Attested sensor data reporting

US 9,787,667 B2
Filed: 10/16/2012
Issued: 10/10/2017
Est. Priority Date: 10/16/2012
Status: Active Grant

First Claim

Patent Images

1. A mobile device comprising:

a memory tangibly storing executable instructions;

a sensor; and

a first processor configured with the memory and executable instructions to cause the mobile device to;

in response to receiving a first challenge from an online service, verify an identity of an application using an application identifier generated by a trusted zone of the first processor and after verifying the identity send to the online service a property signature (sig) created with at least the first challenge, a public key (PK) of the application and a device certificate (devCert) issued by a trusted authority, and after sending the sig, PK and devCert;

receive a second challenge from the online service;

read sensor data associated with the application from the sensor, wherein the sensor data comprises data associated with the location or position of the mobile device;

create a sensor data signature (S) by the trusted zone of the first processor based on the sensor data; and

send the sensor data signature, the second challenge and the sensor data to the online service for enabling the online service to attest the validity of the sensor data by verifying the second challenge and the sensor data signature using the public key of the application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A apparatus and a method for attested sensor data reporting, wherein a challenge is received from an online service; sensor data is read; and a sensor data signature based on the sensor data is created and sent to the online service.

Citations

13 Claims

1. A mobile device comprising:
- a memory tangibly storing executable instructions;
  
  a sensor; and
  
  a first processor configured with the memory and executable instructions to cause the mobile device to;
  
  in response to receiving a first challenge from an online service, verify an identity of an application using an application identifier generated by a trusted zone of the first processor and after verifying the identity send to the online service a property signature (sig) created with at least the first challenge, a public key (PK) of the application and a device certificate (devCert) issued by a trusted authority, and after sending the sig, PK and devCert;
  
  receive a second challenge from the online service;
  
  read sensor data associated with the application from the sensor, wherein the sensor data comprises data associated with the location or position of the mobile device;
  
  create a sensor data signature (S) by the trusted zone of the first processor based on the sensor data; and
  
  send the sensor data signature, the second challenge and the sensor data to the online service for enabling the online service to attest the validity of the sensor data by verifying the second challenge and the sensor data signature using the public key of the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The mobile device according to claim 1, whereinthe identity of the application is verified using a parameter (p) selected by the application and the application identifier of the application.
  - 3. The mobile device according to claim 2, wherein the first processor is configured with the memory and executable instructions to cause an attestation component to determine the application identifier of the application.
  - 4. The mobile device according to claim 1, wherein the first processor is configured with the memory and executable instructions to cause the trusted zone to create the sensor data signature from the second challenge, the sensor data and the application identifier of the application.
  - 5. The mobile device according to claim 1, wherein the first challenge is a nonce;
    - a property (p) of the application is used to verify the identity of the application;
      
      and the property signature (sig) is created with at least the nonce, the public key (PK), the device certificate (devCert), and the property (p).
  - 6. The mobile device according to claim 5, wherein the first processor is configured with the memory and executable instructions to cause the application to select the property.
  - 7. The mobile device according to claim 5, wherein the first processor is configured with the memory and executable instructions to cause an attestation component to verify the identity of the application.
  - 8. The mobile device according to claim 5, wherein the first processor is configured with the memory and executable instructions to cause the trusted zone to create the property signature.

9. A method for operating a mobile device comprising a sensor and a first processor, the method comprising:
- in response to receiving a first challenge from an online service, verifying an identity of an application using an application identifier generated by a trusted zone of the first processor and after verifying the identity sending to the online service a property signature (sig) created with at least the first challenge, a public key (PK) of the application and a device certificate (devCert) issued by a trusted authority, and after sending the sig, PK and devCert;
  
  receiving a second challenge from the online service;
  
  reading sensor data associated with the application from the sensor, wherein the sensor data comprises data associated with the location or position of the mobile device;
  
  creating a sensor data signature (S) based on the sensor data by the trusted zone of the first processor; and
  
  sending the sensor data signature, the second challenge and the sensor data to the online service for enabling the online service to attest the validity of the sensor data by verifying the second challenge and the sensor data signature using the public key of the application.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method according to claim 9, wherein verifying the identity of the application comprises using a parameter (p) and the application identifier of the application.
  - 11. The method according to claim 9, wherein an attestation component of the mobile device determines the application identifier of the application.
  - 12. The method according to claim 9, wherein the trusted zone creates the sensor data signature from the second challenge, the sensor data and the application identifier of the application.
  - 13. The method according to claim 9 wherein:
    - the first challenge is a nonce;
      
      a property (p) of the application is used for verifying the identity of the application;
      
      and the property signature sig is created with at least the nonce, the property, the device certificate and the public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Technologies Oy (Nokia Corporation)
Inventors
Kostiainen, Kari
Primary Examiner(s)
LYNCH, SHARON S

Application Number

US14/435,415
Publication Number

US 20150281219A1
Time in Patent Office

1,820 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Attested sensor data reporting

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Attested sensor data reporting

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links