Mobile platform with sensor data security

US 8,955,039 B2
Filed: 09/12/2012
Issued: 02/10/2015
Est. Priority Date: 09/12/2012
Status: Active Grant

First Claim

Patent Images

1. A method for securely providing context sensor data, said method comprising:

configuring one or more sensors to provide context data, said context data associated with a mobile device;

providing an application programming interface (API) to a sensor driver, said sensor driver configured to control said sensors;

providing a trusted execution environment (TEE) operating on said mobile device, said TEE configured to host said sensor driver and restrict control access and data access to said sensor driver and to said sensors;

generating a request for said context data through said API, said request generated by an application associated with said mobile device;

receiving, by said application, said requested context data and a validity indicator through said API, wherein said validity indicator is generated by said TEE;

verifying, by said application, that said requested context data is received from said TEE based on said validity indicator; and

adjusting a policy associated with said application based on said verified context data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generally, this disclosure describes devices, methods and systems for securely providing context sensor data to mobile platform applications. The method may include configuring sensors to provide context data, the context data associated with a mobile device; providing an application programming interface (API) to a sensor driver, the sensor driver configured to control the sensors; providing a trusted execution environment (TEE) operating on the mobile device, the TEE configured to host the sensor driver and restrict control and data access to the sensor driver and to the sensors; generating a request for the context data through the API, the request generated by an application associated with the mobile device; receiving, by the application, the requested context data and a validity indicator through the API; verifying, by the application, the requested context data based on the validity indicator; and adjusting a policy associated with the application based on the verified context data.

Citations

27 Claims

1. A method for securely providing context sensor data, said method comprising:
- configuring one or more sensors to provide context data, said context data associated with a mobile device;
  
  providing an application programming interface (API) to a sensor driver, said sensor driver configured to control said sensors;
  
  providing a trusted execution environment (TEE) operating on said mobile device, said TEE configured to host said sensor driver and restrict control access and data access to said sensor driver and to said sensors;
  
  generating a request for said context data through said API, said request generated by an application associated with said mobile device;
  
  receiving, by said application, said requested context data and a validity indicator through said API, wherein said validity indicator is generated by said TEE;
  
  verifying, by said application, that said requested context data is received from said TEE based on said validity indicator; and
  
  adjusting a policy associated with said application based on said verified context data.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said validity indicator comprises a digital signature.
  - 3. The method of claim 1, further comprising encrypting, by said sensor driver, said requested context data.
  - 4. The method of claim 1, wherein said sensor is selected from the group consisting of an accelerometer, a global positioning sensor, a compass, a camera, a proximity sensor, a microphone, a gyroscope, a touch sensor, an ambient temperature sensor and an ambient light sensor.
  - 5. The method of claim 1, wherein said context data is selected from the group consisting of device location, device position, device motion, user identification, temperature and noise level.
  - 6. The method of claim 1, wherein said policy is selected from the group consisting of mobile commerce payment policy, mobile commerce security policy and parental control of media viewing policy.

7. A device for mobile communication, said device comprising:
- a memory coupled to a processor;
  
  one or more sensors configured to provide context data, said context data associated with said device;
  
  a secure sensor driver module configured to receive requests for said context data and, in response to said requests, provide said context data and an associated validity indicator;
  
  a trusted execution environment (TEE) operating on said device, said TEE configured to host said secure sensor driver module, generate said validity indicator, and restrict control access and data access to said secure sensor driver module and to said sensors; and
  
  one or more application modules configured to generate said requests, receive said context data, verify that said context data is received from said TEE based on said validity indicator, and adjust a policy associated with said application based on said verified context data.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The device of claim 7, wherein said validity indicator comprises a digital signature.
  - 9. The device of claim 7, wherein said secure sensor driver module is further configured to encrypt said context data.
  - 10. The device of claim 7, further comprising a sensor peripheral hub coupled to each of said sensors, said sensor peripheral hub comprising a processor and memory to provide said TEE and firmware configured to store said secure sensor driver module.
  - 11. The device of claim 7, wherein said sensor is selected from the group consisting of an accelerometer, a global positioning sensor, a compass, a camera, a proximity sensor, a microphone, a gyroscope, a touch sensor, an ambient temperature sensor and an ambient light sensor.
  - 12. The device of claim 7, wherein said context data is selected from the group consisting of device location, device position, device motion, user identification, temperature and noise level.
  - 13. The device of claim 7, wherein said policy is selected from the group consisting of mobile commerce payment policy, mobile commerce security policy and parental control of media viewing policy.

14. A non-transitory computer-readable storage medium having instructions stored thereon which when executed by a processor result in the following operations for securely providing context sensor data, said operations comprising:
- configuring one or more sensors to provide context data, said context data associated with a mobile device;
  
  providing an application programming interface (API) to a sensor driver, said sensor driver configured to control said sensors;
  
  providing a trusted execution environment (TEE) operating on said mobile device, said TEE configured to host said sensor driver and restrict control access and data access to said sensor driver and to said sensors;
  
  generating a request for said context data through said API, said request generated by an application associated with said mobile device;
  
  receiving, by said application, said requested context data and a validity indicator through said API, wherein said validity indicator is generated by said TEE;
  
  verifying, by said application, that said requested context data is received from said TEE based on said validity indicator; and
  
  adjusting a policy associated with said application based on said verified context data.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer-readable storage medium of claim 14, wherein said validity indicator comprises a digital signature.
  - 16. The computer-readable storage medium of claim 14, further comprising the operations of encrypting, by said sensor driver, said requested context data.
  - 17. The computer-readable storage medium of claim 14, wherein said sensor is selected from the group consisting of an accelerometer, a global positioning sensor, a compass, a camera, a proximity sensor, a microphone, a gyroscope, a touch sensor, an ambient temperature sensor and an ambient light sensor.
  - 18. The computer-readable storage medium of claim 14, wherein said context data is selected from the group consisting of device location, device position, device motion, user identification, temperature and noise level.
  - 19. The computer-readable storage medium of claim 14, wherein said policy is selected from the group consisting of mobile commerce payment policy, mobile commerce security policy and parental control of media viewing policy.

20. A mobile communication platform comprising:
- a processor;
  
  a memory coupled to said processor;
  
  an input/output (I/O) system coupled to said processor;
  
  a user interface coupled to said I/O system;
  
  one or more sensors coupled to said processor, said sensors configured to provide context data associated with said platform;
  
  a secure sensor driver module configured to receive requests for said context data and, in response to said requests, provide said context data and an associated digital signature;
  
  a trusted execution environment (TEE) operating on said platform, said TEE configured to host said secure sensor driver module and restrict control access and data access to said secure sensor driver module and to said sensors; and
  
  one or more application modules configured to generate said requests, receive said context data, verify that said context data is received from said TEE based on said digital signature, and adjust a policy associated with said application based on said verified context data.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The mobile communication platform of claim 20, wherein said sensor is selected from the group consisting of an accelerometer, a global positioning sensor, a compass, a camera, a proximity sensor, a microphone, a gyroscope, a touch sensor, an ambient temperature sensor and an ambient light sensor.
  - 22. The mobile communication platform of claim 20, wherein said context data is selected from the group consisting of platform location, platform position, platform motion, user identification, temperature and noise level.
  - 23. The mobile communication platform of claim 20, wherein said policy is selected from the group consisting of mobile commerce payment policy, mobile commerce security policy and parental control of media viewing policy.
  - 24. The mobile communication platform of claim 20, wherein said platform is selected from the group consisting of a smartphone, a laptop computing device and a tablet.
  - 25. The mobile communication platform of claim 20, further comprising a plurality of said platforms, each configured to communicate over a wireless network.
  - 26. The mobile communication platform of claim 20, wherein said user interface is a touchscreen.
  - 27. The mobile communication platform of claim 20, wherein said user interface is a keyboard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
MediaTek, Inc.
Original Assignee
Intel Corporation
Inventors
Prakash, Gyan, Walker, Jesse, Dadu, Saurabh
Primary Examiner(s)
Jeudy, Josnel

Application Number

US13/611,862
Publication Number

US 20140075496A1
Time in Patent Office

881 Days
Field of Search

726 1- 5, 726/17, 726 26- 30, 713168-174, 713182-186
US Class Current

726/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/64   Protecting data integrity, ...

G06F 21/85   interconnection devices, e....

H04L 63/123   received data contents, e.g...

H04W 12/10   Integrity

H04W 12/128   Anti-malware arrangements, ...

H04W 12/65   Environment-dependent, e.g....

H04W 12/68   Gesture-dependent or behavi...

H04W 88/02   Terminal devices

Mobile platform with sensor data security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile platform with sensor data security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links