LOCATION BROKERING FOR PROVIDING SECURITY, PRIVACY AND SERVICES
First Claim
1. A computer-implemented process for location brokering, comprising:
- using one or more computers to perform the following process actions;
encrypting location data associated with multiple communication-enabled devices, wherein for each communication-enabled device associated with a user in each group of communication-enabled device users, said location data encryption comprises encrypting grid coordinates of a grid cell of a location grid in which the location of the communication-enabled device falls via an encryption scheme using a group encryption key and an initialization vector associated with the group, wherein the initialization vector associated with a group is computed based on a shared group secret and a current time interval such that the initialization vector computed by members of a group within the same time interval matches, but varies from one time interval to the next and so the encrypted location data for communication-enabled devices associated with users in the same group and located in the same grid cell within the same time interval match; and
providing at least one location service that gives users location-related information based on the encrypted location data.
2 Assignments
0 Petitions
Accused Products
Abstract
Location brokering technique embodiments are presented that employ sensor data captured by a user'"'"'s mobile device to determine the device'"'"'s location, encrypt the location data and store it in a database. The location data is encrypted in such a way that it is possible to determine when a user'"'"'s mobile device is currently in the same vicinity as another user'"'"'s mobile device who is a member of the same group as the first user. However, the actual location and relative mobility or immobility of the users cannot be ascertained except by the users themselves via a decryption procedure or by trusted components. Services are provided can read the stored encrypted location data, processes it to determine if group members are in the same vicinity, and either respond to user queries about the location of other members of a group the user belongs to, or push this information to appropriate users.
-
Citations
20 Claims
-
1. A computer-implemented process for location brokering, comprising:
-
using one or more computers to perform the following process actions; encrypting location data associated with multiple communication-enabled devices, wherein for each communication-enabled device associated with a user in each group of communication-enabled device users, said location data encryption comprises encrypting grid coordinates of a grid cell of a location grid in which the location of the communication-enabled device falls via an encryption scheme using a group encryption key and an initialization vector associated with the group, wherein the initialization vector associated with a group is computed based on a shared group secret and a current time interval such that the initialization vector computed by members of a group within the same time interval matches, but varies from one time interval to the next and so the encrypted location data for communication-enabled devices associated with users in the same group and located in the same grid cell within the same time interval match; and providing at least one location service that gives users location-related information based on the encrypted location data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented process for obtaining location information concerning mobile computing devices each of which is associated with a user, comprising:
-
using a mobile computing device associated with a first user to perform the following process actions; receiving one or more neighbor tuples from a location service, wherein each neighbor tuple comprises an encrypted location message comprising at least an encryption of the location of a communication-enabled device; for each received neighbor tuple, obtaining a decryption key capable of decrypting the encrypted location message of the received neighbor tuple under consideration from a set of decryption keys known to the mobile computing device associated with a first user, decrypting the encrypted location message found in the received neighbor tuple under consideration via a decryption scheme corresponding to the encryption scheme used to encrypt the location message, using the obtained decryption key, and outputting the location of the communication-enabled device found in the decrypted location message, and a user identifier identifying a user associated with that communication-enabled device. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A location brokering system, comprising:
-
a plurality of computing devices each of which is in communication with others of the computing devices, said plurality of computing devices comprising a plurality of mobile computing devices each of which is associated with a different user and at least one cloud-based computing device; and computer program modules each of which is executed by at least one of the computing devices, said modules comprising; a sensor data capture module which is executed by each of the mobile computing devices and which, for each mobile computing device, captures sensor data using one of more sensors associated with the mobile computing device wherein said sensor data is indicative of the location of the device, a location computation module which computes the location of a communication-enabled device based on the sensor data captured by that device, and which, for each of the mobile computing devices, is either executed by the mobile computing device that captured the sensor data or by a cloud-based computing device which received the sensor data from the mobile computing device, a position processing module which encrypts the location of a communication-enabled device using information provided by the mobile computing device and the location computation module that computed the mobile computing device'"'"'s location, and which, for each group of users that the user of the mobile computing device is a member of, generates a location tuple comprising a group identifier associated with the group of users, a user identifier associated with the user of the mobile computing device, a current time interval corresponding to a current time, an encryption of the grid coordinates of a grid cell in a location grid in which location of the mobile computing device falls and which encryption is different for each group of users and each time interval, and a location message comprising an encoding of the user identifier associated with the user of the mobile computing device, the encrypted location of the mobile computing device and a time when the mobile computing device was at that location and which encryption is different for each group of users, and which, for each of the mobile computing devices, is either executed by the mobile computing device or by a cloud-based computing device, a location database module which stores location tuples and which, for each of the mobile computing devices, is either executed by the mobile computing device or by a cloud-based computing device, and at least one service provider module, each of which provides location-related information based on the location tuples stored in the location database, and which is executed by a cloud-based computing device.
-
Specification