HK1206883A1 - System and method for providing conditional access to transmitted information - Google Patents

Abstract

This disclosure relates to systems, methods, computer program products, and means that control access to position information at a receiver, or at another device external to the receiver, based on various considerations, including a requested service type, a user type, a device type, a software application type, a payment, and/or other characteristics associated with a particular software application or distributor of that software application. The disclosure further relates to systems, methods, computer program products and means for carrying out secure data transmissions intended for a particular application among other applications.

Description

System and method for providing conditional access to transmitted information

Technical Field

The present disclosure relates generally to positioning systems and methods. More particularly, but not exclusively, the present disclosure relates to systems and methods for controlling access to location information.

Background

Systems for providing location information are known in the art. For example, radio-based systems (LORAN, GPS, GLONASS, etc.) have provided location information for people, vehicles, equipment, etc. However, these systems have limitations associated with factors such as positioning accuracy, transmit and receive signal levels, radio channel interference, and/or channel problems such as multipath, device power consumption, and the like.

The determination of the exact location of a mobile subscriber can be very challenging. If the subscriber is indoors or located in an urban area with obstructions, the subscriber's mobile device may not be able to receive signals from GPS satellites, and the network may be forced to rely on less accurate network-based trilateration/multilateration positioning methods. Furthermore, if a subscriber is in a multi-storey building, it is only known that the subscriber is within the building and not which storey they are located, which can lead to delays in providing emergency assistance (which can be potentially life-threatening). Clearly, there is a need for a system that can assist a subscriber's computing device (e.g., a mobile computing device) in speeding up the location determination process, providing greater accuracy (including vertical information), and addressing some of the challenges of location determination in urban areas as well as inside buildings.

Furthermore, location information transmitted in a GPS-like system is readily available to various devices without any option of managing which device has access to the location information, or more specifically which software application on the device can use the location information. This lack of management can create a bandwidth burden for network operators, where multiple applications between multiple devices communicate location information over the network to third party services associated with those applications. Having the ability to manage the use of location information would also allow network operators to maintain better service levels for their customers while reducing unnecessary bandwidth usage. Furthermore, providing better control over the network operator will allow per-monetization at the application level or service level for each user equipment or user of each user equipment. Accordingly, there is a need for an improved positioning system that addresses these and/or other problems with existing positioning systems and devices.

Disclosure of Invention

Systems, methods, and computer program products for providing a computing device with conditional access to location information are described, the computer program products including a computer usable medium having a computer readable program code encoded therein, the code adapted to be executed to implement a method for providing a computing device with conditional access to location information. For example, certain methods of the present disclosure relate to systems, methods, computer program products, and apparatuses for controlling access to location information by one or more applications. The systems, methods, computer program products, and apparatuses may decrypt a first set of encrypted location signals received from a network of terrestrial transmitters using a first key. The systems, methods, computer program products, and apparatus may also determine location information from decrypting a first set of location signals and identify the first set of location information, wherein the first set of location information is identified based on a first level of service associated with a first application. The systems, methods, computer program products, and apparatuses may also encrypt the first set of location information using a second key and provide the encrypted first set of location information to the first application. Various additional aspects, features and functions are described below in connection with the figures.

Drawings

Attention is directed to the drawings and detailed description.

FIG. 1 depicts a diagram showing details of a terrestrial location/positioning system on which embodiments may be implemented;

FIG. 2 shows a diagram illustrating certain details of one embodiment of a terrestrial location/positioning system on which embodiments may be implemented;

fig. 3 depicts a diagram of a transmitter/beacon;

FIG. 4A depicts a diagram showing details of one embodiment of a receiver;

FIG. 4B depicts a diagram showing details of one embodiment of a receiver/user device and other components external to the receiver/user device;

FIG. 4C depicts a diagram showing details of another embodiment of a receiver and other components external to the receiver/user device;

FIG. 5A illustrates a process for determining location information related to a receiver and controlling access to the location information at the receiver;

FIG. 5B illustrates a process for assigning location information for an E-911 call;

FIG. 5C illustrates a process for an unprovisioned key;

FIG. 5D illustrates a process for pre-provisioned keys;

FIG. 6 illustrates a process for providing conditional access to location information;

FIG. 7 illustrates a process for providing conditional access credentials;

FIG. 8 shows a process for processing location information;

FIG. 9 illustrates types of data for use during a conditional access process;

FIG. 10A illustrates a packet structure;

FIG. 10B illustrates a bit sequence for use in accordance with certain aspects; and

fig. 11 shows a process for providing conditional access to location information at a receiver/user equipment.

Detailed Description

Various aspects of the disclosure are described below. It should be apparent that the teachings herein may be embodied in a wide variety of forms and that any specific structure, function, or both being disclosed herein is merely exemplary. Based on the teachings herein one skilled in the art should appreciate that any aspect disclosed may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, a system may be implemented or a method practiced using any number of the aspects set forth herein.

The term "exemplary," as used herein, is meant to serve as an example, instance, or illustration. Any aspect and/or embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other aspects and/or embodiments.

SUMMARY

The present disclosure relates generally to positioning systems and methods for providing signaling for position determination and determining high accuracy position/location information using a wide area transmitter in communication with a receiver (also referred to herein interchangeably as user equipment, user terminal/UE or similar terminology), for example, in a cellular telephone or other portable device. Location signaling services associated with certain aspects may use broadcast-only beacons/transmitters configured to transmit encrypted location signals. A receiver with a suitable chipset is able to receive and use positioning signals based on airlink access authentication techniques including authentication by means of decrypting the location signals using a stored copy of the airlink access credentials (ALAC) during an initial decryption phase. Once using the ALAC decryption during the initial decryption phase, the receiver may provide conditional access to the location information to a particular software application running on the receiver based on the additional decryption phase, using an Authorized Service Level Certificate (ASLC) associated with that software application.

Various components within the receiver may be used to perform the decryption stage. For example, decryption of the broadcast signal may occur at the GPS chip along with the ALAC, which is provided into firmware in a secure hardware area (e.g. in the GPS chip). By comparison, decryption of location information using an ASLC may occur at another chip (e.g., a processor of a receiver) along with the ASLC that is not provided in firmware (e.g., accessible via a different level of software). Of course, alternative configurations will be understood by those skilled in the art.

Once decrypted, the location information may be processed by a processor (e.g., a positioning engine) to calculate various positioning signal data (e.g., latitude, longitude, and amplitude) to vary the accuracy. An example of amplitude calculation is provided in U.S. utility patent application serial No. 13/296,067 entitled WIDE area position SYSTEMS, filed on 14.11.2011, which is incorporated herein by reference.

Two-stage decryption of the location information at the receiver provides several advantages over the prior art. For example, aspects of two-stage decryption enable a transmitter and/or receiver to provide a location signal to an authorized receiver and/or an authorized software application (hereinafter "application") while denying access to the unauthorized receiver and the unauthorized application. Similarly, access to location information may be controlled based on user request access or other types of considerations.

Controlling access to location information based on authorization permits carriers and application developers to provide a level of service in a hierarchy that can be purchased based on different business agreements. The hierarchy level may relate to a level of precision, a coverage area, a period of validity, an amount of usage, a period of usage, or other considerations.

The two-stage decryption of the location information at the receiver also reduces the likelihood that an unauthorized user (e.g., a hacker) can gain access to and use the location information, thereby resulting in lost revenue.

The achievement of the above advantages must be balanced against the performance requirements of the positioning system. According to certain aspects, the encryption and decryption stages performed in the system may not include system performance metrics, such as Time To First Fix (TTFF) of the location of the receiver and the accuracy of any location fix. Furthermore, the processing associated with the various conditional access methods described herein may be defined based on the processing power of a particular receiver, which may prevent process-intensive encryption procedures.

According to other aspects, the conditional access features can be applied on a variety of device platforms and can support the distribution models identified in the use cases described herein. Other aspects may involve vendor-based or customer-based provisioning of receivers (in addition to any duplicate provisioning) to support the conditional access methods described herein. For example, various providing embodiments are described herein. Importantly, any of the conditional access procedures described herein must meet any E-911 functional requirements.

Various other aspects, features and functions are described below in connection with the following figures. While the details of the embodiments of the present disclosure may vary and still fall within the scope of the claimed disclosure, it will be understood by those skilled in the art that the drawings described herein are not intended to suggest any limitation as to the scope of use or functionality of the inventive aspects. Neither the drawings nor their description should be interpreted as having any dependency or requirement relating to any one or combination of components illustrated in those drawings.

In the following description, numerous specific details are introduced to provide a thorough understanding of, and enabling description for, the described systems and methods. One skilled in the relevant art will recognize, however, that the embodiments can be practiced without one or more of the specific details, or with other components, systems, etc. In other instances, well-known structures or operations are not shown, or are not described in detail, to avoid obscuring aspects of the disclosed embodiments.

Aspects of the System

FIG. 1 provides an illustration showing details of an example position/location system 100 upon which various embodiments may be implemented. The positioning system 100 (also referred to herein as a Wide Area Positioning System (WAPS) or simply "system") includes a network of synchronized beacons (also referred to herein as "transmitters"), typically terrestrial, and user devices (also referred to herein as "receiver units" or simply "receivers") configured to acquire and track signals provided from the beacons and/or other location signaling, which may be provided by a satellite system, such as a Global Positioning System (GPS) and/or other satellite or terrestrial based location systems, for example. Optionally, the receiver may include a position calculation engine for determining position/location information from signals received from beacon and/or satellite systems, and the system 100 may also include a server system in communication with various other systems, e.g., beacons, network infrastructure (e.g., the internet, cellular, wide or local area networks, and/or other networks). The server system may include various system-related information such as a tower index, a billing interface, one or more cryptographic algorithm processing components (which may be based on one or more dedicated cryptographic algorithms), a location calculation engine, and/or other processing components for facilitating location, motion, and/or position determination for users of the system.

As shown in exemplary system 100, the beacons may be in the form of a plurality of transmitters 110, and the receiver units may be in the form of one or more user devices 120, which may be any of a variety of electronic communication devices configured to receive signaling from transmitters 110, and optionally configured to receive GPS or other satellite system signaling, cellular signaling, Wi-Fi signaling, Wi-Max signaling, bluetooth signaling, ethernet, and/or other data or information signaling known in the art or developed in the future. Receiver unit 120 may be in the form of a cellular or smart phone, a tablet device, a PDA, a notebook or other computing system, a digital camera, an asset tracking tag, and a anklet (anklet) and/or similar or equivalent device. In some implementations, the receiver unit 120 may be a standalone location/positioning device configured to receive only or primarily signals from the transmitter 110 and determine a position/location based at least in part on the received signals. As described herein, receiver unit 120 may also be referred to herein as a "user equipment" (UE), a handset, a smartphone, a tablet, and/or a "receiver.

The transmitter 110 (which is also denoted herein as a "tower") is configured to transmit transmitter output signals to multiple receiver units 120 (for simplicity, a single receiver unit 120 is shown in fig. 1, however, a typical system will be configured to support multiple receiver units within a defined coverage area) via the illustrated communication link 113. The transmitter 110 may also be connected with the server system 130 via a communication link 133, and/or may have other communication connections (not shown) to the network infrastructure 170, e.g., via a wired connection, a cellular data connection, Wi-Fi, Wi-Max or other wireless connection, and so forth.

One or more receivers 120 may receive signaling from multiple receivers 110 via corresponding communication links 113 from each receiver 110. Further, as shown in fig. 1, the receiver 120 may also be configured to receive and/or transmit other signals, such as cellular network signals, Wi-Fi network signals, paging network signals, or other wired or wireless connection signaling via a communication link 163 from a cellular base station (also referred to as a node B, eNB or base station), and satellite signaling via a satellite communication link 153, such as from a GPS or other satellite positioning system. Although the satellite positioning signaling shown in the exemplary embodiment of fig. 1 is shown as being provided from GPS system satellites 150, in other embodiments the signaling may be provided from other satellite systems, and/or, in some embodiments, terrestrial-based wired or wireless positioning systems or other data communication systems.

In an exemplary embodiment, the transmitter 110 of the system 100 is configured to operate in exclusively licensed or shared licensed/unlicensed radio spectrum; however, some embodiments may be implemented to provide signaling in unlicensed shared spectrum. Transmitter 110 may communicate signaling in these various radio frequency bands using novel signaling (as described later herein). This signaling may be in the form of a dedicated signal configured to provide specific data in a defined format for advantageous use for positioning and navigation purposes. For example, as described subsequently herein, signaling may be structured to be particularly advantageous for operation in obstructed environments, e.g., where conventional satellite position signaling is attenuated and/or affected by reflections, multipaths, etc. Further, the signaling may be configured to provide fast acquisition and location determination times to allow fast location determination, reduce power consumption, and/or provide other advantages when the device is powered on or location activated.

Various embodiments of the WAPS may be combined with other positioning systems to provide enhanced positioning and position determination. Alternatively or additionally, the WAPS system may be used to assist other positioning systems. Further, information determined by receiver unit 120 of the WAPS system may be provided via other communication network links 163 (e.g., cellular, Wi-Fi, paging, etc.) to report location and position information to one or more server systems 130 and other network systems present on or coupled to network infrastructure 170. For example, in a cellular network, cellular backhaul link 165 may be used to provide information from receiver unit 120 to an associated cellular carrier and/or other (not shown) via network infrastructure 170. This may be used to quickly and accurately locate the position of receiver 120 during an emergency, or may be used to provide location-based services or other functionality from a cellular carrier or other network user or system.

Note that in the context of the present disclosure, a positioning system is a system that locates one or more of latitude, longitude, and magnitude coordinates, which may also be described or illustrated in terms of a one-dimensional, two-dimensional, or three-dimensional coordinate system (e.g., x, y, z coordinates, angular coordinates, etc.). Furthermore, it is noted that whenever the term "GPS" is mentioned, it should be understood in the broader sense of Global Navigation Satellite Systems (GNSS), which may include other existing satellite positioning systems (e.g. GLONASS) and future positioning systems (e.g. Galileo and Compass/Beidou). Furthermore, as previously indicated, in some embodiments, other positioning systems (e.g., terrestrial-based systems) may be used in addition to or in place of the satellite-based positioning system.

Embodiments of the WAPS include multiple towers or transmitters, such as the multiple transmitters 110 shown in fig. 1, that broadcast WAPS data positioning information and/or other data or information in transmitter output signals to the receivers 120. The positioning signals may be coordinated to be synchronized among all transmitters of a particular system or local coverage area, and may have a regular GPS clock source for timing synchronization. The WAPS data location transmission may include dedicated communication channel resources (e.g., time, coding, and/or frequency) to facilitate the transmission of data needed for trilateration, notification to subscribers/subscriber groups, broadcast of messages, and/or general operation of the WAPS network. A disclosure regarding WAPS data positioning transmission can be found in the incorporated application.

In positioning systems that use differential time difference of arrival or trilateration, the transmitted positioning information typically includes one or more of an accurate time series and positioning signal data, including the position of the transmitter and various timing corrections and other related data or information. In one WAPS implementation, the data may include additional messages or information, such as notification/access control messages to subscriber groups, general broadcast messages, and/or other data or information related to system operation, users, interaction with other networks, and other system functions. The positioning signal data may be provided in a variety of ways. For example, the positioning signal data may be modulated onto, added to, or overlaid on, and/or concatenated with the encoded time series.

The data transmission methods and apparatus described herein may be used to provide improved positioning information throughput for WAPS. In particular, the high order modulated data may be transmitted as a separate portion of information from Pseudo Noise (PN) ranging data. This may be used to allow improved acquisition speed in systems using CDMA multiplexing, TDMA multiplexing, or a combination of CDMA/TDMA multiplexing. The present disclosure is shown in terms of a wide area positioning system in which multiple towers broadcast synchronized positioning signals to UEs, and more particularly, using terrestrial towers; however, embodiments are not so limited and other systems may be implemented that fall within the spirit and scope of the present disclosure.

In an exemplary embodiment, the WAPS uses coded modulation (referred to as spread spectrum modulation or Pseudo Noise (PN) modulation) transmitted from a tower or transmitter (e.g., transmitter 110) to achieve a wide bandwidth. A corresponding receiver unit (e.g., receiver or user equipment 120) includes one or more components, e.g., a matched filter or a series of correlators, for processing the signal using despreading circuitry. Such receivers produce waveforms that ideally have strong peaks surrounded by a low level of capability. The arrival time of the peak represents the arrival time of the signal transmitted at the UE. Performing this operation on signals from towers whose positions are accurately known allows the position of the receiver to be determined by means of trilateration. Various additional details regarding WAPS signal generation in a transmitter (e.g., transmitter 110) and received signal processing in a receiver (e.g., receiver 120) are described later herein.

In one embodiment, WAPS may use binary coded modulation as the spreading method. The WAPS signal of the exemplary embodiment may include two specific types of information: (1) high precision ranging signals (which can be transmitted quickly relative to other signals), and (2) positioning data, such as transmitter ID and location, time of day, health, environmental conditions, such as atmospheric information (e.g., pressure, temperature, humidity, wind direction, and wind force, among other conditions). Similar to GPS, WAPS may communicate positioning information by modulating a high-speed binary pseudorandom ranging signal with a low-rate information source. In addition to this application, the incorporated application discloses embodiments of methods using a pseudo-random ranging signal and a modulated information signal, both of which may use high order modulation, e.g., quaternary or octal modulation. In one embodiment, the ranging signal is binary phase modulated and higher order modulation is used to provide positioning information in a separate signal.

Conventional systems use a position location signal format (e.g., used in a time division multiplexed configuration) in which each time slot transmission includes a pseudo-random ranging signal followed by various types of location data. These conventional systems also include a synchronization or simulcast signal that is deleted if a pseudorandom ranging signal is also used as the simulcast signal. However, as with other earlier systems, the positioning data for these conventional systems is binary, which limits throughput. These systems also transmit a large number of binary bits during the interval in which the positioning data is transmitted.

To address these limitations, in an exemplary embodiment, a binary or quaternary pseudorandom signal may be transmitted in a particular time slot followed by a very high order modulated data signal. For example, in a given time slot, one or more positioning information symbols (symbols) may be transmitted using differential 16-phase modulation to transmit 4 bits of information per time slot. This represents a 4 times improvement in throughput for 1 bit typically transmitted when applying binary phase modulation to a pseudo-random carrier. Other types of modulation of the positioning information may also be used, e.g., 16QAM, and so forth. Furthermore, certain error control modulation methods may be used for higher level modulation, e.g., the use of trellis codes. These modulation methods generally reduce the error rate.

Fig. 2 depicts certain aspects of a positioning system 240 configured to implement the conditional access processes described herein. As shown in FIG. 2, positioning system 240 may perform various functions. For example, the positioning system 240 may generate and construct an available ALAC, which may be generated separately and provided to the manufacturer 210 and/or the service provider 230 in the form of an ALAC block for addition to the user device 220 (e.g., GPS FW images). The ALAC may be implemented in a device specific manner, including the use of a device identifier, and a device specific algorithm to provide an additional layer of protection for the ALAC. Location system 240 may also run a billing and auditing system to track and bill for the use of the location functions provided by location system 240.

Location system 240 may generate and construct available ASLCs to manufacturers 210, user devices 220, service providers 230, and/or external entities 250 (e.g., application developers or providers). The ASLCs may be serialized to include a unique device identifier, e.g., IMEI, MAC address, etc.

The location system 240 may generate and manage developer keys, SDKs, and APIs for external entities 250 that desire to incorporate location information into downloadable applications. Each developer key may have some associated ASLCs based on the service level of the associated application. Each application ASLC may contain a developer key as a unique identifier and may also contain other unique IDs. The location system 240 may also maintain a server to handle requests from applications deployed in the field (i.e., on the user equipment 220) for dynamic transmission of ASLCs to the user equipment 220.

The manufacturer 210 may image one or more ALACs and ASLCs (e.g., obtained from the positioning system 240, or created and maintained separately) onto the receiver along with the requisite firmware ("FW") and software ("SW"). The manufacturer 210 may also load a library of files (library) as images. The manufacturers 210 may include chipset vendors, equipment OEMs, OS vendors, and the like. By comparison, the same ALAC may be used for all transmissions from all transmitters, while a different ASLC may be used for each application on each receiver and based on a particular user account. Both the ASLC and the ALAC may be encrypted at the UE or protected from unauthorized access.

The service provider 230 may provide various services to the user device 220, including cellular services and network-based services. Other services may include any wireless or wired transmission of content (e.g., video content, audio content, image content, text content, other content). The service provider 230 may store the ASLCs associated with the applications that it provides to the user device 220. The service provider 230 may also enable control plane (c-plane) message flow for E-911, as well as network management (when applicable). The service provider 230 may also enable user plane (u-plane) message flow for internal LBS via SUPL.

External entities 250 may include providers that provide various location services to users via their receivers. For example, external entities 250 may include PSAPs, location-based advertising networks, and LBS application developers/publishers, among others. Location system 240 and service provider 230 may provide a range of services to external entity 250 including location assistance, ASLC verification and provisioning, value-added services, billing services, and auditing services.

The user devices 220 may include smart phones, tablets, and connected computer devices. The user equipment 220 may be configured to control access to location information by various applications (e.g., e-911, network management (NW), or LBS). Control of access may be accomplished using an ASLC that is imaged onto firmware or downloaded after the user device 220 is manufactured and enters a commercial stream. As shown, the driver and file library layers may facilitate management of the ASLCs, decryption of the secondary location information, and secondary restriction of use of the decrypted location information by the applications for a plurality of applications and users on the device, based on permissions indicated by the ASLCs. For example, a file repository can associate an ASLC with its related applications (e.g., E911, network management, LBS, etc.), and can provide or arbitrate the transmission of appropriate location information for the applications.

Various system features, including transmitters and receivers, have been described above. Fig. 3 and 4A, 4B, and 4C, described below, provide additional details regarding certain implementations of transmitters and receivers.

Figure 3 shows a diagram illustrating certain details of one embodiment 300 of a beacon/transmitter system from which location/positioning signals described later herein may be transmitted. The transmitter implementation 300 may correspond to the transmitter 110 shown in fig. 1. Note that transmitter implementation 300 includes various components for performing associated signal reception and/or processing; however, in other embodiments, these components may be combined and/or organized in different ways to provide similar or equivalent signal processing, signal generation, and signal transmission.

Although not shown in fig. 3, the transmitter/beacon implementation 300 may include one or more GPS components for receiving GPS signals and providing location information and/or other data (e.g., timing data, dilution of precision (DOP) data, or other data or information that may be provided from a GPS or other location system) to a processing component (not shown). Note that although transmitter 300 is shown in fig. 3 as having a GPS component, other components for receiving satellite or terrestrial signals and providing similar or equivalent output signals, data, or other information may be used for precise timing operations within the transmitter, and/or for timing corrections on the WAPS network.

Transmitter 300 may also include one or more transmitter components (e.g., RF transmission component 370) for generating and transmitting a transmitter output signal, as described subsequently herein. The transmitter components may also include various elements known or developed in the art for providing an output signal to a transmit antenna, such as analog or digital logic and power circuits, signal processing circuits, tuning circuits, buffers and power amplifiers, and the like. Signal processing may be performed in a processing component (not shown) to generate the output signal, which may be integrated with other components described in conjunction with fig. 3 in some embodiments, or may be a stand-alone processing component for performing multiple signal processing and/or other operational functions in other embodiments.

One or more memories (not shown) may be coupled to the processing component (not shown) to provide data storage and retrieval, and/or to provide storage and retrieval of instructions for execution in the processing component. For example, the instructions may be instructions for performing various processing methods and functions described later herein, e.g., for determining positioning information or other information associated with the transmitter (e.g., local environmental conditions), and generating a transmitter output signal that is transmitted to the user equipment 120 as shown in fig. 1.

Transmitter 300 may also include one or more environmental sensing components (not shown) for sensing or determining conditions associated with the transmitter, such as local pressure, temperature, humidity, wind, or otherwise (collectively or individually referred to as "atmosphere"). In an exemplary embodiment, atmospheric (e.g., pressure) information may be generated in the environment sensing component and provided to the processing component for integration with other data in the transmitter output signal as described later herein. One or more server interface components (not shown) may also be included in the transmitter 300 to provide interfacing between the transmitter and a server system (e.g., server system 130 shown in fig. 1) and/or interfacing with a network infrastructure (e.g., network infrastructure 170 shown in fig. 1). For example, the system 130 may send data or information associated with the positioning system and/or the user device to the transmitter 300 via an interface component of the transmitter.

Each transmitter 300 may transmit data at the physical layer with an adjustable number of bits per slot per second (e.g., 96 bits per slot per second), and each transmitter may be independent of the others, including its location information. Transmitter 300 may include various components for generating, encrypting, protecting, modulating, and transmitting data. For example, the transmitter 300 may include a data generation component 310 for generating location information, an encryption component 320 for encrypting location information based on a particular Air Link Access Credential (ALAC), an access credential storage component 330 for storing the ALAC, and other components-e.g., a packet ID/CRC component 340, an encoding, puncturing (puncturing) and interleaving component 350, a modulation component 360, and an RF transmission component 370, among other components not shown. Components 340 and 350 may provide Forward Error Correction (FEC) and CRC schemes, as well as other data formatting schemes, to reduce the effects of fading, path loss, and other environmental conditions. Component 360 provides modulation of data.

Although the modulation and signal structure may vary, where a varying number of bits per frame can be used, it is contemplated that 190 bits per frame may be used for transmissions from transmitter 300. For example, after the encoding overhead, 102 data bits are available, of which 7 bits are reserved for unencrypted frame information, leaving 95 bits for encrypted location information. It is preferable to apply encryption minimally to maintain low overhead. For example, an encryption rate may be approximately 95 bits per 3 seconds. The transmission may repeat itself for several cycles (e.g., 10 cycles or 30 seconds) before the data exchange. Various payloads are contemplated, including: latitude, longitude, amplitude, pressure, temperature, transmission correction, and transmission quality. Other payloads may include security information, service IDs, conditional access data (e.g., ASLC information). These various payloads can be segmented over multiple slots. Those skilled in the art will appreciate other payloads, other numbers of bits, and different ways of grouping payloads.

In some cases, an n-bit indicator is needed to indicate the type of packet being transmitted (information of this type will be transmitted over some packets), or how multiple packets of the same information are related to each other. The packet structure may include the n-bit indicator at any point in the packet. Fig. 10A shows an example of a packet structure showing 4 packet type indicator bits, and other bits, and fig. 10B shows an example of a packet sequence using a 4-bit packet type indicator.

As shown in fig. 10A and 10B, 4 bits may indicate a packet type, and the primary packet payload may include 98 bits. The 4 bits may not be encrypted and the packet type of "0" may be unencrypted and the packet type of "1" may be encrypted. For packet types other than "0" or "1", for example, but not limiting of, bit 5 may be an encryption bit and may indicate whether the packet is encrypted or not. The bit may be unencrypted. Bit 6 may be a hint bit and may indicate that it starts a new packet (1) or continues with a previous packet (0). The bit may be unencrypted. The 7 th bit may be a stop bit and may indicate that it is the last packet (1) or not (0). The bit may be unencrypted. The next 95 bits may include the primary packet payload, which may be encrypted if the encryption bit is 1 and not encrypted if the encryption bit is 0. Optionally, the payload may include an index of the current packet and/or the total number of packets expected to be transmitted with the current information.

Attention is now directed to fig. 4A, which fig. 4A depicts features of a receiver 400 at which a transmitter signal may be received and processed to determine position location/position information (e.g., in lieu of an E-911 or LBS application).

The receiver implementation 400 may correspond to the user equipment 120 shown in fig. 1 and may include one or more GPS components 480 for receiving GPS signals and providing positioning information and/or other data (e.g., timing data, dilution of precision (DOP) data, or other data or information that may be provided from a GPS or other positioning system) to a processing component (not shown). Of course, other Global Navigation Satellite Systems (GNSS) are contemplated, and it should be understood that the disclosure relating to GPS may be applied to these other systems. Note that while receiver 400 is shown in fig. 4A as having a GPS component, other components for receiving satellite or terrestrial signals and providing similar or equivalent output signals, data, or other information may be used instead in various embodiments. Of course, any location processor may be adapted to receive and process location information as described herein or in the incorporated applications.

Receiver 400 may also include one or more cellular components 490 for transmitting and receiving data or information via a cellular or other data communication system. Alternatively or additionally, receiver 400 may include a communication component (not shown) for sending and/or receiving data via other wired or wireless communication networks (e.g., Wi-Fi, Wi-Max, Bluetooth, USB, or other networks).

Receiver 400 may include one or more components 420 (referred to as "components 420") delineated by point edges and configured to receive signals from terrestrial transmitters (e.g., transmitter 110 shown in fig. 1) and process the signals to determine position/location information, as described subsequently herein. Component 420 may be integrated with and/or share resources with other components shown in fig. 4A, such as antennas, RF circuitry, and so forth. For example, the component 420 and the GPS component 480 may share some or all Radio Front End (RFE) components and/or processing elements. A processing component (not shown, but referenced generally herein to indicate processing functionality in receiver 400) may integrate some or all of components 420, or may share resources with some or all of components 420 and/or GPS component 480 to determine position/location information, and/or perform other processing functionality, as described herein. Similarly, cellular component 490 may share RF and/or processing functionality with RF component 410 and/or component 420. A network component 460 is also shown that may refer to a local area network, wide area network, or other network using any type of wired and wireless communication path. Each of the components 410, 420, 460, 480, and 490 may transmit data to the location engine 440, which the location engine 440 uses to determine an estimated location of the receiver 400. The location engine 400 may be implemented as known in the art or developed in the future in the art, including implementations that include a processor configured to calculate an estimated location.

For example, in one embodiment, the group price 490 may be securely transmitted over the control or user plane with the positioning data, or the data may be retrieved directly over an internet link. 490 data on the interface with the cellular modem may also be protected by interface encryption/decryption specific to the receiver 400.

The one or more memories 430 may be coupled with the processing component (not shown) and other components to provide data storage and retrieval, and/or to provide storage and retrieval of instructions for execution in the processing component. For example, the instructions may perform various processing methods and functions described herein, such as decrypting location information and determining location information. Accordingly, some components included between components 420 (e.g., components 421 and 424) may perform processing of location information, decryption keys, and/or other information described herein. Alternatively, some or all of the processing may be performed in a stand-alone processor (not shown).

Location data, including position estimates or information used for remote location calculations, may be communicated to these remote components using industry standard protocols, such as control plane signaling, user plane (SUPL) signaling, or internet/data protocols or some combination of the above.

Receiver 400 may also include one or more environmental sensing components (not shown) for sensing or determining conditions associated with the receiver (e.g., local pressure, temperature, humidity, or other conditions that may be used to determine the location of receiver 400). In an exemplary embodiment, pressure information may be generated in such an environment sensing assembly for use in determining location/position information in conjunction with received transmitter, GPS, cellular, or other signals.

Receiver 400 may also include various additional user interaction components, such as a user input component (not shown), which may be in the form of a keyboard, touch screen, mouse, or other user interaction element. Audio and/or video data or information may be provided in output components (not shown), for example, in the form of one or more speakers or other audio transducers (not shown), one or more visual displays (e.g., a touch screen), and/or other user I/O elements known or developed in the art. In an exemplary embodiment, such an output component may be used to visually display the determined location/position information based on the received transmitter signals, and the determined location/position information may also be sent to the cellular component 490 to reach an associated carrier or otherwise.

Receiver 400 may include various other components configured to perform various features of the present disclosure, including the processes shown in fig. 5A, 6, 7, and 8. For example, the components 420 may include a signal processing component 421, the signal processing component 421 including a digital processing component 421a, the digital processing component 421a configured to demodulate RF signals received from the RF component 410 and also configured to estimate a time of arrival (TOA) for future use in determining a location. The signal processing component 421 may also include a pseudorange generating component 421b and a data processing component 421 c. The pseudorange generating component 421b may be configured to generate "raw" positioning pseudorange data from the estimated TOA, refine the pseudorange data, and provide the pseudorange data to a position engine 440, which uses the pseudorange data to determine the position of the receiver 400. The data processing component 421c may be configured to demodulate the encoded position information, extract encrypted packet data from the encoded position information, and perform error checking (CRC) on the data. The data processing component 421c outputs the encrypted packet data to the first cryptographic component 422.

The first cryptographic component 422 may be configured to decrypt location information from the encrypted packet data based at least on the ALAC stored in the memory 430. Since multiple ALACs may be stored on the receiver 400 and only one of them can be applied at a given time, the first cipher block 422 can use various techniques to determine the correct ALAC key to use. The data packet itself can have a CRC/digest field that only passes the check when the correct ALAC key is applied. In the absence of a CRC/digest field due to packet content limitations, individual fields of the decrypted packet can be checked against the expected range of values for that field. Furthermore, since the receiver is able to retrieve packet data from a plurality of transmitters located in the vicinity of the receiver, the location information from the plurality of transmitters will only pass some correlation checks, e.g. distance between transmitters, geographical identifiers, etc., when the correct ALAC key is selected. The first cryptographic component 422 may also transmit the decrypted location information to an appropriate processing component associated with the E-911 program upon receiving an indication that an emergency 911 call has been initiated.

Components 420 in fig. 4A may also include a second cryptographic component 423, the second cryptographic component 423 being configured to decrypt some or all of the location information based on the appropriate ASLCs stored in memory 430. The ASLC may be determined by an application with requested location information or location fixes. For example, the ASLC may be associated with an LBS application or an E-911 application on the receiver 400.

Once the location information is decrypted by the second cryptographic component 423, the decrypted location information is output to a data unit output component 424, which data unit output component 424 determines discrete data units (e.g., latitude, longitude, amplitude, pressure, temperature, humidity, system time, timing corrections, and/or transmitter IDs) of the location information. The particular data unit of location information may then be communicated to the location engine 440 based on the service level indicated by the ASLC for the application requesting access to the location information.

The location engine 440 may be configured to process the location information (and in some cases, GPS data, cell data, and/or other network data) to determine the location (e.g., level of accuracy, etc.) of the receiver 400 within a particular boundary. Once determined, the positioning information may be provided to the application 450. Those skilled in the art will appreciate that the location engine 440 may represent any processor capable of determining location information, including a GPS location engine or other location engine. The positioning of the various components shown in fig. 4A within the receiver, at different chip spaces, is considered.

As disclosed anywhere herein, and repeated here for clarity, each application on the receiver 400 may require its own ASLC to access location information to determine the location of the receiver 400. In some aspects, one ASLC may be used by multiple applications, and multiple ASLCs may be used by one application, but for different users or in different environments. The ASLC may be used to restrict the use of specific location information during specific time periods and in specific service areas.

E-911, network support and LCS applications/services may be handled independently of each other, wherein their respective ASLCs may be loaded onto the firmware of the receiver 400 or uploaded to memory after manufacture of the receiver 400. Each ASLC may be used to provide each application/service with its own feed of location information. Separate processing paths may be used to further separate these applications/services.

The receiver 400 may have limited hardware/software capabilities dedicated to position determination. The total script available for the conditional access features described herein may be approximately 32 kilobytes. Other scripts are contemplated.

The location information may be processed at the GPS processor, the application processor, or an external server. According to one aspect, the features described herein may be performed on or associated with a GPS Integrated Circuit (IC) at a receiver. For example, a host processor at the receiver may be used to communicate with the GPS IC via a bi-directional serial link. Latitude, longitude, among other information, may be communicated using the serial link. The serial link may be used to verify the exchange (e.g., ASLC) to the GPS IC. It is contemplated that the GPS IC includes a signal processing section that searches for a transmitter (e.g., by correlation with a PN sequence) and demodulates the signal received from the transmitter to retrieve the physical layer payload, which may be (and according to some embodiments described herein) in encrypted form. The decryption engine is capable of decrypting the data before providing it to the next processing layer, which may be a location engine. The location engine may use the decrypted data to calculate the receiver location. The various engines may be provided in the GPS IC or in other receiver circuitry.

Attention now falls to fig. 4B, which fig. 4B depicts the receiver 400 at a first location, and also depicts components located at other locations that are remote from the location of the receiver 400. Receiver 400 and other components may collectively or individually determine location information based on processing of the transmitter signals. Certain aspects of fig. 4A are depicted in fig. 4B. Thus, for some embodiments (but not necessarily all), the description of those aspects relating to fig. 4A may be extended to those aspects in fig. 4B.

As shown in fig. 4B, receiver 400 may include an interface (I/F) encryption/decryption (also referred to as "scrambling/descrambling") component that protects data as it passes through unprotected interface boundaries or is transmitted over unprotected communication signals. In some cases, these I/F components may act on I/F keys generated independently by each receiver 400.

Fig. 4B provides a position calculation at the receiver 400 before the second cryptographic component 423a, which second cryptographic component 423a may provide the results of the position calculation to an application 450 located on the receiver 400, or an application 499a not located on the receiver 400. Alternatively, the location calculation may be performed by a remote component (e.g., the remote location engine 440b of the server) that uses the location data received from the receiver 400 so that the results of the remote location calculation can be returned to the receiver 400 or used by the remote application 499 b.

Data transfers between components depicted by dashed lines in fig. 4B may be performed directly between those components or through intermediate components (e.g., RF component 410 or network component 460). The dashed lines may represent alternative embodiments. For example, the application manager 498a may receive the location data from the second cryptographic component 423a, after which the application manager 498a may cause the location data to be communicated to the remote application service 499a (e.g., through the network component 460, or the RF component 410, or other components in the receiver 400). The remote application service 499a may then use the location data (e.g., a location estimate) to provide e911 or LBS services with respect to the receiver 400.

As another example, the application manager 498a may receive data directly from the data unit output component 424 or through an intermediate component (e.g., an I/F encryption component), after which the application manager 498a may cause the location data to be passed to a remote location engine 440b, which remote location engine 440b calculates an estimated location of the receiver 400 (e.g., latitude, longitude, amplitude of the receiver 400). The remote location engine 440b may communicate the location estimate to the second cryptographic component 423a (e.g., through the network component 460, or the RF component 410, or other component in the receiver 400) or the second cryptographic component 423b for further processing at those components. The second cryptographic component 423b is used, for example, to control access to the position estimate by one or more remote application services 499b or applications 450 running on the receiver 400 (e.g., through communication of the position estimate via the network component 460 or the RF component 410 or other components in the receiver 400). The remote application service 499b or application 450 may then use the position estimate to provide e911 or LBS services related to the receiver 400. Any of the remote components may be co-located or located in different geographic locations.

In fig. 4B, the first cryptographic component 422 outputs the decrypted location information to a data unit output component 424, which data unit output component 424 determines discrete data units of the location information (e.g., latitude, longitude, amplitude, pressure, temperature, other atmospheric information or measurements, system time, timing corrections, and/or transmitter ID). These data units are then transmitted to the location engine 440a or 440 b. The location engine 440a or 440b may be configured to process the location information (and, in some cases, GPS data, cell data, and/or other network data) to determine the location of the receiver 400 within a particular boundary (e.g., a level of accuracy, and other boundaries). Once determined, the positioning information may be provided to the application 450, 499a, or 499b through the second horizontal password 423a or 423b (and possibly through other intermediate components). Those skilled in the art will appreciate that the location engine 440a or 440b may represent any processor capable of determining location information, including a GPS location engine or other location engine.

The second cryptographic component 423a may be configured to encrypt the particular data using a session key for a particular application or group of applications having a particular level of service. The service level may grant certain applications access to certain subsets of data units (e.g., latitude, longitude, amplitude, precision, etc.).

After encrypting the data (e.g., using the session key), the second cryptographic component 423a may then make the encrypted data available to the application 450. The session key may be dynamically generated at the receiver 400 and may be changed periodically to improve security. When a single session key is used for an application group, the session key can be changed when the ASLC validity period has elapsed for any application, thus forcing the application group to request a new session key.

In one embodiment, the second cryptographic component 423 authenticates the ASLC for a particular application before exchanging session keys with the application to enable the application to decrypt data for the application. Initially, the second cryptographic component 423 may receive an ASLC from an application, or may be instructed to query the ASLC from the memory 430 or other location. A particular encrypted data unit of the location information is then accessible to the application.

The ASLC may indicate service level authorization for the application. To manage access only to data authorized for a particular application, the second cryptographic component 423a may exchange session keys with the application for sending encrypted data according to the authorization of the application as indicated in the ASLC.

For remote application 499a, remote application manager 498a may provide a communication interface to transfer ASLCs and session keys between the remote application and second cryptographic component 423 a.

Attention is directed to fig. 4C, which depicts some aspects of the present disclosure that relate to a receiver and other components that transmit data to or receive data from the receiver. As shown in fig. 4C, a location signal is obtained from a transmitter (e.g., using signal processing that punctures the transmitter through correlation with a PN sequence). The signal processing may also demodulate the signal to derive the physical layer payload and the raw time of arrival (TOA) for each transmitter. These signals may be acquired and tracked by various Hardware (HW), Firmware (FW), and/or Software (SW) components. For example, FW and/or HW on the GPS chip may be used to decode the packet from any of the various subframes of the signal transmission and verify the CRC. Alternatively, the host processor can decode and validate the CRC.

The trace HW/FW/SW may be used to generate the original TOA data and transmit the original encrypted data (e.g., packets) to the decryption component. In some embodiments, the packet ID is not encrypted for all packet types. The original encrypted data may be decrypted using an ALAC key within a specific HW/FW (e.g. WAPS specific HW/FW). The ALAC may be encrypted or encapsulated based on a device ID or device class specific to each device. The device specific ID may be used for the right of WAPS location services on the device.

The ALAC decryption process and/or the FW/HW/SW responsible for decryption may vary for the vendor at the chip level, the receiver/handset level, or the carrier level. The original decrypted data along with the original TOA measurements may then be scrambled (e.g., using a scrambling algorithm and device generated key), and the scrambled data may be sent via a protected or unprotected data stream to a location file library running on the GPS chip itself or on the host processor, or both. Scrambling may not be necessary in case the decryption and the location file repository are running on the same HW/FW (e.g. GPS chip).

Locating the library of files may be followed by descrambling the raw data and TOA measurements for future use in the library of files. For example, the descrambled data may be combined into Data Units (DUs) 1 to 5 as follows: DU1 (latitude, longitude, amplitude (LLA) of transmitter); DU2 (pressure/temperature at transmitter); DU3 (timing correction for transmitter); DU4 (time of the network of the transmitter (WAPS time)); and DU5 (identifier of transmitter).

The fine TOA may be generated using the raw and timing corrections from DU 3. The positioning engine may use the various data units (e.g., DU1, DU2, DU5) along with the refined TOA and pressure sensor readings to calculate the LLA of the receiver. Note that DU4 may be used by a positioning engine configured to generate timing signals (e.g., for use where a receiver is used to synchronize other receivers).

The LLA of the receiver or any of DU1 through DU5 may be encrypted based on parameters specific to the requesting application or the group of applications to which the requesting application belongs by the ASLC. Encryption may be performed using a variety of techniques, including random or predefined session keys, other keys defined by the ASLC, or other encryption methods known in the art. Various implementations are contemplated, including implementations in which service level encryption and decryption may involve a single application instance or multiple different application instances.

In one implementation, the encrypted data may include only data for the requesting application, the data being specified by the service level of the application. For example, estimates of the LLA of receivers within a certain level of accuracy may become available (e.g., LLA accuracy within 100 meters, LLA accuracy within 10 meters). In this implementation, a processor located at the receiver can analyze known LLAs with an accuracy of x meters, and then generate different LLAs with an accuracy of y meters depending on the service level authorization. Such an implementation may be beneficial where different paid service levels are associated with varying levels of positioning accuracy.

The positioning engine may use the pressure and temperature readings received in DU2 for each of the multiple transmitters to generate the best estimate of the reference pressure. The reference pressure may be sent in encrypted form to various positioning engines, which may use the reference pressure and the receiver's pressure sensor readings to calculate the amplitude, as described in the incorporated references.

In some SW architectures, the positioning engine may incorporate other measurements from other sources in a hybrid implementation that uses signals from any of Wi-Fi, GPS, WAPS, and other transmitters. Such a hybrid positioning engine may operate in conjunction with the host processor after service level decryption of encrypted receiver LLA or other encrypted data (e.g., any of DU1 through DU 5). Alternatively, the hybrid positioning engine may be run prior to service level encryption, and thus access to data obtained from the hybrid positioning engine is limited to authorized applications.

The discussion above with respect to fig. 4C may apply to MS-assisted (MS-A), MS-based (MS-B), or standalone user plane call flows. In the case of A control plane call flow (e.g., E-911), datA and amplitude estimates in the form of raw or fine TOAs/pseudoranges (for MS-A mode), or datA in the form of llA (for MS-based mode) for the receiver are sent to A Position Determination Entity (PDE), Serving Mobile Location Center (SMLC), or other device for position calculation and forwarding to the PSAP. Such transmission may be via one or more control plane signals of the cellular system.

Note that although not preferred, the location assistance data can be provided to the positioning engine using alternative communication means (e.g., network-based paths, local area network paths, wide area network paths, and other network paths beyond the RF path). Such transmission may be necessary when low signal conditions exist between the receiver and transmitter networks. When communicated using an alternative communication means, the assistance data may be encrypted using a key associated with the ALAC, or using an alternative key specific to that communication means. Alternatively, no ALAC or similar key may be used, but service level encryption and decryption may be used.

Although fig. 4C depicts different components within different HW/FW/SW, some embodiments may incorporate the various components of fig. 4C into one or more hardware components, such as a host processor, a GPS chip, or both.

Aspects relating to the method

Fig. 5A illustrates a diagram detailing a network process for determining location information related to a receiver and controlling access to the location information at the receiver, in accordance with certain aspects. Reference is made to fig. 2 while describing the process illustrated in fig. 5A. Those skilled in the art will appreciate that the process flow shown in fig. 5A is schematic and is not intended to limit the present disclosure to the sequence of stages shown in fig. 5A. Accordingly, stages may be removed and rearranged, and other stages not shown may be performed, which are within the scope and spirit of the present disclosure.

In stage 501, positioning system 240 may create and maintain information for controlled access to location information by receivers. For example, the positioning system 240 may create an airlink certificate (ALAC) (also referred to as a "system level key/certificate") and an unauthorized service level certificate (ASLC) that are not to be used by the UE 220 to decrypt information received from the network (e.g., from the service provider 230 and/or the positioning system 240) prior to using the location information based on the restrictions specified by the ASLC for the particular application that has requested location information on the receiver. In stage 502, the created ALAC and ASLC are provided to the manufacturer 210, and in stage 503, the manufacturer 210 provides the ALAC/ASLC to the UE 220 (e.g. by mapping them in firmware).

At stage 504 (e.g., after the user purchases the UE 220), the UE 220 initiates an application or initiates an emergency 911 call. Prior to step 504, although not explicitly shown, the application may be downloaded to the UE 220. Stage 505 is not necessary where the ASLC associated with the application is already provided by the manufacturer. Otherwise, the UE 220 sends the developer key associated with the application to the network. The developer key may be routed through the service provider 230, the location system 240, and/or a developer of the application, such as the external entity 250 (routing not shown). After receiving and verifying the developer key, the network may then transmit an ASLC for the application to the UE 220, which the UE 220 may then store.

In stage 506, the UE 220 retrieves location information from the network. The location information may be obtained from a broadcast signal originating at the location system 240 and/or may be obtained by the service provider 230. Similarly, the UE 220 may request location information, or monitor for broadcasts of location information.

At stage 507 and 508, the UE 220 may decrypt the location information using an ALAC (e.g., an ALAC associated with a transmitter broadcasting the location information) and an ASLC associated with an application requesting the location information at the receiver.

At stage 509-.

In the case of a 911 call, at stage 511-512, position information, positioning information, and/or information used to determine position (e.g., pseudoranges and information about the transmitter that computed the pseudoranges) is communicated to the service provider 230 and/or a PSAP operating as the external entity 250. Otherwise, at stage 512, for LBS-based applications, the location information may be maintained at the UE 220 to perform location-based services and/or may be transmitted to an LBS entity operating as an external entity for assisting in the provision of location-based services from the LBS entity. Another alternative for an E-911 call is for the receiver to send the encrypted packets and the original TOA information to the server. The encrypted packets may be decrypted at the server to extract the information needed to compute the position solution.

FIG. 5B illustrates a process for describing location information related to a network application or E-911 transaction. Note that the ASLC may or may not be used for E911 transactions. For example, if an ASLC is used for an E-911 call, a particular ASLC may be established for an emergency call with the highest service level and no validity period.

Fig. 6 illustrates a diagram detailing a process for providing conditional access to location information at a receiver, in accordance with certain aspects. Reference is made to fig. 2 and 4A-C while describing the process shown in fig. 6.

As previously described, the encrypted positioning signal data may be communicated to a receiver (e.g., receiver 400 of fig. 4A-4C). Encrypting the positioning signal data helps to guard against its transmission to, and use at, authorized receivers. However, given the bandwidth constraints and limits on processing power at the receiver, robust encryption techniques may not be feasible. Thus, encryption must protect the transmitted data while minimizing the use of data/packet space and without requiring significant decryption at the receiver, which typically does not have the processing power to perform robust decryption for short periods of time.

Other encryption may be used to guard against the use of location information by authorized applications and users based on various parameters (e.g., validity of payments associated with the application, current user location, whether a fixed number of location requests by the user or application have been exceeded, a period of time during which the location information may be accessed, etc.). This second layer of encryption and decryption that controls the distribution of location information to certain applications while limiting access to the location information by other applications is an important feature of the various embodiments described herein because it allows network operators, carriers, application providers/developers, or other entities shown in fig. 2 to monetize the distribution of location information. Furthermore, the second layer of encryption and decryption invalidates various potential attempts by unauthorized users (e.g., hackers) to gain access to location information for unauthorized applications.

Fig. 6 illustrates two stages of decryption associated with an aspect. Those skilled in the art will appreciate variations from fig. 6 that fall within the scope and spirit of the disclosure. At stage 610, the receiver initiates a first application (e.g., automatically in response to some predefined condition, in response to user input). The receiver then determines whether a copy of the ASLC associated with the first application is stored in a memory of the receiver (e.g., memory 430 of fig. 4A-C). If a duplicate exists, the receiver is "provisioned" with the ASLC and stage 630 is run. Otherwise, the receiver is "not provisioned" and stage 620 is run.

At stage 620, the receiver obtains a copy of the ASLC from the network. Fig. 7 details the sub-stages of stage 620. Those skilled in the art will appreciate that stage 620 may be performed after the other stages shown in fig. 6 (e.g., after any stage prior to stage 660).

At stage 630, the encrypted positioning signal arrives at the receiver from the network. The positioning signal may be broadcast by a transmitter or may arrive via other communication paths (e.g., cellular path, network-based path, local area network path). At stage 640, the receiver begins processing the positioning signal. The sub-stages associated with stage 640 are shown in FIG. 8.

At stage 650 the positioning signal reaches the first cryptographic component 422, where it is decrypted using a copy of the ALAC stored in the memory 430. Thereafter, at stage 660, some or all of the location data from the decrypted positioning signal is decrypted by second cryptographic component 423 using the ASLC associated with the first application. The ASLC may be retrieved from storage 430 or from the network (as described in connection with stage 620 and fig. 7).

Finally, at stage 670, the location engine 440 may receive the decrypted location data and the location TOA or pseudorange information in lieu of the first application computing the location of the receiver. The calculation of the location may be determined based on a service level indicated by the ASLC for the first application.

Fig. 7 shows a diagram detailing a process for providing conditional access credentials at a receiver, in accordance with certain aspects and stage 620 of fig. 6. Reference is made to fig. 2 while describing the process shown in fig. 7.

In stage 710, the UE 220 retrieves a developer key associated with the application. The developer key may be stored on the UE 220 after the application is downloaded onto the UE 220. The association of the developer key with the ASLC may be stored at the network (e.g., service provider 230, location system 240, or external entity 250). The ASLC may be application specific and may also be specific to the access level of the UE 220. At stage 720, the developer key is transmitted to the network for processing (e.g., to the service provider 230, the location system 240, and/or the developer or application provider 250).

In stage 730, in response to transmitting the developer key, the UE 220/receiver 400 receives the ASLC related to the developer key/application over the network. At stage 740, the ASLC may be stored for future use. Alternatively, the ASLC may not be stored, such that stages 710 through 730 repeat the next time the application requests location information (which requires the ASLC associated with the application under the two-stage decryption model shown in FIG. 6 and described anywhere herein).

Fig. 8 shows a diagram detailing a process for processing positioning signal data according to certain aspects and stage 640 of fig. 6. Reference is made to fig. 4A-C while describing the process shown in fig. 8. For example, stage 640 may be performed by signal processing component 421 in fig. 4A-C.

At stage 810, the positioning signal received from the transmitter by RF component 410 may be used to estimate the original TOA (e.g., at digital processing component 421 a). The raw TOA estimate may then be converted to raw positioning pseudorange information at pseudorange generating component 421 b.

At stage 820, the positioning signal may be decoded at the data processing component 421 c. In stage 830, the data processing component 421c may perform error detection on the location signal before sending the location information to the first cryptographic component 422 for decoding.

Fig. 11 shows a first stage of decryption, a second stage of encryption, and a third stage of decoding. Those skilled in the art will appreciate variations from fig. 11 that fall within the scope and spirit of the disclosure. Certain stages depicted in fig. 11 may be rearranged or omitted in other implementations. The following discussion generally relates to a receiver, however, the discussion can be extended to one or more processors for performing some or all of the functions specified below.

At stage 1110, a first application is launched (e.g., automatically in response to some predefined condition, in response to user input, or in response to another event or circumstance). The application may originate at the receiver, or at a server located remotely from the receiver, or at another device. The receiver may take various forms, including those shown in fig. 4B-C.

At stage 1120, the receiver acquires a copy of the ASLC associated with the first application. The receiver may retrieve the ASLC from a memory at the receiver, from the first application, or from an external source. The ASLC may specify parameters that determine what information can be provided to/accessed by the first application, and when and how it can be provided to/accessed by the first application, among other conditions. Alternative options for using an ASLC are contemplated, including using only the data in the ASLC and not the certificate.

At stage 1130, encrypted location information arrives from the transmitter to the receiver. Each of the positioning signals may be broadcast from a respective transmitter and may arrive over other communication paths (e.g., a cellular path, a network-based path, a local area network path, or all).

At stage 1140, the receiver begins processing the positioning signal.

In stage 1150, the positioning signal is decrypted using a key (e.g. a key specified by ALAC) stored at the receiver or accessible by the receiver from an external source.

At stage 1160, the receiver may identify or determine location information from the positioning signals. The location information may include raw and refined TOA measurements, Data Units (DUs) described anywhere herein, estimated receiver location coordinates (calculated based on data of positioning signals), modified location coordinates (determined based on estimated location coordinates or other data). The modified location coordinates may be determined based on the parameters from stage 1120. The parameter may indicate location coordinates within a predefined level of accuracy (e.g., distance) that the application is allowed to receive the estimated location coordinates. In this case, the processor may create a new location coordinate based on the level of accuracy (e.g., change the latitude to fall within x measurement units of the estimated latitude, change the magnitude to 0, such that only two dimensions are provided). Providing less accurate location information may enable subscription services on a per-application or per-usage basis.

In stage 1170, one or all of the location information may be encrypted using a key specified by or generated based on the ASLC or data thereof from stage 1120. The selection of location information for encryption may be controlled by service level conditions specified by the ASLC. The service level condition may specify which data is accessible by the first application and may be determined from data described anywhere herein, including some or all of the data described with reference to fig. 9.

At stage 1180, the encrypted location information is decrypted for use by the first application. The processor running the first application may have prior knowledge of the key used to encrypt the location information. This prior knowledge may be obtained by accessing the ASLC (e.g., where the ASLC specifies a key or algorithm for determining a key) or by receiving a key (e.g., where a session identifier is used).

Data-related aspects

FIG. 9 illustrates data for use during a conditional access process, in accordance with certain aspects. As shown, the data may identify or represent an application type (e.g., E-911, LBS, network management, law enforcement), UE ID or UE type, service type (e.g., accuracy of use, extent of use, time of use, data units available), service provider type, manufacturer type, developer type, user ID or user type, request type, or other type of information that may be used as a parameter to determine a service level of an application that determines what location information can be provided to the application, when the location information can be provided, how the location information can be provided, and where the location can be provided. GPS or other time may also be transmitted to monitor usage based on time constraints. Some or all of this data may be incorporated into the ASLC for a particular application and/or UE and may be accessible to the processing component in the future to identify location information that can be encrypted before transmission to an application located locally at the receiver or external to the receiver (i.e., remotely). Each data may be used by a processor on the receiver to filter particular decrypted location information before providing it to an application, device or user in an encrypted form. In other words, the data determines what location information is available, when it is available, for how long it lasts. The ASLC may also include encryption keys or algorithms for creating encryption keys (e.g., algorithms for creating encryption keys using real-time data, or other data that may be distributed in a protected environment or made available during encryption and decryption stages).

The service type may be related to a level of accuracy up to three dimensions, including high range accuracy (e.g., 3 meters), medium range accuracy (25-50 meters), and low range accuracy (400 meters). The service type may also be related to coverage level, including localized, regional, national, and global, among others. The service type may also be related to an effective temporal level that relates to the expiration of access rights on a one-time, monthly, yearly or lifetime basis, among other effective periods. The type of service may also be related to usage levels, including metered and unrestricted. Various combinations of levels may be used.

Similar decryption of location applications for non-cellular devices is also contemplated. For example, through a VoIP application (e.g., Skype)^TM) E-911 calls, cameras/camcorders, etc. that can have an ASLC mapped to their firmware or downloaded into memory.

Aspects relating to use cases

Various types of computing devices and their attachment states are contemplated, including devices that are almost always connected, frequently connected, or rarely connected (rarely connected) to a cellular network, a positioning network, a local area network, or other network. Other considerations are given to the processing power of each of these computing devices.

Types of connections include cellular (e.g., 3G/4G, prepaid), Wi-Fi, wired (e.g., USB, ethernet), and other connections.

Types of computing devices include smartphones, other cellular phones, tablets, laptops, internet TVs, VoIP phones, STBs, DMAs, applications, security systems, PGDs, PNDs, DSCs, M2M applications, geofences of assets, and so forth. Connected receivers are devices such as cell phones, tablets, and laptop computers with available active data channels (e.g., cellular and Wi-Fi/wired ethernet). The always connected receivers are devices such as tablet computers and laptop computers with access to non-cellular devices (e.g., Wi-Fi/wired ethernet). Unconnected receivers or receivers with limited connectivity include receivers with little (few) connection to the internet and no cellular connection.

It is contemplated that an unconnected receiver may be manufactured with a pre-authorized set of ALACs and ASLCs that are programmed for the lifetime of the receiver. The key update beyond its initial period can be transferred to the device via a firmware update (e.g., using a USB connection), or by temporarily connecting the device to a data network. Such an unconnected receiver can determine its position using a suitable RF receiver that receives encrypted position information (e.g., a GPS chip).

Additional aspects

One or more aspects may relate to systems, methods, apparatuses, and computer program products for controlling access to location information by one or more applications. The system may include a processing component for implementing the method. The computer program product may include a non-transitory computer usable medium having a computer readable program code encoded therein, the program code adapted to be executed to implement a method.

The method steps may include: decrypting a first set of encrypted location signals received from the network of terrestrial transmitters using a first key; determining location information from the first set of decrypted location signals; identifying a first set of the location information, wherein the first set of the location information is identified based on a first level of service associated with a first application; encrypting the first set of the location information using a second key; and providing the encrypted first set of location information to the first application.

According to some aspects, the first set of the location information comprises at least one of: position coordinates, timing corrections, and atmospheric measurements from one or more transmitters of the network of terrestrial transmitters.

According to some aspects, the method steps may further comprise: calculating estimated coordinates of a location of a receiver using the decrypted location signal, wherein the first set of the location information includes the estimated coordinates of the receiver.

In accordance with some aspects, the decrypted position signal comprises data specifying atmospheric measurements at each of the terrestrial transmitters, wherein the estimated coordinates comprise amplitude coordinates calculated at the receiver using the decrypted position signal and at least one atmospheric measurement.

According to some aspects, the method steps may further comprise: calculating estimated coordinates of a location of the receiver using the decrypted location signal; and calculating revised coordinates based on the estimated coordinates based on a level of precision permitted for the first application, wherein the revised coordinates are less precise than the estimated coordinates in specifying the location of the receiver, and wherein the first set of location information includes the revised coordinates.

According to some aspects, the method steps may further comprise: identifying a second set of the location information, wherein the second set of the location information is identified based on a second service level associated with a second application, wherein particular location information included in the first set is not included in the second set; encrypting the second set of the location information using a third key; and providing the second set of the location information to the second application.

According to some aspects, the method steps may further comprise: decrypting a second set of encrypted location signals received from the network of terrestrial transmitters using the first key or a third key, wherein the first set of encrypted location signals is received at a first location of the receiver and the second set of encrypted location signals is received at a second location of the receiver; determining additional location information from the second set of decrypted location signals; identifying a second set of the additional location information, wherein the second set of the additional location information is identified based on a second service level associated with a second application; encrypting the second set of the location information using a fourth key; and providing the second set of the location information to the second application.

According to some aspects, the method steps may further comprise: prior to identifying the first set of location information, determining whether information specifying the first level of service is stored on the receiver; upon determining that the information specifying the first level of service is not stored on the receiver, accessing a first developer key associated with the first application; sending the first developer key to a server; and receiving the information specifying the first level of service in response to sending the first developer key to the server.

According to some aspects, the information specifying the first service level is included in a first authorized service level certificate associated with the first application, and wherein the certificate is associated with the developer key.

According to some aspects, the first service level specifies a period of time during which the second key can be used to encrypt the first set of the location information and any subsequent set of any subsequent location information.

According to some aspects, the second key is a session key generated after the location signal is decrypted.

According to some aspects, a first application runs on a remote server and the first set of location information is provided to the remote server.

According to some aspects, the method steps may further comprise: determining the first level of service based on a parameter specified in a first certificate associated with the first application.

According to some aspects, the method steps may further comprise: scrambling the location information prior to transmitting the location information over an unprotected communication path; and descrambling the scrambled location information prior to identifying the first set.

According to some aspects, the method steps may further comprise: scrambling the estimated coordinates prior to transmitting the estimated coordinates over an unprotected communication path; and descrambling the scrambled estimated coordinates before encrypting the first set.

According to some aspects, the method steps may further comprise: selecting the first key from a plurality of keys, wherein the CRC field of the encrypted position signals passes the check only when the first key is used to decrypt the first set of encrypted position signals.

According to some aspects, the method steps may further comprise: selecting the first key from a plurality of keys, wherein the data of the decrypted position signals matches a desired range of values only when the first key is used to decrypt the first set of encrypted position signals.

According to some aspects, the method steps may further comprise: selecting the first key from a plurality of keys, wherein the packet data from the plurality of transmitters passes one or more correlation checks only when the first key is used to decrypt the first set of encrypted location signals that includes the packet data from the plurality of transmitters.

Other aspects

Additional disclosures of various features of the present disclosure are described in the following co-assigned (co-assigned) patent applications, which are hereby incorporated by reference in their entirety for any and all purposes: U.S. utility patent application serial No. 13/412,487 entitled WIDE area position SYSTEMS, filed on 5/3/2012; U.S. utility model patent No. 12/557,479 entitled WIDE area position SYSTEM, filed on 10.9.2009 (now U.S. patent No.8,130,141); U.S. utility patent application serial No. 13/412,508 entitled WIDE AREA POSITIONING SYSTEM, filed on 5/3/2012; U.S. utility patent application serial No. 13/296,067 entitled WIDE AREA POSITIONING SYSTEM, filed on 14/11/2011; application serial No. PCT/US12/44452 entitled WIDE AREA POSITIONING SYSTEM, filed 28/6/2011; U.S. patent application No. 13/535,626 entitled CODING IN WIDE AREA position SYSTEMS, filed on 28/6/2012; U.S. patent application serial No. 13/536,051 entitled CODING IN WIDE AREA Position SYSTEM (WAPS) filed on 28/6/2012; U.S. patent application No. 13/565,614 entitled Cell Organization and Transmission Schemes in a Wide Area Positioning System (WAPS), filed on 8/2/2012; U.S. patent application Ser. No. 13/565,732 entitled Cell Organization and Transmission Schemes in a Wide Area Positioning System, filed on 8/2/2012; U.S. patent application Ser. No. 13/565,723 entitled Cell Organization and Transmission Schemes in a Wide Area Positioning System, filed on 8/2/2012; U.S. patent application Ser. No. 13/831,740 entitled Systems and Methods Configured to estimate receiver Position Using Timing Data Associated with references Locations in Three-Dimensional Space, filed on 14/3/2013; U.S. patent application No. 13/909,977 entitled SYSTEMS AND METHODS FOR location positioning of USER DEVICE filed on 4.6.2013; U.S. patent application No. 14/010,437 entitled SYSTEMSAND METHODS FOR PROVIDING CONDITIONAL ACCESS TO TRANSMITTED INFORMATION filed 8/26 2013; U.S. patent application Ser. No. 14/011,277 entitled METHODS AND APPARATUS FOR PSEUDO-RANDOM CODING IN A Wide Area Position System (WAPS), filed on 27/8/2013. The above applications, publications, and patents may be referred to herein individually or collectively by the term "incorporated reference", "incorporated application", "incorporated publication", "incorporated patent", or otherwise. Various aspects, details, devices, systems and methods disclosed herein may be incorporated with the disclosure in any of the incorporated references.

The systems and methods described herein may track location computing devices or other assets to provide location information and navigation to or from such devices and assets, noting that the term "GPS" may refer to any Global Navigation Satellite System (GNSS), such as GLONASS, galileo, and compass/beidou. The transmitter may transmit the positioning data in a signal received by the user equipment. The positioning data may include "timing data" (e.g., time of arrival (TOA)) that can be used to determine the propagation time of a signal, which can be used to estimate a distance (e.g., a pseudorange) between the user equipment and the transmitter by multiplying the propagation time of the signal by the velocity of the signal.

Various architectures of GPS receivers are contemplated. For example, the logic function of a GPS receiver can be divided into two parts: (1) signal processing, and (2) position calculation. The signal processing functions may be implemented in hardware and the position calculation may be implemented in firmware/software. These functions may be performed on a GPS ASIC "chip" with DSP hardware blocks and an ARM processor subsystem that manages the DSP hardware and calculates position. Such GPS chips typically generate the final latitude, longitude and amplitude in the form of NMEA messages. Alternatively, the position calculation may be performed on an application processor located on the handheld device to add additional positioning information and build a comprehensive position solution. Here, the present disclosure may be used for all implementations (except for other configurations for processing signals and calculating position).

The various illustrative systems, methods, logical features, blocks, modules, components, circuits, and algorithm steps described herein may be implemented, performed, or controlled by suitable hardware as is known in the art or as developed in the future, or by software executed by a processor (also referred to as a "processing device" and also including any number of processors), or by both. The processor may perform or cause to be any one of: processes, calculations, method steps, or other system functions associated with the processes/methods and systems disclosed herein include the analysis, processing, transformation, or creation of data or other operations related to the data. The processor may include a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, servers, or any combination thereof. The processor may be a conventional processor, microprocessor, controller, microcontroller, or state machine. A processor can also refer to a chip, where the chip includes various components (e.g., a microprocessor and other components). The term "processor" may refer to one, two, or more processors of the same or different types. Note that the terms "computer" or "computing device" or "user device" or the like may refer to a device that includes a processor, or may refer to the processor itself. The software may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium. A "memory" may be coupled to the processor such that the processor can read information from, and write information to, the memory. The storage medium may be integral to the processor. The software may be stored on or encoded as one or more instructions or code on a computer-readable medium. Computer readable media can be any available storage media including non-volatile media (e.g., optical semiconductors, magnetic semiconductors), and carrier waves that transmit data and instructions over a network using a network transmission protocol through wireless, optical, or wired signaling media. Aspects of the systems and methods described herein may be implemented as functionality programmable into any of a number of circuits. Aspects may be embodied in processors having software-based circuit emulation, discrete gates, custom devices, neural logic, quantum devices, PLDs, FPGAs, PALs, ASICs, MOSFETs, CMOS, ECLs, polymer processes, hybrid analog and data, and hybrids thereof. Data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof. A computing network may be used to perform the aspects and may include hardware components (servers, monitors, I/O, network connections). An application may perform aspects by receiving, converting, processing, storing, retrieving, transmitting, and/or outputting data that may be stored in a hierarchical data source, a network data source, a relational data source, a non-relational data source, an object-oriented data source, or other data source. "data" and "information" may be used interchangeably. The terms "comprising," "including," "containing," and the like are to be construed in an inclusive sense (i.e., not limited to) as opposed to an exclusive sense (i.e., consisting solely of these). Words using the singular or plural number also include the plural or singular number, respectively. The word "or" and "encompasses any and all items in the list. "some" and "any" and "at least one" refer to one or more. The term "device" may include one or more components (e.g., processor, memory, screen). The terms "module," "block," "feature," or "component" may refer to either hardware or software, or a combination of both hardware and software, that is configured to perform or implement the functionality associated with those module, block, feature, or component. Similarly, features in the system and device drawings that are illustrated as rectangles may refer to either hardware or software. Note that a line connecting two of the features may represent data transfer between those features. This communication may be directly between those features or through intervening features (although not shown). In the case where no line connects two features, data transfer between those features is considered unless otherwise stated. Accordingly, lines are provided to represent certain aspects, but should not be construed as limiting.

The present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope understood by those skilled in the art, including equivalent systems and methods. The protection afforded to the invention should only be limited in light of the following claims.

Claims (36)

1. A system for controlling access to location information by one or more applications, the system comprising at least one processor configured to:

decrypting a first set of encrypted location signals received from the network of terrestrial transmitters using a first key;

determining location information from the first set of decrypted location signals;

identifying a first set of the location information, wherein the first set of the location information is identified based on a first level of service associated with a first application;

encrypting the first set of the location information using a second key; and

providing the first encrypted set of location information to the first application.

2. The system of claim 1, wherein the first set of the location information comprises at least one of: position coordinates, timing corrections, and atmospheric measurements from one or more transmitters of the network of terrestrial transmitters.

3. The system of claim 1, wherein the processor is further configured to:

calculating estimated coordinates of a location of a receiver using the decrypted location signal, wherein the first set of the location information includes the estimated coordinates of the receiver.

4. A system according to claim 3, wherein the decrypted position signal comprises data specifying atmospheric measurements at each of the terrestrial transmitters, wherein the estimated coordinates comprise amplitude coordinates calculated at the receiver using the decrypted position signal and at least one atmospheric measurement.

5. The system of claim 1, wherein the processor is further configured to:

calculating estimated coordinates of a location of the receiver using the decrypted location signal; and

calculating revised coordinates based on the estimated coordinates based on a level of precision permitted for the first application, wherein the revised coordinates are less precise than the estimated coordinates in specifying the location of the receiver, and wherein the first set of location information includes the revised coordinates.

6. The system of claim 1, wherein the processor is further configured to:

identifying a second set of the location information, wherein the second set of the location information is identified based on a second service level associated with a second application, wherein particular location information included in the first set is not included in the second set;

encrypting the second set of the location information using a third key; and

providing the second set of the location information to the second application.

7. The system of claim 1, wherein the processor is further configured to:

decrypting a second set of encrypted location signals received from the network of terrestrial transmitters using the first key or a third key, wherein the first set of encrypted location signals is received at a first location of the receiver and the second set of encrypted location signals is received at a second location of the receiver;

determining additional location information from the second set of decrypted location signals;

identifying a second set of the additional location information, wherein the second set of the additional location information is identified based on a second service level associated with a second application;

encrypting the second set of the location information using a fourth key; and

providing the second set of the location information to the second application.

8. The system of claim 1, wherein the processor is further configured to:

prior to identifying the first set of location information, determining whether information specifying the first level of service is stored on the receiver;

upon determining that the information specifying the first level of service is not stored on the receiver, accessing a first developer key associated with the first application;

sending the first developer key to a server; and

receiving the information specifying the first level of service in response to sending the first developer key to the server.

9. The system of claim 8, wherein the information specifying the first service level is included in a first authorized service level certificate associated with the first application, and wherein the certificate is associated with the developer key.

10. The system of claim 1, wherein the first level of service specifies a period of time during which the second key can be used to encrypt the first set of the location information and any subsequent set of any subsequent location information.

11. The system of claim 1, wherein the second key is a session key generated after the location signal is decrypted.

12. The system of claim 1, wherein the first application runs on a remote server and the first set of the location information is provided to the remote server.

13. The system of claim 1, wherein the processor is further configured to:

determining the first level of service based on a parameter specified in a first certificate associated with the first application.

14. The system of claim 1, wherein the processor is further configured to:

scrambling the location information prior to transmitting the location information over an unprotected communication path; and

descrambling the scrambled location information prior to identifying the first set.

15. The system of claim 3, wherein the processor is further configured to:

scrambling the estimated coordinates prior to transmitting the estimated coordinates over an unprotected communication path; and

descrambling the scrambled estimated coordinates before encrypting the first set.

16. The system of claim 1, wherein the processor is further configured to:

selecting the first key from a plurality of keys, wherein the CRC field of the encrypted position signals passes the check only when the first key is used to decrypt the first set of encrypted position signals.

17. The system of claim 1, wherein the processor is further configured to:

selecting the first key from a plurality of keys, wherein the data of the decrypted position signals matches a desired range of values only when the first key is used to decrypt the first set of encrypted position signals.

18. The system of claim 1, wherein the first set of encrypted location signals comprises packet data from a plurality of transmitters, and wherein the processor is further configured to:

selecting the first key from a plurality of keys, wherein the packet data from the plurality of transmitters passes one or more correlation checks only when the first key is used to decrypt the first set of encrypted location signals.

19. A computer-implemented method for controlling access to location information by one or more applications, the method comprising the steps of:

decrypting a first set of encrypted location signals received from the network of terrestrial transmitters using a first key;

determining location information from the first set of decrypted location signals;

identifying a first set of the location information, wherein the first set of the location information is identified based on a first level of service associated with a first application;

encrypting the first set of the location information using a second key; and

providing the first application with the encrypted first set of location information,

wherein at least one processor performs at least one of the above steps.

20. The computer-implemented method of claim 19, wherein the first set of the location information comprises at least one of: position coordinates, timing corrections, and atmospheric measurements from one or more transmitters of the network of terrestrial transmitters.

21. The computer-implemented method of claim 19, wherein the method further comprises the steps of:

calculating estimated coordinates of a location of a receiver using the decrypted location signal, wherein the first set of the location information includes the estimated coordinates of the receiver.

22. A computer-implemented method as in claim 21, wherein the decrypted position signal comprises data specifying atmospheric measurements at each of the terrestrial transmitters, wherein the estimated coordinates comprise amplitude coordinates calculated at the receiver using the decrypted position signal and at least one atmospheric measurement.

23. The computer-implemented method of claim 19, wherein the method comprises the steps of:

calculating estimated coordinates of a location of the receiver using the decrypted location signal; and

calculating revised coordinates based on the estimated coordinates based on a level of precision permitted for the first application, wherein the revised coordinates are less precise than the estimated coordinates in specifying the location of the receiver, and wherein the first set of location information includes the revised coordinates.

24. The computer-implemented method of claim 19, wherein the processor is further configured to:

identifying a second set of the location information, wherein the second set of the location information is identified based on a second service level associated with a second application, wherein particular location information included in the first set is not included in the second set;

encrypting the second set of the location information using a third key; and

providing the second set of the location information to the second application.

25. The computer-implemented method of claim 19, wherein the processor is further configured to:

decrypting a second set of encrypted location signals received from the network of terrestrial transmitters using the first key or a third key, wherein the first set of encrypted location signals is received at a first location of the receiver and the second set of encrypted location signals is received at a second location of the receiver;

determining additional location information from the second set of decrypted location signals;

identifying a second set of the additional location information, wherein the second set of the additional location information is identified based on a second service level associated with a second application;

encrypting the second set of the location information using a fourth key; and

providing the second set of the location information to the second application.

26. The computer-implemented method of claim 19, wherein the processor is further configured to:

prior to identifying the first set of location information, determining whether information specifying the first level of service is stored on the receiver;

upon determining that the information specifying the first level of service is not stored on the receiver, accessing a first developer key associated with the first application;

sending the first developer key to a server; and

receiving the information specifying the first level of service in response to sending the first developer key to the server.

27. The computer-implemented method of claim 26, wherein the information specifying the first service level is included in a first authorized service level certificate associated with the first application, and wherein the certificate is associated with the developer key.

28. The computer-implemented method of claim 19, wherein the first level of service specifies a period of time during which the second key can be used to encrypt the first set of the location information and any subsequent set of any subsequent location information.

29. The computer-implemented method of claim 19, wherein the second key is a session key generated after the location signal is decrypted.

30. The computer-implemented method of claim 19, wherein the first application runs on a remote server and the first set of location information is provided to the remote server.

31. The computer-implemented method of claim 19, wherein the method comprises the steps of:

determining the first level of service based on a parameter specified in a first certificate associated with the first application.

32. The computer-implemented method of claim 19, wherein the method comprises the steps of:

scrambling the location information prior to transmitting the location information over an unprotected communication path; and

descrambling the scrambled location information prior to identifying the first set.

33. The computer-implemented method of claim 21, wherein the method comprises the steps of:

scrambling the estimated coordinates prior to transmitting the estimated coordinates over an unprotected communication path; and

descrambling the scrambled estimated coordinates before encrypting the first set.

34. The computer-implemented method of claim 19, wherein the method comprises the steps of:

selecting the first key from a plurality of keys, wherein the CRC field of the encrypted position signals passes the check only when the first key is used to decrypt the first set of encrypted position signals.

35. The computer-implemented method of claim 19, wherein the method comprises the steps of:

selecting the first key from a plurality of keys, wherein the data of the decrypted position signals matches a desired range of values only when the first key is used to decrypt the first set of encrypted position signals.

36. The computer-implemented method of claim 19, wherein the first set of encrypted location signals comprises packet data from a plurality of transmitters, and wherein the method comprises the steps of:

selecting the first key from a plurality of keys, wherein the packet data from the plurality of transmitters passes one or more correlation checks only when the first key is used to decrypt the first set of encrypted location signals.