Reliable reporting of location data
First Claim
1. A method for providing confidential data by a computing platform, the method comprising:
- checking, by a trusted mediator operating on the computing platform, a local policy store for a policy for providing confidential data in conjunction with establishing a data connection to a data recipient, wherein the computing platform includes a first virtual machine hosting a user application and the local policy store, and a second virtual machine hosting the trusted mediator, wherein the local policy store is configured to store user policies constraining operation of the user application, including the policy for providing the confidential data in conjunction with establishing the data connection to the data recipient, and the trusted mediator is configured to mediate access to resources, including providing the confidential data including location data;
based on a result of the checking, initiating, by the trusted mediator, the data connection with the data recipient, including requesting from a trusted source, confidential data for establishing the data connection; and
receiving, by the trusted mediator, in response to the request for confidential data, a first cryptographically signed confidential data from the trusted source, and responsive thereto, providing a second cryptographically signed confidential data to the user application, the providing including modifying the second cryptographically signed confidential data based on the result of the checking for the policy.
1 Assignment
0 Petitions
Accused Products
Abstract
A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel'"'"'s LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call. Other embodiments may be described.
9 Citations
12 Claims
-
1. A method for providing confidential data by a computing platform, the method comprising:
-
checking, by a trusted mediator operating on the computing platform, a local policy store for a policy for providing confidential data in conjunction with establishing a data connection to a data recipient, wherein the computing platform includes a first virtual machine hosting a user application and the local policy store, and a second virtual machine hosting the trusted mediator, wherein the local policy store is configured to store user policies constraining operation of the user application, including the policy for providing the confidential data in conjunction with establishing the data connection to the data recipient, and the trusted mediator is configured to mediate access to resources, including providing the confidential data including location data; based on a result of the checking, initiating, by the trusted mediator, the data connection with the data recipient, including requesting from a trusted source, confidential data for establishing the data connection; and receiving, by the trusted mediator, in response to the request for confidential data, a first cryptographically signed confidential data from the trusted source, and responsive thereto, providing a second cryptographically signed confidential data to the user application, the providing including modifying the second cryptographically signed confidential data based on the result of the checking for the policy. - View Dependent Claims (2, 3, 4)
-
-
5. A tangible and non-transitory computing device-readable medium comprising:
- one or more instructions that in response to execution of the instructions on a computing device, provide a trusted mediator to the computing device to mediate access to resources including provision of confidential data, wherein the trusted mediator is to;
check a local policy store of the computing device, storing user policies constraining operation of a user application of the computing device, for a policy that controls provision of confidential data in conjunction with establishment of a data connection to a data recipient, wherein the user application and the local policy store are hosted by a first virtual machine of the computing device and the trusted mediator is hosted by a second virtual machine of the computing device, and wherein the confidential data includes location data; initiate, based on a result of the check for the policy, the data connection including transmission of a request to a trusted source to obtain the confidential data for establishment of the data connection with the data recipient; and receive, in response to the request for confidential data, a first cryptographically signed confidential data from the trusted source, and responsive thereto, provide a second cryptographically signed confidential data to the user application, wherein to provide includes to modify the second cryptographically signed confidential data based on the result of the check for the policy. - View Dependent Claims (6, 7, 8)
- one or more instructions that in response to execution of the instructions on a computing device, provide a trusted mediator to the computing device to mediate access to resources including provision of confidential data, wherein the trusted mediator is to;
-
9. An apparatus, comprising:
-
a processor; a memory coupled with the processor and to support operation of first and second virtual machines, and a user application; a local policy store to store user policies of the user application, including a policy that controls provision of confidential data in conjunction with establishment of a data connection to a data recipient, the confidential data including location data, wherein the user application and the local policy store reside in the first virtual machine, and wherein the user application is to establish the data connection with the data recipient; and a trusted mediator to reside in the second virtual machine, to; mediate resources access from the user application; check the local policy store for the policy that controls provision of the confidential data in conjunction with establishment of the data connection; obtain the confidential data from a trusted source, and initiate the data connection with the data recipient, based on a result of the check for the policy; receive, in response to the request for confidential data, a first cryptographically signed confidential data from the trusted source; and provide, in response to receipt of the first cryptographically signed confidential data, a second cryptographically signed confidential data to the user application, wherein to provide includes to modify the second cryptographically signed confidential data based on the result of the check for the policy. - View Dependent Claims (10, 11, 12)
-
Specification