SE545232C2 - Beacon-based privacy-enabling communication system for tracing of mobile device users - Google Patents

Beacon-based privacy-enabling communication system for tracing of mobile device users

Info

Publication number
SE545232C2
SE545232C2 SE2050514A SE2050514A SE545232C2 SE 545232 C2 SE545232 C2 SE 545232C2 SE 2050514 A SE2050514 A SE 2050514A SE 2050514 A SE2050514 A SE 2050514A SE 545232 C2 SE545232 C2 SE 545232C2
Authority
SE
Sweden
Prior art keywords
mobile device
cloud
data
cryptographic
encrypted data
Prior art date
Application number
SE2050514A
Other languages
Swedish (sv)
Other versions
SE2050514A1 (en
Inventor
Joachim Samuelsson
Paul Cronholm
Original Assignee
Crunchfish Digital Cash Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Crunchfish Digital Cash Ab filed Critical Crunchfish Digital Cash Ab
Priority to SE2050514A priority Critical patent/SE545232C2/en
Priority to PCT/SE2021/050401 priority patent/WO2021225497A1/en
Publication of SE2050514A1 publication Critical patent/SE2050514A1/en
Publication of SE545232C2 publication Critical patent/SE545232C2/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/47Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • G16H10/65ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records stored on portable record carriers, e.g. on smartcards, RFID tags or CD
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/67ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H50/00ICT specially adapted for medical diagnosis, medical simulation or medical data mining; ICT specially adapted for detecting, monitoring or modelling epidemics or pandemics
    • G16H50/80ICT specially adapted for medical diagnosis, medical simulation or medical data mining; ICT specially adapted for detecting, monitoring or modelling epidemics or pandemics for detecting, monitoring or modelling epidemics or pandemics, e.g. flu
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B5/00Near-field transmission systems, e.g. inductive or capacitive transmission systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/023Services making use of location information using mutual or relative location information between multiple location based services [LBS] targets or of distance thresholds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Public Health (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Biomedical Technology (AREA)
  • Epidemiology (AREA)
  • General Physics & Mathematics (AREA)
  • Primary Health Care (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Pathology (AREA)
  • General Business, Economics & Management (AREA)
  • Business, Economics & Management (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Repeatedly, as a mobile device (10) is carried around by a user who moves to different positions, a short-range wireless beacon signal is received (108, 128) from another mobile device (12, 14) when the devices are proximate to each other. A data entry is produced (110, 130) with information from the beacon signal that identifies the other mobile device or its user. Further functionality involves encrypting (112, 132) the data entry with a cryptographic encryption key, transmitting (114, 134) the encrypted data entry from the mobile device to a cloud-based data aggregation function (30), receiving (116, 136) the encrypted data entry from the mobile device, and storing (118, 138) the received encrypted data entry as aggregated encrypted data together with other encrypted data entries previously received from the mobile device. Subsequently, an access request is received (142, 142’, 142”), and the cryptographic decryption key is made available to allow decryption (144, 146) of the aggregated encrypted data of the mobile device as stored by the cloud-based data aggregation function.

Description

BEACON-BASED PRIVACY-PRESERVING COMMUNICATION SYSTEM FOR TRACING OF MOBILE DEVICE USERS TECHNICAL FIELD The present invention generally relates to tracking of mobile device users. More specifically, the invention relates to a beacon-based communication system With improved ability to trace mobile device users in a privacy-preserving manner. The invention also relates to an associated computerized method.
BACKGROUND Mankind is inherently mobile. In the course of their everyday lives, most people move around to go to Work or school, do shopping, use medical or cosmetic services, visit public places, socialize With family and friends, do physical exercise, enjoy performances or events in sports or culture, travel to distant places for Work or pleasure, etc. The list is of course far from exhaustive.
From time to time, there may be a need to trace people°s movement in society.
One example is contact tracing or disease spreading control in epidemic or pandemic times. It has been suggested in the prior art to do contact tracing by making use of people°s tendency of "alWays" bringing their mobile device (e. g. smartphone or smartwatch), in combination With the ability of mobile devices to communicate using short-range Wireless beacon technology such as iBeacon or Bluetooth Low Energy, BLE. By intercepting beacon signals transmitted from other mobile devices nearby, it Was suggested in the prior art to log the identities of such other mobile devices in local memory in the mobile device. When a situation occurs Where another mobile device user is diagnosed, the user of the particular mobile device can be alerted, and the log in the mobile device could be used to trace Whatever other mobile devices that the particular mobile device has encountered and evaluate the exposure risk of the user of the particular mobile device.
The present inventors have identified draWbacks and limitations With the prior art as referred to above. As a result, the present inventors have come up With an improved communication system and associated computerized method for tracing mobile device users in a privacy-preserving manner.
SUMMARY It is accordingly an object of the invention to offer an improved beacon-based communication system and associated computerized method with improved ability to trace mobile device users in a privacy-preserving manner.
A first aspect of the present invention is a communication system as defined in the appended independent claim A second aspect of the present invention is a communication system as defined in the appended independent claim Some embodiments of these aspects are defined in the dependent claims 3- A third aspect of the present invention is a computerized method as defined in the appended independent claim 15. The computerized method may comprise any or all of the functional features of the first or second aspects of the invention, or their embodiments as described in this document.
Other aspects, objectives, features and advantages of the disclosed embodi- ments will appear from the following detailed disclosure, from the attached dependent claims as well as from the drawings. Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein.
All references to "a/an/the [element, device, component, means, step, etc]" are to be interpreted openly as referring to at least one instance of the element, device, component, means, step, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
BRIEF DESCRIPTION OF DRAWINGS Fig 1A illustrates a first embodiment of a communication system and associated computerized method according to the present invention.
Fig lB illustrates a second embodiment of a communication system and associated computerized method according to the present invention.
Fig 2A illustrates a third embodiment of a communication system and associated method according to the present invention.
Fig 2B illustrates a fourth embodiment of a communication system and associated method according to the present invention.
Fig 3 illustrates a mobile communication device according to embodiments of the present invention.
DETAILED DESCRIPTION The disclosed embodiments will now be described more fully hereinafter with reference to the accompanying drawings, in which certain embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Like numbers refer to like elements throughout.
It is recalled that Fig lA illustrates a first embodiment of a communication system and associated method according to the present invention. The communication system comprises a particular mobile device l0, embodiments of which are shown in more detail in Fig 3. The mobile device l0 has a short-range wireless communication interface 72 and a broadband communication interface 74. The communication system of the first embodiment further comprises a cloud-based data aggregation function 30. The mobile device l0 may, for instance, be a mobile phone, a smart phone, a tablet computer, a personal digital assistant, a portable computer, smart glasses, a smart watch, or a smart bracelet.
The mobile device l0 is configured for storing a cryptographic encryption key and a cryptographic decryption key. This can be seen at l02 in Fig lA. The cryptographic encryption key and the cryptographic decryption key may, for instance, be first and second cryptographic keys of a key pair for asymmetric encryption and decryption, wherein the cryptographic encryption key/ first key in the pair may be a public key and the cryptographic decryption key/ second key in the pair may be a private key. Altematively, the cryptographic encryption key and the cryptographic decryption key may be one and the same single key for symmetric encryption and decryption. Hence, in this case, there is just one actual key which however plays two roles - as cryptographic encryption key and as cryptographic decryption key.
The cryptographic encryption and decryption keys (i.e. the key pair for asymmetric encryption and decryption or the single key for symmetric encryption and decryption, as the case may be) may be generated by software in the mobile device, and/or by downloading from a third-party service, as is known per se.
As can be seen in Fig lA, as the mobile device l0 is carried around by a user who moves to different positions or locations, the mobile device l0 is configured for doing the following repeatedly: ° receiving 108, 128, by the short-range Wireless communication interface 72, a short-range Wireless beacon signal from another mobile device 12, 14 When the devices are proximate to each other at a current position or location, ° producing 110, 130 a data entry that at least comprises inforrnation from the short-range Wireless beacon signal that identifies the other mobile device 12, 14 or a user thereof, ° encrypting 112, 132 the data entry With the cryptographic encryption key (i.e. the public key in the key pair for asymmetric encryption and decryption, or the single key for symmetric encryption and decryption), and ° transmitting 114, 134, by the broadband communication interface 74, the encrypted data entry to the cloud-based data aggregation function 30 over a Wide-area communication network Hence, When a first other mobile device 12 is in proximity of the mobile device 10, the mobile device 10 can receive 108 a beacon signal transmitted by the first other mobile device 12 at 106, produce the encrypted data entry at 110-112 and transmit the encrypted data entry to the cloud-based data aggregation function 30 at 114. Correspondingly, When a second other mobile device 14 is in proximity of the mobile device 10, the mobile device 10 can receive 128 a beacon signal transmitted by the second other mobile device 14 at 126, produce the encrypted data entry at 130-132 and transmit the encrypted data entry to the cloud-based data aggregation function 30 at In reality, the steps 106-114 and 126-134 are repeated a large number of times for respective other mobile devices that the mobile device 10 may come across.
The other mobile devices 12, 14 may, for instance, be of any of the types exemplified above for the mobile device The beacon signal may generally be of any kind of signals used for proximity detection or short-range Wireless communication. One example is the iBeacon technology from Apple, or more generally the Bluetooth Low Energy, BLE, standard, Wherein the beacon signals are based on Generic Access Profile, GAP, advertising packets. Other examples are, for instance, AltBeacon, URIBeacon and Eddystone, Without limitation.
The information from the short-range Wireless beacon signal that identifies the other mobile device 12, 14 or a user thereof and that is included in the data entry produced by the mobile device 10 may hence comprise an identifier of the mobile device 12, 14 or its user. In some embodiments, the identifier may be a tokenized identifier, as Will be understood by the skilled person.
In some embodiments, the mobile device 10 is conf1gured for producing 110, 130 the data entry by including also information about a received signal strength for the received short-range wireless beacon signal from the other mobile device 12, 14. Such information about received signal strength may, for instance, be a Received Signal Strength Indication, RSSI, value. This may allow a more accurate deterrnination of the distance between the receiving mobile device 10 and the transmitting device 12, 14 and hence a more sophisticated use of the data entry at a later stage (also see further below). In some embodiments, the mobile device 10 is conf1gured for producing 110, 130 the data entry by including also personal data about the user of the mobile device 10. Again, this may allow a more sophisticated use of the data entry at a later stage. The personal data about the user of the mobile device 10 may, for instance, include one or more of the following: - data that defines geographic locations visited by the mobile device 10; - a current date; - a current date and time; - data that defines an identity of the user of the mobile device 10; - data that defines an identity of the mobile device 10; - medical health data pertaining to the user of the mobile device 10; - physical exercise data pertaining to the user of the mobile device 10; - data about calendar events in the mobile device 10; - data about diary entries made by the user of the mobile device 10; - data that defines notes made by the user of the mobile device 10; and - financial data pertaining to the user of the mobile device Including the current date and time is believed to be particularly beneficial in some embodiments of the invention. For instance, it may assist in deterrnining a duration of the mobile device"s 10 (or its user°s) stay at a current position or location, and/or a duration of the mobile device°s 10 (or its user°s) exposure to another mobile device (user). It may also assist in co-locating data entries for the mobile device 10 and data entries for another device; these data entries will in effect share an association from the fact that they both indicate the same or essentially the same date and time. As can also be seen in Fig 1A, the cloud-based data aggregation function 30 is configured for repeatedly: ° receiving 116, 136 the encrypted data entry from the mobile device 10, and ° storing 118, 138 the received encrypted data entry as aggregated encrypted data together With other encrypted data entries previously received from the mobile device Hence, When the first other mobile device 12 is in proximity of the mobile device 10, the cloud-based data aggregation function 30 Will receive at 116 the encrypted data entry that has been transmitted from the mobile device 10 at 114, and store it among the aggregated encrypted data at 118, thereby recording the mobile device°s 10 encounter With the first other mobile device 12. Correspondingly, When the second other mobile device 14 is in proximity of the mobile device 10, the cloud-based data aggregation function 30 Will receive at 136 the encrypted data entry that has been transmitted from the mobile device 10 at 134, and store it among the aggregated encrypted data at 138, thereby recording the mobile device"s 10 encounter With the second other mobile device As can be seen further in Fig 1A, the mobile device 10 is configured for receiving 142, 142°, 142" an access request. The access request can be generated by the cloud-based data aggregation function 30 itself, or by another cloud-based function 50, as can be seen in Fig 1A. Altematively, the access request may be generated locally in the mobile device 10 by the user thereof or by software executing in the mobile device 1 In response to receiving 142, 142", 142" the access request, the mobile device 10 is further conf1gured for making the cryptographic decryption key available to allow decryption 144, 146 of the aggregated encrypted data of the mobile device 10, as stored by the cloud-based data aggregation function 30. This may typically involve the mobile device 10 releasing the cryptographic decryption key to the requesting entity (e. g. the cloud-based data aggregation function 30 itself, or the other cloud-based function 50), i.e. uploading the cryptographic decryption key via the Wide area netWork 20. Altematively, it may involve doWnloading the aggregated encrypted data to the mobile device 10 to do the data decryption locally.
The decrypted data may then be delivered to the requesting entity, i.e. the cloud-based data aggregation function 30, the other cloud-based function 50 or the mobile device 10 itself, as the case may be. This is seen at 148-150" in Fig 1A.
The receiving entity may then process the decrypted data, as can be seen at 150, 150" and 150" in Fig 1A. The processing may, for instance, be used for contact tracing or disease spreading control, Which may be particularly benef1cial in epidemic or pandemic times. Hence, the invention may be used as a tool to help assessing a risk of exposure for the individual user of the mobile device to a severe disease. The invention may however also be used as a tool for the public health authorities to map a general population of citizens in terrns of geographic location, movement pattem, disease spreading pattems, etc. This is so, since not only the mobile device l0 may be operative to collect and store aggregated proximity data from interception of beacon signals from other mobile devices, but other mobile devices (e. g. devices 12, 14) may operate in the corresponding manner.
Another possible use is for locating missing people. Being able to trace hoW the user of the mobile device l0 has moved and What locations he or she has visited, and/or What people he or she has come across, may help in assessing current likely locations of the user.
Similarly, the invention may be used in criminal investigation, for instance as a tool for the user of the mobile device l0 to prove his or her innocence to a criminal charge by presenting evidence of his or her Whereabouts (and, conversely, Where he or she has not been).
Yet other possible beneficial uses of the present invention include medical analysis, physical exercise analysis, and verification of a person°s Whereabouts.
These examples are non-exhaustive, as the skilled person Will understand after having read the present description of the invention.
Hence, the invention and the embodiments thereof provide improvements over the prior art in the ability to trace mobile device users in a privacy-preserving and yet flexible manner. Many different possible uses are enabled thanks to the invention. Privacy Will be preserved since the mobile device user is still in control of the cryptographic decryption key and therefore also in control of the decryption of the aggregated data. A multitude of beneficial uses cases are made available, subject to the user°s approval of decryption (i.e. making the cryptographic decryption key available). Privacy Will even be improved, since the obtained proximity data (the aforementioned data entries) are not stored in the mobile device l0 but instead aggregated at the cloud- based aggregation function 30, for Which vastly more sophisticated data protection measures may be taken than for an individual mobile device.
Other advantages of not storing aggregated proximity data in the mobile device include efficiency of resource usage (e. g. local memory capacity and local processing poWer), and data redundancy (if the aggregated proximity data Were to be stored in the mobile device like in the prior art, the risk of data losses Would be imminent if the mobile device Was stolen, lost or destroyed).
Fig 2A illustrates a third embodiment Which can be seen as an implementation example of the first embodiment described in Fig 1A.
A second embodiment of the invention is illustrated in Fig 1B. The second embodiment generally has the same advantages as the first embodiment, and elements in Fig 1B Which have the same reference numerals as elements in Fig 1A have the same or essentially the same structure and function as in Fig 1A.
The main difference is that in the embodiment of Fig 1B, a cloud-based escroW service function 40 has been added. The cloud-based escroW service function 40 is configured for storing 104 the cryptographic decryption key, Which is therefore not stored in the mobile device 10 like it Was in the first embodiment of Fig 1A. The mobile device 10 still stores the cryptographic encryption key, like in the first embodiment of Fig 1A.
In the embodiment of Fig 1B, the mobile device 10 may be configured for uploading 102 the cryptographic decryption key to the cloud-based escroW service function Just like for Fig 1A, the cryptographic encryption key and the cryptographic decryption key may, for instance, be first and second cryptographic keys of a key pair for asymmetric encryption and decryption, Wherein the cryptographic encryption key/ first key in the pair may be a public key and the cryptographic decryption key/ second key in the pair may be a private key.
Altematively, the cryptographic encryption key and the cryptographic decryption key may be one and the same single key for symmetric encryption and decryption. In this case, the mobile device 10 in the embodiment of Fig 1B may benef1cially be configured for storing a cryptographic signing key in addition to the key for symmetric encryption and decryption. This can be seen in Fig 3. The mobile device 10 may be configured for signing the key for symmetric encryption and decryption With the cryptographic signing key, and for uploading 102 the signed key for symmetric encryption and decryption to the cloud-based escroW service function Having a signed key for symmetric encryption and decryption Will allow subsequent verification of the signed key for symmetric encryption and decryption When later being retrieved in conjunction With an access request. To this end, the cryptographic signing key may be a private key in a pair of keys for asymmetric encryption and decryption, and the subsequent verification of the signed key for symmetric encryption and decryption may be made by means of a corresponding public key in such a pair of keys for asymmetric encryption and decryption.
In Fig 1B, the functionality in steps 106-138 is the same or essentially the same as in Fig 1A.
In Fig 1B, the access request is directed at the cloud-based escrow service function 40, as can be seen at 140, 140" or 143 in Fig 1B. To this end, the cloud-based escrow service function 40 is configured for ° receiving 142, 142", 142" an access request pertaining to the mobile device 10 or its user, and ° in response making the cryptographic decryption key available to allow decryption 144, 146 of the aggregated encrypted data of the mobile device 10, as stored by the cloud-based data aggregation function For instance, the cloud-based escrow service function 40 may be configured to make the cryptographic decryption key available to allow decryption 144, 146 of the aggregated encrypted data by releasing the cryptographic decryption key to the cloud- based data aggregation function 30. The cloud-based data aggregation function 30 will then be conf1gured for decrypting 146 the aggregated encrypted data by using the cryptographic decryption key released by the cloud-based escrow service function Altematively, the cloud-based data aggregation function 30 may be configured for uploading the aggregated encrypted data to the cloud-based escrow service function 40. The cloud-based escrow service function 40 will then be configured for decrypting the aggregated encrypted data provided by the cloud-based data aggregation function 30 by using the stored cryptographic decryption key, and for delivering 148" the decrypted data to the cloud-based data aggregation function Advantageously, the mobile device 10 is configured for transmitting 143, by the broadband communication interface 74, a confirmation to the cloud-based escrow service function 40 over the wide-area communication network 20. In such a case, the cloud-based escrow service function 40 is configured for making the cryptographic decryption key available to allow decryption 144, 146 of the aggregated encrypted data conditionally upon having received the conf1rmation from the mobile device 10. Hence, the user is given the ability to consent to the decryption 144, 146 of the aggregated encrypted data, which has a clear benefit in privacy preservation.
Another advantage of the second embodiment of Fig 1B is that the aggregated data kept by the cloud-based data aggregation function 30 can be retrieved and decrypted even if the user is no longer in possession of the mobile device 10, or not even capable of acting anymore (he or she may even have passed away). In such cases, approval to the access to the cryptographic decryption key kept by the cloud-based escrow service function 40 may be given by the user°s next in kin, relatives, trusted friends, lawyer, the appropriate authorities, etc.
The second embodiment of Fig 1B may generally be used for any or all of the same beneficial (but exemplifying) purposes as the first embodiment of Fig 1A.
Fig 2B illustrates a fourth embodiment which can be seen as an implementation example of the second embodiment described in Fig 1B.
Fig 3 shows a schematic view of the general structure of a mobile communication device 100 that may implement the mobile device 10 in embodiments of the invention. The device 100 comprises a processing device or controller 70 which is responsible for the overall operation of the wireless communication device 100 and may be implemented by any commercially available CPU ("Central Processing Unit"), DSP ("Digital Signal Processor") or any other electronic programmable logic device. The processing device 70 is configured to read instructions (software) from a memory 80 and execute these instructions to control the operation of the wireless communication device 100. The memory 80 may be implemented using any commonly known technology for computer-readable memories such as ROM, RAM, SRAM, DRAM, CMOS, FLASH, DDR, SDRAM or some other memory technology, including combinations of the above.
As can be seen in Fig 3, the memory 80 may store the aforementioned encryption key, decryption key and signing key, when applicable. Advantageously, they may be stored in or as a Secure Element. This applies in particular to the decryption key and to the signing key, for embodiments where one or both of these keys are stored locally in the mobile device The mobile communication device 100 may further comprise a user interface 60, including an input device 62 and an output device 64 (possibly jointly implemented as a touch-sensitive display), as is well known per se.
The mobile communication device 100 further comprises wireless com- munication means being adapted to allow the mobile communication device 100 to communicate with other devices through the use of different radio frequency technologies. More specifically, the wireless communication means comprises the aforementioned short-range wireless communication interface 72 which may, advantageously but not necessarily, be implemented as an iBeacon and/or Bluetooth Low Energy (BLE) and/or Bluetooth 4.0 compliant communication interface.
Moreover, the wireless communication means comprises the aforementioned broadband communication interface 74 for communicating with the entities 30, 50 (and ll possibly 50) via the wide-area communication network 20. Such communication typically occurs at a substantially higher bandwidth than the short-range wireless beacon broadcast messaging. The broadband communication interface 74 may, advantageously but not necessarily, be implemented as a communication interface compliant with IEEE 802.11, IEEE 802.15, ZigBee, WirelessHART, WiFi, Bluetooth®, WCDMA, HSPA, GSM, UTRAN, UMTS, and LTE, to name a few. It should be noted that, as is commonly known, the wireless communication means may be arranged to communicate according to more than one technology and many different combinations may therefore be available; for example, a smartphone is commonly arranged to communicate according to the Bluetooth® standard, the WiFi standard and the LTE standard.
The entities 30, 40 and 50 may generally be implemented by any suitable cloud-based computing resource, such as one or more server computers, or a cluster of such resources.
The invention has mainly been described above with reference to a few embodiments. However, as is readily appreciated by a person skilled in the art, other embodiments than the ones disclosed above are equally possible within the scope of the invention, as defined by the appended patent claims.

Claims (14)

1. A communication system e å, c setx \ comprising: a mobile device (10), the mobile device having a short-range Wireless communication interface (72) and a broadband communication interface (74); and a cloud-based data aggregation function (3 0), Wherein: the mobile device (10) is configured for storing a cryptographic encryption key and a cryptographic decryption key, the mobile device (10) is configured for repeatedly, as the mobile device is carried around by a user Who moves to different positions or locations: receiving (108, 128), by the short-range Wireless communication interface (72), a short-range Wireless beacon signal from another mobile device (12, 14) When the devices are proximate to each other at a current position or location, producing (110, 130) a data entry that at least comprises information from the short-range Wireless beacon signal that identif1es the other mobile device (12, 14) or a user thereof, encrypting (112, 132) the data entry With the cryptographic encryption key, transmitting (114, 134), by the broadband communication interface (74), the encrypted data entry to the cloud-based data aggregation function (3 0) over a Wide-area communication network (20), the cloud-based data aggregation function (3 0) is configured for repeatedly: receiving (116, 136) the encrypted data entry from the mobile device (10), and storing (118, 138) the received encrypted data entry as aggregated encrypted data together With other encrypted data entries previously received from the mobile device (10), and the mobile device (10) is configured for: receiving (142, 142°, 142”) an access request from a requesting entity being either the cloud-based data aggregation function (3 0) or another cloud-based function (50), and in response uploading the cryptographic decryption key to the requesting entity, thereby making the cryptographic decryption key available to allow decryption (144, 146) of the aggregated encrypted data of the mobile device (10) as stored by the cloud-based data aggregation function (3 0). ~- communication system comprising: a mobile device (10), the mobile device having a short-range Wireless communication interface (72) and a broadband communication interface (74); a cloud-based escroW service function (40); and a cloud-based data aggregation function (30), Wherein: the mobile device (10) is configured for storing a cryptographic encryption key, the cloud-based escroW service function (40) is configured for storing (104) a cryptographic decryption key, the mobile device (10) is configured for repeatedly, as the mobile device is carried around by a user Who moves to different positions or locations: receiving (108, 128), by the short-range Wireless communication interface (72), a short-range Wireless beacon signal from another mobile device (12, 14) When the devices are proximate to each other at a current position or location, producing (110, 130) a data entry that at least comprises information from the short-range Wireless beacon signal that identif1es the other mobile device (12, 14) or a user thereof, encrypting (112, 132) the data entry With the cryptographic encryption key, transmitting (114, 134), by the broadband communication interface (74), the encrypted data entry to the cloud-based data aggregation function (3 0) over a Wide-area communication network (20), the cloud-based data aggregation function (3 0) is configured for repeatedly: receiving (116) the encrypted data entry from the mobile device (10), and storing (118) the received encrypted data entry as aggregated encrypted data together With other encrypted data entries previously received from the mobile device (10), and the cloud-based escroW service function (40) is configured for:0 receiving (142, 142°, 142”) an access request pertaining to the mobile device (10) or its user, and 0 in response, and conditionally upon having received a confirrnation from the mobile device (10) over the Wide-area communication netWork (20), making the cryptographic decryption key available to allow decryption (144, 146) of the aggregated encrypted data of the mobile device (10) as stored by the cloud-based data aggregation function (3 0). 3. The communication system as defined in claim 1 or 2, Wherein the cryptographic encryption key and the cryptographic decryption key are first and second cryptographic keys of a key pair for asymmetric encryption and decryption. 4. The communication system as defined in claim 1 or 2, Wherein the cryptographic encryption key and the cryptographic decryption key are one and the same single key for symmetric encryption and decryption. 5. The communication system as defined in claim 2 or any claim dependent thereon, Wherein the mobile device (10) is configured for uploading (102) the cryptographic decryption key to the cloud-based escroW service function (40). 6. The communication system as defined in claim 4 When dependent on claim Wherein the mobile device (10) is configured for: storing a cryptographic signing key in addition to the key for symmetric encryption and decryption; signing the key for symmetric encryption and decryption With the cryptographic signing key; and uploading (102) the signed key for symmetric encryption and decryption to the cloud-based escroW service function (40). 7. The communication system as defined in any preceding claim, Wherein the information from the short-range Wireless beacon signal that identifies the other mobile device (12, 14) or a user thereof and that is included in the data entry produced by themobile device (10) comprises a tokenized identifier of the mobile device (12, 14) or user thereof. 8. The communication system as defined in any preceding claim, Wherein the mobile device (10) is configured for producing (110, 130) the data entry by including also information about a received signal strength for the received short-range Wireless beacon signal from the other mobile device (12, 14). 9. The communication system as defined in any preceding claim, Wherein the mobile device (10) is configured for producing (110, 130) the data entry by including also personal data about the user of the mobile device (10). 10. The communication system as defined in claim 9, Wherein the personal data about the user of the mobile device (10) includes one or more of the following: - data that defines geographic locations visited by the mobile device (10); - a current date; - a current date and time; - data that defines an identity of the user of the mobile device (10); - data that defines an identity of the mobile device (10); - medical health data pertaining to the user of the mobile device (10); - physical exercise data pertaining to the user of the mobile device (10); - data about calendar events in the mobile device (10); - data about diary entries made by the user of the mobile device (10); - data that defines notes made by the user of the mobile device (10); and - financial data pertaining to the user of the mobile device (10). 11. The communication system as defined in claim 2 or any claim dependent thereon, Wherein the cloud-based escroW service function (40) is configured to make the cryptographic decryption key available to alloW decryption (144, 146) of the aggregated encrypted data by releasing the cryptographic decryption key to the cloud-based data aggregation function (30), and Wherein the cloud-based data aggregation function (30) is configured for decrypting (146) the aggregated encrypted data by using the cryptographic decryption key released by the cloud-based escroW service function (40). thereon,12. The communication system as defined in claim 2 or any claim dependent Wherein the cloud-based data aggregation function (30) is configured for: uploading the aggregated encrypted data to the cloud-based escrow service function (40); and Wherein the cloud-based escrow service function (40) is configured for: decrypting the aggregated encrypted data provided by the cloud-based data aggregation function (3 0) by using the stored cryptographic decryption key, and delivering (l48°) the decrypted data to the cloud-based data aggregation function (3 0). 13. The communication system as defined in any of claims, Wherein the aggregated encrypted data of the mobile device (10) is used (152, l52°, 152”) after decryption for any of the following: contact tracing; disease spreading control; locating missing people; criminal investigation; medical analysis; physical exercise analysis; and verification of a person°s Whereabouts. computerized method. ~< i \ - vi, .\ .\,\.\ . _» i, ..\ v a: n \ \ \ m * ;1::.-.\fa<ï\. compnsing: A) repeatedly, as a mobile device (10) is carried around by a user Who moves to different positions or locations: 0 receiving (108, 128) a short-range Wireless beacon signal from another mobile device (12, 14) When the devices are proximate to each other at a current position or location, 0 producing (110, 130) a data entry that at least comprises information from the short-range Wireless beacon signal that identif1es the other mobile device (12, 14) or a user thereof,encrypting (112, 132) the data entry With a cryptographic encryption key, transmitting (114, 134) the encrypted data entry from the mobile device (10) to a cloud-based data aggregation function (30), receiving (116, 136) the encrypted data entry from the mobile device (10), and storing (118, 138) the received encrypted data entry as aggregated encrypted data together With other encrypted data entries previously received from the mobile device (10); and B) subsequently: receiving (142, 142°, 142”) an access request from a requesting entity being either the cloud-based data aggregation function (3 0) or another cloud-based function (50), and in response uploading the cryptographic decryption key to the requesting entity, thereby making the cryptographic decryption key available to allow decryption (144, 146) of the aggregated encrypted data of the mobile device (10) as stored by the cloud-based data aggregation function (30).
SE2050514A 2020-05-04 2020-05-04 Beacon-based privacy-enabling communication system for tracing of mobile device users SE545232C2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
SE2050514A SE545232C2 (en) 2020-05-04 2020-05-04 Beacon-based privacy-enabling communication system for tracing of mobile device users
PCT/SE2021/050401 WO2021225497A1 (en) 2020-05-04 2021-04-30 Beacon-based privacy-preserving communication system for tracing of mobile device users

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
SE2050514A SE545232C2 (en) 2020-05-04 2020-05-04 Beacon-based privacy-enabling communication system for tracing of mobile device users

Publications (2)

Publication Number Publication Date
SE2050514A1 SE2050514A1 (en) 2021-11-05
SE545232C2 true SE545232C2 (en) 2023-05-30

Family

ID=78468720

Family Applications (1)

Application Number Title Priority Date Filing Date
SE2050514A SE545232C2 (en) 2020-05-04 2020-05-04 Beacon-based privacy-enabling communication system for tracing of mobile device users

Country Status (2)

Country Link
SE (1) SE545232C2 (en)
WO (1) WO2021225497A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE112021002632T5 (en) * 2020-05-06 2023-04-13 Noodle Technology Inc. CONTACT TRACKING BETWEEN WORKERS AND EMPLOYEES

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100266132A1 (en) * 2009-04-15 2010-10-21 Microsoft Corporation Service-based key escrow and security for device data
US20120321086A1 (en) * 2011-06-17 2012-12-20 Microsoft Corporation Cloud key escrow system
US20180052970A1 (en) * 2016-08-16 2018-02-22 International Business Machines Corporation Tracking pathogen exposure

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100266132A1 (en) * 2009-04-15 2010-10-21 Microsoft Corporation Service-based key escrow and security for device data
US20120321086A1 (en) * 2011-06-17 2012-12-20 Microsoft Corporation Cloud key escrow system
US20180052970A1 (en) * 2016-08-16 2018-02-22 International Business Machines Corporation Tracking pathogen exposure

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
"Tracking and Controlling the Spread of a Virus in a Privacy-Preserving Way", Didem Demirag, Erman Ayday, 2020-03-29, https://arxiv.org/abs/2003.13073 *
2020 The Institution of Engineering and Technology, "A privacy-preserving mobile COVID-19 tracing approach and application", 2020-04-19, De Carli A; Franco M; Gassmann A; Killer C; Rodrigues B; Scheid E; Schoenbaechler D; Stiller B, http://arxiv.org/abs/2004.08812 *
Big data analytics in the social and ubiquitous context : 5th International Workshop on Modeling Social Media, MSM 2014, 5th International Workshop on Mining Ubiquitous and Social Environments, MUSE 2014 and first International Workshop on Machine Learning for Urban Sensor Data, SenseML 2014, "Recoverable Encryption through a Noised Secret over a Large Cloud", 2013, p. 42-64, doi:10.1007/978-3-642-40069-8_3 *
IEE transactions on information forensics and security, "Privacy-Preserving Data Aggregation in Mobile Phone Sensing", 2016-05-01, Zhang Yuan; Chen Qingjun; Zhong Sheng, ISSN 1556-6013, p. 980-992, doi:10.1109/TIFS.2016.2515513 *
IEEE Communications Surveys & Tutorials, "Securing Fog Computing for Internet of Things Applications: Challenges and Solutions", Ni Jianbing; Zhang Kuan; Lin Xiaodong; Shen Xuemin Sherman, 2018-02-23, doi:10.1109/COMST.2017.2762345, p.601-628 *

Also Published As

Publication number Publication date
SE2050514A1 (en) 2021-11-05
WO2021225497A1 (en) 2021-11-11

Similar Documents

Publication Publication Date Title
Manweiler et al. Smile: Encounter-based trust for mobile social services
EP2817937B1 (en) Method and devices for obscuring a device identifier
JP5340173B2 (en) Location information and method and apparatus for ensuring access control using location information
US20250132901A1 (en) Federated learning method, first device, and third device
US20250088826A1 (en) Pairing Groups of Accessories
JP6363214B2 (en) Distributed setup system, method and device for device-to-device sessions
WO2016179583A1 (en) Ad-hoc social network (ahsn) system, ahsn-enabled device, and methods of use
TW200427300A (en) A system and method to anonymously test for proximity of mobile users without revealing individual phase space coordinates
US20240064001A1 (en) Anonymous aggregation service for sensitive data
US20240380575A1 (en) Server-Mediated Management of Accessory Device Sharing
CN105208029A (en) Data processing method and terminal device
CN104380653B (en) For the secret protection of participatory sensing system
US20230328635A1 (en) Non-Waking Maintenance of Near Owner State
WO2021225497A1 (en) Beacon-based privacy-preserving communication system for tracing of mobile device users
Abdo et al. Operator centric mobile cloud architecture
WO2024233565A9 (en) Server-mediated management of accessory device sharing
Li et al. Secure friend discovery based on encounter history in mobile social networks
US20220345383A1 (en) Wireless communication method, terminal device, and server
Saha et al. D2D opportunistic local content dissemination sans location sharing
Kaur et al. Implementation of Secure Authentication Mechanism for LBS using best Encryption Technique on the Bases of performance Analysis of cryptographic Algorithms
US20250088825A1 (en) Privacy-preserving techniques for locating contacts
US20250097032A1 (en) Service processing method and apparatus, network device, and storage medium
Wiesner et al. Private pooling: A privacy-preserving approach for mobile collaborative sensing
Marias et al. Applying privacy on the dissemination of location information
US12445273B2 (en) Sharing keys for a wireless accessory

Legal Events

Date Code Title Description
NUG Patent has lapsed