Reliable Reporting Of Location Data
First Claim
1. A method for reliably providing user identification, comprising:
- providing a first virtual machine hosting a user application and a local policy store storing user policies constraining operation of the user application;
providing a second virtual machine hosting a trusted mediator for mediating access to resources providing confidential data including the user identification;
checking the local policy store for a preventive policy precluding providing the confidential data along with establishing a data connection to a data recipient;
if no preventive policy, initiating the data connection including requesting the trusted mediator obtain the confidential data for establishing the data connection; and
receiving by the trusted mediator a first cryptographically signed confidential data from a trusted source, and responsive thereto, providing a second cryptographically signed confidential data to the application program.
1 Assignment
0 Petitions
Accused Products
Abstract
A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel'"'"'s LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call. Other embodiments may be described.
-
Citations
18 Claims
-
1. A method for reliably providing user identification, comprising:
-
providing a first virtual machine hosting a user application and a local policy store storing user policies constraining operation of the user application; providing a second virtual machine hosting a trusted mediator for mediating access to resources providing confidential data including the user identification; checking the local policy store for a preventive policy precluding providing the confidential data along with establishing a data connection to a data recipient; if no preventive policy, initiating the data connection including requesting the trusted mediator obtain the confidential data for establishing the data connection; and receiving by the trusted mediator a first cryptographically signed confidential data from a trusted source, and responsive thereto, providing a second cryptographically signed confidential data to the application program. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An article of manufacture comprising a tangible and non-transitory machine-readable medium having one or more associated instructions for reliably providing location data, wherein the one or more instructions, if executed, results in a machine performing operations including:
-
providing a first virtual machine hosting a user application and a local policy store storing user policies constraining operation of the user application; providing a second virtual machine hosting a trusted mediator for mediating access to resources providing confidential data including the user identification; checking the local policy store for a preventive policy precluding providing the confidential data along with establishing a data connection to a data recipient; if no preventive policy, initiating the data connection including requesting the trusted mediator obtain the confidential data for establishing the data connection; and receiving by the trusted mediator a first cryptographically signed confidential data from a trusted source, and responsive thereto, providing a second cryptographically signed confidential data to the application program. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus, comprising:
-
a local policy store configured to store user policies of a user application, wherein the user application and the local policy store reside in a first virtual machine, and wherein the user application is configured to establish a data connection with a data recipient; and a trusted mediator reside in a second virtual machine, and configured to; mediate resources access from the user application; check the local policy store for a preventive policy that precludes access of confidential data in conjunction with the data connection; if no preventative policy, obtain the confidential data, and initiate the data connection; receive a first cryptographically signed confidential data from a trusted source; and provide a second cryptographically signed confidential data to the user application. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification