TAMPER PROOF LOCATION SERVICES
First Claim
1. A computer-implemented method for setting access permissions on a resource based on location information, the method comprising:
- receiving a permission update request to update permissions for an identified resource to include location-based permission information;
locating the identified resource;
locating access control information associated with the identified resource;
determining one or more allowed actions from the location-based permission information accompanying the request;
updating the located access control information to include the allowed location-based actions; and
storing the updated access control information associated with the identified resource, so that subsequent attempts to access the identified resource will be subject to the specified location-based access information,wherein the preceding steps are performed by at least one processor.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure location system is described herein that leverages location-based services and hardware to make access decisions. Many mobile computers have location devices, such as GPS. They also have a trusted platform module (TPM) or other security device. Currently GPS location data is made directly accessible to untrusted application code using a simple protocol. The secure location system provides a secure mechanism whereby the GPS location of a computer at a specific time can be certified by the operating system kernel and TPM. The secure location system logs user activity with a label indicating the geographic location of the computing device at the time of the activity. The secure location system can provide a difficult to forge, time-stamped location through a combination of kernel-mode GPS access and TPM security hardware. Thus, the secure location system incorporates secure location information into authorization and other operating system decisions.
62 Citations
20 Claims
-
1. A computer-implemented method for setting access permissions on a resource based on location information, the method comprising:
-
receiving a permission update request to update permissions for an identified resource to include location-based permission information; locating the identified resource; locating access control information associated with the identified resource; determining one or more allowed actions from the location-based permission information accompanying the request; updating the located access control information to include the allowed location-based actions; and storing the updated access control information associated with the identified resource, so that subsequent attempts to access the identified resource will be subject to the specified location-based access information, wherein the preceding steps are performed by at least one processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer system for providing tamper-proof location services to software applications, the system comprising:
-
a location hardware component that provides a hardware signal that indicates a current geographic location of the system; a hardware security component that provides a trustworthy computing guarantee for software code running on the system; a processor and memory configured to execute software instructions embodied within the following components; a kernel location provider that provides an interface from an operating system kernel to user-mode services and applications that use location information; a location certification component that retrieves a certificate indicating a current location of the computer system with information from the location hardware component and hardware security component; a location audit component that stores an audit trail of secure location information associated with the computer system; and
a location verification component that requests location information from the kernel location provider and performs one or more actions based on received location information. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-readable storage medium comprising instructions for controlling a computer system to access a resource with location-based access permissions, wherein the instructions, upon execution, cause a processor to perform actions comprising:
-
receiving a request to access an identified resource, wherein the identified resource includes associated location-based access information; accessing a secure source of location information; receiving a location certificate from the secure source of location information that indicates a current geographic location of a computing device on which the request was received; comparing the location-based information provided by the received location certificate with at least one location-based restriction in access control information associated with the identified resource; if the comparison indicates that the requested access of the resource is permitted at the current location, allowing the access request and providing the requested access to the resource.
-
Specification