PRIORITY CLAIM

[0001] This application claims the benefit of U.S. Provisional Application No. 62/236,108 filed October 1, 2015, the entire content of which is hereby incorporated by reference.

FIELD

[0002] The present disclosure relates generally to wireless communication, and, more particularly, to enable location privacy of a wireless device.

BACKGROUND

[0003] Many electronic devices are using wireless connection technologies today. Some examples are laptops, mobile phones, fitness trackers, Internet of Thing (IoT) tags. There are many benefits in using wireless connectivity, and because most of the sensitive data being transmitted can be and usually is encrypted, this mode of communication proves to be adequately secure. However, wireless connectivity also means that the device itself and its transmission are detectable by parties not explicitly authorized by the device owners or operators, and this may pose a privacy threat to the user.

[0004] Wireless transmission protocols use hardware address, namely, Media Access Control (MAC) address of a network interface to discover a second endpoint and to direct transmissions thereto. These hardware addresses had been static for many protocols, but with recent advancements in Bluetooth LE specifications, they may be dynamically changed when the communication devices are Bluetooth Privacy enabled. Changing hardware address, however, requires prior pairing of the Bluetooth LE devices to communicate with each other. When such pairing is performed, the paired devices can establish wireless communication using a hardware address either generated in a random way, or based on a certain algorithm described in Bluetooth Privacy specification.

[0005] Being able to detect the hardware network interface signature in the wireless medium allows unauthorized third party to locate and even map movements of the wireless device user, provided that the third party has access to the appropriate network of wireless signal detectors or network sniffers.

[0006] As such, it is desirable to provide a system and method for enabling location privacy of a wireless device.

SUMMARY

[0007] It is an object of the present invention to provide a system and method for enabling wireless communication to take place while protecting the device user's privacy. It is another object of the present invention to provide a system and method for enabling wireless device detection and recognition by parties authorized to do so, without the need of prior pairing the devices.

[0008] It is another object of the present invention to provide a system and method for enabling wireless device detection and recognition by parties authorized to do so, where the authorization is temporary.

[0009] Disclosed and claimed herein is a system and method for generating identification information for a wireless device which includes a register for storing a first data, a function store for storing a plurality of functions, a timer for providing a first and second time, a processing unit configured to run a first one of the plurality of functions at the first time with the first data as an input and outputting a second data to an output buffer, the processing unit configured to run a second one of the plurality of functions at a second time with the second data as an input and outputting a third data to the output buffer, a data setting unit configured to convert the second and the third data into at least a part of a first and a second identification information, respectively, and a radio interface configured to transmit the first and the second identification information at different time. [0010] Other aspects, features, and techniques will be apparent to one skilled in the relevant art in view of the following detailed description of the embodiments.

BRIEF DESCRIPTION OF THE DRAWINGS

[0011] The drawings accompanying and forming part of this specification are included to depict certain aspects of the present disclosure. A clearer conception of the present disclosure, and of the components and operation of systems provided with the present disclosure, will become more readily apparent by referring to the exemplary, and therefore non-limiting, embodiments illustrated in the drawings, wherein like reference numbers (if they occur in more than one view) designate the same elements. The present disclosure may be better understood by reference to one or more of these drawings in combination with the description presented herein. It should be noted that the features illustrated in the drawings are not necessarily drawn to scale.

[0012] Fig. 1 illustrates a communication network where location of a wireless device can be discovered in real time or retroactively.

[0013] Fig. 2 is a block diagram of a system for dynamically generating a device identification information according to an embodiment of the present invention.

[0014] Fig. 3 is flowchart depicting an operation of the system shown in Fig. 2.

[0015] Figs. 4A and 4B are block diagrams illustrating operations of embodiments of present invention.

[0016] Fig. 5 is a flowchart depicting an exemplary process of discovering location of a wireless device according to an embodiment of the present invention.

[0017] Fig. 6 is flowchart depicting an exemplary process of letting a wireless device be discovered according to an embodiment of the present invention. DESCRIPTION

[0018] One aspect of the disclosure relates to allowing location privacy of a wireless device in a communication network. Embodiments of the present disclosure will be described hereinafter with reference to the attached drawings.

[0019] Fig. 1 illustrates a communication network 100 where location of a wireless device 120 can be discovered in real time or retroactively. The

communication network 100 includes a wireless, cellular, satellite or other type of carrier network 115, a network infrastructure element 112 all connected to a private network or the Internet 102. Wireless device 120 along with smartphones 132 are within the range of the communication network 100. An exemplary server 170, an exemplary computer terminal 161 and an exemplary smartphone 152 are also connected to the Internet 102. The server 170 manages information flow in the communication network 100 and stores data in a database 174. A user can access the communication network 100, such as inquiring location of the wireless device 120, through either the computer terminal 161 which has an Internet browser installed or the smartphone 152. The user may also access the wireless device 120 or the server 170 via other servers or some automated services via appropriate application programming interfaces (API). Alternatively, the smartphones 132 and the server 170 may also be used to detect location of the wireless device 120.

[0020] In operation, the wireless device 120 sends wireless signals through a wireless medium by either advertising its existence, or in response to a wireless communication it receives. Packets of data sent wirelessly by the wireless device 120 include its identification information, such as hardware address and service identifier (ID), to allow it to be distinguished from other devices over a wireless medium as a separate endpoint for communication. Here the service ID is any data advertised by the wireless device 120 prior to pairing with another device or connecting to the network 100.

[0021] Armed with knowledge of the identification information, the smartphones 132 and 152 and the computer terminal 161 can serve as detectors of the wireless device 120. However, if the wireless device 120 changes its identification information periodically and the detectors do not possess appropriate data or keys corresponding to the changed identification information, the wireless device 120 can avoid being detected or tracked and therefore maintains its privacy. The changing of

identification information can be carried out either deterministically or randomly.

[0022] On the other hand, if a wireless device detector, such as the smartphone 132, is compliant with the system and method of the present invention and possess an appropriate key which is valid for a current time, it can calculate the current hardware address or service identifier of the wireless device 120, and therefore is able to detect the wireless device 120. If the smartphone 132 also have a key that allows for calculating a password for establishing connection, pair or encryption between two wireless devices, the smartphone 132 is also able to be connected to the wireless device 120, or paired to the wireless device 120 and exchange encrypted data thereto.

[0023] To enable global discovery of the wireless device 120's identity and location by trusted parties, other wireless mobile devices, such as smartphones 132 that have the appropriate key, connect through the wireless, cellular, satellite or other carrier network 100, to the Internet or a private network 102, and report their own locations together with the wireless device 120's identifier, to the server 170 which then stores the data in the database 174.

[0024] Similarly, a stationary detector 143 having the appropriate key connects through the wireless or wired network to the Internet or a private network 102, and reports its own location together with the wireless device 120's identifier, to the server 170 which then stores the data in the database 174.

[0025] Fig. 2 is a block diagram of a system for dynamically generating a device identification information according to an embodiment of the present invention. The system includes a central processing unit (CPU) 202, a seed register 221, a timer 242, a function store 210 and a hash buffer 230 all exemplarily reside in the wireless device 120 shown in Fig. 1. In an embodiment, the seed register 221 is implemented with a non- volatile memory storing a secret seed data established in whole or in part by a user. The timer 242 generates time-based variable, such as a time stamp, a date, day, hour, minute and second, etc., to the CPU 202. The function store 210 can be implemented by either a program code stored in a semiconductor memory or by an integrated logic circuit such as a field-programmable-gate-array (FPGA) for storing a plurality of hash functions (0:n).

[0026] In an embodiment, the CPU 202 inputs the seed data at a certain time with a time-based variable and runs a hash function (0) to produce a hash value (hash (0) to be outputted and stored in the hash buffer 230. The hash value (hash (0)) can be subsequently used to produce an identification information for the wireless device 120. At another time, the CPU 202 may input a hash value from the hash buffer 230 and runs a different hash function (i) to produce a different hash value (hash (i)) which is outputted to the hash buffer 230 and subsequently used to produce a different identification information for the wireless device 120.

[0027] Fig. 3 is flowchart depicting an operation of the system shown in Fig. 2. At time (0), the CPU 202 runs hash function (0) with a seed data 302 and time-based variable 305 as inputs, and produces a hash (1) value 312 which is stored in the hash buffer 230 and can be subsequently used to produce a device identification information. At time (1), the CPU 202 runs hash function (1) 318 with the hash (1) value 312 and time (1) based variable 315 as inputs, and produces hash (2) value (not shown). Such operation can repeat for a predetermined number (n) of iterations as depicted in Fig. 3. When the last predetermined hash function (n) 328 is operated on hash (n) value 322 and time (n) based variable 325, a result 332 is generated, which is also stored in the hash buffer 230 and can be used to calculate a device identification information. In such a way, the device identification information changes over time either deterministically or randomly depending on how the time (0:n) are set.

[0028] In embodiments, an exemplary method for deriving a hardware address or MAC and a service ID from the result 332, can be as follows. 1) For the 6 byte MAC address, take the vendor assigned 3 bytes as first 3 bytes of the MAC address, and 3 first bytes of the result 332, as bytes 4-6 of the MAC address. 2) For the 8 byte MAC address: take the vendor assigned 3 bytes as first 3 bytes of the MAC address, and 5 first bytes of the Result 10, as bytes 4-8 of the MAC address. 3) Take bytes 11 - 30 of the result 332 as a Service ID. However, other methods of deriving the hardware address or MAC and the service ID from the result 332 may be used as well.

[0029] An exemplary method for deriving the pairing/ connection/ encryption password from the result 332 can be as follows. Take first 16 bytes of the result 332, and use them directly as the password. Another possible method can be: taking the result 332, concatenate it with a secret value unique to the device or a salt, perform a hash function on the concatenated value and use the result of the hash function directly as the password. Other methods for deriving the pairing / connection / encryption password from the result 332 can be used as well.

[0030] In embodiments, a data setting unit may perform the above exemplary methods of producing either the hardware address/ service ID or the password by converting hash values and combining them with other data. In one embodiment, the data setting unit may be implemented by the CPU 202.

[0031] As aforementioned that the device identification information can be hardware address or service identification or both. In embodiments, password used for establish connection, pairing or encryption between two wireless devices can also be dynamically altered by the system and method depicted in Figs. 2 and 3.

[0032] Although Fig. 3 depicts a particular hash function running on a particular hash value as an input, in embodiments, a hash function can take in any

predetermined hash value or the seed data for producing a next hash value. By pairing a hash function with different hash values, the number of alternative hash values is significantly increased.

[0033] A user, who is in possession of either the wireless device 120's seed data, or the appropriate key, i.e., the hash values (hash (0:n)) associated therewith, and wishes to locate the wireless device 120, may generate and distribute the key or keys valid for appropriate period of time to a smartphone 132, for instance, that comply with the system and method of the present invention. The smartphone 132 will then look for the location of the wireless device 120, and report the location information to the server 170, or directly to the user on the smartphone 132 via email, text message or other forms of communication.

[0034] In embodiments, by sharing the seed, a user allows the recipient to calculate appropriate values indefinitely. By sharing the hash function (0)'s result, a user allows the recipient to calculate appropriate values for a given month for any day and hour. After the month changes, the recipient will lack the hash function (0)'s result needed to calculate values for any other month. By sharing the hash function (l)'s result, a user allows the recipient to calculate appropriate values for any hour in a given day in a given month. By sharing the hash function (2)'s result, a user allows the recipient to calculate appropriate values for a given hour in a given day in a given month only. The user can share more than one result, thus giving him/her more granular control of time for which the recipient can calculate appropriate values.

[0035] To enable retroactive global device discovery and locating, i.e., discovering the location of the wireless device 120 in time before a user distributes appropriate key or keys to a wireless devices or network detectors 132, stationary detectors 143, and other network infrastructure elements 112, that comply with the system and method of the present invention. A device that does not possess the key or keys required to discover or recognize the wireless device 120, may report to the server 170 their own location and hardware addresses and/ or service IDs of all wireless devices they discover or only of some based on the value of the hardware address or the service ID. The server 170 stores this data into the database 174.

However, such data itself does not allow for locating device 120. If a user decides to locate the wireless device 120 retroactively, and supplies server 170 with the appropriate keys, the server 170 can calculate the hardware addresses or service IDs of wireless device 120 for a given time— using the system and method depicted in Figs. 2 and 3, and look them up in the database 174 of previously stored hardware addresses or service IDs and corresponding locations information. In this way, the server 170 can provide the user with location information of the wireless device 120 at a certain period of time, while protecting the privacy of the other users.

[0036] The process of the present invention also allows for establishing a shared secret between two parties: A and B, that would change over time, and where party A could disclose the key to party B, allowing party B to find out what is the valid shared secret for the defined time period. After this period passes party B would not be able to calculate a valid shared secret. This process could be used by party A to disclose multiple keys to other parties, valid for different periods of time, not requiring establishing a public key cryptography infrastructure for time limited access control or communication with the device controlled by party A, also not requiring any online connectivity to that device.

[0037] Figs. 4A and 4B are block diagrams illustrating operations of embodiments of present invention. Referring to Fig. 4A, a wireless device includes a CPU 402, a memory 415, a real time clock 423, a register 435, an output buffer 445, a radio interface 450 and an antenna 462. The memory 415 stores and provides execution codes and hash functions to the CPU 402. The register 435 stores a seed data and a password seed data. The real time clock 423 provides a current time required for calculations. The radio interface 450 allows the device to communicate wirelessly using one or more standards, including but not limited to Bluetooth, Bluetooth Low Energy, WiFi, ZigBee and others.

[0038] In an embodiment, identification information such as hardware address and service ID stored in the output buffer 445 are calculated and converted by the CPU 402 from the seed data stored in the register 435 in predefined time intervals and changes them accordingly based on real time clock 423. Similarly, the password stored in the output buffer 445 for establishing network connection, pairing or encryption between two wireless devices is also calculated and converted by the CPU 402 from the password seed data stored in the register 435. Then the hardware address, the service address and the password stored in the buffer 445 can be transmitted through the radio interface 450 and the antenna 462 for the wireless device to be identified by other devices in the same communication network 100.

[0039] Referring again to Fig. 4A, by using the seed data for calculating and converting device hardware address or dynamic service ID, and the different password seed data for calculating and converting a password for establishing connection, pairing, encryption, a user can allow the recipient to discover the wireless device 120, but not to connect thereto, pair with it or exchange encrypted data with it.

[0040] Referring to Fig. 4B, in an embodiment, the hardware address stored in the buffer 445 is derived from a list of hardware address stored in a register 475 using the system and method depicted in Figs. 2 and 3. Similarly, the service ID stored in the buffer 445 is derived from a list of service ID stored in the register 475; and a password stored in the buffer 445 is derived from a list of password stored in a register 475. The real time clock 423 provides timing control for new hardware address, service ID and password generation, so that at different time, the wireless device transmits a different hardware address, service ID or password to avoid detection or allow a time-sensitive detection as depicted in Figs. 2 and 3.

[0041] Referring to both Figs. 4A and 4B, the service ID stored in the output buffer 445 is a dynamic service identifier. The service ID can be optionally

determined and set using the process depicted in Figs. 2 and 3. The hardware address stored in the output buffer 445 is assigned to the radio interface 450, and is determined using the method depicted in Figs. 2 and 3, or alternatively the hardware address can be determined randomly, in which case the service ID must be determined and set using the process depicted in Figs. 2 and 3. In both cases the connection, pairing, encryption password, can be either static, or determined and set using the process depicted in Figs. 2 and 3.

[0042] Fig. 5 is a flowchart depicting an exemplary process of discovering location of a wireless device according to an embodiment of the present invention. The process begins with refreshing a database for "lost item" in step 502. Then the lost item's hardware address at a current time is calculated in step 505 based on the information stored in the database. As time elapses, a new hardware address may have to be calculated based on the information stored in the database. In step 508, a discovery device scans a surrounding area and looks for the wireless devices with the calculated hardware address. In step 512, the discovery device performs detection. If there is a wireless being detected, then a comparison between the calculated hardware address and a hardware address of the detect device is performed in step 522. If the two hardware address matches, the discover device reports location information of the detected device to a server in step 525. Then after waiting for a first predetermined time, for instance one minute, in step 515, the discovery device checks a time duration since the current database is last updated in step 542. If time duration is less than a second predetermined time, for instance thirty minutes, the process returns to step 505, i.e., calculating the hardware address again. If the time duration is longer than the second predetermined time, the process returns to step 502, i.e., refreshing the database.

[0043] In step 512, if there is no device within the network is detected, the process goes straight to steps 515 and 542.

[0044] In step 522, if the two hardware address do not match, then a checking whether the detected device being in the range of retroactive searchable devices is performed in step 532. For retroactively searching a wireless device, a user may supply appropriate hash value or keys to the server 170, which can then calculate the identification information for a given time using the system and method depicted in Figs. 2 and 3. After the calculation, the server 170 looks up the calculated

identification information in the previously stored data in the database 174. In this way, the server 170 can provide the user with appropriate knowledge to

retroactively acquire location information of the wireless device.

[0045] In step 532, if the detected device is not in the range of retroactive searchable devices, the process does not report anything in step 535 and

subsequently goes through steps 515 and 542 for repeating the detecting process. In step 532, if the detected device is not in the range of retroactive searchable devices, the process reports nothing is step 535 and goes through steps 515 and 542 for repeating the detecting process.

[0046] Although the detecting process shown in Fig. 5 uses hardware address as the identification information for detecting location of a wireless device, in other embodiments, service ID can be similarly used for the same purpose.

[0047] Fig. 6 is flowchart depicting an exemplary process of letting a wireless device be discovered according to an embodiment of the present invention. The discovery process begins in step 601 for determining if a wireless device's hardware address should be randomly generated. If the answer is "no", the discovery process calculates the hardware address for the wireless device based on a seed value and set it in step 603. Then the discovery process further detects if a service ID should be calculated and advertised in step 612. If the answer is "no", the discovery process advertises a static service ID which is not calculated or no service ID at all in step 615 to indicate presence of the wireless device.

[0048] In step 601, if the answer is "yes", the discovery process set a random hardware address in step 604, and then calculates a service ID based on a seed value and set it in step 606. Then the discovery process advertises the calculated service ID in step 608.

[0049] In step 612, if the answer is "yes", the discovery process also performs steps 606 and 608, i.e., calculating a service ID and advertising it.

[0050] Following step 608 or 615, the discovery process check if a password should be dynamically calculated in step 622, wherein the password is used for establishing connection, pairing and encrypting between two wireless devices. If the answer in step 622 is "no", the discovery process waits a third predetermined time, for instance one minute in step 628 before returning to step 601 for repeating another round of the discovery process. If the answer in step 622 is "yes", the discover process calculates a password based on a password seed value and sets the calculated password in the output buffer 445 in step 625. Then the discovery process goes through the waiting step 628 and returns the step 601 for repeating another round of the discovery process.

[0051] While this disclosure has been particularly shown and described with references to exemplary embodiments thereof, it shall be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit of the claimed embodiments.