SYSTEM AND METHOD FOR ENFORCING
LOCATION PRIVACY 'USING RIGHTS MANAGEMENT
FIELD OF THE INVENTION
5 The present rnventlon relates to infi~rmation privacy over computer networks, and
more part~cularly, enforc~ng lacat~on pnvacy on a computer nchvork using rlghts
management
BACKGROUND OF THE INVENTION
In many countrres, i~lcludlngt he United States, governments have begun mandat~ng
10 that moblle senlce providel-s must be able to deterrn~neth e locatlon of a rnoblle devlce wth
a certam degree of accuracy For example, some mandates requlre that mobile service
prov~ders must be able to determ~ne the location for a mobile device withln a 100-meter
radius of the mobile dev~ce WhiIs the Impetus bchmd these tnandates has been the neeh to
locate a moblle devrce for emergency services, a byproduct of the abil~tyto rlstermlne the
15 locatlon of a rnobrle dev~ceI S that the location information rray be used by more than just
emergzllcy servlces In fact, an entrre locatron-based serv~crin dustry has ansen xound the
ability to provrde locatron rnforma~on of a rnob~le device to so-called location consumers
Locat~onc ollsumers nlay rnclude the mobile dev~ccu ser, fmily, frrends, buslness owners,
fleet managers, and the like
2 0 Locclhon information can be estremely valuabie, hence the rise of the lowt~on-bnssd
servlce Industry However, locatlon lnformatron can be extremely sensitive In nature
PvIoblle dev~ces. mcludmg, but not lrm~ted to, moblle phones, personal d~gtal ass~stants
FIGURE 2 may serve to IIlustrate that the services provldeil by the location-based senrlce
provldrr may be ~ncorpornted Into the mobile service provtder 104, or dtrsrnatlvely. may be
Incorporated Into the locat~onc onsumer 1 12
In order for the moblle servlce provlder 104 to val~dateth dt only authonzed location
5 consumers gain access to locat[on ~nforrnatron,t he moblle service provlder l l ~ u s tb e able to
islentlfy thz authonzed locatlon consumers from the unautl~onzed location consumers
Rather than provtdlng the mobile service prov~der1 04 a l~sot f authorlzed consumers. which
must 1nvari3bly be collstantly updated, according to the present lnvent~on,th e mub~led evlce
user issues a Ilcense to a Iocstlon consunler, such as locatlon consumer 112 Through a val~d
10 l~censet,h e nlobllz service prov~der1 04 IS able to rdentdy an authorlzed locat~onc onsumer
fro111 an unauthor~zed locatlon consumer According to aspects of the present Invention, thls
Ilcenss can only be issued by the mobile device user, unlquely ldent~fies the location
consumer, and camlot be altered wltl~outd estroyrng the valicl~tyo f the l~censz Add~t~crnally.
as wllI be descnbsd in greater detsll below, the license includes any cond~tlons that the
15 rnoblle dev~ceu ser places on the access or use of the locatlon ~nformstion
The present lnventlon uses varlous encryptlon technologies to secure a license aga~nst
forgery In partic~llar, when a location consumer 1 I2 requests a l~cense from the rnoblle
deuce user, the mobile devlce user, tjp~callyv ia a computmg device, encrypts all or some of
the information In, or related to, the l~cense The moblle servlce prov~der1 04 uses a
20 decrvptlon key to decrypt the encrypted lnfo~matiolm~ the License (whlch accolnpantes the
locat~onr equest from the location consumer 112) to detennine ~f the location consumer 1s
authonzed If the ~nforination decrypts appropriately, and corresponds to the requesting
locatlon consumer, then the mobile servlce prov~der 104 detemunes that the llcense IS thus
far val~d and the location consumer 112 1s thus far author~zed to access the locat~on
25 infomatlon
Whlle many encrypt~on technolog~es may be used, the present lnvenlon preferably
uses dtgltal slgnatwe techniques that lnclude a publ~c key/pnvate key parr, sometlmcs
referred to a asy~unetnck eys. to encrypt aid decrypt I~censere lated lnfarnlat~on Thus, with
reference to FIGURE 2, tlie mobile device user has been ~ssueda encryptlon key par 204 for
30 d~glt:llly slgnlng electronic inf'ormatlon, colllpnslng a publlc key 206 and a prlvnte key 208
Thus, the mobrlr devlce user dlgltally slgns the lrcense ~ssuedto the locat1011 consumer 112
using the mob~le dev~ce user's pr~vate key 208 Corresponlngly, the mob~le servlce
provlder 104 verrfies that a drgrtally slgned I~censeo btalned from a location consumer 1 12 IS
valld, usrng the rnoblle devlce user's puhllc key 206 D~gltsll certficates and authent~cat~on
5 using d1grh1c ertificates are well known in the art Briefly stated however, the mob~led evice
user d~gitallys lgns the lrcense by execut~nga secure hash on all or some of the license, and
encrypts the results of the hash with the mob~le devrce user's private key 208 To vnl~date
that the information (Ilcenss) 1s val~dt.h e mobile servlce provlder 104 also executes the same
hash otl the license, decrypts the encrypted hash results usll~gth e rnobllt: device user's puhl~c
10 key 306, and compares the hash results If they match, then the I~ctlnse IS valid
Alternntlvely, ~f they do not match, then the I~censc 01. encrypted hash results have been
tampered wl tli
It should be noted that wh~le FIGURE2 ~llustrates a mobile devlce user's
computer 302, In fact the mobile dzvrce ~rser'sc omputer rnay be the moblle devlce 102 For
IS example, n lllobile devlce 102 may be a hybnd communlcntlon devrceicomput~ng devlce
with the ablllty to generate licenses In response to a Ilcensc request
As part of lhs ~nlt~alrzatiothna t must take place. the nlobrle devlce user deilvers the
mobile devlce user's publ~ck ey 206 to the moblie szrvicc provider Those slillled in the art
w~lrle cognrze that delrvery shoilld be performed In a trusted manner, 1 e , one In which the
30 rnob~le service prov~der 104 can be confident that ~t is ohtairlmg the mobile devrce user's
publrc key 206 from the moblle dzv~ceu ser Once the r~iob~sleer vrce provrder 104 has the
mob~led evice user's publ~ck ey 206, the mobrle service provider IS able to val~datell censes
that are created us~ngth e moblle devlce user's pnvate key 208
Wrth regard to FIGURE 2 and ~ t dse scnpt~ona, label that rncludes a subscr~pitm plres
35 that that ]tern has been encrypted. or d gitally srgned, and ~dent~fiethse onglnntor of the
sncryptioldsignat~ as we11 as the key by which it 1s encrypted/drg~tally slgned For
example, the label for llcense 215 reads ' LICENSEhl" pvT" This means that the license 118
llas been d~gitnlly srpled by the mob~le devrce user (MU) usmg the mobite devrce user's
prrvate key (PVT) Slrnilnrly, the Label for the location response222 reads
blSFT2LY>AF DOC
"LOCATIONLc pLr8'' whlch meaos the locatlon response 1s encrypted usmg the locatlon
cot~umefs[L C) publlc key (PUB)
As part of the ~mt~al~zatolof nth e present inbentlon the location consumrr is also
issued m encryplron key paw 2 10, comprlslng a publlc key 21 2 and 3 pnvate key 2 14 Thls
5 encryption key palr 210 is used to ensure that locat~on~ nformat~oanh out the mobile
devrcc 102 1s sec~lreda s ~t IS transferred from the mob11e servlce prov~der1 04 to the locahon
consumer 1 12
On OCC~SIOII, the locatlon consumer 112 itself represents a security risk to securlng
the locat~on ~nforrnatron of the mobrle device 102 For exzunple, a locat~on consumer 112
10 could dlstrrbute locatlon lnforniat~ono f the mobile drv~ce1 02 aAer havlng received and
decrypted it Furthermore, w~thty p~calp ubllc keylpr~vatek ey palrs. such as key pair 210,
the protected lnforrnatlon is only secure so long as the location consumer 112 keeps ~ t s
pnvate key 214 prlvate Once another person 1s In possession of the location consumer's
private key 214, lnformntion protected uslng the locat~onc onsumer's publlc key 212 nlay be
15 accessed
Accord~ngto one ernbodlment of the present ~nventronI,n order to fiuther ensure that
location lnformat~on nlade available to the location consumer I 12 stays wlth the location
consumer, the locat~onc onsumer must have a d~gltaln ghts managenlent lock-box installed
Digital rlghts management lock-boxes, also referred to as dig~hl rights management
30 black-boxes, are generally descrlbrd In U S Provisional Patent Appllcatlon No 601126,614,
filed March 27, 1999, enhtled Etfurcernelrl Ar~hrtecrrv~un. d Ahfhod jbr Drgitnl RlgJtt~
A.lanagernenr, which IS ~ncorp~ratehder em by reference
Generally spraklng. a d~gltalr tghts management lock-box (hereafter "lock-box"), is
~nstalled on the locatton consumer's computer 142 vls m activation process using a trusted
25 dlg~talr ~ghtsm anagement actlvntion servlce Th~sa ct~vat~opnr ocess authent~catct~h e
rdziltlty of the locatlon con,surner 112, and once authent~cated, rnstalls a lock-box ontv the
computer Ths lock-box IS both unique to the locot~on consumer (user) and the 1oc:ltion
consun~er's computer 112 In other words, the lock-bos cannot be transferred from one
computer to another Add~tioaally, the act~vatron process provldes the locatlon
30 consunlcr 112 w~than encryption key palr 210, lncludillg both a publlc key 212 and a prlvate
key 214 To ensure that they pr~vate key 214 remalns pnvate, the pnvate key is securely
embedded In the lock-box As such the user (locatlon consumer) does not know or have
access to the prlvate key 214 The location consumer 112 must therefore use the lock-box to
access ~nforlnatlole~n crypted with the locat~onc onsumer's publlc key 2 12 The octlvat~on
5 process also provldes a11 ~dentity certlficote to the locatlon consumer This identay
certlficate includes an tdentlficr or token that ~miqusly~ dent~titehse locat~onc onsumer 112.
the publlc kzy 212, and poss~blyo ther information Th~s~ dent~tcye rt~ficatei s d~gltally
s~gnedb y the nctlvatlon senlice's pr~vatek ey, md can be vsl~dntedb y LISIII~th e act~vat~on
scrv~cr'sp ublrc key As is understood by those shlled In the art, the ilctivat~ons ervice's
10 public key may be widely publ~sheda nd/or made availcltrle though trusted parks
As shown In FIGURE 2, the locat~onc onsumer 1 I2 Issues a llcense request 21 6 to the
nlob~lrd evice user. or more part~cularly,t o the mobile device user's computer 202 Ths IS
typ~cally accomplished over a network uslng a network protaol, such as TCP/IP After
rrlcelvlng the I~censer equest 316, the moblle dev~ceu ser IS free to issue a I~censeo, r deny the
15 hcense request Preferably, the Ilcense request 2 16 poslt~vely ident~lies the locrtt~on
consumer, such that the moblle device user C ~ I I be confident timt tlxe Ilcense 1s lssued to a
trusted locatlon consunler In one smbodlrnent, when the locat~onc ons~uner1 12 is tnstdled
with a lock-box, the licetlse request 21 6 IS accompanied by or ~trcludest he ~dent~cteyr tificate
for the location co~lsmer1 12, thereby posit~velyi delltrfy~ngt he locatlon consumer to the
20 moblle devlce user The mobile devlce user can use the achvatlon serv~ce's publ~c key to
balldate the ldentlty cert~ficatefo r the locat~onc onsumer I I2
The license request '716 also Gontalns the locatlon consumer's publ~ck ey 312 In one
embodiment, when the locatlon consumer 112 IS installed wlth a lock-box, the publlc
key 3 12 1s contcl~nrdI n the ldentlty certlficate that accornpanles the llcense request 21 6
25 If the rnobllc dev~ceu ser decrdes to ~ssuen l~censeto the locat~onc onsiuner 112. the
moblle devrce ustr may also specify, In the Ilcense, any contlrtions on the use of location
lnforrnatlon Cor.d~tionso f tEe include, but are not l~mltedt o, the number of tlrnes the
lrcense may be used to access location ~nformat~otnh,e tunes of day that the license may he
used, the days of the week that the license may be used, a block of t~me(d ays, hours. etc )
30 that the l~cense is val~d, that locstion ~nfornlation may be accessed only Lf the locat~on
MSFlYL5O.W DOC - 10-
corresponds to a part~cular region or area, the accuracy/spec~ti c~tyo f locatlon ~nformat~on.
i e . that the accurac.y be drluted before returning ~t to the locntlon consumer, the appl~catlons
or types of applications that may use the location ~nformst~onan, d whether the lnformat~on
may be d~stributedb eyond the location consumer In addltlon to access and use cond~tions,
5 the llcense wrll also tncludc, but is not l~mitedto , an rden~tj'lert hat unlquely rdent~fiesth e
Iocatlon consumer, such as an ~dent~fizr/tokethna t unlqucly ldent~liesth e locatlon consumer,
the tdentity cert~ficated ~scusseda bove, or the public key 213. to whom the lrcense wlil be
issued, and s valld~tyt ~mep erlod ~dcntifylr~tghe time penod durrng whlch the lrcense IS
valld The Ilcense w~lla lso Include an identifierftoken that uniquely idsntlfies the mub~le
10 device user Th~sId entifier can be the moblle dev~ceu seh account number. phone number
or some other unique ~dentlfier
After determmng [he terms of the llcense, the mobtle devtce user, or more
specifically, the nlobile devlce user's computer 202 dlgita!ly slgns the infomatton using the
mob~led evlce user's private key 208 The result IS the completed I~cense3 18 (hereafter
15 "license") It should be noted that, for s~rnpllc~Itny descrrptton, wlule the present discussion
is dmcted at s slngle I~censef rom the rnobllz devrce user, In fact a moblle devlce tser, vla
the computer 202, may issue more than one license in response to a license request 216
The I~cense2 18 IS generated such that ~t uniquely autl~orizes the locatlon
consumer 112 to access Iocstlall infornlatlon for the mob~le devlce 102 according to the
30 condlt~onsln cluded In the llcrnse Additionally. the llcense 2 18 1s d~g~talsllyg ned such that
any modiflcat~on \all render the l~cense lnvalld Thus, a l~cense callnot be surreptit~ously
rnod~tiedt o permit anotl~erlo catron consumer to access the Ioc.nt~onr nfonnstion
As those skllled In the art w11l appreciate, using publlc key/pnvate key teclmology,
~nformation encrypted wtth a private key call only be decrypled usmg the correspond~ng
25 publlc key Sunllarly, lnfolmation encrypted with a publ~ck ey can only be decrypted using
the corresponding pnvate key Hence, by delrvertng the mobile device i~ser'sp ublrc key 206,
the mobrle device user enables the rnoblle servlce prov~der1 0.1 to valrdste that the
license 21 8 1s an authentic license ~ssuedto the locatlon consumer 1 13
It should be noted that whle the present ~llventlon preferably uses digital s~patures,
30 to secure the ilcense 2 18, ~t 1s not a necessary element What IS required 1s tl.xlt the moblle
servlct: prov~der1 04 be able to somehow ~dent~fay I~cense. such as 11censell8, as
authent1caUp issued to a location consumer 112
With a v3ildly issued license 218, the locat~on consumer 113 can issue a Iocat~on
request 220 to the moblle srrvlce provlder 104, either d~rectly or ~nduectly through a
5 location-based ssrv~ce prov~der1 10 (FIGURE 1) The location request 220 typically
includes the l~cense2 18, and may Include add~tlonal~ nforrnatlorl In one cmbodlment. where
the locatlnn consumer 112 is installed wth a lock-bos and the license 218 contans an
~dentifier/token ident~fylng the locnt~on consumer. but does not contaln the consumer's
rdentity cert~ficate, rathcr the locat~on request IS accompanied by the locatton consumer's
10 ldentlty certificate
As ment~oneda bove, while the present d~scuss~odnes cribes the eschange of just one
l~cense2 1 8, it moblie dev~ceu ser may issue mult~plel icenses to the location consumer I 12
Slm~larly,w hile the present d~scusslond escribes that the locatlon consumer 112 submits a
s~ngleI ~censtt:o the moblle servlce provider 104, m an alternat~vee ~nbodlment,t he locat~on
15 consumer may submlt the plural~tyo f license obtaned form the rnoblle dec~ceu ser In the
locatlon request 220 When recelvlng rnult~ple llcenses from a locat~on consumer 112, ~t 1s
left up to the mob~lese rvlce provtder 104 to select the llcense that 1s most appropriate
Generally speaking. upon rccelvlng the locatron request 220, the moblle service
provider 104 first deternunes ~f the Iocanou request 220 1s vdid To thls end, the mobrlc
20 servlce provider 104 ver~fiest hat the l~cense2 18 IS valid usrng the moblle dcvlce user's
publlc key 106, and valldatlng that tile license was issued to d ~ leo cat~onc onsumer 112 uslng
the location consumer's publlc key 2 17 (and ldeutlfy cert~ficate ~f Included ) As w~ll be
discussed below, other processlng may also occur to determine that the locat~on consimer
may obta~nlo cation l~lforrnatlonr egard~ngth e mob~led evice 102
2 5 After val~datrng that the locatlon request 220 IS n valid request, the rnob~le servlce
prov~der1 94 obtslns tile locat~on lnfo~mat~oonf the rnobrle dev~ce1 02 (FIGURE l),
performs any processlng speaiicd 111 the cond~t~onofs the license 2 18, encrypts the locatlon
infamt~onus lng the Looatron consumer's publlc key 2 12, and returns a location rnfornmt~on
response 273, to the location consumer 112, e~ther d~rectly or ~nd~rectlyth rough the
30 Iocatron-based service prov~der 11 0 (FIGURE 1)
MStIC:J5UAP DOC - 12-
In one embodiment (not shown), when the locat~onc onsumer 112 IS ~nstalledw it11 a
lock-box, tlte mobile servlce prov~derI 04 ind~rectlye ncrypts the locatlon response \nth the
locat~oil consumer's publ~c hey 212 In this case. the mobile servtce provider 104 encrypts
the locat~onr dorrnat~onw ith a symmetric eiliryptlon key. 1 e , n key wh~ch1s used to both
5 encrypt and decrypt the location lnformation Thrs symmetrrc key IS then encrypted with
locatlon consumer's puhl~c key 212 In th~s manner. the location infornlatlon 1s only
"~ncllrectly" encrypted wrth the locatlon consumer's publli: key 2 12 If the locatloll
~nformztmnr, ather than the symlnrtrtc key, IS encrypted using the lvcatiol~c onsumer's publrc
key 212, then the locatlon ~nformat~oISn d ~rectlye ncrypted with the publlc key 212 The net
10 result of encrypting the locatlon ~nformat~onan, d symmetric key if used, 1s that the rnoblle
servlce provlcler 104 generates a location-consumption l~cetlse that enables the locat1011
consumer's lock-box to decrypt the encrypted locatlon response
By encrypting the locatlon ~nforrnntlon, dlrectly or lndlrectly. uslng the locat~on
consumer's public key 2 12, only someone WI th the locatlon cous~uner's corresponding pnvate
I5 key 214 IS able to decrypt the locatlon lnformat~on If this lnlbrrnatloll IS embedded UI a
lock-box, only the locat~on consumer can access the locat~on inforrnst~on In one
embodrment. and sunliar to the Ilcense issued to the Ioc.at~on consun~er, the locat~on
nsponse 222 1s encrypted such that any modlficat~on,s uch as altenng use condt~onsp laced
on the locatron ~nformation, renders the locatron response tinusable, lncludlng the locatlon
30 ~nformatlon Thus, the locat~on ~nformatlc?~1s ~ securely del~vered to the Iocat~on
consumer 1 I?, even over networks andlor ~nfrastructures where unauthonzed ~ndlvldurils
may gain access to the locat~onr esponse
In one zrnbodln~ent, the Iocatlon-consumphon l~cense may corltaln addlhonal
restrictlolls on the usage of the locst~onl nformation These rcstnct~onsin cIude, but are not
25 llnlltecl to, the number of times the llcense can be used to decrypt the location ~nformat~on, '
the t~mpee rlod LLI which the license can he used, and the apphcnt~onst h ~cta n use (or ~311n ot
use) the lnformation access~bleth rough the license
As nlent~oned above. the moblle service psovlder 104 includes tile nlobile servlce
prov~derm frastructure 108 that provides the rnoblle service to the moblle dewce 102, as well
30 as a locatton ~nfclrr~~ats~ero\.ne r 106 for processrrlg the locst~onr equests as described above
MSF KSLIY~AID' lK -1 3-
FIGURE 3 1s a block dragram ~llustratrnge xemplary components of s location tnforn~at~on
server 106 silltable for irnplementlng aspects of the present inr,ent~on
Whrlc not illustmted In FIGURE 3, accord~ng to one embodiment of the present
~nventlon,t he Iocatlon infonnat~ons erver 106 IS a computer that lncludes a processor and a
5 memorv, where the melnory stores executable ~nstructrons for carrylng out the fu'unc.trons
drscr~bedi n regard to the locatlorl informat~ons erver Those skrlled In the art will radrly
Eippreclate that the location ~nfomlat~osner ver 106 may be ~n~plementrlodn numerous types
of computers, rlzcludlng, b~rt not llrnlted to, personal computers and rnlnl- and mainframe
conlputers In addit~on to implernentlng a locatton ~nfornlatlon server I06 on a srngle
10 machme, according to alternative aspects of the present invention, components of the
locat~on information sewer may be 11npIernented on o dlstnbuted network of cooperating
computers, where each cooperat~ngc omputer rncludes one or more processors
As nlentionrd above. mobile devlce users subrn~t thelr public keys to the -nobile
service prov~der1 04 so that the mobtle senllce provider IS able to vd~dateth e l~cellse2 18
15 Included as p,ut of a location request 230 Accordingly, the locatlon lnfonnatlon server 106
i~lcludesa publ~ck ey store 302 for storing the publlc keys of the mob~led ev~ceu sers
The lacst~on ~nforrnatlon sewer 106 also includes a location request validabon
module 306 Tho locatioll request valldatlon module 306 rece~vzsl ocst~onr equests, such as
locntlon request 220 (FIGURE 2) from locatlon consumers, such as locatron connunor 112.
20 ather dlrrctly from the locatlon consumers or ~ndlrectly through a locat~on-based servlce
provider 1 10 Tile locatlon request validahon module 306 then validates whether each
locatloll request 220 1s one that should be honored by the mobllr servlce prov~der 104
Validat~~wlgh ether a location request 220 froni n locatlcn consumer 1 12 rs author~zed
lncludes rnultlple aspects Init~aIly. the locatlon request val~datlon module 306 determines
25 whether the locatlon request 220 includes a vnlrd lrmnse 218 lssued to the locatron
consu~ner1 13 As ruentloned above. to do so, the locatron request val~dationm odule 306
validates the license 318 uslng the mobile devlce user's P L I ~ I I C lcey 206 that 1s stored ~n the
publlc key store 302 In those embodiments where the location consumer's ldent~ty
certificate is not included In the license 21 8 but is sent separately 111 the location request 220,
30 ths validation mod~rlt:v er~first hat the lvcatlon consumer's ldent~tyc ertificate 1s authentic
and valid. and also verifies that the ~dent~ttoyk en contallled In the tdentlty cert~ficatei s the
same as the location cotlsumer's ident~tyto ken contained in the hcense 21 8
In addltlon to deterrnin~ngt he valld~tyo f the l~cense2 .8, and assumlng the llcerlsr 1s
validly Issued to the location consumer, the location request vdldat~on module 306 further
5 vdiifrttes that the locstlon request confonns to the condit~uns specified In the l~cense For
example, ~f a t~meo f day r u g s is specified as a conditron. rht location request vdlrdatron
module 306 deternl~nesw hether the locnt~onre quest falls with~na pernllss~blet lme penod
Because some condltlons requlre that Ircense-related ~nforrniltionb e kept, the locatlon
~nformatlon server 106 also rr~cludes a Ilcense-related data store 301 The 11cense-related
10 data store 304 stores the Ilcense-related data that IS related to, but for some reason IS not
included 111 tl~eli cense For exanlplt., a condiaon established In a license 2 18 may state that
the location cmsurner 1 12 may only access location Lnfornlation regxdmg the mobile dev~ce
ten times, or ten t~rnesw rthln a twenty-four hour perlod In arder to keep track of the number
of t~mesth at l~censeh as been used, a counter must be kept 'This l~censr-relatedc ounter IS
15 stored In the Ilcenss-related data store 304
Another aspec.t of validating a locat~onr equest 230 IS deternl~n~nifg the Lcense 2 18
supporting the location request has been suspended and/or revoked For esample. after the
nlob~led evice user Issues a licellse 2 18 to the locatlon consumer 1 13, the moblle dev~ceu ser
may. for a myrtad of reasons, have second thoughts regardu~g permlttlng the locat1011
20 consumer to access the locat~on tnfvrrnatlhn and w~sh to revoke or suspend the hcense
Clearly, it may be entirely irnposs~ble, if not lmpracticsl, to retrieve a Ilcense 218 issued to
the locat~onc onsumer 112 T~LISac.c ording to aspects of the present invention, the mob~tz
device user may subrnlt a revocat~ono r suspension not~ceto the moblle servlce prov~der1 04
This l~lforrnation1 s then stored In the Ilcznse-related data store 303 Subsequently, ss part of
25 \ialidat~ngw hether a location request 720 si10~1db e honored, the locatlon request validat~on
module 306 also deterri~i~~wehse ther the 11cense 3- 18, upon whlch the Iocat~onr equest 1s
authorized, 1s suspended or has been revoked If either case 1s true, the locntlon request 1s
not honored
Only after the locatlon request validat~onm odule 306 has vnlidated that the locauon
30 request 1s authentic and Issued 10 the locatlon cotlsunler 112, that the locat~on request
confornls to tlie conditrons of the license, and that the locatlon request is ns~thers uspended
or revoked. IS the Iocation rnfonilatron of the mobile device 102 obtalned The locatron of
the lilobrlr dclvlce 102 IS obtalned by the locatlon rnformatlon servrce 106 uslng a nlobile
devlce locator module 305 In one embod~ment, the mobile device locator module ?08
5 operates with the mobrle service provider Lnfrastructure 108 to obtarn the location of the
moblle device 102 Obtalnlng locatron information may mean obtalnrng the locat~on
lnfor~natron after the moblie servlce provider infrastructure 108 detern~lnzs the location of
the mobile devlce Alternatively, obtainrng location &ormatron may mean querymg the
mob~led ev~cefo r ~ tlso carlon, especrally for those locat~on-aurarem oblie devices. I e , those
1U that are able to determine thelr own locatron
After ohtarning the locat~on ~nfom~atlont,h e locat~on ~nfoi-mntlon server 106
ge~ieratesa Iocatlon response 222 vla a location response module 3 10 The locnt~orrle sponse
module 310 1s responsible for processing the location ~nfornlat~oonf the mobile devrce 102
according to any cond~t~onsps ec~fiedm tlie l~cense2 18, directly/~ndirectlye ncrypting the
15 locat~onln fomlatlvn usrng the locatlon constur-ter's publlc key, and ret~imrngt hz rnformnt~on
3s the location response 222 to the loca~onc onsumer 112 As mentroned above, processrng
the locatlon information may ~nclude,b ut nut be lllnrtell to, d~lutingth e spec~fic~otyf the
locstlon ~~lformatlonld,e ntlfying geograph~cr egons or areas In whlch the mobile devlce m
located, specrQlng which applrcatlons or types of appllcat~ons may use the location
20 ~nformation, and the l~ke Furthern~ore, by ellcryptrilg the location rnformatloll usulg the
locatlon consumer's publlc key 212, only one In possession of the corresponding prrvate
key 2 14 1s able to decrypt the location u~forn~ation
I11 order to more fully ~llustrateh ow the sbovedcscr~hedc omponents inter-operate.
an evenlplary exchange will be descrrbed FIGURE 4 1s a block diagram illustiating an
25 exemplal-y eschnnge among the above-described components of the cxernpla-y operating
environment 100 for securely delivering locatlon informat~on from a nlobile service
prov~der 104 to a locatloll consumer 112. in accordance w~th the present lnvent~on The
exemplary eschange, as Illustrated In FIGURE 4, occurs among four different cnt~tlzs the
mobile devrce computer 202, the rnoblle service provlder 104, the locatron-based srrvlcs
30 provider 1 10, and the locatlo11 consumer 112 Events are represented ss boses under one of
the four components For example, event 404 fdls directly under the heading for the
locabon consumer 112 Thus, event 404 corresponds to an nct~on taken by the location
consumer 1 12 S~mllarlye. vent 406 falls dlrectly under the moblle devlce user 202 hesdlng,
and thus corresponds to an event or actron taliell by the moblle devlce user computer
5 Beglmlng at event 404, the locatlon consumer 112 Issues 3 request for a l~cense to
the nlobrlcl device user's con~puter2 03 As previously mentioned, the moblle dev~ceu ser's
computer 102 may correspond to the mobile devlce 102, or may be a separate computer
operated by the mob11e device user for processing l~cense requests At event 406, after
recelvlng the license request. the moblle devlce user's computer 202 generates the
10 license 7 18 for the location consutner 112, and returns the I~censeto the IocaUotl consumer
At some polnt after receiving the l~cense2 18, at event 408. the locatlon consumer 112
issues a locat~anr equest 220 for locat~onl nformatlon regarding the nlobllr dev~ce1 03 As
shoibn In FIGURE 4, thls locatton request 220 IS sent to the location-based service
provrder 1 10 As prev~ously mentioned, the locstron request 720 ~ncludes the license 2 I8
15 obtained from the mob~led evlcs user, as well as the locatlon consumer's public key 2 12 At
event 4 10, the location-based servlce provlder 110 ~derltlfiest he moblle serwce provrder 104
corresponding to the rnoblle dev~ce1 02, whlch 1s the Subject of the locatlon request 220,a nd
forwards the locat~onre quest to that moblle service provlder 103
.4t event 412, the moblle servlce provlder 704 val~datesth e locatlon request 230 from
20 the location consumer 2 12 Assuming that the locatron request 220 is a valld request, 1 e , the
license 218 is authentic, is not suspended or revoked. and the request conforms to the
condlt~ons11 1 the Ircense, at event 4 14, the mob~lese wlce prov~dero btalns the locat~ono f the
mob~led evlce 102
At event416, after havlng obtalned the locstlon of the nlobile device 102, the moblle
25 senlce provrder 104 generates the location response 222 As prcvlously discussed,
gsn.:ratlng the locat~on response 222 may include prucesslng the locatron inforrnatlon
according to the conditions specified in the l~cense2 1 5, lncludlng dilut~ngth e spzc~ficityo f
the locabon ~nformation,~ derltlfyingc onditions andlor appllcat~onsa s to how the locatlon
~nformattonm ay he used, and the I~ke,a nd then dlrectly/~nd~rectleyn cryptrng the locabon
30 lnformation usllg the locatiorl consumer's p~tblick ey 2 12 The mob~les ervlce prov~der1 04
then returns the locatron response 222 to the location-based service provtder 110 At
event 418. the locat~crn-baseds ervlce provder 110 forwards the locat~onr esponse 222 to the
locat~onc oi~sumer1 1 3
FIGLRE 5 1s a flow diagnm ~llustrat~nagn esemplary routlne 500, executed by
5 mob~le servlce protlder 104, for respclndl~lg to a locatron request 230 from a lucat~ou
consulner 1 13 Beg~nnlnga t block 502, the rnob~les ervlce provider 104 recelves the location
request 220 from a locat~on consumer 1 I3 AS described above, the locatlon request 220
may be submitted dlrzctly to the mobile servlce prov~der 104 or, alternatively, submitted
ind~rrctlyth rough a location-based service prov~der1 10
10 At decisron block 504, a determrnat~on is mads as to whether the location consuner's
license IS authentic In other words, the determ~natlon 1s made as to whether the mob~[e
device user generated the license 2 1 S that the bass of the locat~onr equest 220 If the llcense
IS not authentic, at block 506, an error IS reti~rned to the locat~on consumer 112, and the
rouTinr: 500 terminates
15 If the Ilcense rs authent~cI, e , genemted by the rnob~led evlce user and corresponding
to the locat~onc onsumer 112, at dec~sronb lock 5115, another determ~nat~o1ns made as to
\vllether the location request 210 1s permlsslble according to the conditions set forth In the
lrcense 218 As previously described, the lrcense sets any number of condltrons ~ncludinga
number of times that the locatlon consumer 112 can access the lucatlon rnformatlon. the
20 specificity by which the locat~on consulner may obta~n ~nformation regardmg locatton
devlce 102, the tllllz of day that the information may be accessed, and the lLke Deternllnrng
whether the location request IS ~ernllsslblra lso ~nciudrsd etermlnlng whether the llcense 2 18
has been revoked or 1s currently suspended If the Iocnt~on request IS not perm~ss~bIe
according to the condltioi~s of the license, at block 506, an error is returned to the locst~on
25 consumer 11 2, and the routtne 500 term~imtes
If the location request IS pernllss~ble a c c o r h g to the cond~tlons specified In the
license 218, at bIock 5 10, the moblle servlce provldcr 104 obtalrls the location of the moblle
ilrv~cr1 02 As already discussed. obtaining the locar~ono f the mob~led evlce !0 2 map entail
actually determllllug the location of the mohlle devlce using the rnob~le servlce prov~der
mfrastructure 108 or. alternat~vely, obtalnrrlg the locat~on ~nt'orrnatlon from the mobile
devlce
After obta~n~nthge locat~on~ nformatlonf or the mvblle dev~cef 02, at block 513, the
rnoblls servlce provtder 104 generates the location response '122 As prev~ously ment~oned,
5 the locat~on1 nform3tion 1s processed accord~ngto condltlons spec~fiedIn the llcense 218. as
well as encrypting the ~nfvrrnat~ouns lng the location consumer's publ~ck ey 212 After
grnerat~ngth e location response 222, at block 513, the moblle servlce prov~der1 04 returns
the locatron response to the location consuller 112, erther through a location-based servrce
prov~der 110 or directly to the locatron consunler Thereafter. the exemplary rouhne 500
10 ternlrnates
FIGURE 6 is a flow dlagrarn of an exemplary routine 600. executed on a moblle
dev~ce user's computlng devlce 202, for respond~ng to a license request from a focat on
consumer I I2 Beg~nnlnga t block 602. the mobile debice user's computlng dev~cere celvcs
the l~cense request from the location consumer 112 At decisron block 604, the mobrle
15 dev~ceu ser, typ~cullyv ia the mobile devlce user's computmg devlce 202, determ~nesw hether
the license request 1s authcntlc In other words, the ~nob~dleev ice user validates ivl~ethert he
location consumer 112 1s who he represents to be, such as by determining tluough a trusted
source whether the locatloi~ consumer IS who he says he is tf the ~nobilr device user
deterrn~nest hat the license request IS not authentic, at block 606, an error IS returned to the
20 locatlon consumer 113. and the routine 600 termlnstes
Alternanvely, if the license request 1s authent~ca, t block 608, the mobile device user
generates n I~cense2 1 5 per the mob11e dev~ceu ser's preferences As described above, ~t 1s at
th~s po~nt that the rnoblle hrlce user includes the conchtions upon wh~ch the locauon
eo~~surlle1 rI 2 may access the locatlon ~nformatlono f the nioblle devlce 102 After having
25 established the Jlcensc and cond~tlons according to mob& device user's preferences. at
block 610. the rnoblls devrce user d~g~talsl~y gnsb e I~crnse21 S by llslng the rnob~led evrce
user's private keq 205 At block 612, the l~cense2 18 is then retunled to the locatlon
consumer 112, and the routlne 600 terminates
While vanous ernbodrments of the inventron have been rllustrated and descnbed,
~ncludlngth e prefensd anbod~menti,t wrll be appreciated that various changes can be made
therein \wthout dzpartlng fro1.11t he sptr~at tld sc.ope ofthe invent~on
(PDAsj, tablet and notebook computers, as \veil as many forms of hybnd dev~cesa, re usually
mewed as personal ~tems, I e , personal to the mobile device user As a personal mrn, a
inoblle devlcr 1s usually kept in the personal possession of the mobile device user, and as
such, the locat~on of the mobllz devlce closely corresponds to the personal locatlon of the
5 rnobile device user Thus, dlssenllnation of locatlon lnfonnatron 1s clearly n personal privacy
issue As such, care must be tsken to protect the indivldusl's personal locat~on ~nformation
Typically, a moblie device user protects h sp rlvacy by establlsh~ngd lstribut~onc ontrols over
location ~nformatrono f his rnob~led evlce
Clearly, locat~o~inlf orrnnt~on,a s personal mformatlon. cal be used for nefmous or
10 unauthunzed purposes Unfortunately, even when d~strtbut~oconn trols are set In place with
regard to locatlon ~lformation. those that would make unauthor~zed use of locntlon
lnforrnatlon are often able to bypass those controls and obta~nth e locatlon ~nforrnabon For
example, while a locat~on-baseds ervlce provlder may l~llposes trlct d~strlbutlonc ontrols In
regard to ~ h l c hlo cat~onc onsumers may gain access to location rnformatron of a mohlle
15 drv~ce,a rogue adnlin~strator w~ths uper-user pr~vllegrsc ould use those pr~v~legetso
~lleg~tlrnatzlayc cess locatlon lnformat~ona s ~t passes through the location-based szrcqce
provrdrr's fac~lrt~ese, as~ly compromlslng any drstrtbutlon controls set 111 pIace
Alternat~vely, one who IS eavesdropp~ng on network cammunlcahons hetween a
locat~on-based service provlder and a legltrnlate location collsurrler may gall1 ~mauthor~zed
20 access to the locatlon ~nfonnat~oang, an compromlslng the moblle dev~ceu ser's prlvacy
Wh~le one of the services of a location-based servlce provlder IS to route location
~nforn~nt~froonm a moblle service provlder to a location consumer, depending on the type af
srrvlce requested, locat~on-based servlce providers do not always need the actual locat~on
lnfornlatlon related to a moblle devlce In fact, as descr~tled above, the location-based
25 service provldzr often represents a secur~tyw eakness as locat~onr ~lfornlatlonp asses from a
moblle setvice provlder to the locatlon consumer Accord~nglyw, hat rs needed 1s 3. system
and method for securely dellvsrmg locat~on~ nformatiorf~ro m a moblle szrvice prov~derto a
locatlon consumer rn a secure manner The present lnvent~on addresses these and other
issues foutld In the prlar an
U S F T ~ ~ J ~ ODOACP
SUMMARY OF THE INVENTICjN
In accor&ance with aspects of the present ~nventron, a locatlon inforlnstion server for
securely supplying locat~on ~nhrrnatlon of a nob bile devlce to a locat~on consumer. 1s
presented The locatlon lnformatlon server lncludes a processor and a memory The
5 memory stores lnstructlons whlch, when executed by the Iocation lnformatlon server, and In
response to a locatton request from a locat~on consumer, cause the Iocatron information
sewer to valldate whether the locatror~r equest IS authonzed bj the moblle dev~ceu ser If the
locatlon request 1s authonzed hy the mobile devrce user, the locatron lnforrnatlon server
ohtalns the locatlon lnformatlon of the mobrle devlce, generates a location response that
10 - lncludes the locatlon ~nformation.a nd returns the locatlon response to the location consumer
In accordance wrth other aspects of the present mvaltlou, a computer networked
system for securely dcllver~ngl ocat~onin forn~ationr egardrng a nlohlle device from a mob~lt.
service provlder to a location consumer, 1s presented The system lncludes n location-based
servlce provlder The locstion-based service provlder IS comn~unicat~velcyo ~~pletod a t least
15 one moblle servlce provider, and also commun~catlvelyc oupled to a locat~onc onsumer TIC
system also lncludrs a mobrle servlce provlder that prov~desc ommunrcatlon servlces to the
~nobrle dzv~ce through n mobrle servlce ~nfrastructure, and tliat also Includes a location
infomlatlon server that responds to location requests from the locstlon consumer Tllr
location ~nfonnat~osner ver IS configured, such that upon recelvlug n locat~onr equzst, the
30 location ~nformation server valrdates whether the Iocatmn request is authorrzed by the mobile
dev~ce user If the locatlon request IS authorlzed by the rnob~le dev~ce user, the location
infbrmatlon server obtnlns the locatron ~nfornrationr egxd~ngth e mobile devrce, generates a
locat~onre sponse that ~nclttdtsth e location rnformatlon, and retuns the Iocat~ollr esponse to
the locatlon consumer
2 5 In accordance wlth yet addltlonal aspects of the present mvent~on, a method for
securely delivering locat~on~ nforn~atroonf a mobrle devlce to a location consumer 1s
presented The method IS executed by a Iocatlon rnformatlon server Upon receiving a
location request from the locnt~onc onsumer, the Iocat~onr equest IS valrdated to determ~ne
\\hether the locatlon request 1s authorized by the rnoh~led evrce user If the locatlon request
30 1s author~zedb y the mobrle devrce user. the locatlon ~nfoni~atlosne rver obtatns location
AdSFF2JSO.\P DOC - j~
nfvrinatlon of the mobtle device, generates a location response that itncludes the location
lnformatlon, and returns the locatlon response to the locahon consumer
BRIEF DESCIUPTION OF THE DRAWINGS
The foregoing aspects and Inany of the attendant advantages of thls InventLon w11l
5 become more readily apprec~ateda s the same heconie better understood by reference to the
followrng detailed descnptlon, when taken In conjunction wltn the accornpanylng drawmngs,
whereln
FIGURE 1 IS a pictorla1 d~agram illustrating an exemplary operat~ng environment
s ut~ab lz for mplementing the present Invention,
10 FIGURE? rs a pictorla1 d~agram for ~Ilustratlng the rn~tiallzahotl and operatLon
aspects of the present Invention,
FIGURE 3 rs a block dla8ral-n lllustratlng exemplary componenfs of a moblle service
provlder server surtable for ~mplernent~nagsp ects of the present inventicn,
FIGURE 4 1s a block diagram illustrating an exemplary eschange alllong colnponel~ts
15 in the exemplary operatli~ge nvironment for securely delivrr~cgl ocat~oni nformatton from a
moblle service prov~derto a locahon consumer in accordance w~thth e present mventlon,
FIGURE 5 is a flow d~agnm~ llustrat~na1g1 esernplq routine, executed by a m ~ h ~ l e
service prov~der,f or rsspondlng to a locatlon request from a location consumer, and
FIGURE 6 IS a flow diagram of an exemplary routine, executzd on a colnputlng
20 . devtce. for responding to a Ilcense request froin n Iocatlon consun1er
DETAILED DESCRIPTION
FIGURE 1 1s a pictorial diagram ~llustratinga n esemplsry operating environment 100
sultable for securely dellvenng location rnforniat~on regarding a moblle device 102 to a
Iocatlon consumer 113 Included In this exemplary envlronrnent 100 1s a moblle semlce
25 provider 104 As ~llustratedI n FIGURE 1, tile nloblle setvce provider 104 includes a mobile
service Infrastructure 108 and a locat~on ~nformntion server 106 The mot lle servlce
lnfrsstructure I08 corresponds to that infrastructure used by the mobile service p:ovider 104
to provide the moblle servlce to the moblle devlce 102, such as cell towers, switches, and the
hkr, and is well known In the art Add~honally,I n one embod~ment,t he n~ob~sleer vlce
30 ~ n f r m ~ c t o1r0e8 may Include the hardtvare and/or software necessq to determ~net he
location of the rnobrle dsvlce 102 The locatlon rnforrnatlon server 106 serves as the moblle
servlce provider's esternal rntrrface for provld~ng locatlon lnforrnation In response to
tocauon rcqirests The locahon lnforrnatlon server 106 is described Ln greater detail below m
regard to F1CiLR.E 3
5 Also illustrated ln FIGURE I 1s a lucat~on-based service provider 110 While
~llustsated ~n FIGURE 1 as corlnectsd to just one mobile senr:ce provider 103, typtcally the
locat~on-based service provlder 110 is connected to varmus moblle servlce providers (not
shown) Thus, the locat~on-based service provider 110 recelves locatron requests from a
locatlon consumer, such as lucitttlou consumer 112, determines to which moblle servlce
10 provider the locat~on request IS dlrected (typrcally based on the targetfmoblle devlce of the
location request or alternatrvely, based on the ~denr~otyf the moblle dev~ceu ser), fonvards
th: locat~on request to the appropriate rnoblle service provider 104, recelves the locatlon
mformatron response from the nloblle servlcr: provlder 104, and returns the locatron
rnformation response back to the requesting Iocat~onc onsumer 112
15 It should be noted that whlIe the FIGURE 1, and the present drscuss~oo~fl FIGURE 1,
illustrate the mob~Ies ervrce provider 104 as a cellul~rts lzp11onz service, ~ts hould be v~ewed
as ~ilustratlveo nly, and sllould not be construed as lrrn~tlneu pon the present invention In
alternat~vee mbodiments, the mobile servlce provlder 104 may be replaced w~than other type
of Iocat~onp rovider or omltted ent~rely For example. tlle mobile service prov~der1 04 may
20 be replaced by a locahon server that recelves perroctic updates from the mob~led zvlce via an
IF network, such as over one of the EEE 802 11 or Bluetooth wireless networks As an
slternat~ve, the functlonalrty of the rnob~le service prowder may be lmplernented in each
moblle device In a peer-to-peer env~ronrnent, and locatron ~nformation is drssermnated by
each nloblle devlce acting as a location prov~der Nevercl~eless. for descrrptive purpcses
25 only, while the present invention could use any particular form of locat~on provider. the
subsequent descr~ption ~ 1 1 1be nude in regards to the moblle service provider 104 as
illustrated LII FIGURE I
While the location-based service prouder 110 is rllustrated in FIGURE 1 as belng a
separate ent~ty from the rnob~le service provider 104. in an altemahve embodrrnent, the
30 mob~le servrce provide; 104: typically vla the locat~on lnformatron server 106, provides
locat~on-based servlcrs directly to the locatlo~l consumers, such as locattun consumer 112
In other words, the mobile senwe provider 104 may provide its own Iocat~on-based servlces
to external clients, thus a separate locntlon-based service provtder 110 1s not a necessary
element of the present ~nventton
5 In accordance wltli aspects of the present ~nventlon, to securely dellvcr locatlon
informat~otf~ro m the moblle service provlder 104 to the location consumer 112, certaln
controls are enforced by the mob~le service prov~der In particular, the mobile service
provlder 104 ensures that only author~zed locatlon consumers can obtaln locst~on
lnforrnat~onr egarding the mobile devlce 102 In additton to ensung that only authorized
10 locatlon consumers can galn access to locatlon lnformat~on,t he mobile servrce prokider 104
also ensures that each locatton request confonns to co~~drtlotslps ecdied by the moblie devlce
user St111 further, after vahhtlng that the requestlrlg locatlotl consunler 1 12 IS an authonzed
locatlon consumer, and that the location request from the authonzed locat1011 consumer
conforms to any cond~t~onspse ctfied by the mobile device user, the location lnformatlon
15 server prepares a location lnforrnat~onr esponse and encrypts the locat~on~ nfomntionIn tho
response (or alternntlvely. the eut~re locauon ~nformatlon response), and returns the
encrypted lnforrnatron to the requesting locat~onc onsumer, typ~callyv la the locnt~on-based
srrvlce provider By encryptlnz the actual Iocatlon ~nformshon 111 the locat~on ~nfoimat~on
response lung a sufkiclmtlq strong encryptlo~r technology, only those, i e . the request~ng
20 locntlon consumer 112, who have the decryption key will be able to truly gal11 access to the .
locat~onm for~nat~on
In order for the llloblle servlce provider 104 to enforce the above-descnbed controls
when a locatlon request is recelved accord~ng to the prcsent Invention. some prror
rnlt~alizat~onasn d exchanges milst have occurred FIGURE 3, is a pictonal diagram 200 for
25 lllustrat~ng vartous ~nlt~ahzatioann d eschange between components of the exemplary
operating envlrolunent 100 The prctonal dlagmm 200 lrlcludes the mobile servlce
prov~der1 04 and the location consumer 112 However, In order to slrnplfy the d~scussiono f
~nitial~zat~anod~ le xchange, the locanon-based scrvlce provrder 110 is not illustrated in
FIGURE 2 Nevertheless, \vIl~let he present lnvent~ons ecures Iocation infom~ationr vh~lea t
30 the location-based senrrce provider 110, the absence of the locatlun-based serclce prov~cler 111

The e~nbod~mentosf the invention in whch an esclusive property or privi1ege is
clarmed are defined as follows
1 A 1ocat1011 dormat1011 server for securely delivering locatloll information of a
mob~led ev~ceto a locatron consumer, the locatlon infonnat~ons erver conlpnslng
a processor, and
n memory stonng esecutable lnstruct~ons whlch. when executed by the locat~on
infomat~on server. and In response to receivlllg a 1ocat1011 request, cause the locatlon
lnforrnation server to
vahdatz that the location request ISa uthor~zedb y the moblle dev~ceu ser,
obta~n location ~nfonnstlon of the n~oblle dzvicr ~f the locat~on request 1s
authonzed by the mobile dev~ceu ser,
generate a location response, ii~clud~ntgh e location mformxt[on, ~f the
locatlon request 1s nuthor~zedb y the moblle devlce user, and
return the location response to the locat~onc onsumer
2 The locatlon Information server of Cla~m 1, whereln the locatlon request from
the location consumer includes s llcense, and wllere~n vahdatlng that the locatrorl request IS
authonzed by the rnohlle devlce user comprises valldatlng that the license LVFS issued by the
nlobrle devlce user
3 The location mfonnatlon server of Claim 2 hrther cornpnsing a key store,
and wherein validsting that the license was issued by the mob~led ev~ceu ser comprises
decryptrng encrypted mforination in the license uslng a decrypt~on key associated
wlth the mobde devlce user stored In the key store, aid
valrdatlng that the result~ngd ecrypted rnformat~on~ nd~catethsa t thc lrcense was
Issued by the mobtlz dzvlce user
4 The locat~on ~nforrnat~osne rver of Clam 3, whsre~nt he decryptloll key
assoc~atedw ~thth e nlobile devlce user stored in the key store 1s the moblle dev~ceu ser's
publ~ck ey, and the encrypted rnformatlon ln the license was encrypted using a mob~led evlc:e
3 1 The computer networked system of Claim 30, wherein the license-related
~nforrnatlon store stores access cond~tlon~ l&.x-mnt~foonr enforcing the access cond~t~ons
ldentlfied In the llcense
32 The computer networked system of Claim 22, wherein generat~ngth e locahon
response conlpnses encrypt~nga t least soinr of the locat~onr esponse, mcluding tile location
~nformatlon.u sing an encryptloll key associated wtth the locat~onc onsumer
33 The computer networked system of CIam132, whereln the locntlon request
further ~ncludesth e locatlon consumer's encryption key
34 The computer networked system of Clam 33, whzre~n the location
consumer's encrypt~on key 1s the location consumer's publ~c key, such that the encrypted
portron of the locat~on response can only be vslidly decrypted by the location consiuner's
col.responding pnvate key
35 The computer networked system of Clalnl32, wherein the license ~dent~fies
use conditions for controllln~h ow the locat~onc onsumer may use the locabon ~nformat~on.
and whereln generating the locatlon response further comprises ~ncludtng the ~dentrf?sd use
conditlolls m the locat~vnre sponse
36 The computer networked system of Claim 35. where~n the Ilcense further
ident~fies precision colldltions for speclfylng the precrslon of the lcrcahon ~nformat~on
returned to the location consumer, and whereln generat~ng the Iocation response further
conlprlses processing the locat~on~ nformationa ccord~ngto the preclslon cond~t~ons
37 The computer networked system of Claim 32, ~vheremth e locatlon response 1s
generated In such 3 manner as to render the included locatlon ~nformat~ounn usable if lt is
altered
38 The computer iletworked system of Clalrn 22. wherein the l~censeis ~ssuedb y
the nioblle dec.1c.e user such that any modificat~onto the license invalidates the Ilcense
39 A method. executed by a location informatlo11 server, for seciuely del~venng
Incahon iilformatlon of a rnob~le devrce to a location consumer rn response to a locat~on
request, the method comprising
on the locatlon rnformation server, validating that the [ocatton request is authorized
by the rnob~led evice user, and ~ft he locat~onre quest 1s authorized by the lnoblle device user
obtalnlng locatlo11 Informatian of the rnob~led evrce.
generatrng a lucat~nn response, the locatroll response ~ncludlng the obtained
locatlon information, and
returnmg dle locat~onr esponse to the locat~onc onsumer
40 The method of Cla1n139, whereln the location request ~ncludes a location
lrcense, and wherein valrdatlng that the locatsn request is suthorlzed by the nlobile devlce
user conlprlses valldatrng that the locat~onh cense was ~ssuedb y the. mobile devlce user
4 1 The method of Clam 40. \vhsr.eln val~dating that the locat~on llcenss was
~ssuedb y the mobile devrce user cornprlses
docryptlng encrypted ~nforrnat~oInn the location l~censeu slng a decryptlon key
associated with the mobile dev~ceu ser, and
valldatrng that the resulting decrypted ~nformstlon~ ndlcatesth at the locat~onI ~cense
was Issued by the mnbrle device user
42 The n~etIlod of Claim 41, wherein the decryption key assoclned w~th the
mobile devlce user is the mobile device user's publ~ck ey, and the encrypted information In
the location l~censew as encrypted using the mob~led evrce user's corresponding prlvate key.
such that data encrypted with the mobile devlce user's prlviite key can only be valldly
decrypted by the mob~led ev~ceu ser's correspondrng public. key
4 ; The mcthod of Claln~4 2, where~nv st:dat~ng that the resulting decrypted
information indicates that the location license was Issued by the rnobrIe device user
comprlses determilung whether the encrypted lnformat~on is properly decryp:ed by the
rnob~led evlce user's ptibllc key
44 The method of Clalm43, wherein the location request further mcludes a
locatlon consumer identifier that un~quely ~dentlfies the locat~on consumer ~ssuing the
locat~onr equest,
wherc~nt he resulting decrypted ~nforn~atloInnc ludes a locst~onc onsumer ldentxfier
unlqurly lde~ltlfy~nthge locatron consumer to whom the locatlon llcense IS issued, md
where~n valtdatmg that the lacatlon request IS autl~anzed by the nob bile device user
further comprises determ~nlng whether the locatlon consumer ~dentlfier In the locatlon
request corresponds to the locat~onc onsumer ldentlfier In the decrypted ltlfornlat~on
45 The method of Clam 40, wherrln validating that the locatlon request is
autl~orizedb y the mob~led evlce user compnses deterrnmng whether the locatloll l~censeh as
been revoked according to revocation ~niorlnatlons tored by the locatlon ~nformat~osne wer
46 The method of Clatm 40, where~n validating that tile locatlon request 1s
authonzed by the nloblle dev~ceu ser cornprlses determining whether the locat~onl ~censeis
currently suspended accordtng to suspension lnformatton stored by the locatlon lnfonnntron
server
47 The method of Clam 40, wherzrn the locatron llcense Includes access
cond~t~onthsa t ~dentlfyc ondltlons upon which the location consumer 1s author~zedto access
the locatlon ~nformntion of the rnoblle dev~ce, and wherrrn validating that the location
request 1s authonzed by the rnob~led evlce user cornprlses dettrnl~nlngw hether the location
request conforms to the access condit~onsid ent~fiedI n the location Ilcense
45 The method of Clam 40, wherem generating the locat~onr esponse conlpnses
cncryptlng at least some of the Iocation response, ~ncludlng the obtalned location
~nfom~at~uosn~, ~alng e ncrypt~onk ey assoclsted with the Iocation consumer
49 The method of Clalrn 48. wherein the locatlon request further includes the
enc.ryptlon key associated wlth the IocnQon consumer
user's correspondmg prtvate key, such that data encryptzd m~th the mob~le devtce user's
private key cau ollly be validly decrypted by the rnoblle drvrce user's corresponding publlc
key
5 The location ~nformatron server of Clam 4. wherem valldatlng that the
resulting decrypted ~nfornlatron mdlcates that the license was rssued by the nloblle dev~ce
user comprlses determ~ningw hether the encrypted informat~onIS properly decrypted by the
mobtle device user's publtc key
6 The locat~on ~nformatron server of Clam 5, whereln the locat~on request
further ~ncludesa locat~onc onsumer ~dent~fitehrs t uniquely ident~fiesth e location conslmer
Issmng the locatlon request,
I
whereln the resulting decrypted ~nformat~o~nn cludcsa location consunler idenhfirr
unrquely rdent~fy~nthge tocatlon consumer to whom the license IS issued, and
where111 valtdating that the location request is authonzed by the mob~le dev~cr user
further cvrnpnses determlnlng whether the locatlon consumer ldent~fier In the Location
request corresponds to the locatlon consumer ~dentifieIrn the decrypted ~~lfonnat~on
7 The locat~on tnformatlon server of Clalm2 further compnslng a
Ilcense-related ~nforxnatlon store that stores I~c.ense-related lnforlnation for validating that the
locatron request is authortzed by the moblle device user
8 The location information selvzr of CIalm 7, wherein the Ilcense-related
~nformatlons tore stores revocntran rnformatlon ldentlfying l~censest hst have been revokzd
by the mobrle devlce user. and whereln val~datingt hat the Iocntlon request IS authonzed by
the mobile dev~ce user comprlses determining whether the l~cense has been revoked
accorcl~llgt o the revocation ~nforrnatronI n the Ilcense-related lnfornlatlon store
9 The locat~on ~nformation server of Clatm 7, wheretn Iicet~sz-related
Lntbrmatlon store stores suspenslotl information ~dent~fylnlg~ censest hat are currently
suspended by the mnhlle devrce user, and whereln vahdshng that the locat~on request IS
authonzed by the rnob~led evlce uscr comprisss dsterrmlu~lgw hether the llcense IS currently
suspended according to the suspension informat~on rn the I~cense-related infornlatlon store
10 llle locatlon inforrnatlon server of Clam 7, wherein the llcense lncludss
access conditions that ldenrlfiv condltlons upon wh~chth e location consumer IS authorized to
access the locntro~~l nfonnatlono f the mob~led evlce, and whereln val~datlngth at the locat~on
request 1s authorlzed by the mob~led zv~ceu ser compr~ssse vnli~atrn&th e accebs condit~unsto
validate that the location request is authonzed by the moblle device user
1 I The locstlon lnforrnatlon server of Cla~m 10. wherein the Ilcense-related
~nforrnatron store stores access cond~tlun information for enforc~ug the access condtt~ons
~dentifiedI n the llcense
12 The location infotl~~atlosne rver of Clam 2, wherein generatrng the locat~on
response comprises encrypting at least some of the location response, including the locnlon
information, uslng sn enclypttot~k ey associated ~ tthhe lo catlo~cl onsumer
13 The locat~on~ nfol.n~atlosne rver of Clam 12, wherein the locatlon request
further includes the location consutner's encrypt~onk ey
14 The lclcatlon ~nl'orrnatlons erver of Cla~rn1 3, whereln the location consumer's
encryption key rs the lacatlan consumer's publrc kzy. such that the encrypted polQon of the
location response can only be vaI~dly decrypted by the locatlon consumer's corresponding
pnvate key
15 The location ~nformat~osne rver of Clam 13, uhereln the llcense ldentlfies
use cond~t~onfosr controlling how the location consumer may use the lowt~onrn forrnahon,
and where~ng enrratlns the locat~onr esponse furtl~erc o;npnses mcluding the rtlelltlfied use
candlt~onsin the locatlon response
16 The locatlon ~nformat~osne rver of Claim IS, wherein the l~censef ilrther
~dentrfiesp rec~sion cond~t~onfso r spec~fy-lngt he preclslon of the locat~on~ nfomlat~on
returned to the locatiotl consumer, and whereln generating the locatron response hrther
comprises processing the locst~on~ nfornlattona ccording to the preclslon cond~tions
17 The locatton ~nfotmat~osenr ver of Clalrn 12. whrreln the Iocation response 1s
generated in such a mamrr as to render the ~ncluded location tnfonnabon unusable ~f it is
altered
18 The locatron rnforlllntion sen'er of Clalm 2, where~nth e l~censeI S ~ssuedb y
the mobile dev~ceu ser such that any rnodtficstion to the licellse lnvalrdatrs the l~cense
19 A computer networked system for securely dellverlng Iocatlon lnformatlon
regarding, a rnoblle device from a rnoblle servlce provlder to a locat~onc onsumer, the system
cornprislng
a loc.;ltion-baed service prov~der cornmun~catively coupled to at least one moblle
servlce prov~der.a nd also cornniun~cat~veclyou pled to a location consumer. and
a mobile service provlder that p~ovldesc oinmun~cations zrvlces to the moblle device
through a mohlle servlce mfmstructurr, and that Includes a locatlon inforrnat~on server
configured such that, In response to receiving a locntlon request from a locat~onc onsumer,
the locat~on~ I-Lt>r-rnat~soenr ver
val~datesth at the locatlon request 1s autl~onzedb y the moblle device user,
obta~ns locat~on information regarding the tnoblle devlce ~f the locat~on
request is authorized by the mob~led e v ~u~ser ,
generates a locatlon response ~f the location request 1s authorized by the
mohlle devlce user, the locanon response including the location ~nformatrona, nd
returns the location response to the locatlon coi1su;ner
20 The computer networked system of Cla~m 19, whereln the locat~on
information server recelves the locat~onre quest from the location-based service provldtr, and
wherein the locat~on lntormatlon server returns the locauo~l response to the locahon
cnnsurner thritugh the locat~on-based servlce provlder
bWFlY2l!OAP DOC
21 The computer networked system of Clam 20. wherern the location-based
servlce provtder, upon recelv~ng a locat~on request from n locat~onc onsumer, 1s contigured
to ~dennfyt he mobiie servlce provldrr servicing the mob~led evrce targeted by the locatron
request, and forward the locat~onr equest to the identified moblie servlce provrder's locstlon
~nformations erver
22 The computer networked system of Cin~m7- 1, wherein the location request
from the locatlon consumer ~ncludzs a Ilcense, and where111 val~datlng that the location
request is authorized by the mobile device user cornpnses val~dntlng that tile license was
issued by the mobrle devlce user
33 The conlpute~. networked system of Cla~m2 2, wherein the locnt~on
~nfornlation server compnses a key store, and \vhe~.ein validating that the license was Issued
by the mobile device user compnscs
decrypting encrypted infornlat~on In the lrcrnse using a decrypt~on key assoc~ated
wrth the ~lloblled ev~ceu ser stored in the key store, and
valrdating that the resultlop decrypted ~nformat~o~nn dicatest hat the llcense was
lssued by the mnob~led ev~ceu ser
24 The compliter networked system of Clam 23, wherein the decrypt~on key
associated wlth the mob~le device user stored In the kzy store IS the mobile devlce user's
publtc key, and the encrypted ~tlfom~atloinn the license was encrypted usmg a mob~led ev~ce
user's correspond~ngp rivate key, such that data enclypted with the mobllc dev~ce'sd evice
user key can only be valldly decrypted by the rnobllo dev~ceu ser's correspond~ngp ublic key
25 The computer networked system of Clarm 24, wherein valldatlng that the
resultrng decrypted informatron ~~~dicnttheast the llcense was issued by the mob11e devlce
user colnpnses detzrmmng whether the encrypted lnformatlon 1s properly decrypted by the
rnobllt: device user's publlc key
26 The computer networked system of Clalm 25, where111 the locat~on request
further lncludes a location consumer ldzntlfier that un~quelyl dent~fiesth e location consumer
Issuing the locatron request,
where~nt he resulting decrypted lnfornlat~on~ r~cludea sI ocat~onc onsunler ldentlfier
un~quely~ deutifymgth e locat~onc onsumer to whom the license IS Issued, and
whereln vahdatlng that the locat~onr equest IS authorlzed by the mob11c dev~ceu ser
flirther comprises dete~mining whether the Iocat~on consunler ldcnt~fier In the locatlon
request corresponds to the Iocatlon consumer ldent~fieirn the decrypted ~nformat~on
27 The computer networked system of Clam 22, w11en.111 the location
~nforlnatroil server further conlprlses a Ilcense-related rnfor~~lat~ostnor e. that stores
l~cense-~Iateindf am~atlonf or valldatlng that the locat~onr equest is authorized by the mohlle
devtce user
28 The computer networked system of CIslrn 27, wherein the Ircense-related
~nformat~osnto re stores I-evocation informatlon identifying l~censesth at have beell revoked
by the mobile devrce user, and wheretn valldatmg that the locstlon request is authorized by
the mobile device user comprlses determln~ng whether the l~cense has been revoked
according to the revocat~on~ nforrnat~oinn the I~cense-related~ nformatrons tore
29 The cornpuler networked system of Clo~m2 7, whereln llcensz-related
lnforrnatloil store stores suspension informatlon ~dentlfylng llcenses that are currently
suspended by the rnobllc dcv~ce user, and wherein valrdat~ng that the location request IS
autl~orizedb y the n~obrled ev~ceu ser comprrses determining whether the 11cense 1s currently
suspended accordmg to tlx suspznslon ~nformat~oInn the Ilcense-related informatlon store
; 0 The computer networked systcrn of Claim 27, whereln the 11ce-lse ~ncludes
access condrt~onsth at ldent~fyc onditions upon which the location consumer IS ~uthonzedto
access the location rnformatron of the rnob~led evice, and whereln validating that the locatron
request IS authorzed by the rnob~led evice user comprlses evaluatitlg the access conditions to
valldate that the locat~onr equest 1s authorized by the rnob~led cv~ceu ser
50 The method of Clalm 49, wherein the encrypt~on key assoelated w~thth e
locat~on consumer 1s the location consumer's public key of a pubhc/pnvate key palr, such
that data encrypted with the locabon consumer's public key can only be decrypted by the
location consumer's corresponding prlvate key
51 The method of Clalm48, wherein the Iocatlon license ldzntifies use
condit~onsf or controlling how the locatlon consumer may use the location ~nformstlon.a nd
whereln generating the locat~on response fiirther comprises tncludmg the identified use
cot~ditlons11 1 the locarlo~rle sponse
.52 The method of CIain~5 1, where~nt he locatlon llcense further identifies
preclslon conditions that specify the preclslon of the locat~on mfomtlon returned to the
locL1tlon consumer, and whrreln gelleratlng the locatlon response further comprises
processing the location ~nfonnationa ccording to the precision cond~tions
-53 The method of CIalnl43, where~n generat~ng the location response further
cornpnses generating the location response la such n manner as to render the Included
locatlon lnforrnation unusable lf ~t IS altered
54 A computer-readable rnedlum benrlng computer-executable ~rstrucbons
~ v l ~ ~wc hhe,n executed on a conlputr~lgd evice, cany out a nletllod for securely dellverlng
locat~on~ nformat~oonf 3 mohlle dev~cet o a location consumer 111 response to a locat~on
request, the method cornprlsing
val~dat~nthga t the looat1011r equest 1s author~zedb y the lnoblle devlce user, and ~ft he
locstlon request ts author~zedb y the mob~led evice user
obta~runglo cation ~nforniat~oonf the mabile Jev~ce,
genemtlng a location response. the locat~on response lncludrng the obta~ned
locstlon ~nformatlon, and
returning tile locatlan response to the locat~onc onsumer