Reliable reporting of location data

US 7,965,702 B2
Filed: 03/03/2006
Issued: 06/21/2011
Est. Priority Date: 12/30/2005
Status: Active Grant

First Claim

Patent Images

1. A machine comprising:

a first virtual machine configured to host at least an application domain, wherein the application domain includes a telephony application configured to request a location provider for a current location of the machine and send the current location along with outbound phone calls placed by the telephony application, wherein the machine is configured for mobile usage;

a second virtual machine configured to host at least the location provider configured to determine the current location of the mobile machine;

a domain mediator configured to mediate access to the location provider over an inter-domain communication channel coupling the application domain and the location provider, including securely providing location data from the location provider to the application domain; and

a trusted platform module configured to communicatively couple selected ones of;

the application domain and the location provider, wherein the trusted platform module is further configured to cryptographically secure location data transmitted between said coupled ones of the application domain and location provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel'"'"'s LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call. Other embodiments may be described.

6 Citations

22 Claims

1. A machine comprising:
- a first virtual machine configured to host at least an application domain, wherein the application domain includes a telephony application configured to request a location provider for a current location of the machine and send the current location along with outbound phone calls placed by the telephony application, wherein the machine is configured for mobile usage;
  
  a second virtual machine configured to host at least the location provider configured to determine the current location of the mobile machine;
  
  a domain mediator configured to mediate access to the location provider over an inter-domain communication channel coupling the application domain and the location provider, including securely providing location data from the location provider to the application domain; and
  
  a trusted platform module configured to communicatively couple selected ones of;
  
  the application domain and the location provider, wherein the trusted platform module is further configured to cryptographically secure location data transmitted between said coupled ones of the application domain and location provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The machine of claim 1, wherein the trusted platform module is configured to sign location data determined by the location provider.
  - 3. The machine of claim 2,wherein the location provider is configured to determine the location data, sign the determined location data with the trusted platform module, and send the signed location data to the domain mediator, andwherein the domain mediator is configured to secondarily sign the location data with the trusted platform module and provide the doubly signed location data to the application domain.
  - 4. The machine of claim 1, further comprising selected ones of:
    - a user storage in the application domain configured to store at least user policies or rules constraining performing tasks, wherein the telephony application is configured to review the policies or rules to confirm availability of performing a telephony task;
      
      a policy manager component of the domain mediator configured to modify data mediated by the domain mediator in accord with platform administrator policies;
      
      ora rules manager component of the domain mediator configured to modify data mediated by the domain mediator in accord with platform administrator policies.
  - 5. The machine of claim 1, further comprising:
    - a user storage in the application domain configured to store at least rules constraining performing tasks, said rules including a privacy rule requiring modifying location data;
      
      wherein the telephony application is configured to review said rules to confirm availability of performing initiating a telephony connection and to modify the location data as needed in accord with the privacy rule.
  - 6. The machine of claim 1, further comprising a virtual machine manager configured to provide the communication channel.
  - 7. The machine of claim 1, further comprising a global positioning system (GPS) component configured to provide the current location, wherein the GPS component is communicatively coupled to the location provider of the second virtual machine.
  - 8. The machine of claim 1, wherein the location provider is further configured to provide a reliability factor to indicate a confidence in the current location.

9. A method for using a mobile machine having a first virtual machine hosting an application domain including a telephony application, a second virtual machine hosting a location provider to determine a current location of the mobile machine, and a domain mediator to mediate access to the location provider, comprising:
- receiving a request to initiate a call, by the telephony application, and responsive thereto, requesting by the telephony application from the domain mediator the current location of the mobile machine provided by the location provider;
  
  applying, by the location provider, a first cryptographic security to the location data to facilitate identifying tampering with the location data; and
  
  modifying, by the domain mediator, the location data with the first cryptographic security in accordance with platform administrator policy and applying a second cryptographic security to facilitate determining tampering with the modified location data;
  
  receiving from the domain mediator, by the telephony application, signed location data identifying the current location of the mobile machine, the location data being signed by selected ones of the location provider and the domain mediator;
  
  validating the location data has not been tampered with, by the telephony application, based at least in part on said signing by the selected ones of the location provider and domain mediator; and
  
  initiating the call, by the telephony application, and providing at least a portion of the current location of the mobile machine along with the call.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising modifying, by the telephony application, the location data as needed in accord with a user privacy policy.
  - 11. The method of claim 9, further comprising determining, by the telephony application, whether the location data was altered after being provided by the location provider.
  - 12. The method of claim 9, further comprising:
    - cryptographically signing the location data, by a trusted platform module disposed within the machine.
  - 13. The method of claim 9, further comprising signing by selected ones of the location provider and domain mediator, including:
    - the location provider determining the location data and first signing it; and
      
      the domain mediator secondarily signing the location data with a trusted platform module and providing the doubly signed location data to the application domain.
  - 14. The method of claim 9, further comprising the telephony application reviewing policies or rules stored in a user storage in the application domain to confirm availability of performing a telephony task prior to performing said task.
  - 15. The method of claim 9, further comprising the telephony application reviewing policies or rules stored in a user storage associated with the application domain to confirm availability of performing a telephony task.
  - 16. The method of claim 15, further comprising:
    - determining, by the telephony application, whether a user privacy rule requires modifying location data; and
      
      modifying, by the telephony application, the location data as needed in accord with the user privacy rule.

17. An article of manufacture comprising a non-transitory tangible machine-readable medium having one or more associated instructions store thereon configured to program a mobile machine and enable the mobile machine, in response to execution of the instructions by the mobile machine, to perform operations including:
- receiving a request to initiate a call, by a telephony application located in a first virtual machine of the mobile machine, and responsive thereto, requesting by the telephony application, from a domain mediator of the mobile machine, the current location of the mobile machine, provided by a location provider of a second virtual machine, the domain mediator mediating access to the location provider;
  
  receiving, by the telephony application, from the domain mediator a doubly signed location data identifying the current location of the mobile machine, the location data being first signed by the location provider and second signed by the domain mediator;
  
  applying, by the location provider, a first cryptographic security to the location data to facilitate identifying tampering with the location data; and
  
  modifying, by the domain mediator, the location data with the first cryptographic security in accordance with platform administrator policy and applying a second cryptographic security to facilitate determining tampering with the modified location data;
  
  validating the location data has not been tampered with, by the telephony application, based at least in part on selected ones of the first signature and the second signature; and
  
  initiating the call, by the telephony application, including providing at least a portion of the current location of the mobile machine along with a call.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The article of claim 17, wherein the operations further include modifying, by the telephony application, the location data as needed in accord with a user privacy policy.
  - 19. The article of claim 17, wherein the operations further include determining, by the telephony application, the location data was altered after being provided by the location provider.
  - 20. The article of claim 17, wherein the operations further include cryptographically signing the location data with a trusted platform module disposed within the mobile machine.
  - 21. The article of claim 17, wherein the operations further include the telephony application reviewing policies or rules stored in a user storage in the application domain to confirm availability of performing a telephony task prior to performing said task.
  - 22. The article of claim 17, wherein the operations further include:
    - determining, by the telephony application, whether a user privacy rule requires modifying location data; and
      
      modifying, by the telephony application, the location data as needed in accord with the user privacy rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Wang, Shao-Cheng, Adrangi, Farid, Covington, Michael J., Manohar, Deepak J., Sastry, Manoj R.
Primary Examiner(s)
Flynn; Nathan
Assistant Examiner(s)
HAMEL, JOEL A

Application Number

US11/368,374
Publication Number

US 20070153715A1
Time in Patent Office

1,936 Days
Field of Search

370352-356, 379/142.1, 379/207.12, 379/45, 726 28- 30, 455/404.2, 455/456.1
US Class Current

370/352
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/2898   Subscriber equipments DSL m...

H04L 65/1053   IP private branch exchange ...

H04L 65/1069   Session establishment or de...

H04L 65/1101   Session protocols

H04L 67/52   specially adapted for the l...

H04M 2242/04   for emergency applications

H04W 88/18   Service support devices; Ne...

Reliable reporting of location data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

6 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Reliable reporting of location data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links