Reliable reporting of location data
First Claim
1. A machine comprising:
- a first virtual machine hosting at least an application domain including a telephony application;
a second virtual machine hosting at least a location provider to determine a current location for the machine;
a communication channel communicatively coupling at least the application domain and the location provider; and
a domain mediator to mediate access to the trusted location provider over the inter-domain communication channel, mediation including securely providing location data from the location provider to the application domain.
1 Assignment
0 Petitions
Accused Products
Abstract
A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel'"'"'s LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call. Other embodiments may be described.
-
Citations
38 Claims
-
1. A machine comprising:
-
a first virtual machine hosting at least an application domain including a telephony application; a second virtual machine hosting at least a location provider to determine a current location for the machine; a communication channel communicatively coupling at least the application domain and the location provider; and a domain mediator to mediate access to the trusted location provider over the inter-domain communication channel, mediation including securely providing location data from the location provider to the application domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for using a machine having a first virtual machine hosting a telephony application, a second virtual machine hosting a location provider to determine a current location for the machine, and a domain mediator to mediate access to the trusted location provider, comprising:
-
configuring the telephony application to provide at least a portion of the current location of the machine along with a call; initiating the call, and responsive thereto, requesting from the domain mediator the current location from the location provider; and receiving from the domain mediator a signed location data identifying the current location, the location data being signed by selected ones of the location provider and the domain mediator; and validating the location data has not been tampered with based at least in part on said signing by selected ones of the location provider and domain mediator. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for reliably providing location data, comprising:
-
initiating a telephony connection to a callee with a telephony application; checking local policy for permission to provide a current location of the telephony application with the telephony connection; requesting the current location from a trusted location services domain (TLSD) and responsive thereto the TLSD requesting the TLSD from a trusted location provider; receiving by the TLSD of a location bundle including the current location and being first cryptographically secured against tampering; and the TLSD second cryptographically securing the location bundle against tampering and proving said secondarily secured bundle to the telephony application. - View Dependent Claims (21, 22)
-
-
23. A method for reliably providing user identification, comprising:
-
providing a first virtual machine hosting a user application and a local policy store storing user policies constraining operation of the user application; providing a second virtual machine hosting a trusted mediator for mediating access to resources providing confidential data including the user identification; checking the local policy store for a preventive policy precluding providing the confidential data along with establishing a data connection to a data recipient; if no preventive policy, initiating the data connection including requesting the trusted mediator obtain the confidential data for establishing the data connection; and receiving by the trusted mediator a first cryptographically signed confidential data from a trusted source, and responsive thereto, providing a second cryptographically signed confidential data to the application program. - View Dependent Claims (24, 25, 26)
-
-
27. An article comprising a machine-readable medium having one or more associated instructions for using a machine utilizing virtual machines to separately host selected operations of the machine, wherein the one or more instructions, if executed, results in the machine performing:
-
configuring a telephony application of a first virtual machine to provide at least a portion of the current location of the machine along with a call; initiating the call, and responsive thereto, requesting from a domain mediator of a second virtual machine the current location from the location provider; and receiving from the domain mediator a doubly signed location data identifying the current location, the location data being first signed by the location provider and second signed by the domain mediator; and validating the location data has not been tampered with based at least in part on selected ones of the first signature and the second signature. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. An article comprising a machine-readable medium having one or more associated instructions for reliably providing location data, wherein the one or more instructions, if executed, results in a machine performing:
-
initiating a telephony connection to a callee with a telephony application; checking local policy for permission to provide a current location of the telephony application with the telephony connection; requesting the current location from a trusted location services domain (TLSD) and responsive thereto the TLSD requesting the TLSD from a trusted location provider; receiving by the TLSD of a location bundle including the current location and being first cryptographically secured against tampering; and the TLSD second cryptographically securing the location bundle against tampering and proving said secondarily secured bundle to the telephony application. - View Dependent Claims (34, 35)
-
-
36. An article comprising a machine-readable medium having one or more associated instructions for reliably providing location data, wherein the one or more instructions, if executed, results in a machine performing:
-
providing a first virtual machine hosting a user application and a local policy store storing user policies constraining operation of the user application; providing a second virtual machine hosting a trusted mediator for mediating access to resources providing confidential data including the user identification; checking the local policy store for a preventive policy precluding providing the confidential data along with establishing a data connection to a data recipient; if no preventive policy, initiating the data connection including requesting the trusted mediator obtain the confidential data for establishing the data connection; and receiving by the trusted mediator a first cryptographically signed confidential data from a trusted source, and responsive thereto, providing a second cryptographically signed confidential data to the application program. - View Dependent Claims (37, 38)
-
Specification