ROOT OF TRUST OF GEOLOCATION

US 20170353435A1
Filed: 06/06/2016
Published: 12/07/2017
Est. Priority Date: 06/06/2016
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a network interface unit configured to enable network communications;

a trust anchor module including a cryptographic processor and a secure memory; and

a main processor coupled to the network interface unit and the trust anchor module and configured to;

receive, via the network interface unit, a digital geolocation certificate, the digital geolocation certificate including information identifying the apparatus, information regarding a physical location of the apparatus, information identifying an authorized entity that has verified the physical location of the apparatus, and a digital signature of the authorized entity; and

cause the trust anchor module to store the digital geolocation certificate in the secure memory such that the digital geolocation certificate is cryptographically bound to the apparatus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A root-of-trust of geolocation is provided for an apparatus that includes a trust anchor module with a cryptographic processor and a secure memory. The apparatus further includes a main processor coupled to the trust anchor module and configured to receive a digital geolocation certificate, the geolocation certificate including information identifying the apparatus, information regarding a physical location of the apparatus, information identifying an authorized entity that has verified the physical location of the apparatus, and a digital signature of the authorized entity. The main processor is further configured to cause the trust anchor module to store the digital geolocation certificate in the secure memory such that the digital geolocation certificate is cryptographically bound to the apparatus. The trust anchor module may also include, or otherwise communicate over a secure channel with, a movement sensor associated with the apparatus.

24 Citations

View as Search Results

21 Claims

1. An apparatus comprising:
- a network interface unit configured to enable network communications;
  
  a trust anchor module including a cryptographic processor and a secure memory; and
  
  a main processor coupled to the network interface unit and the trust anchor module and configured to;
  
  receive, via the network interface unit, a digital geolocation certificate, the digital geolocation certificate including information identifying the apparatus, information regarding a physical location of the apparatus, information identifying an authorized entity that has verified the physical location of the apparatus, and a digital signature of the authorized entity; and
  
  cause the trust anchor module to store the digital geolocation certificate in the secure memory such that the digital geolocation certificate is cryptographically bound to the apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, wherein the information on a location of the apparatus includes longitude and latitude information.
  - 3. The apparatus of claim 1, wherein the trust anchor module further includes a movement sensor, and wherein the trust anchor module is configured to store measurements from the movement sensor in the secure memory.
  - 4. The apparatus of claim 3, wherein the trust anchor module is configured to cause a notification to be sent, via the network interface unit, when a measurement from the movement sensor exceeds a predetermined threshold.
  - 5. The apparatus of claim 3, wherein the movement sensor is an accelerometer.
  - 6. The apparatus of claim 1, wherein the main processor is configured to measure a location of the apparatus based on communications with external sources, and wherein the trust anchor module is further configured to store a log of the location measurements in the secure memory.
  - 7. The apparatus of claim 6, wherein the main processor is configured to measure a location of the apparatus by communicating with at least one of GPS satellites, trusted ping servers, or wireless wide area network cell towers.
  - 8. The apparatus of claim 6, wherein the main processor is configured to send the log of location measurements stored in the secure memory to another device in response to a trust request.
  - 9. A system comprising the apparatus of claim 6 and a computing device in communication with the apparatus via a network, the computing device being configured to:
    - send to the apparatus, via the network, a communication seeking an assertion of current location and stored measurements;
      
      receive from the apparatus, via the network, information from the secure anchor module regarding the location of the apparatus, the information including the digital geolocation certificate, the log of measurements stored in the secure memory of the apparatus, and the digital signature of the apparatus; and
      
      determine, based on the information received from the apparatus, trustworthiness of the asserted location.
  - 10. The system of claim 9, wherein the computing device is configured to determine trustworthiness of the asserted location by comparing the location asserted in the digital geolocation certificate with the log of stored location measurements.
  - 11. The system of claim 9, wherein the computing device is configured to determine trustworthiness of the asserted location based on whether or not a stored movement measurement exceeds a predetermined threshold.

12. A method of establishing a root of trust of geolocation for an apparatus including a trust anchor module having a cryptographic processor and a secure memory, the method comprising:
- receiving, at the apparatus, a digital geolocation certificate, the digital geolocation certificate including information identifying the apparatus, information regarding a physical location of the apparatus, information identifying an authorized entity that has verified the physical location of the apparatus, and a digital signature of the authorized entity; and
  
  storing the digital geolocation certificate in the secure memory of the apparatus such that the digital geolocation certificate is cryptographically bound to the apparatus.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, further comprising storing, in the secure memory, measurements from a movement sensor associated with the apparatus.
  - 14. The method of claim 13, wherein the apparatus is connected to an external computing device via a network connection, and further comprising sending a notification that the apparatus has been moved when the measurements from the movement sensor exceed a predetermined value.
  - 15. The method of claim 12, further comprising obtaining measurements of a location of the apparatus based on communications with external sources, and storing a log of the location measurements in the secure memory.
  - 16. The method of claim 15, further comprising sending, from the apparatus to another device, the digital geolocation certificate and the log of location measurements stored in the secure memory.

17. A non-transitory computer-readable storage media encoded with software comprising computer executable instructions and when the software is executed operable to:
- receive, at an apparatus including a trust anchor module having a cryptographic processor and a secure memory, a digital geolocation certificate, the digital geolocation certificate including information identifying the apparatus, information regarding a physical location of the apparatus, information identifying an authorized entity that has verified the physical location of the apparatus, and a digital signature of the authorized entity; and
  
  store the digital geolocation certificate in the secure memory of the apparatus such that the digital geolocation certificate is cryptographically bound to the apparatus.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The computer-readable storage media of claim 17, further comprising instructions operable to store, in the secure memory, measurements from a movement sensor associated with the apparatus.
  - 19. The computer-readable storage media of claim 18, further comprising instructions operable to send a notification that the apparatus has been moved when the measurements from the movement sensor exceed a predetermined value.
  - 20. The computer-readable storage media of claim 17, further comprising instructions operable to obtain measurements of a location of the apparatus based on communications with external sources, and storing a log of the location measurements in the secure memory.
  - 21. The computer-readable storage media of claim 20, further comprising instructions operable to send, from the apparatus to another device, the digital geolocation certificate and the log of location measurements stored in the secure memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Pritikin, Max, Montalvo, Rafael Mantilla, Shenefiel, Chris Allen

Granted Patent

US 10,601,787 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06Q 30/018   Certifying business or prod...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04L 9/0872   using geo-location informat...

H04L 9/3263   involving certificates, e.g...

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

ROOT OF TRUST OF GEOLOCATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

ROOT OF TRUST OF GEOLOCATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links