Platform that facilitates preservation of user privacy

US 8,825,996 B2
Filed: 06/17/2011
Issued: 09/02/2014
Est. Priority Date: 06/17/2011
Status: Active Grant

First Claim

Patent Images

1. A method executed at a server device, the method comprising:

receiving a location-based query from a location-based application executing on a first computing device of a first user, the location-based query comprising an encrypted location constraint and an encrypted identity of a second user of a second computing device;

receiving a data packet from a second computing device that comprises the encrypted identity of the second user and an encrypted location of the second computing device;

responsive to receiving the data packet from the second computing device, comparing the encrypted location constraint with the encrypted location of the second computing device;

determining a response to the location-based query based upon the comparing of the encrypted location constraint with the encrypted location of the second computing device, the response determined without decrypting the location constraint and the encrypted location of the second computing device; and

causing a processor on the server to transmit the response to the location-based query to the first computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein are technologies pertaining to preserving privacy of users of mobile computing devices. Two users of two mobile computing devices share a quantization scheme for quantizing location data using a predefined quantization interval. The two users additionally share a private key that is utilized to encrypt locations obtained by the two computing devices that have been quantized using the shared quantization scheme. Encrypted, quantized locations are compared in a cloud computing service in connection with answering location-based queries, where the comparison is undertaken without the cloud computing service decrypting the encrypted, quantized locations.

7 Citations

20 Claims

1. A method executed at a server device, the method comprising:
- receiving a location-based query from a location-based application executing on a first computing device of a first user, the location-based query comprising an encrypted location constraint and an encrypted identity of a second user of a second computing device;
  
  receiving a data packet from a second computing device that comprises the encrypted identity of the second user and an encrypted location of the second computing device;
  
  responsive to receiving the data packet from the second computing device, comparing the encrypted location constraint with the encrypted location of the second computing device;
  
  determining a response to the location-based query based upon the comparing of the encrypted location constraint with the encrypted location of the second computing device, the response determined without decrypting the location constraint and the encrypted location of the second computing device; and
  
  causing a processor on the server to transmit the response to the location-based query to the first computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the response is determined without decrypting the identity of the second user.
  - 3. The method of claim 1, wherein the processor on the server transmits the response when the second computing device is within a predefined geographic distance of a current location of the first computing device.
  - 4. The method of claim 1, wherein the processor on the server transmits the response when the second computing device is within a predefined geographic distance from a location identified by the first user.
  - 5. The method of claim 1, wherein the processor on the server transmits the response if the second user has previously been within a predefined geographic distance from a location identified by the first user.
  - 6. The method of claim 1, wherein the encrypted location constraint comprises at least one integer generated by a random number generator that represents a first quantized location, and wherein the encrypted location of the second user comprises at least one integer generated by the random number generator that represents a second quantized location, wherein the comparing of the encrypted location constraint with the encrypted location of the second computing device comprises comparing the at least one integer of the encrypted location constraint with the at least one integer of the encrypted location.
  - 7. The method of claim 6, wherein a quantization interval utilized when producing the quantized locations is predefined.
  - 8. The method of claim 1, wherein the encrypted location constraint comprises a first encrypted value that represents a quantized location, the first encrypted value generated at the first computing device utilizing a first encryption algorithm and a first private key, and wherein the encrypted location of the second computing device comprises a second encrypted value that represents a quantized location of the second computing device, the second encrypted value generated at the second computing device utilizing the first encryption algorithm and the first private key, and wherein the comparing of the encrypted location constraint with the encrypted location of the second computing device comprises comparing the first encrypted value with the second encrypted value.
  - 9. The method of claim 8, wherein the first encrypted value is representative of a first quantized latitude value, wherein the location constraint further comprises a third encrypted value that is representative of a first quantized longitude value, wherein the second encrypted value is representative of a second quantized latitude value, and wherein encrypted location of the second computing device comprises a fourth encrypted value that is representative of a second longitude value, wherein the comparing of the encrypted location constraint with the encrypted location of the second computing device comprises:
    - comparing the first encrypted value with the second encrypted value; and
      
      comparing the third encrypted value with the fourth encrypted value.
  - 10. The method of claim 1, wherein the encrypted location constraint is generated by way of an encryption algorithm executed at the first computing device using a shared private key, and wherein the encrypted location of the second computing device is generated by way of the encryption algorithm executed at the second computing device using the shared private key.
  - 11. The method of claim 1, wherein the encrypted location constraint is generated by way of a secure random number generator executed at the first computing device using a shared private key, and wherein the encrypted location of the second computing device is generated by way of the secure random number generator executed at the second computing device using the shared private key.

12. A system comprising a plurality of components, the components comprising:
- a receiver component that receives;
  
  a location-based query from a first computing device of a first user, the location-based query comprising an encrypted identity of a second user and a location constraint that comprises a first encrypted geographic location; and
  
  a data packet from a second computing device of the second user that includes the encrypted identity of the second user and a second encrypted geographic location, the second encrypted geographic location representing one of a current geographic location of the second user or a historic geographic location of the second user; and
  
  a responder component that performs a comparison between the first encrypted geographic location and the second encrypted geographic location and transmits a response to the location-based query to the first computing device based at least in part upon the comparison without decrypting the first encrypted geographic location or the second encrypted geographic location.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the first encrypted geographic location is representative of a quantized most recent geographic location of the first user received by the receiver component, and wherein the response transmitted by the responder component indicates whether the second user is within a predefined geographic range of the first user.
  - 14. The system of claim 12, wherein the first encrypted geographic location is representative of a quantized geographic location of interest to the first user, and wherein the response transmitted by the responder component indicates whether the second user has previously been within a predefined geographic range of the quantized geographic location of interest to the first user.
  - 15. The system of claim 12, wherein the responder component transmits the response to the location-based query to the first computing device without decrypting the encrypted identity of the second user.
  - 16. The system of claim 12 comprised by a server in a cloud computing system.
  - 17. The system of claim 12, wherein the first encrypted location is generated by a secure random number generator on the first computing device utilizing a private key shared with the second user, and the second encrypted location is generated by the secure random number generator on the second computing device utilizing the private key.
  - 18. The system of claim 12, wherein the first encrypted location is generated by an encryption algorithm on the first computing device utilizing a private key shared with the second user, and the second encrypted location is generated by the encryption algorithm on the second computing device utilizing the private key.
  - 19. The system of claim 12, wherein the encrypted first location and the encrypted second location are representations of quantized locations of the first and second user, respectively.

20. Computer-readable data storage comprising instructions that, when executed by a processor, cause the processor to perform acts, comprising:
- receiving a location-based query from a first computing device of a first user, the location-based query comprising an encrypted identity of a second user and a location constraint that comprises a first encrypted geographic location that is representative of a first quantized location;
  
  receiving a data packet from a second computing device of the second user, the data packet comprising the encrypted identity of the second user and a second encrypted geographic location that is representative of a second quantized current location of the second user;
  
  responsive to receiving the data packet from the second computing device, comparing the first encrypted geographic location with the second encrypted geographic location without decrypting the encrypted identity of the second user, the first encrypted geographic location, or the second decrypted geographic location; and
  
  outputting a signal to the first computing device that indicates that the location-constraint of the location-based query has been satisfied when the first encrypted geographic location is equal to the second encrypted geographic location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Padhye, Jitendra D., Mahajan, Ratul
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Alata, Ayoub

Application Number

US13/163,045
Publication Number

US 20120324228A1
Time in Patent Office

1,173 Days
Field of Search

713/176, 713/150, 713/162, 726/7, 380/270
US Class Current

713/150
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0421   Anonymous communication, i....

H04L 9/0869   involving random numbers or...

H04L 9/0872   using geo-location informat...

H04L 9/321   involving a third party or ...

H04L 9/3226   using a predetermined code,...

H04W 12/02   Protecting privacy or anony...

H04W 12/63   Location-dependent; Proximi...

H04W 4/029   Location-based management o...

H04W 4/20   Services signaling; Auxilia...

H04W 8/16   selectively restricting mob...

Platform that facilitates preservation of user privacy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Platform that facilitates preservation of user privacy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links