Mobile platform with sensor data security
First Claim
1. A method for securely providing context sensor data, said method comprising:
- configuring one or more sensors to provide context data, said context data associated with a mobile device;
providing an application programming interface (API) to a sensor driver, said sensor driver configured to control said sensors;
providing a trusted execution environment (TEE) operating on said mobile device, said TEE configured to host said sensor driver and restrict control access and data access to said sensor driver and to said sensors;
generating a request for said context data through said API, said request generated by an application associated with said mobile device;
receiving, by said application, said requested context data and a validity indicator through said API, wherein said validity indicator is generated by said TEE;
verifying, by said application, that said requested context data is received from said TEE based on said validity indicator; and
adjusting a policy associated with said application based on said verified context data.
2 Assignments
0 Petitions
Accused Products
Abstract
Generally, this disclosure describes devices, methods and systems for securely providing context sensor data to mobile platform applications. The method may include configuring sensors to provide context data, the context data associated with a mobile device; providing an application programming interface (API) to a sensor driver, the sensor driver configured to control the sensors; providing a trusted execution environment (TEE) operating on the mobile device, the TEE configured to host the sensor driver and restrict control and data access to the sensor driver and to the sensors; generating a request for the context data through the API, the request generated by an application associated with the mobile device; receiving, by the application, the requested context data and a validity indicator through the API; verifying, by the application, the requested context data based on the validity indicator; and adjusting a policy associated with the application based on the verified context data.
-
Citations
27 Claims
-
1. A method for securely providing context sensor data, said method comprising:
-
configuring one or more sensors to provide context data, said context data associated with a mobile device; providing an application programming interface (API) to a sensor driver, said sensor driver configured to control said sensors; providing a trusted execution environment (TEE) operating on said mobile device, said TEE configured to host said sensor driver and restrict control access and data access to said sensor driver and to said sensors; generating a request for said context data through said API, said request generated by an application associated with said mobile device; receiving, by said application, said requested context data and a validity indicator through said API, wherein said validity indicator is generated by said TEE; verifying, by said application, that said requested context data is received from said TEE based on said validity indicator; and adjusting a policy associated with said application based on said verified context data. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A device for mobile communication, said device comprising:
-
a memory coupled to a processor; one or more sensors configured to provide context data, said context data associated with said device; a secure sensor driver module configured to receive requests for said context data and, in response to said requests, provide said context data and an associated validity indicator; a trusted execution environment (TEE) operating on said device, said TEE configured to host said secure sensor driver module, generate said validity indicator, and restrict control access and data access to said secure sensor driver module and to said sensors; and one or more application modules configured to generate said requests, receive said context data, verify that said context data is received from said TEE based on said validity indicator, and adjust a policy associated with said application based on said verified context data. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium having instructions stored thereon which when executed by a processor result in the following operations for securely providing context sensor data, said operations comprising:
-
configuring one or more sensors to provide context data, said context data associated with a mobile device; providing an application programming interface (API) to a sensor driver, said sensor driver configured to control said sensors; providing a trusted execution environment (TEE) operating on said mobile device, said TEE configured to host said sensor driver and restrict control access and data access to said sensor driver and to said sensors; generating a request for said context data through said API, said request generated by an application associated with said mobile device; receiving, by said application, said requested context data and a validity indicator through said API, wherein said validity indicator is generated by said TEE; verifying, by said application, that said requested context data is received from said TEE based on said validity indicator; and adjusting a policy associated with said application based on said verified context data. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A mobile communication platform comprising:
-
a processor; a memory coupled to said processor; an input/output (I/O) system coupled to said processor; a user interface coupled to said I/O system; one or more sensors coupled to said processor, said sensors configured to provide context data associated with said platform; a secure sensor driver module configured to receive requests for said context data and, in response to said requests, provide said context data and an associated digital signature; a trusted execution environment (TEE) operating on said platform, said TEE configured to host said secure sensor driver module and restrict control access and data access to said secure sensor driver module and to said sensors; and one or more application modules configured to generate said requests, receive said context data, verify that said context data is received from said TEE based on said digital signature, and adjust a policy associated with said application based on said verified context data. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
Specification