Aspects of the disclosure relate to location-based services for mobile wireless devices. In particular, various aspects of the disclosure relate to Secure User Plan Location (SUPL) technology.
Location services for mobile wireless devices enable the current location and optionally speed and heading of a mobile wireless device to be obtained and provided to the wireless device (e.g. to an application running on the wireless device or to the user of the wireless device) or to some third party. Examples of a third party may include an emergency services provider (e.g. in the case of an emergency call from the wireless device) or some external provider of commercial services that depend on knowing the wireless device's current or previous location. For wireless devices that may access different types of wireless communication network, location services may be supported using a location server that can be accessed from and in some cases may be resident within the wireless network currently being accessed by the wireless terminal. The role of the location server may be (i) to assist the wireless terminal to make appropriate location related measurements (e.g. measurements of radio signals from base stations in the serving wireless network or measurements of various global navigation satellites) and, in some cases, (ii) to compute the wireless terminal's location based on these measurements. The location server may also be used to relay a wireless device's location to entities authorized to receive the location and convey the wireless device's location to the wireless device in the event that the location server rather than wireless device had computed the location.
Current user plane location services, such as the Secure User Plane Location (SUPL) service defined by the Open Mobile Alliance (OMA), derive their security from mutual authentication between a target mobile device (e.g. a SUPL Enabled Terminal (SET)) and a location server (e.g. a SUPL Location Platform (SLP)) in which each party verifies the identity of the other party in a fully reliable manner. After mutual authentication, target device and server are able to engage in a secure communication that may be encrypted to prevent interception by other entities. Additionally, subsequent authorization of the target device by the server can be required in the case that the target device is also the client for any location services. Secure communication can be required to protect sensitive location and user data that may enable provision of location services by the server such as transfer of assistance data to the target device and derivation of the target device location. By performing mutual authentication, a mobile device can be assured that the location server is who it claims to be and not some other entity who may abuse location and other information obtained from the mobile device. Similarly, the location server will know the identity of the mobile device and can make use of this (i) to provide only the services that device is entitled to (e.g. services that may have been previously subscribed to), (ii) to correctly bill the mobile device's user or home network operator for services provided and/or (iii) to correctly provide the mobile device's location to entities authorized (e.g. by the mobile device's user) to receive this.
A home location server (e.g. a Home SLP (H-SLP) in the case of SUPL) is a location server permanently affiliated with a number of target devices (e.g., based on service subscription). A home location server would sometimes belong to a target device's home network operator in the case of mobile wireless devices. A location server without a pre-provisioned permanent affiliation with a set of target devices may be referred to as a discovered location server. In the case of SUPL, a discovered location server is referred to as a Discovered SLP (D-SLP). A discovered location server could typically be found by or provided to a target device based on its current location, currently used access network(s) and/or the current date and time and could belong to or be associated with a non-home network operator or some other non-operator provider of location services.
There are two classes of conventional SET-SLP authentication methods defined by OMA for SUPL versions 2.0, 2.1 and 3.0 which comprise either a Pre-Shared Key (PSK)-based method or a certificate based method.
The PSK-based conventional methods can include: a Generic Bootstrapping Architecture (GBA) based method which may be applicable to nearly all types of wireless and wireline access by a device; and a SUPL Encryption Key (SEK) based method, which may only be applicable to access to a WIMAX network by a device in some situations.
The certificate based conventional methods can include: an Alternative Client authentication (ACA) based method; a server certificate based method and a device certificate based method.