SECURING DATABASES AGAINST PIRACY ATTACKS

US 20140068778A1
Filed: 09/06/2012
Published: 03/06/2014
Est. Priority Date: 09/06/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving from a mobile device a request that includes a unique identifier for a location that has an entry in a database and an authorization identifier that is associated with the location;

using the unique identifier to find the entry for the location in the database;

using the authorization identifier to verify that the request is authorized; and

transmitting data to the mobile device after verifying that the request is authorized.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A database for location or geographic based services is secured by requiring location based requests to include a unique identifier that identifies the location as well as an authorization identifier associated with the location. The authorization identifier is information that is obtained by being physically present at the location, such as information from access points that are at the location or a position fix when present at the location. The authorization identifier may be non-unique but relatively time-invariant, making such information easily crowdsourced, but difficult to obtain unless physically present at the location. For example, the authorization identifier may be an SSID or a Beacon Frame, or a hash thereof from one or more devices at the location or a position fix.

46 Citations

View as Search Results

59 Claims

1. A method comprising:
- receiving from a mobile device a request that includes a unique identifier for a location that has an entry in a database and an authorization identifier that is associated with the location;
  
  using the unique identifier to find the entry for the location in the database;
  
  using the authorization identifier to verify that the request is authorized; and
  
  transmitting data to the mobile device after verifying that the request is authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the authorization identifier is obtained by the mobile device while present at the location.
  - 3. The method of claim 1, wherein the authorization identifier comprises data related to a Service Set Identifier (SSID) or a Beacon Frame or a hash of the SSID or the Beacon Frame.
  - 4. The method of claim 1, wherein the authorization identifier comprises at least one of data related to at least one access point visible at the location, a position fix when in the physical vicinity of the location, and at least one system parameter received from a cellular site that is visible at the location.
  - 5. The method of claim 1, wherein using the authorization identifier to verify that the request is authorized comprises comparing the authorization identifier from the request to a database authorization identifier in the entry for the location in the database.
  - 6. The method of claim 1, wherein the request includes unique identifiers for a plurality of locations with entries in the database and authorization identifiers associated with the plurality of locations, wherein using the authorization identifier to verify that the request is authorized comprises using a number of authorization identifiers that are not found in the database to determine that the request is not authorized.
  - 7. The method of claim 1, wherein transmitting data comprises transmitting map data associated with the location in the entry in the database.
  - 8. The method of claim 1, wherein the unique identifier for the location comprises a Media Access Control (MAC) address for an access point or a latitude and longitude pair.

9. An apparatus comprising:
- a database that includes entries for locations identified with unique identifiers and authorization identifiers;
  
  an external interface capable of communicating with mobile devices to receive a request from a mobile device that includes a unique identifier for a location that has an entry in the database and an authorization identifier that is associated with the location; and
  
  a processor configured to use the unique identifier to find the entry for the location in the database, use the authorization identifier to verify that the request is authorized; and
  
  cause the external interface to transmit data to the mobile device after verifying that the request is authorized.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The apparatus of claim 9, wherein the authorization identifier comprises data related to a Service Set Identifier (SSID) or a Beacon Frame or a hash of the SSID or the Beacon Frame.
  - 11. The apparatus of claim 9, wherein the authorization identifier comprises at least one of data related to at least one access point visible at the location, a position fix when in the physical vicinity of the location, and at least one system parameter received from a cellular site that is visible at the location.
  - 12. The apparatus of claim 9, wherein the processor is configured to use the authorization identifier to verify that the request is authorized by being configured to compare the authorization identifier from the request to a database authorization identifier in the entry for the location in the database.
  - 13. The apparatus of claim 9, wherein the request includes unique identifiers for a plurality of locations with entries in the database and authorization identifiers associated with the plurality of locations, wherein the processor is configured to use the authorization identifier to verify that the request is authorized by being configured to use a number of authorization identifiers that are not found in the database to determine that the request is not authorized.
  - 14. The apparatus of claim 9, wherein the data transmitted to the mobile device comprises map data map data associated with the location in the entry in the database.
  - 15. The apparatus of claim 9, wherein the unique identifier for the location comprises a Media Access Control (MAC) address for an access point or a latitude and longitude pair.

16. An apparatus comprising:
- means for receiving from a mobile device a request that includes a unique identifier for a location that has an entry in a database and an authorization identifier that is associated with the location;
  
  means for using the unique identifier to find the entry for the location in the database;
  
  means for using the authorization identifier to verify that the request is authorized; and
  
  means for transmitting data to the mobile device after verifying that the request is authorized.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus of claim 16, wherein the authorization identifier comprises data related to a Service Set Identifier (SSID) or a Beacon Frame or a hash of the SSID or the Beacon Frame.
  - 18. The apparatus of claim 16, wherein the authorization identifier comprises at least one of data related to at least one access point visible at the location, a position fix when in the physical vicinity of the location, and at least one system parameter received from a cellular site that is visible at the location.
  - 19. The apparatus of claim 16, wherein the means for using the authorization identifier to verify that the request is authorized comprises means for comparing the authorization identifier from the request to a database authorization identifier in the entry for the location in the database.
  - 20. The apparatus of claim 16, wherein the request includes unique identifiers for a plurality of locations with entries in the database and authorization identifiers associated with the plurality of locations, wherein the means for using the authorization identifier to verify that the request is authorized uses a number of authorization identifiers that are not found in the database to determine that the request is not authorized.

21. A non-transitory computer-readable medium including program code stored thereon, comprising:
- program code to receive from a mobile device a request that includes a unique identifier for a location that has an entry in a database and an authorization identifier that is associated with the location;
  
  program code to use the unique identifier to find the entry for the location in the database;
  
  program code to use the authorization identifier to verify that the request is authorized; and
  
  program code to transmit data to the mobile device after verifying that the request is authorized.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The non-transitory computer-readable medium of claim 21, wherein the authorization identifier comprises data related to a Service Set Identifier (SSID) or a Beacon Frame or a hash of the SSID or the Beacon Frame.
  - 23. The non-transitory computer-readable medium of claim 21, wherein the authorization identifier comprises at least one of data related to at least one access point visible at the location, a position fix when in the physical vicinity of the location, and at least one system parameter received from a cellular site that is visible at the location.
  - 24. The non-transitory computer-readable medium of claim 21, wherein the program code to use the authorization identifier to verify that the request is authorized comprises program code to compare the authorization identifier from the request to a database authorization identifier in the entry for the location in the database.
  - 25. The non-transitory computer-readable medium of claim 21, the request includes unique identifiers for a plurality of locations with entries in the database and authorization identifiers associated with the plurality of locations, wherein the program code to use the authorization identifier to verify that the request is authorized comprises program code to use a number of authorization identifiers that are not found in the database to determine that the request is not authorized.

26. A method comprising:
- determining a unique identifier for a location and an authorization identifier associated with the location;
  
  transmitting a request that includes the unique identifier and the authorization identifier associated with the location; and
  
  receiving data from a remote database in response to the request when the remote database has an entry for the location and the authorization identifier associated with the location matches a stored authorization identified in the entry in the database.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 27. The method of claim 26, wherein the authorization identifier is determined while present at the location.
  - 28. The method of claim 26, wherein the authorization identifier comprises data related to a Service Set Identifier (SSID) or a Beacon Frame or a hash of the SSID or the Beacon Frame.
  - 29. The method of claim 26, wherein the authorization identifier comprises at least one of data related to at least one access point visible at the location, a position fix when in the physical vicinity of the location, and at least one system parameter received from a cellular site that is visible at the location.
  - 30. The method of claim 26, wherein determining the unique identifier for the location comprises receiving a message including the unique identifier from an access point associated with the location.
  - 31. The method of claim 26, wherein determining the authorization identifier associated with the location comprises receiving a message including the authorization identifier from an access point associated with the location.
  - 32. The method of claim 26, wherein determining the authorization identifier for the location comprises receiving a message including time invariant data from an access point associated with the location and producing the authorization identifier using the time invariant data.
  - 33. The method of claim 26, wherein determining the authorization identifier for the location comprises receiving data from devices that are visible when in the physical vicinity of the location, and using the data to determine the authorization identifier.
  - 34. The method of claim 33, wherein the data from devices that are visible comprises identities of access points associated with the location.
  - 35. The method of claim 33, wherein the data from devices that are visible is from at least one of a satellite positioning system wherein the authorization identifier is a position fix and a cellular site wherein the authorization identifier is a at least one system parameter.
  - 36. The method of claim 26, wherein the unique identifier for the location comprises a Media Access Control (MAC) address for an access point or a latitude and longitude pair.

37. A mobile device comprising:
- a wireless interface capable of receiving wireless signals while the mobile device is present at a location; and
  
  a processor configured to determine from the wireless signals a unique identifier for the location and an authorization identifier associated with the location;
  
  transmit with the wireless interface a request to a remote server with a database that that has an entry in the database for the location, the request includes the unique identifier and the authorization identifier associated with the location; and
  
  receive data with the wireless interface from the remote server in response to the request when the authorization identifier associated with the location matches a stored authorization identified in the entry in the database.
- View Dependent Claims (38, 39, 40, 41, 42, 43)
- - 38. The mobile device of claim 37, wherein the authorization identifier comprises data related to a Service Set Identifier (SSID) or a Beacon Frame or a hash of the SSID or the Beacon Frame.
  - 39. The mobile device of claim 37, wherein the authorization identifier comprises at least one of data related to at least one access point visible at the location, a position fix when in the physical vicinity of the location, and at least one system parameter received from a cellular site that is visible at the location.
  - 40. The mobile device of claim 37, wherein the wireless signals comprise a message including the unique identifier and the authorization identifier from an access point associated with the location.
  - 41. The mobile device of claim 37, wherein the wireless interface comprises a satellite positioning system receiver, and the wireless signals are data from a satellite positioning system and the authorization identifier is a position fix.
  - 42. The mobile device of claim 37, wherein the wireless interface comprises a cellular receiver, and the authorization identifier is at least one system parameter.
  - 43. The mobile device of claim 37, wherein the unique identifier for the location comprises a Media Access Control (MAC) address for an access point or a latitude and longitude pair.

44. A mobile device comprising:
- means for determining a unique identifier for a location and an authorization identifier associated with the location;
  
  means for transmitting a request that includes the unique identifier and the authorization identifier associated with the location; and
  
  means for receiving data from a remote database in response to the request when the remote database has an entry for the location and the authorization identifier associated with the location matches a stored authorization identified in the entry in the database.
- View Dependent Claims (45, 46, 47)
- - 45. The mobile device of claim 44, wherein the authorization identifier comprises data related to a Service Set Identifier (SSID) or a Beacon Frame or a hash of the SSID or the Beacon Frame.
  - 46. The mobile device of claim 44, wherein the authorization identifier comprises at least one of data related to at least one access point visible at the location, a position fix when in the physical vicinity of the location, and at least one system parameter received from a cellular site that is visible at the location.
  - 47. The mobile device of claim 44, wherein the unique identifier for the location comprises a Media Access Control (MAC) address for an access point or a latitude and longitude pair.

48. A non-transitory computer-readable medium including program code stored thereon, comprising:
- program code to determine a unique identifier for a location and an authorization identifier associated with the location;
  
  program code to transmit a request that includes the unique identifier and the authorization identifier associated with the location; and
  
  program code to receive data from a remote database in response to the request when the remote database has an entry for the location and the authorization identifier associated with the location matches a stored authorization identified in the entry in the database.
- View Dependent Claims (49, 50, 51)
- - 49. The non-transitory computer-readable medium of claim 48, wherein the authorization identifier comprises data related to a Service Set Identifier (SSID) or a Beacon Frame or a hash of the SSID or the Beacon Frame.
  - 50. The non-transitory computer-readable medium of claim 48, wherein the authorization identifier comprises at least one of data related to at least one access point visible at the location, a position fix when in the physical vicinity of the location, and at least one system parameter received from a cellular site that is visible at the location.
  - 51. The non-transitory computer-readable medium of claim 48, wherein the unique identifier for the location comprises a Media Access Control (MAC) address for an access point or a latitude and longitude pair.

52. A method of crowdsourcing data, the method comprising:
- receiving crowdsourced data for a location for an entry in a database, the crowdsourced data includes a crowdsourced authorization identifier associated with the location;
  
  determining that the database includes the entry for the location;
  
  determining that a database authorization identifier associated with the location in the database is in a valid state but does not match the crowdsourced authorization identifier;
  
  changing a value of the database authorization identifier to a value of the crowdsourced authorization identifier; and
  
  changing the database authorization identifier from the valid state to an awaiting validation state, wherein the database authorization identifier is not used for verification of a request when in the awaiting validation state.
- View Dependent Claims (53)
- - 53. The method of claim 52, further comprising:
    - changing the database authorization identifier from the awaiting validation state to the valid state after receiving a predetermined number of crowdsourced data messages with crowdsourced authorization identifiers that match the database authorization identifier.

54. An apparatus for crowdsourcing data, the apparatus comprising:
- a database that includes entries for locations identified with unique identifiers and authorization identifiers;
  
  an external interface capable of communicating with mobile devices to receive crowdsourced data for a location for an entry in the database, the crowdsourced data includes a crowdsourced authorization identifier associated with the location; and
  
  a processor configured to determine that the database includes the entry for the location;
  
  determines that a database authorization identifier associated with the location in the database is in a valid state but does not match the crowdsourced authorization identifier;
  
  change a value of the database authorization identifier to a value of the crowdsourced authorization identifier; and
  
  change the database authorization identifier from the valid state to an awaiting validation state, wherein the database authorization identifier is not used for verification of a request when in the awaiting validation state.
- View Dependent Claims (55)
- - 55. The apparatus of claim 54, wherein the processor is further configured to change the database authorization identifier from the awaiting validation state to the valid state after receiving a predetermined number of crowdsourced data messages with crowdsourced authorization identifiers that match the database authorization identifier.

56. An apparatus for crowdsourcing data, the apparatus comprising:
- means for receiving crowdsourced data for a location for an entry in a database, the crowdsourced data includes a crowdsourced authorization identifier associated with the location;
  
  means for determining that the database includes the entry for the location;
  
  means for determining that a database authorization identifier associated with the location in the database is in a valid state but does not match the crowdsourced authorization identifier;
  
  means for changing a value of the database authorization identifier to a value of the crowdsourced authorization identifier; and
  
  means for changing the database authorization identifier from the valid state to an awaiting validation state, wherein the database authorization identifier is not used for verification of a request when in the awaiting validation state.
- View Dependent Claims (57)
- - 57. The apparatus of claim 56, further comprising:
    - means for changing the database authorization identifier from the awaiting validation state to the valid state after receiving a predetermined number of crowdsourced data messages with crowdsourced authorization identifiers that match the database authorization identifier.

58. A non-transitory computer-readable medium including program code stored thereon, comprising:
- program code to receive crowdsourced data for a location for an entry in a database, the crowdsourced data includes a crowdsourced authorization identifier associated with the location;
  
  program code to determine that the database includes the entry for the location;
  
  program code to determine that a database authorization identifier associated with the location in the database is in a valid state but does not match the crowdsourced authorization identifier;
  
  program code to change a value of the database authorization identifier to a value of the crowdsourced authorization identifier; and
  
  program code to change the database authorization identifier from the valid state to an awaiting validation state, wherein the database authorization identifier is not used for verification of a request when in the awaiting validation state.
- View Dependent Claims (59)
- - 59. The non-transitory computer-readable medium of claim 58, further comprising:
    - program code to change the database authorization identifier from the awaiting validation state to the valid state after receiving a predetermined number of crowdsourced data messages with crowdsourced authorization identifiers that match the database authorization identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Bhatia, Ashok, Yang, Yafei, Shang, Ning

Granted Patent

US 9,584,528 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

H04L 63/107   wherein the security polici...

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

SECURING DATABASES AGAINST PIRACY ATTACKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

59 Claims

Specification

Solutions

Use Cases

Quick Links

SECURING DATABASES AGAINST PIRACY ATTACKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

59 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links