Academic journal article Journal of Theoretical and Applied Electronic Commerce Research

A System for Locating Mobile Terminals with Tunable Privacy

Academic journal article Journal of Theoretical and Applied Electronic Commerce Research

A System for Locating Mobile Terminals with Tunable Privacy

Article excerpt


A number of approaches for capturing and processing location information of mobile users have been proposed in the past; however, only with the latest advances in the handset technology, a terminal-based positioning approach, using overlay SIP signaling on top of a packet switched bearer and area notification as basic functionality becomes feasible for mass applications. Especially in electronic commerce scenarios, in which users often interact with non-trusted services and shops, any location-based solution has to consider privacy aspects as well. The terminal-centric model presented in the paper leads to a simple and efficient way to achieve tunable privacy: mobile users define own "zones" and selectively disclose them to their buddies and to external services. As a result, localization can be performed only in the allowed places and by the allowed watchers, both parameters being configured by the user herself on her mobile terminal. We describe the system architecture, protocols and present representative technical scenarios.

Key words: Location, zones, privacy, SIP, GPS, presence, notification events, GML, IETF Geopriv, m-advertising

1 Introduction

The Location Based Services (LBS) in operation nowadays provide added value mainly by using the physical position of mobile users. This location data may consist of geographical coordinates, access point cell IDs, or civil location in form of postal addresses.

Some of the privacy problems arising through disclosure of location information have been solved in the past through anonymity and pseudonymity [22], [4] achieving unlinkability between user identity and position data, and between successive locations of the same user [6], [19]. Location privacy should to be protected also when the interacting parties and services trust each other: however, for communicating friends or even within the family, hiding the identity behind pseudonyms does not make much sense [15]. The same applies for trusted services run by the employer of the user in the health or logistics sector, for emergency or insurance services. For example, in case of an emergency service the business model could be the following: as a part of an insurance contract, the user allows the service provider to subscribe to location events restricted to the visited zone (e.g. ski region, mountaineering, safari, etc). In the following, we mention some more application examples:

* A mobile user wants to localize any other user from her address book.

* A health worker visits patients at home. The locating service operated by the employer would help answer queries about the worker's time schedule and delays (from Myles et al. [17]).

* An advertisement service responsible for several shopping or entertainment locations, would push information to the users passing nearby

* A service provider operates an emergency service in a ski region and needs to know and communicate with all users present in a certain area in case of an avalanche or of other accidents.

The scheme described in this paper applies for all the applications mentioned above and delivers user tunable privacy.

1.1 Architectural prerequisites

At the core of location based services are positioning techniques. Küpper [14] categorizes them along three dimensions into terminal- and network-based positioning, satellite, cellular and indoor positioning, stand-alone vs. integrated infrastructure. For our approach we advocate the terminal-based positioning architecture since it allows processing the location information at its source, at the user terminal itself. The superiority in accuracy and performance over the cellular network-based positioning becomes relevant in the triggered location update (or notification) mode: instead of repeatedly polling the current position of the target terminal, the watching entity subscribes to events triggered when the target enters or leaves a certain circular or rectangular area. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.