The present invention relates to anonymization of location information of a mobile device and more particularly to anonymization of location information of a mobile device using an anonymization provider supplying anonymization data to the mobile device.
In a mobile micro-cloud setting having multiple entities there are various concerns relating to trust and vulnerability. One of these concerns is the release of information about a mobile device user's location to service providers when using location based services. This may be undesirable and can be avoided by location obfuscation wherein an approximate location may be provided that is sufficiently accurate for the response from the service provider to be useful, but not sufficiently accurate that the precise location may be determined. A location obfuscation module may operate in of the following three layers in a mobile micro-cloud: (i) mobile device, (ii) edge and (iii) core. Each of these solutions has diverse implications on the overall performance of an application (for example, latency), on application quality and on security objectives. For instance, a mobile device based solution has incomplete information (on the location of other devices) and thus may either be over conservative (more obfuscation which leads to poor application quality) or too liberal (less obfuscation and thus fail to meet security requirements).
Prior art solutions, typically implemented in smart phones, take the location, identity and query when making a location based service query. By default service providers of location based query services use the location information and hence know where the user's mobile device is located. This is a major breach of privacy if the user does not want to share the location information. Additionally, the service providers may also misuse the information and pass it on to third party applications who further misuse the location information.
PCT patent application WO 2012/170314 A2 discloses that requesting users and applications may be interested in communicating with target users/applications based on the whereabouts of the target user/device without disclosing identities of the parties. For example, a user may want to know if a restaurant is crowded or whether it is worth going to an event. However, there is no way to send a message to “someone located at that location” without exposing the sender's identity or knowing the identity of the target person(s). This capability is provided by mediating messages between the users (requesting and target) via an anonymous messaging component (e.g., a service) that maintains anonymity of the users relative to one another. The anonymous messaging component does not publish user identities, since the component mediates between the sender (requester) and the receiver(s) (target(s))”.
United States Patent Application 2012-0034930 A1 discloses an anonymous location wireless network service that tracks the location and identity of network users, such as networks complying with enhanced 911 standards. The service provides content providers with the location of network users without revealing their identities. The service includes a wireless network having a proxy server, a network communication link to a plurality of web sites, and a wireless communication link to a plurality of handheld devices. The proxy server blocks identity by reading the location and identity information of network devices, generating dummy identifications, relating the dummy identifications to the identity information, storing the relationships in a memory storage, and forwarding the location information and dummy identifications to the global computer network. Upon receiving return messages from the global computer network, the proxy server reads the dummy identifications, looks up the related identity information in the memory storage, and forwards the data to the appropriate network devices.
United States Patent Application 2007-0264974 A1 discloses a method of implementing privacy control of location information. Such a method comprises defining a geographic zone for which pseudo-location information is to be reported as the current location of the user, wherein the pseudo-location information is not the current location of the user; receiving the current location of the user; determining that the current location is in the geographic zone; and reporting the pseudo-location information as the current location of the user when the current location is determined to be in the geographic zone.
Gedik, B. and Liu, L., “Location privacy in mobile systems: A personalized anonymization model”, Proceedings of the 25th International Conference on Distributed Computing Systems (ICDCS 2005), 2005 discloses a personalized k-anonymity model for protecting location privacy against various privacy threats through location information sharing. A unified privacy personalization framework is provided to support location k-anonymity for a wide range of users with context-sensitive personalized privacy requirements. This framework enables each mobile node to specify the minimum level of anonymity it desires as well as the maximum temporal and spatial resolutions it is willing to tolerate when requesting for k-anonymity preserving location-based services (LBSs). An efficient message perturbation engine is run by the location protection broker on a trusted server and performs location anonymization on mobile users' LBS request messages, such as identity removal and spatio-temporal cloaking of location information.
Pierangela Samarati and L. Sweeney, “k-anonymity: a model for protecting privacy”, Proceedings of the IEEE Symposium on Research in Security and Privacy (S&P). May 1998, Oakland, Calif. discloses how k-anonymity can be provided by using generalization and suppression techniques. It introduces the concept of minimal generalization, which captures the property of the release process not to distort the data more than needed to achieve k-anonymity.
The k-anonymity solutions described above has a number of problems. Due to the limited number of profiles created it is possible to easily track down the actual requestor and further identify the location of the requestor. It would be desirable to have a mechanism that ensures the inclusion of minimum number of similar profiles. Another problem with k-anonymity solution is that the queries are too specific and hence it is possible for the location service providers to track down the identity of the actual service requestor.