Attested sensor data reporting
First Claim
Patent Images
1. A mobile device comprising:
- a memory tangibly storing executable instructions;
a sensor; and
a first processor configured with the memory and executable instructions to cause the mobile device to;
in response to receiving a first challenge from an online service, verify an identity of an application using an application identifier generated by a trusted zone of the first processor and after verifying the identity send to the online service a property signature (sig) created with at least the first challenge, a public key (PK) of the application and a device certificate (devCert) issued by a trusted authority, and after sending the sig, PK and devCert;
receive a second challenge from the online service;
read sensor data associated with the application from the sensor, wherein the sensor data comprises data associated with the location or position of the mobile device;
create a sensor data signature (S) by the trusted zone of the first processor based on the sensor data; and
send the sensor data signature, the second challenge and the sensor data to the online service for enabling the online service to attest the validity of the sensor data by verifying the second challenge and the sensor data signature using the public key of the application.
1 Assignment
0 Petitions
Accused Products
Abstract
A apparatus and a method for attested sensor data reporting, wherein a challenge is received from an online service; sensor data is read; and a sensor data signature based on the sensor data is created and sent to the online service.
-
Citations
13 Claims
-
1. A mobile device comprising:
-
a memory tangibly storing executable instructions; a sensor; and a first processor configured with the memory and executable instructions to cause the mobile device to; in response to receiving a first challenge from an online service, verify an identity of an application using an application identifier generated by a trusted zone of the first processor and after verifying the identity send to the online service a property signature (sig) created with at least the first challenge, a public key (PK) of the application and a device certificate (devCert) issued by a trusted authority, and after sending the sig, PK and devCert; receive a second challenge from the online service; read sensor data associated with the application from the sensor, wherein the sensor data comprises data associated with the location or position of the mobile device; create a sensor data signature (S) by the trusted zone of the first processor based on the sensor data; and send the sensor data signature, the second challenge and the sensor data to the online service for enabling the online service to attest the validity of the sensor data by verifying the second challenge and the sensor data signature using the public key of the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for operating a mobile device comprising a sensor and a first processor, the method comprising:
-
in response to receiving a first challenge from an online service, verifying an identity of an application using an application identifier generated by a trusted zone of the first processor and after verifying the identity sending to the online service a property signature (sig) created with at least the first challenge, a public key (PK) of the application and a device certificate (devCert) issued by a trusted authority, and after sending the sig, PK and devCert; receiving a second challenge from the online service; reading sensor data associated with the application from the sensor, wherein the sensor data comprises data associated with the location or position of the mobile device; creating a sensor data signature (S) based on the sensor data by the trusted zone of the first processor; and sending the sensor data signature, the second challenge and the sensor data to the online service for enabling the online service to attest the validity of the sensor data by verifying the second challenge and the sensor data signature using the public key of the application. - View Dependent Claims (10, 11, 12, 13)
-
Specification