Location brokering for providing security, privacy and services
First Claim
1. A computer-implemented process for obtaining location information concerning mobile computing devices each of which is associated with a user, comprising:
- using a mobile computing device associated with a first user to perform the following process actions;
receiving one or more neighbor tuples from a location service, wherein each received neighbor tuple comprises an encrypted location message comprising at least an encryption of a location of a communication-enabled device associated with another user who is a member of a same group of users as the first user and who is currently located within a prescribed vicinity of the mobile computing device associated with the first user;
for each received neighbor tuple,obtaining a decryption key capable of decrypting the encrypted location message of the received neighbor tuple under consideration from a set of decryption keys known to the mobile computing device associated with the first user,decrypting the encrypted location message found in the received neighbor tuple under consideration via a decryption scheme corresponding to an encryption scheme used to encrypt a location message, using the obtained decryption key, andoutputting the location of the communication-enabled device found in the decrypted location message, and a user identifier identifying a user associated with that communication-enabled device; and
providing the location information for the mobile computing device associated with the first user, comprising,(a) capturing sensor data using one of more sensors associated with the mobile computing device associated with the first user wherein said sensor data is indicative of a location of the mobile computing device,(b) ascertaining a current time interval in which the current time falls,(c) computing an initialization vector for each group of users that the first user is a member of, wherein computing each initialization vector for a group comprises using a pseudorandom function applied to a group secret encrypting key shared among members of the group and the current time interval,(d) sending the captured sensor data, a username associated with the first user, and each of the computed initialization vectors to a position processing module which is accessible by the location service, and(e) repeating actions (a) through (d) at least once during each time interval.
3 Assignments
0 Petitions
Accused Products
Abstract
Location brokering technique embodiments are presented that employ sensor data captured by a user'"'"'s mobile device to determine the device'"'"'s location, encrypt the location data and store it in a database. The location data is encrypted in such a way that it is possible to determine when a user'"'"'s mobile device is currently in the same vicinity as another user'"'"'s mobile device who is a member of the same group as the first user. However, the actual location and relative mobility or immobility of the users cannot be ascertained except by the users themselves via a decryption procedure or by trusted components. Services are provided can read the stored encrypted location data, processes it to determine if group members are in the same vicinity, and either respond to user queries about the location of other members of a group the user belongs to, or push this information to appropriate users.
16 Citations
15 Claims
-
1. A computer-implemented process for obtaining location information concerning mobile computing devices each of which is associated with a user, comprising:
-
using a mobile computing device associated with a first user to perform the following process actions; receiving one or more neighbor tuples from a location service, wherein each received neighbor tuple comprises an encrypted location message comprising at least an encryption of a location of a communication-enabled device associated with another user who is a member of a same group of users as the first user and who is currently located within a prescribed vicinity of the mobile computing device associated with the first user; for each received neighbor tuple, obtaining a decryption key capable of decrypting the encrypted location message of the received neighbor tuple under consideration from a set of decryption keys known to the mobile computing device associated with the first user, decrypting the encrypted location message found in the received neighbor tuple under consideration via a decryption scheme corresponding to an encryption scheme used to encrypt a location message, using the obtained decryption key, and outputting the location of the communication-enabled device found in the decrypted location message, and a user identifier identifying a user associated with that communication-enabled device; and providing the location information for the mobile computing device associated with the first user, comprising, (a) capturing sensor data using one of more sensors associated with the mobile computing device associated with the first user wherein said sensor data is indicative of a location of the mobile computing device, (b) ascertaining a current time interval in which the current time falls, (c) computing an initialization vector for each group of users that the first user is a member of, wherein computing each initialization vector for a group comprises using a pseudorandom function applied to a group secret encrypting key shared among members of the group and the current time interval, (d) sending the captured sensor data, a username associated with the first user, and each of the computed initialization vectors to a position processing module which is accessible by the location service, and (e) repeating actions (a) through (d) at least once during each time interval. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for obtaining location information concerning mobile computing devices each of which is associated with a user, comprising:
-
a mobile computing device associated with a first user; and a computer program having program modules executable by the mobile computing device, said mobile computing device being directed by the program modules of the computer program to, receive one or more neighbor tuples from a location service, wherein each received neighbor tuple comprises an encrypted location message comprising at least an encryption of a location of a communication-enabled device, wherein said location of the communication-enabled device was derived from sensor data captured using one of more sensors associated with the communication-enabled device, and wherein each received neighbor tuple comprises a group identifier identifying a group of users that the first user is a member of, and wherein the encrypted location message was encrypted using an encryption scheme comprising encrypting grid coordinates of a grid cell of a location grid in which the location of the communication-enabled device falls using a group encryption key and an initialization vector associated with the group of users, wherein the initialization vector associated with the group of users is computed based on a shared group secret key and a current time interval, for each received neighbor tuple, obtain a decryption key capable of decrypting the encrypted location message of the received neighbor tuple under consideration from a set of decryption keys known to the mobile computing device associated with the first user, decrypt the encrypted location message found in the received neighbor tuple under consideration via a decryption scheme corresponding to the encryption scheme used to encrypt a location message, using the obtained decryption key, and output the location of the communication-enabled device found in the decrypted location message, and a user identifier identifying a user associated with that communication-enabled device. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for obtaining location information concerning mobile computing devices each of which is associated with a user, comprising:
-
a mobile computing device associated with a first user; and a computer program having program modules executable by the mobile computing device, said mobile computing device being directed by the program modules of the computer program to, receive one or more neighbor tuples from a location service, wherein each received neighbor tuple comprises an encrypted location message comprising at least an encryption of a location of a communication-enabled device associated with another user who is a member of a same group of users as the first user and who is currently located within a prescribed vicinity of the mobile computing device associated with the first user; for each received neighbor tuple, obtain a decryption key capable of decrypting the encrypted location message of the received neighbor tuple under consideration from a set of decryption keys known to the mobile computing device associated with the first user, decrypt the encrypted location message found in the received neighbor tuple under consideration via a decryption scheme corresponding to an encryption scheme used to encrypt a location message, using the obtained decryption key, and output the location of the communication-enabled device found in the decrypted location message, and a user identifier identifying a user associated with that communication-enabled device; and provide the location information for the mobile computing device associated with the first user, comprising, (a) capturing sensor data using one of more sensors associated with the mobile computing device associated with the first user wherein said sensor data is indicative of a location of the mobile computing device, (b) ascertaining a current time interval in which the current time falls, (c) computing an initialization vector for each group of users that the first user is a member of, wherein computing each initialization vector for a group comprises using a pseudorandom function applied to a group secret encrypting key shared among members of the group and the current time interval, (d) sending the captured sensor data, a username associated with the first user, and each of the computed initialization vectors to a position processing module which is accessible by the location service, and (e) repeating actions (a) through (d) at least once during each time interval. - View Dependent Claims (12, 13, 14, 15)
-
Specification