Reliable Reporting Of Location Data

US 20110225626A1
Filed: 05/23/2011
Published: 09/15/2011
Est. Priority Date: 12/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method for reliably providing user identification, comprising:

providing a first virtual machine hosting a user application and a local policy store storing user policies constraining operation of the user application;

providing a second virtual machine hosting a trusted mediator for mediating access to resources providing confidential data including the user identification;

checking the local policy store for a preventive policy precluding providing the confidential data along with establishing a data connection to a data recipient;

if no preventive policy, initiating the data connection including requesting the trusted mediator obtain the confidential data for establishing the data connection; and

receiving by the trusted mediator a first cryptographically signed confidential data from a trusted source, and responsive thereto, providing a second cryptographically signed confidential data to the application program.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel'"'"'s LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call. Other embodiments may be described.

Citations

18 Claims

1. A method for reliably providing user identification, comprising:
- providing a first virtual machine hosting a user application and a local policy store storing user policies constraining operation of the user application;
  
  providing a second virtual machine hosting a trusted mediator for mediating access to resources providing confidential data including the user identification;
  
  checking the local policy store for a preventive policy precluding providing the confidential data along with establishing a data connection to a data recipient;
  
  if no preventive policy, initiating the data connection including requesting the trusted mediator obtain the confidential data for establishing the data connection; and
  
  receiving by the trusted mediator a first cryptographically signed confidential data from a trusted source, and responsive thereto, providing a second cryptographically signed confidential data to the application program.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the first cryptographically signed confidential data is the same as the second cryptographically signed confidential data.
  - 3. The method of claim 1, wherein the second cryptographically signed confidential data comprises a secondary signing by the trusted mediator of the first cryptographically signed confidential data.
  - 4. The method of claim 1, further comprising providing a eavesdrop-resistant inter-virtual machine communication channel communicatively coupling the first and second virtual machines.
  - 5. The method of claim 1, wherein the confidential data is location data.
  - 6. The method of claim 5, further comprising making the location data less specific based on the preventative policy.

7. An article of manufacture comprising a tangible and non-transitory machine-readable medium having one or more associated instructions for reliably providing location data, wherein the one or more instructions, if executed, results in a machine performing operations including:
- providing a first virtual machine hosting a user application and a local policy store storing user policies constraining operation of the user application;
  
  providing a second virtual machine hosting a trusted mediator for mediating access to resources providing confidential data including the user identification;
  
  checking the local policy store for a preventive policy precluding providing the confidential data along with establishing a data connection to a data recipient;
  
  if no preventive policy, initiating the data connection including requesting the trusted mediator obtain the confidential data for establishing the data connection; and
  
  receiving by the trusted mediator a first cryptographically signed confidential data from a trusted source, and responsive thereto, providing a second cryptographically signed confidential data to the application program.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The article of claim 7, wherein the first cryptographically signed confidential data is the same as the second cryptographically signed confidential data.
  - 9. The article of claim 7, wherein the second cryptographically signed confidential data comprises a secondary signing by the trusted mediator of the first cryptographically signed confidential data.
  - 10. The article of claim 7, wherein the operations further comprising providing a eavesdrop-resistant inter-virtual machine communication channel communicatively coupling the first and second virtual machines.
  - 11. The article of claim 7, wherein the confidential data is location data.
  - 12. The article of claim 11, wherein the operations further comprising making the location data less specific based on the preventative policy.

13. An apparatus, comprising:
- a local policy store configured to store user policies of a user application, wherein the user application and the local policy store reside in a first virtual machine, andwherein the user application is configured to establish a data connection with a data recipient; and
  
  a trusted mediator reside in a second virtual machine, and configured to;
  
  mediate resources access from the user application;
  
  check the local policy store for a preventive policy that precludes access of confidential data in conjunction with the data connection;
  
  if no preventative policy, obtain the confidential data, and initiate the data connection;
  
  receive a first cryptographically signed confidential data from a trusted source; and
  
  provide a second cryptographically signed confidential data to the user application.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The apparatus of claim 13, wherein the first cryptographically signed confidential data is the same as the second cryptographically signed confidential data.
  - 15. The apparatus of claim 13, wherein the second cryptographically signed confidential data comprises a secondary signing by the trusted mediator of the first cryptographically signed confidential data.
  - 16. The apparatus of claim 13, further comprising a eavesdrop-resistant inter-virtual machine communication channel communicatively coupling the first and second virtual machines.
  - 17. The apparatus of claim 13, wherein the confidential data is location data.
  - 18. The apparatus of claim 17, wherein the trusted mediator is further configured to make the location data less specific based on the preventative policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Deepak J. Manohar, Farid Adrangi, Manoj R. Sastry, Michael J. Covington, Shao-Cheng Wang
Original Assignee
Deepak J. Manohar, Farid Adrangi, Manoj R. Sastry, Michael J. Covington, Shao-Cheng Wang
Inventors
Manohar, Deepak J., Wang, Shao-Cheng, Adrangi, Farid, Covington, Michael J., Sastry, Manoj R.

Granted Patent

US 8,804,701 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/2898   Subscriber equipments DSL m...

H04L 65/1053   IP private branch exchange ...

H04L 65/1069   Session establishment or de...

H04L 65/1101   Session protocols

H04L 67/52   specially adapted for the l...

H04M 2242/04   for emergency applications

H04W 88/18   Service support devices; Ne...

Reliable Reporting Of Location Data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Reliable Reporting Of Location Data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links