CPC Class Codes

G06Q 30/0201   Market modelling; Market an...

G06Q 30/0203   Market surveys; Market polls

H04W 12/02   Protecting privacy or anony...

H04W 12/63   Location-dependent; Proximi...

H04W 4/029   Location-based management o...

Selecting anonymous users based on user location history

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Selecting anonymous users based on user location history

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links