Location brokering for providing security, privacy and services

US 9,526,007 B2
Filed: 03/24/2014
Issued: 12/20/2016
Est. Priority Date: 11/01/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented process for obtaining location information concerning mobile computing devices each of which is associated with a user, comprising:

using a mobile computing device associated with a first user to perform the following process actions;

receiving one or more neighbor tuples from a location service, wherein each received neighbor tuple comprises an encrypted location message comprising at least an encryption of a location of a communication-enabled device associated with another user who is a member of a same group of users as the first user and who is currently located within a prescribed vicinity of the mobile computing device associated with the first user;

for each received neighbor tuple,obtaining a decryption key capable of decrypting the encrypted location message of the received neighbor tuple under consideration from a set of decryption keys known to the mobile computing device associated with the first user,decrypting the encrypted location message found in the received neighbor tuple under consideration via a decryption scheme corresponding to an encryption scheme used to encrypt a location message, using the obtained decryption key, andoutputting the location of the communication-enabled device found in the decrypted location message, and a user identifier identifying a user associated with that communication-enabled device; and

providing the location information for the mobile computing device associated with the first user, comprising,(a) capturing sensor data using one of more sensors associated with the mobile computing device associated with the first user wherein said sensor data is indicative of a location of the mobile computing device,(b) ascertaining a current time interval in which the current time falls,(c) computing an initialization vector for each group of users that the first user is a member of, wherein computing each initialization vector for a group comprises using a pseudorandom function applied to a group secret encrypting key shared among members of the group and the current time interval,(d) sending the captured sensor data, a username associated with the first user, and each of the computed initialization vectors to a position processing module which is accessible by the location service, and(e) repeating actions (a) through (d) at least once during each time interval.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Location brokering technique embodiments are presented that employ sensor data captured by a user'"'"'s mobile device to determine the device'"'"'s location, encrypt the location data and store it in a database. The location data is encrypted in such a way that it is possible to determine when a user'"'"'s mobile device is currently in the same vicinity as another user'"'"'s mobile device who is a member of the same group as the first user. However, the actual location and relative mobility or immobility of the users cannot be ascertained except by the users themselves via a decryption procedure or by trusted components. Services are provided can read the stored encrypted location data, processes it to determine if group members are in the same vicinity, and either respond to user queries about the location of other members of a group the user belongs to, or push this information to appropriate users.

16 Citations

15 Claims

1. A computer-implemented process for obtaining location information concerning mobile computing devices each of which is associated with a user, comprising:
- using a mobile computing device associated with a first user to perform the following process actions;
  
  receiving one or more neighbor tuples from a location service, wherein each received neighbor tuple comprises an encrypted location message comprising at least an encryption of a location of a communication-enabled device associated with another user who is a member of a same group of users as the first user and who is currently located within a prescribed vicinity of the mobile computing device associated with the first user;
  
  for each received neighbor tuple,obtaining a decryption key capable of decrypting the encrypted location message of the received neighbor tuple under consideration from a set of decryption keys known to the mobile computing device associated with the first user,decrypting the encrypted location message found in the received neighbor tuple under consideration via a decryption scheme corresponding to an encryption scheme used to encrypt a location message, using the obtained decryption key, andoutputting the location of the communication-enabled device found in the decrypted location message, and a user identifier identifying a user associated with that communication-enabled device; and
  
  providing the location information for the mobile computing device associated with the first user, comprising,(a) capturing sensor data using one of more sensors associated with the mobile computing device associated with the first user wherein said sensor data is indicative of a location of the mobile computing device,(b) ascertaining a current time interval in which the current time falls,(c) computing an initialization vector for each group of users that the first user is a member of, wherein computing each initialization vector for a group comprises using a pseudorandom function applied to a group secret encrypting key shared among members of the group and the current time interval,(d) sending the captured sensor data, a username associated with the first user, and each of the computed initialization vectors to a position processing module which is accessible by the location service, and(e) repeating actions (a) through (d) at least once during each time interval.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The process of claim 1, wherein each received neighbor tuple further comprises a group identifier identifying a group of users that the first user is a member of, and wherein the process action of obtaining a decryption key capable of decrypting the encrypted location message of the received neighbor tuple under consideration from a set of decryption keys known to the mobile computing device associated with the first user, comprises an action of obtaining a group decryption key associated with the group identifier found in the received neighbor tuple under consideration, and wherein the process action of decrypting the encrypted location message using the obtained decryption key, comprises an action of decrypting the encrypted location message using the obtained decryption key associated with the group identifier found in the received neighbor tuple under consideration.
  - 3. The process of claim 1, wherein the encrypted location message further comprises an encryption of the user identifier identifying the user associated with the communication-enabled device whose location was found in the decrypted location message.
  - 4. The process of claim 1, wherein the encrypted location message further comprises an encryption of a time the communication-enabled device whose location was found in the decrypted location message was at that location, and wherein the process action of outputting the location of the communication-enabled device found in the decrypted location message and the user identifier identifying the user associated with that communication-enabled device, further comprises an action of outputting the time the communication-enabled device was at the location.
  - 5. The process of claim 1, wherein the encrypted location message was encrypted using the encryption scheme comprising encrypting grid coordinates of a grid cell of a location grid in which the location of the communication-enabled device falls using a group encryption key and an initialization vector associated with the group.

6. A system for obtaining location information concerning mobile computing devices each of which is associated with a user, comprising:
- a mobile computing device associated with a first user; and
  
  a computer program having program modules executable by the mobile computing device, said mobile computing device being directed by the program modules of the computer program to,receive one or more neighbor tuples from a location service, wherein each received neighbor tuple comprises an encrypted location message comprising at least an encryption of a location of a communication-enabled device, wherein said location of the communication-enabled device was derived from sensor data captured using one of more sensors associated with the communication-enabled device, and wherein each received neighbor tuple comprises a group identifier identifying a group of users that the first user is a member of, and wherein the encrypted location message was encrypted using an encryption scheme comprising encrypting grid coordinates of a grid cell of a location grid in which the location of the communication-enabled device falls using a group encryption key and an initialization vector associated with the group of users, wherein the initialization vector associated with the group of users is computed based on a shared group secret key and a current time interval,for each received neighbor tuple,obtain a decryption key capable of decrypting the encrypted location message of the received neighbor tuple under consideration from a set of decryption keys known to the mobile computing device associated with the first user,decrypt the encrypted location message found in the received neighbor tuple under consideration via a decryption scheme corresponding to the encryption scheme used to encrypt a location message, using the obtained decryption key, andoutput the location of the communication-enabled device found in the decrypted location message, and a user identifier identifying a user associated with that communication-enabled device.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein the program module for obtaining a decryption key capable of decrypting the encrypted location message of the received neighbor tuple under consideration from a set of decryption keys known to the mobile computing device associated with a first user, comprises a sub-module for obtaining a group decryption key associated with the group identifier found in the received neighbor tuple under consideration, and wherein the program module for decrypting the encrypted location message using the obtained decryption key, comprises a sub-module for decrypting the encrypted location message using the obtained decryption key associated with the group identifier found in the received neighbor tuple under consideration.
  - 8. The system of claim 6, wherein the encrypted location message further comprises an encryption of the user identifier identifying the user associated with the communication-enabled device whose location was found in the decrypted location message.
  - 9. The system of claim 6, wherein the encrypted location message further comprises an encryption of a time the communication-enabled device whose location was found in the decrypted location message was at that location, and wherein the program module for outputting the location of the communication-enabled device found in the decrypted location message and the user identifier identifying the user associated with that communication-enabled device, further comprises a sub-module for outputting the time the communication-enabled device was at the location.
  - 10. The system of claim 6, wherein the one or more neighbor tuples received from the location service each represent a location of a mobile computing device associated with another user who is a member of a same group of users as the first user and who are currently located within a prescribed vicinity of the mobile computing device associated with the first user, and further comprising a program module for providing location information for the mobile computing device associated with the first user to the position processing module which is accessible by the location service, said program module comprising sub-modules for:
    - (a) capturing sensor data using one of more sensors associated with the mobile computing device associated with the first user wherein said sensor data is indicative of the location of the mobile computing device associated with the first user;
      
      (b) ascertaining a current time interval in which the current time falls;
      
      (c) computing an initialization vector for each group of users that the first user is a member of, wherein computing each initialization vector for a group comprises using a pseudorandom function applied to a group secret encrypting key shared among members of the group and the current time interval;
      
      (d) sending the captured sensor data, a username associated with the first user, and each of the computed initialization vectors to the position processing module; and
      
      (e) repeating sub-modules (a) through (d) at least once during each time interval.

11. A system for obtaining location information concerning mobile computing devices each of which is associated with a user, comprising:
- a mobile computing device associated with a first user; and
  
  a computer program having program modules executable by the mobile computing device, said mobile computing device being directed by the program modules of the computer program to,receive one or more neighbor tuples from a location service, wherein each received neighbor tuple comprises an encrypted location message comprising at least an encryption of a location of a communication-enabled device associated with another user who is a member of a same group of users as the first user and who is currently located within a prescribed vicinity of the mobile computing device associated with the first user;
  
  for each received neighbor tuple,obtain a decryption key capable of decrypting the encrypted location message of the received neighbor tuple under consideration from a set of decryption keys known to the mobile computing device associated with the first user,decrypt the encrypted location message found in the received neighbor tuple under consideration via a decryption scheme corresponding to an encryption scheme used to encrypt a location message, using the obtained decryption key, andoutput the location of the communication-enabled device found in the decrypted location message, and a user identifier identifying a user associated with that communication-enabled device; and
  
  provide the location information for the mobile computing device associated with the first user, comprising,(a) capturing sensor data using one of more sensors associated with the mobile computing device associated with the first user wherein said sensor data is indicative of a location of the mobile computing device,(b) ascertaining a current time interval in which the current time falls,(c) computing an initialization vector for each group of users that the first user is a member of, wherein computing each initialization vector for a group comprises using a pseudorandom function applied to a group secret encrypting key shared among members of the group and the current time interval,(d) sending the captured sensor data, a username associated with the first user, and each of the computed initialization vectors to a position processing module which is accessible by the location service, and(e) repeating actions (a) through (d) at least once during each time interval.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein each received neighbor tuple further comprises a group identifier identifying a group of users that the first user is a member of, and wherein the program module for obtaining a decryption key capable of decrypting the encrypted location message of the received neighbor tuple under consideration from a set of decryption keys known to the mobile computing device associated with the first user, comprises a sub-module for obtaining a group decryption key associated with the group identifier found in the received neighbor tuple under consideration, and wherein the program module for decrypting the encrypted location message using the obtained decryption key, comprises a sub-module for decrypting the encrypted location message using the obtained decryption key associated with the group identifier found in the received neighbor tuple under consideration.
  - 13. The system of claim 11, wherein the encrypted location message further comprises an encryption of the user identifier identifying the user associated with the communication-enabled device whose location was found in the decrypted location message.
  - 14. The system of claim 11, wherein the encrypted location message further comprises an encryption of a time the communication-enabled device whose location was found in the decrypted location message was at that location, and wherein the program module for outputting the location of the communication-enabled device found in the decrypted location message and the user identifier identifying the user associated with that communication-enabled device, further comprises a sub-module for outputting the time the communication-enabled device was at the location.
  - 15. The system of claim 11, wherein the encrypted location message was encrypted using an encryption scheme comprising encrypting grid coordinates of a grid cell of a location grid in which the location of the communication-enabled device falls using a group encryption key and an initialization vector associated with the group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Belenkiy, Mira, Jerez, Henry Nelson, Roeder, Thomas Michael, Dyor, Matt
Primary Examiner(s)
Joo, Joshua
Assistant Examiner(s)
Naji, Younes

Application Number

US14/223,469
Publication Number

US 20140205097A1
Time in Patent Office

1,002 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 9/0872   using geo-location informat...

H04L 9/14   using a plurality of keys o...

H04W 12/08   Access security

Location brokering for providing security, privacy and services

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Location brokering for providing security, privacy and services

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links