(51) Int Cl.: H04L 29/06 ( ) H04W 12/02 ( )

Transcription

1 (19) (12) EUROPEAN PATENT SPECIFICATION (11) EP 1 3 B1 (4) Date of publication and mention of the grant of the patent: Bulletin 09/27 (21) Application number: (22) Date of filing: (1) Int Cl.: H04L 29/06 (06.01) H04W 12/02 (09.01) (86) International application number: PCT/EP01/ (87) International publication number: WO 02/ ( Gazette 02/24) (4) SECURE LOCATION-BASED SERVICES SYSTEM AND METHOD SYSTEM UND VERFAHREN FÜR SICHERE DIENSTE AUF ORTSBASIS SYSTEME ET PROCEDE SECURISES DE PRESTATION DE SERVICES DEPENDANT DE LA POSITION (84) Designated Contracting States: AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR () Priority: US P US (43) Date of publication of application: Bulletin 03/36 (73) Proprietor: TELEFONAKTIEBOLAGET LM ERICSSON (publ) Stockholm (SE) (72) Inventor: OLSSON, Magnus S Kristianstad (SE) (74) Representative: Boesen, Johnny Peder et al Zacco Denmark A/S Hans Bekkevolds Allé Hellerup (DK) (6) References cited: EP-A EP-A EP-A WO-A-00/0238 WO-A-00/79724 WO-A-00/79811 WO-A-01/28273 EP 1 3 B1 Note: Within nine months of the publication of the mention of the grant of the European patent in the European Patent Bulletin, any person may give notice to the European Patent Office of opposition to that patent, in accordance with the Implementing Regulations. Notice of opposition shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention). Printed by Jouve, 7001 PARIS (FR)

2 1 EP 1 3 B1 2 Description BACKGROUND [0001] The present invention relates to electronic communication, and more particularly to the use of encryption techniques in location-based services provided by communication networks. [0002] Today s cellular communication systems offer various communication services. Some communication services now rely on position information that accurately characterize the coordinates of mobile stations within a service area. For example, one of the communication services supported is a location service that allows a system subscriber s geographical position to be communicated to third party service providers. The third party service providers may offer various location dependent services requiring the position information. For example, position information is needed for fleet management of trucks and containers, preventing car thefts, locating rented cars and routing emergency calls. Other location dependent services may include providing localized content to subscribers, i.e., advertising, directions to the nearest hospital, restaurant, gas station, etc. [0003] There is a substantial interest in the cellular industry to exploit this new added dimension. At the same time it is also well recognized that location dependent services present concerns relating to the privacy rights of subscribers. Many subscribers are reluctant to have their location monitored to avoid breaches of privacy from various governmental agencies, commercial entities, or even from personal acquaintances. Subscribers would likely participate in location dependent services if given the ability to maintain their anonymity in general and the control over the release of their location information. In this respect EP-A discloses an encryption of location data. [0004] Currently there is neither widespread use of location dependent services, nor are world wide standards deployed that utilize subscriber location information to provide location dependent services, e.g., using Web and HTTP technology. Accordingly, standards will likely develop to mandate that subscribers be allowed to make the final determination regarding when and where location information will be used. Subscribers must be able to grant or deny permission to location dependent service providers regarding the use of his/her location information. The privacy issues discussed above are a recognized potential problem, but no solutions have been presented that make the use of location information inherently safe. [000] For example, one proposed solution is to give a user the option of disabling/enabling all application initiated location capabilities. However, this option disables all application initiated location queries, and if the subscriber chooses to enable the application initiated queries, any agency subscribing to positioning capabilities, which has the subscriber s number, can locate the subscriber at any time. [0006] In addition, granting permission is only part of the problem. Ensuring the integrity and the confidentiality of the location information is not solved by any implicit or explicit means of granting permissions. [0007] Accordingly, there is a need to provide a system and method to provide location dependent services to subscribers while maintaining the subscribers anonymity, and the integrity and confidentiality of the location information. SUMMARY [0008] The present invention addresses these and other concerns. Public Key encryption is used to provide location dependent services to subscribers while maintaining the subscribers anonymity. [0009] According to one aspect, a method for initiating a location-based service from a third party service provider (SP) is provided. A client s identification information is encrypted with an encryption key previously obtained from a network location server (NLS). The encryption key may be a public key in a public key encryption system. The NLS maintains a record indicating a location associated with the identification information. The encrypted identification information is transmitted from the client to the SP. The SP launches a location request to the NLS that includes the encrypted identification information received from the client. The location-based service is provided according to a response to the location request from the NLS. [00] According to another aspect, a system for providing a location-based service to a subscriber includes a mobile electronic equipment that encrypts the subscriber s identification information using a previously obtained encryption key associated with a NLS and transmits the encrypted identification information. The NLS decrypts the client s encrypted identification information and maintains a record indicating a location associated with the client s identification information. A SP receives the transmitted encrypted identification information from the mobile electronic equipment, transmits a location request to the NLS, the location request including the received encrypted identification information, and provides the location-based service to the subscriber via the mobile electronic equipment according to a response to the location request from the NLS. [0011] According to another aspect, a network entity for providing anonymous location information about mobile clients includes means that determine locations of the mobile clients and associate each mobile client s identification information with a corresponding location. The network entity also includes means that decrypt encrypted client s identification information received with a location request from a service provider to determine a requested corresponding location-based on the mobile clients identification information and means that provide the requested corresponding location of the mobile client 2

3 3 EP 1 3 B1 4 to the service provider in response to the location request without identifying the mobile client. [0012] According to another aspect, a mobile client for anonymously receiving location-based services in a communications network includes means that encrypt corresponding mobile client identification information and transmit the encrypted client identification information with a request for the location-based services to a service provider and means that receive and process the location-based services in response to the request. BRIEF DESCRIPTION OF THE DRAWINGS [0013] The above and other objects, features, and advantages of the present invention will become more apparent in light of the following detailed description in conjunction with the drawings, in which like reference numerals identify similar or identical elements, and in which: FIG. 1 is a block diagram of a conventional terrestrially-based wireless telecommunications system; FIG. 2 illustrates a conventional positioning method in which positioning information is acquired; FIG. 3 is a diagram illustrating a client initiated system and method providing location dependent services using public key encryption according to an embodiment of the present invention; FIG. 4 is a diagram illustrating a service initiated system and method providing location dependent services using public key encryption according to another embodiment of the present invention; and FIG. is a diagram illustrating a system and method providing location dependent services using public key encryption according to another embodiment of the present invention. DETAILED DESCRIPTION [0014] Preferred embodiments of the present invention are described below with reference to the accompanying drawings. In the following description, well-known functions and/or constructions are not described in detail to avoid obscuring the invention in unnecessary detail. [00] With reference now to FIG. 1 of the drawings, a GSM Public Land Mobile Network (PLMN), such as cellular network, is illustrated which is composed of a plurality of areas 12, each with a Mobile Switching Center (MSC) 14 and an integrated Visitor Location Register (VLR) 16 therein. The MSC/VLR areas 12, in turn, include a plurality of Location Areas (LA) 18, which are defined as that part of a given MSC/VLR area 12 in which a mobile station (MS) (terminal) may move freely without having to send update location information to the MSC/VLR area 12 that controls the LA 18. Each Location Area 18 is divided into a number of cells 22. Mobile Station (MS) is the physical equipment, e.g., a car phone or other portable phone, used by mobile subscribers to communicate with the cellular network, each other, and users outside the subscribed network, both wireline and wireless. [0016] The MSC 14 is in communication with at least one Base Station Controller (BSC) 23, which, in turn, is in contact with at least one Base Transceiver Station (BTS) 24. The BTS is the physical equipment, illustrated for simplicity as a radio tower, that provides radio coverage to the cell 22 for which it is responsible. It should be understood that the BSC 23 may be connected to several BTS s 24, and may be implemented as a stand-alone node or integrated with the MSC 14. In either event, the BSC 23 and BTS 24 components, as a whole, are generally referred to as a Base Station System (BSS) 2. [0017] The PLMN Service Area or cellular network includes a Home Location Register (HLR) 26, which is a database maintaining all subscriber information, e.g., user profiles, current location information, International Mobile Subscriber Identity (IMSI) numbers, and other administrative information, for subscribers registered within that PLMN. The HLR 26 may be co-located with a given MSC 14, integrated with the MSC 14, or alternatively can service multiple MSCs 14, the latter of which is illustrated in FIG. 1. [0018] The VLR 16 is a database containing information about all of the MS s currently located within the MSC/VLR area 12. If an MS roams into a new MSC/VLR area 12, the VLR 16 connected to that MSC 14 requests data about that MS from the HLR database 26 (simultaneously informing the HLR 26 about the current location of the MS ). Accordingly, if the user of the MS then wants to make a call, the local VLR 16 will have the requisite identification information without having to reinterrogate the HLR 26. In the above described manner, the VLR and HLR databases 16 and 26, respectively, contain various subscriber information associated with a given MS. [0019] As illustrated in FIG. 2 of the drawings, upon a network positioning request, the Base Station System (BSS) (2 and 2) serving the MS 0 to be positioned generates positioning data, which is delivered to the MSC 260. This positioning data is then forwarded to a Network Location Server (NLS) 270 for calculation of the geographical location of the MS 0. [00] The NLS 270 is also commonly referred to as a Mobile Positioning Center, Mobile Positioning Server, or even a Gateway Mobile Location Center. The NLS 270 may also be thought of as a logical entity, i.e., not the actual function that provides the location but instead functions as a proxy for the location functionality in the network. For example, the NLS 270 may contain an association of the used identity and the true identity of the MS 0 and then request the location from the network functionality using that true identity. [0021] The location of the MS 0 can then be provided to a Location Application (LA) 280 that requested the positioning. Alternatively, the requesting LA 280 could be located within the MS 0 itself, within the MSC/VLR 260 or could be an external node, such as an Intelligent 3

4 EP 1 3 B1 6 Network (IN) node or a third party location-based service provider. [0022] In order to accurately determine the location of the MS 0, positioning data from three or more separate BTS s (2, 2, and 2) is required. This positioning data for GSM systems can include, for example, a Timing Advance (TA) value, which corresponds to the amount of time in advance that the MS 0 must send a message in order for the BTS 2 to receive it in the time slot allocated to that MS 0. When a message is sent from the MS 0 to the BTS 2, there is a propagation delay, which depends upon the distance between the MS 0 and the BTS 2. TA values are expressed in bit periods, and can range from 0 to 63, with each bit period corresponding to approximately 0 meters between the MS 0 and the BTS 2. [0023] Once a TA value is determined for one BTS 2, the distance between the MS 0 and that particular BTS 2 is known, but the actual location is not. If, for example, the TA value equals one, the MS 0 could be anywhere along a radius of 0 meters. Two TA values from two BTSs, for example, BTSs 2 and 2, provide two possible points that the MS 0 could be located (where the two radiuses intersect). However, with three TA values from three BTSs, e.g., BTSs 2, 2, and 2, the location of the MS 0 can be determined with a certain degree of accuracy. Using a triangulation algorithm, with knowledge of the three TA values and site location data associated with each BTS (2, 2, and 2), the position of the MS 0 can be determined (with certain accuracy) by the NLS 270. [0024] It should be understood, however, that any estimate of time, distance, or angle for any cellular system can be used, instead of the TA value discussed herein. For example, the MS 0 can have a Global Positioning System (GPS) receiver built into it, which is used to determine the location of the MS 0. In addition, the MS 0 can collect positioning data based on the Observed Time Difference (OTD) between the time a BTS 2 sends out a signal and the time the MS 0 receives the signal. This time difference information can be sent to the NLS 270 for calculation of the location of the MS 0. Alternatively, the MS 0, with knowledge of the location of the BTS 2, can determine its location. [002] Existing technology can provide subscribers with the ability to prevent LAs 280 from positioning them in order to protect their privacy. However, preventing positioning altogether eliminates the subscriber s ability to use all location-based services. A subscriber may want to selectively use a subset of the location-based services available to him, while maintaining anonymity with respect to all location-based service providers. [0026] The method and system of the present invention uses encryption to prevent a third party locationbased service provider from obtaining the identity of a subscriber. Encryption allows information exchanged between two or more parties to be secured so that the information may only be decrypted by the receiving party The communicated information is encrypted according to some system that the users have agreed in advance to use. There are several encryption methods, such as the data encryption standard (DES) and public key cryptography (PKC). A classical cryptographic system is generally a set of instructions, a piece of hardware, or a computer program that can convert unencrypted information, for example plaintext, to encrypted information, for example ciphertext, or vice versa, in a variety of ways, one of which is selected by a specific key that is known to the users but is kept secret from others. The DES is a classical cryptographic system. [0027] PKC systems make use of the fact that finding large prime numbers is computationally easy, but factoring the products of two large prime numbers is computationally difficult. PKC systems have an advantage over other cryptographic systems like the DES in that a PKC system uses a key for decryption that is different from the key for encryption. Each entity has a private key and a public key. Public keys are generally held in databases run by "Key Certificate Authorities" and are publicly known. However, each user s private key is known only to that user. Once a sender encrypts a message with a recipient s public key, it can only be decrypted using that recipient s private key. Thus, encryption is performed using only the public key, which is published for use by others, and the difficulty of securely distributing keys is avoided. [0028] In addition to decrypting received messages, the private key may also be used to by a sender to sign a message with a digital signature prior to sending it. The message recipients can then use their copy of the sender s public key to check the digital signature to verify the identity of the sender and that it has not been altered while in transit. [0029] In order to resolve a location using a network based location method, as described above, the identity of the mobile client must be known. However, in general, location-based services do not need the mobile client identity (client ID), or the subscriber s identity, to provide services. A third party location-based service provider (SP) can be required to retrieve the location information by sending a request to the NLS 270, thereby maintaining the anonymity of the mobile client. [00] FIG. 3 is a diagram illustrating a client initiated system and method providing location dependent services using public key encryption according to an embodiment of the present invention. A transaction in a clientinitiated service, also referred to as a "pull" service, is requested by the mobile client (MC), i.e., a mobile station subscriber. [0031] Referring to FIG. 3, the Mobile Client s ID, e.g., a Mobile Station Integrated Services Digital Network (MSISDN) ID, is stored in a memory associated with the MC. The MC and the NLS 270 associated with the network exchange public keys (step 0). This step may be performed offline. The MC signs the client ID using its private key and encrypts the client ID using the public 4

5 7 EP 1 3 B key provided by the NLS 270 (step 1). The MC sends a service request message to a SP 60 via, e.g., a wireless application protocol universal resource locator (WAP URL), including the secured client ID (step 2). The SP 60 sends a location request message to request corresponding location information from NLS 270 using the secured client ID (step 3), from which the SP 60 cannot determine the subscriber s identity. The NLS 270 provides the corresponding location information to the SP 60 (step 4). The SP 60, using the location information, provides the location dependent service to the MC (step ) while maintaining the anonymity of the MC. [0032] Additional security and privacy may also be provided by adding layers of encryption. For example, in an alternative embodiment shown in FIG., in addition to exchanging public key(s) with the NLS 270, the MC also exchanges public key(s) with the SP 60 and the SP 60 with the NLS 270 (step 0). Here again, the exchange of public keys may be performed while offline or as part of the ongoing transaction, but prior to the actual process of encrypting the MC data. [0033] The MC then encrypts its identity (client ID) twice to create the secured client ID (step 1). Here, an implementation dependent sequence number that identifies each transaction may optionally be encrypted along with the client ID. This transaction ID number will, when encrypted, yield a one-time password that is preferably unique. The transaction ID number, and/or resulting onetime password, allows identification and tracking of each transaction for later termination and/or changes to the provided service. For example, the SP 60 may associate a duration of service with the transaction ID. The transaction ID may also be used for other purposes. Some of the other possible uses for the transaction ID are to identify the transaction for billing purposes and/or to verify that only a subscriber is accessing the service (and not unauthorized individuals attempting theft of service). In either case, the MC encrypts the client ID (and optional transaction ID number) a first time using a public key of the NLS 270, and then encrypts the encrypted client ID (encrypts a second time) using a public key of the SP 60. The twice encrypted client ID is then forwarded to the SP 60 (step 2). [0034] The SP 60 decrypts the twice encrypted client ID using the SP private key to obtain the encrypted client ID, and forwards the encrypted client ID in (or with) a location request message to the NLS 270 (step 3). Additionally, the SP 60 may sign the location request message with a digital signature using its private key prior to sending it to the NLS 270. The NLS 270 receives and decrypts the location request message using the NLS private key. If the SP s 60 signature is included, the NLS 270 verifies the signature of the SP 60 using the SP public key (which is previously known). [003] The NLS 270 uses the client ID in the location request message in a relevant location procedure to obtain the location information for MC and prepare a corresponding location information message. Additionally, the NLS 270 may sign the location information message using the NLS private key. In either case, the NLS 270 then encrypts the entire location information message a using the SP public key prior and sends the message to the SP 60 (step 4). [0036] The SP 60 decrypts the location information message received from the NLS 270. If the NLS s 270 signature is included, the SP 60 verifies the signature using the NLS public key. The SP 60 then generates a service response message to the initial service request from the MC with the requested service adapted to the location of the MC. Additionally, the SP 60 may sign the response using the SP private key. In either case, the response is encrypted using the MC public key. The MC then decrypts the service response message received from the SP 60. If the SP s 60 signature is included, the MC verifies the signature of the SP 60 using the SP public key. The requested service may then be presented to the subscriber via the MC device, i.e., to the end-user of the device. [0037] In the embodiment of FIGs. 3 and, the MC selects a desired location dependent service(s) by initiating a request to the SP 60. In another embodiment, the MC may give prior permission to a particular one, or to a group of, location dependent service(s). The SP 60 initiates the service. FIG. 4 is a diagram illustrating such a service initiated system and method, also called a pushtype service. [0038] Referring to FIG. 4, in a service initiated system the MC provides the encrypted client ID to the SP 60 while offline instead of providing it to the SP 60 with each service request (step 00). The encrypted client ID is therefore known in advance by the SP 60, e.g., as part of a subscription to the service. When the SP 60 initiates the service, according to a schedule or other predefined event, the encrypted client ID is used to retrieve the location from the NLS 270 (steps 3 and 4). The SP 60 forwards the service to the MC (step ), using, e.g., WAP. [0039] While the invention is described with reference to Public Key Encryption, the invention is not limited in this respect. It will be understood that the process of cryptographic signing and encryption is well known by persons of ordinary skill in the art. Additional or different encryption techniques may be used without departing from the scope or spirit of the invention. The exemplary method described above illustrates only one possible solution. For example, depending on the key and/or content lengths used, a hash may be signed with the private key, instead of the entire content. Further, a shared secret can be used for the overall encryption, instead of the public key of the receiving entity. [00] It is also possible to use the invention without the process of cryptographic signing or encryption between some or all of the individual communicating entities, e.g., MC to SP and SP to NLS. It should also be noted that the client ID may alternatively be added by an intermediate node, e.g., an access point or a WAP gate-

6 9 EP 1 3 B1 way. [0041] The present invention provides several benefits. Existing security features may be used as implemented by most WAP terminals, such as WAP Wireless Identity Module (WIN), which stores Public Key Certificates, etc. Established cryptographic principles are used, such as PKC. Extensive use of location information is provided, while maintaining the anonymity of the subscribers, which promotes the use of location dependent services. Finally, it provides a method for safely combining multiple information sources in a secure way. [0042] It will be appreciated that the steps of the methods illustrated above may be readily implemented either by software that is executed by a suitable processor or by hardware, such as an application-specific integrated circuit (ASIC). [0043] Although described with reference to a communication system, it will be appreciated by those of ordinary skill in the art that this invention can be embodied in other specific forms without departing from its essential character. For example, the invention may be used in any multi-processor system. The embodiments described above should therefore be considered in all respects to be illustrative and not restrictive. [0044] The various aspects of the invention have been described in connection with a number of exemplary embodiments. To facilitate an understanding of the invention, many aspects of the invention were described in terms of sequences of actions that may be performed by elements of a computer system. For example, it will be recognized that in each of the embodiments, the various actions could be performed by specialized circuits (e.g., discrete logic gates interconnected to perform a specialized function), by program instructions being executed by one or more processors, or by a combination of both. [004] Moreover, the invention can additionally be considered to be embodied entirely within any form of computer readable storage medium having stored therein an appropriate set of computer instructions that would cause a processor to carry out the techniques described herein. Thus, the various aspects of the invention may be embodied in many different forms, and all such forms are contemplated to be within the scope of the invention. For each of the various aspects of the invention, any such form of embodiment may be referred to herein as "logic configured to" perform a described action, or alternatively as "logic that" performs a described action. [0046] It should be emphasized that the terms "comprises" and "comprising", when used in this specification as well as the claims, are taken to specify the presence of stated features, steps or components; but the use of these terms does not preclude the presence or addition of one or more other features, steps, components or groups thereof. [0047] Various embodiments of Applicants invention have been described, but it will be appreciated by those of ordinary skill in this art that these embodiments are merely illustrative and that many other embodiments are possible. The intended scope of the invention is set forth by the following claims, rather than the preceding description, and all variations that fall within the scope of the claims are intended to be embraced therein. Claims 1. A method for initiating a location-based service from a third party service provider, SP (60), comprising the steps of: encrypting a client s () identification information using an encryption key previously obtained from a network location server, NLS (270), wherein the NLS maintains a record indicating a location associated with the identification information; transmitting the encrypted identification information from the client to the SP; launching a location request from the SP to the NLS, the location request including the encrypted identification information received from the client; and providing the location-based service according to a response to the location request from the NLS. 2. The method of claim 1, wherein in the providing step, the location-based service is provided directly to the client by the SP. 3. The method of claim 1, wherein the client is a mobile station in a cellular network. 4. The method of claim 1, wherein a transaction identification number for tracking and identifying the transaction is transmitted with the encrypted identification information.. The method of claim 4, wherein the transaction identification number is encrypted to yield a one-time password prior to being transmitted with the encrypted identification information. 6. The method of claim 1, wherein the encryption key is a public key and the client s identification is encrypted using a public key cryptography, PKC, method. 7. The method of claim 6, wherein prior to transmitting the encrypted identification information, the client signs the information with a digital signature and before providing a response to the location request the NLS uses a previously obtained public key associated with the client to verify the information according to the digital signature. 6

7 11 EP 1 3 B The method of claim 1, wherein the encryption key is obtained from the NLS while offline. 9. The method of claim 1, wherein the step of transmitting the encrypted identification information from the client to the SP is performed offline.. The method of claim 1, wherein the SP provides the location-based service according to a response to the location request from the NLS and according to a previously established schedule corresponding to the client. 11. The method of claim 1, wherein prior to launching a location request, the SP encrypts the location request and the encrypted identification information and before providing a response to the location request the NLS uses a previously obtained encryption key associated with the SP to decrypt the location request and information. 12. A system for providing a location-based service to a subscriber, the system comprising: mobile electronic equipment that encrypts the subscriber s identification information using a previously obtained encryption key associated with a NLS and that transmits the encrypted identification information; the NLS that decrypts the client s encrypted identification information and maintains a record indicating a location associated with the client s identification information; and a SP that receives the transmitted encrypted identification information from the mobile electronic equipment, transmits a location request to the NLS, the location request including the received encrypted identification information, and provides the location-based service to the subscriber via the mobile electronic equipment according to a response to the location request from the NLS The system of claim 12, wherein the encryption key is a public key and the subscriber s identification is encrypted using a public key cryptography, PKC, method. 18. The system of claim 12, wherein public key is obtained from the NLS while offline. 19. The system of claim 12, wherein the encrypted identification information is transmitted from the client to the SP while offline.. The system of claim 12, wherein the SP provides the location-based service according to a response to the location request from the NLS and according to a previously established schedule corresponding to the client. 21. A network entity (270) for providing anonymous location information about mobile clients (), the network entity comprising: means that determine locations of the mobile clients and associate each mobile client s identification information with a corresponding location; means that decrypt encrypted client s identification information received with a location request from a service provider (60) to determine a requested corresponding location-based on the mobile client s identification information; means that provide the requested corresponding location of the mobile client to the service provider (60) in response to the location request without identifying the mobile client. 22. The network entity of claim 21, wherein the mobile client is a mobile station in a cellular network. 23. The network entity of claim 22, wherein the client s identification information is encrypted and decrypted using a public key cryptography, PKC, method. 13. The system of claim 12, wherein the location-based service is provided directly to the client by the SP. 14. The system of claim 12, wherein the mobile electronic equipment is a mobile station in a cellular network.. The system of claim 12, wherein a transaction identification number for tracking and identifying the transaction is transmitted with the encrypted identification information. 16. The system of claim, wherein the transaction identification number is encrypted to yield a one-time password prior to being transmitted with the encrypted identification information A computer program product for providing a locationbased service from a SP (60) to a client (), the computer program product comprising: a computer-readable storage medium having computer-readable program code means embodied in said medium, said computer-readable program code means including: logic that encrypts a client s identification information using a public key exchanged with a NLS (270), wherein the NLS stores a record indicating a location associated with the identification information; logic that transmits the encrypted identifica- 7

8 13 EP 1 3 B1 14 tion information from the client to the SP; logic that launches a location request from the SP to the NLS, the location request including the encrypted identification information received from the client; and logic that provides the location-based service according to a response to the location request from the NLS. 2. The computer program product of claim 24, wherein the client is a mobile station subscriber. 26. The computer program product of claim 24, wherein the client s identification is encrypted using a public key cryptography, PKC, method. 27. A mobile client () for anonymously receiving location-based services in a communications network, the mobile client comprising: means for receiving an encryption key from an NLS (270); means that encrypt corresponding mobile client identification information using the encryption key previously obtained from the NLS (270), and transmit the encrypted client identification information with a request for the location-based services to a service provider (60); and means that receive and process the locationbased services in response to the request. 28. The mobile client of claim 27, wherein the mobile client is a mobile station in a cellular network. 2 transaction tracking and verification. 33. The mobile client of claim 32, wherein the encrypted transaction identification information acts as a onetime password. Patentansprüche 1. Verfahren zum Initiieren eines Orts-basierten Dienstes von einem Drittparteidienstanbieter SP (60), mit den Schritten: Verschlüsseln einer Identifikationsinformation eines Clients () unter Verwendung eines Verschlüsselungsschlüssels, der zuvor von einem Netzwerkortsserver NLS (270) erhalten wird, wobei der NLS einen Datensatz aufrechterhält, der einen Ort anzeigt, der mit der Identifikationsinformation verknüpft ist; Übertragen der verschlüsselten Identifikationsinformation von dem Client an den SP; Starten einer Ortsanfrage von dem SP zu dem NLS, wobei die Ortsanfrage die verschlüsselte Identifikationsinformation einschließt, die von dem Client empfangen wird; und Bereitstellen des Orts-basierten Dienstes gemäß einer Antwort auf die Ortsanfrage von dem NLS. 2. Verfahren nach Anspruch 1, wobei in dem bereitstellenden Schritt der Orts-basierte Dienst direkt an den Client durch den SP bereitgestellt wird. 29. The mobile client of claim 27, wherein the mobile client additionally includes means that exchange encryption keys with a network entity responsible for maintaining location information corresponding to the mobile client.. The mobile client of claim 29, wherein the mobile client additionally includes means that, prior to transmission, sign the client identification information and the request for the location-based services with a digital signature to provide verification of the mobile client to the network entity. 31. The mobile client of claim 27, wherein the client identification information is encrypted using a public key cryptography, PKC, method. 32. The mobile client of claim 27, wherein the mobile client additionally includes means that encrypt corresponding transaction identification information and transmits the encrypted transaction identification information with the request for the locationbased services to the service provider, the encrypted transaction identification information providing Verfahren nach Anspruch 1, wobei der Client eine Mobilstation in einem zellularen Netzwerk ist. 4. Verfahren nach Anspruch 1, wobei eine Transaktionsidentifikationsnummer zum Verfolgen und Identifizieren der Transaktion mit der verschlüsselten Identifikationsinformation übertragen wird.. Verfahren nach Anspruch 4, wobei die Transaktionsidentifikationsnummer verschlüsselt ist, um ein Einmalpasswort zu ergeben, bevor diese mit der verschlüsselten Identifikationsinformation übertragen wird. 6. Verfahren nach Anspruch 1, wobei der Verschlüsselungsschlüssel ein öffentlicher Schlüssel ist und die Identifikation des Clients unter Verwendung eines Kryptografieverfahrens mit öffentlichem Schlüssel PKC verschlüsselt wird. 7. Verfahren nach Anspruch 6, wobei vor einem Übertragen der verschlüsselten Identifikationsinformation, der Client die Information mit einer digitalen Signatur signiert und vor einem Bereitstellen einer Ant- 8

9 EP 1 3 B1 16 wort auf die Ortsanfrage der NLS einen zuvor erhaltenen öffentlichen Schlüssel verwendet, der mit dem Client verknüpft ist, um die Information gemäß der digitalen Signatur zu verifizieren. 8. Verfahren nach Anspruch 1, wobei der Verschlüsselungsschlüssel von dem NLS erhalten wird, während dieser offline ist. 9. Verfahren nach Anspruch 1, wobei der Schritt eines Übertragens der verschlüsselten Identifikationsinformation von dem Client an den SP offline durchgeführt wird. 14. System nach Anspruch 12, wobei die Mobilelektronikausrüstung eine Mobilstation in einem zellularen Netzwerk ist.. System nach Anspruch 12, wobei eine Transaktionsidentifikationsnummer zum Verfolgen und Identifizieren der Transaktion mit der verschlüsselten Identifikationsinformation übertragen wird. 16. System nach Anspruch, wobei die Transaktionsidentifikationsnummer verschlüsselt wird, um ein Einmalpasswort zu ergeben, bevor diese mit der verschlüsselten Identifikationsinformation übertragen wird.. Verfahren nach Anspruch 1, wobei der SP den Ortsbasierten Dienst gemäß einer Antwort auf die Ortsanfrage von dem NLS und gemäß einem zuvor aufgestellten Plan entsprechend dem Client bereitstellt. 11. Verfahren nach Anspruch 1, wobei vor einem Starten einer Ortsanfrage der SP die Ortsanfrage und die verschlüsselte Identifikationsinformation verschlüsselt und vor einem Bereitstellten einer Antwort auf die Ortsanfrage der NLS einen zuvor erhaltenen Verschlüsselungsschlüssel verwendet, der mit dem SP verknüpft ist, um die Ortsanfrage und Information zu entschlüsseln System nach Anspruch 12, wobei der Verschlüsselungsschlüssel ein öffentlicher Schlüssel ist und die Identifikation des Teilnehmers unter Verwendung eines Kryptografieverfahrens mit öffentlichem Schlüssel PKC verschlüsselt wird. 18. System nach Anspruch 12, wobei ein öffentlicher Schlüssel von dem NLS erhalten wird, während dieser offline ist. 19. System nach Anspruch 12, wobei die verschlüsselte Identifikationsinformation von dem Client an den SP übertragen wird, während dieser offline ist. 12. System zum Bereitstellen eines Orts-basierten Dienstes an einen Teilnehmer, wobei das System umfasst: eine Mobilelektronikausrüstung, die die Identifikationsinformation des Teilnehmers unter Verwendung eines zuvor erhaltenen Verschlüsselungsschlüssels verschlüsselt, der mit einem NLS verknüpft ist und die die verschlüsselte Identifikationsinformation überträgt; den NLS, der die verschlüsselte Identifikationsinformation des Clients entschlüsselt und einen Datensatz aufrechterhält, der einen Ort anzeigt, der mit der Identifikationsinformation des Clients verknüpft ist; und einem SP, der die übertragene, verschlüsselte Identifikationsinformation von der Mobilelektronikausrüstung empfängt, eine Ortsanfrage an den NLS überträgt, wobei die Ortsanfrage die empfangene, verschlüsselte Identifikationsinformation einschließt und den Orts-basierten Dienst an den Teilnehmer über die Mobilelektronikausrüstung gemäß einer Antwort auf die Ortsanfrage von dem NLS bereitstellt. 13. System nach Anspruch 12, wobei der Orts-basierte Dienst direkt an den Client durch den SP bereitgestellt wird System nach Anspruch 12, wobei der SP den Ortsbasierten Dienst gemäß einer Antwort auf die Ortsanfrage von dem NLS bereitstellt und gemäß einem vorher aufgestellten Plan entsprechend dem Client. 21. Netzwerkeinheit (270) zum Bereitstellen anonymer Ortsinformation über Mobilclients (), wobei die Netzwerkeinheit umfasst: eine Vorrichtung, die Orte der Mobilclients bestimmt und jede Identifikationsinformation eines Mobilclients mit einem entsprechenden Ort verknüpft; eine Vorrichtung, die verschlüsselte Identifikationsinformation eines Clients entschlüsselt, die mit einer Ortsanfrage von einem Dienstanbieter (60) empfangen wird, um einen angeforderten, entsprechenden Ort basierend auf der Identifikationsinformation des Mobilclients zu bestimmen; eine Vorrichtung, die den angeforderten, entsprechenden Ort des Mobilclients an den Dienstanbieter (60) in Reaktion auf die Ortsanfrage bereitstellt, ohne den Mobilclient zu identifizieren. 22. Netzwerkeinheit nach Anspruch 21, wobei der Mobilclient eine Mobilstation in einem zellularen Netzwerk ist. 9

10 17 EP 1 3 B Netzwerkeinheit nach Anspruch 22, wobei die Identifikationsinformation des Clients unter Verwendung eines Kryptografieverfahrens mit öffentlichem Schlüssel PKC verschlüsselt und entschlüsselt wird. 24. Computerprogrammprodukt zum Bereitstellen eines Orst-basierten Dienstes von einem SP (60) an einen Client (), wobei das Computerprogrammprodukt umfasst: ein Computer-lesbares Speichermedium mit einer in dem Medium verkörperten Computer-lesbaren Programmcodevorrichtung, wobei die Computer-lesbare Programmcodevorrichtung einschließt: eine Logik, die eine Identifikationsinformation eines Clients unter Verwendung eines öffentlichen Schlüssels verschlüsselt, der mit einem NLS (270) ausgetauscht wird, wobei der NLS einen Datensatz speichert, der einen Ort anzeigt, der mit der Identifikationsinformation verknüpft ist; eine Logik, die die verschlüsselte Identifikationsinformation von dem Client an den SP überträgt; eine Logik, die eine Ortsanfrage von dem SP an den NLS startet, wobei die Ortsanfrage die verschlüsselte Identifikationsinformation einschließt, die von dem Client empfangen wird; und eine Logik, die den Orts-basierten Dienst gemäß einer Antwort auf die Ortsanfrage von dem NLS bereitstellt. 2. Computerprogrammprodukt nach Anspruch 24, wobei der Client ein Mobilstationsteilnehmer ist. 26. Computerprogrammprodukt nach Anspruch 24, wobei die Identifikation des Clients unter Verwendung eines Kryptografieverfahrens mit öffentlichem Schlüssel PKC verschlüsselt wird. 27. Mobilclient () zum anonymen Empfangen Orts-basierter Dienste in einem Kommunikationsnetzwerk, wobei der Mobilclient umfasst: eine Vorrichtung zum Empfangen eines Verschlüsselungsschlüssels von einem NLS (270); eine Vorrichtung, die entsprechende Mobilclientidentifikationsinformation unter Verwendung des Verschlüsselungsschlüssels verschlüsselt, der zuvor von dem NLS (270) erhalten wird, und die verschlüsselte Clientidentifikationsinformation mit einer Anfrage nach dem Orts-basierten Diensten an einen Dienstanbieter (60) überträgt; und eine Vorrichtung, die die Orts-basierten Dienste in Reaktion auf die Anfrage empfängt und verarbeitet. 28. Mobilclient nach Anspruch 27, wobei der Mobilclient eine Mobilstation in einem zellularen Netzwerk ist. 29. Mobilclient nach Anspruch 27, wobei der Mobilclient zusätzlich eine Vorrichtung einschließt, die Verschlüsselungsschlüssel mit einer Netzwerkeinheit austauscht, die verantwortlich zum Aufrechterhalten einer Ortsinformation entsprechend dem Mobilclient ist.. Mobilclient nach Anspruch 29, wobei der Mobilclient zusätzlich eine Vorrichtung einschließt, die vor einer Übertragung die Clientidentifikationsinformation und die Anfrage nach Orts-basierten Diensten mit einer digitalen Signatur signiert, um eine Verifikation des Mobilclients an die Netzwerkeinheit bereitzustellen. 31. Mobilclient nach Anspruch 27, wobei die Clientidentifikationsinformation unter Verwendung eines Kryptografieverfahrens mit öffentlichem Schlüssel PKC verschlüsselt wird. 32. Mobilclient nach Anspruch 27, wobei der Mobilclient zusätzlich eine Vorrichtung einschließt, die die entsprechende Transaktionsidentifikationsinformation verschlüsselt und die verschlüsselte Transaktionsidentifikationsinformation mit der Anfrage nach den Orts-basierten Diensten an den Dienstanbieter überträgt, wobei die verschlüsselte Transaktionsidentifikationsinformation ein Transaktionsverfolgen und eine -Verifikation bereitstellt. 33. Mobilclient nach Anspruch 32, wobei die verschlüsselte Transaktionsidentifikationsinformation als ein Einmalpasswort agiert. Revendications 1. Procédé de déclenchement d un service dépendant du lieu à partir d un fournisseur de service tiers SP (60), comprenant les étapes consistant à : crypter l information d identification d un client () en utilisant une clé de cryptage précédemment obtenue auprès d un serveur de position sur le réseau, NLS (270), dans lequel le NLS conserve un enregistrement indiquant une position associée à l information d identification ; transmettre l information d identification cryptée du client au SP ; lancer une demande de position du SP au NLS, la demande de position comprenant l information d identification cryptée reçue du client ; et fournir le service dépendant de la position en

11 19 EP 1 3 B1 conformité avec une réponse à la demande de position provenant du NLS. 2. Procédé selon la revendication 1, dans lequel lors de l étape de fourniture, le service dépendant de la position est fourni directement au client par le SP. 3. Procédé selon la revendication 1, dans lequel le client est une station mobile dans un réseau cellulaire. 4. Procédé selon la revendication 1, dans lequel un numéro d identification de la transaction destiné à suivre et à identifier la transaction est transmis avec l information d identification cryptée.. Procédé selon la revendication 4, dans lequel le numéro d identification de la transaction est crypté pour produire un mot de passe à une seule utilisation avant qu il soit transmis avec l information d identification cryptée. 6. Procédé selon la revendication 1, dans lequel la clé de cryptage est une clé publique et l identification du client est cryptée à l aide d un procédé de cryptographie à clé publique, PKC Système destiné à fournir à un abonné un service dépendant de la position, le système comprenant : un équipement électronique mobile qui crypte l information d identification de l abonné en utilisant une clé de cryptage précédemment obtenue associée à un NLS et qui transmet l information d identification cryptée ; le NLS qui décrypte l information d identification cryptée du client et conserve un enregistrement indiquant une position associée à l information d identification du client ; et un SP qui reçoit l information d identification cryptée transmise depuis l équipement électronique mobile, transmet une demande de position au NLS, la demande de position comprenant l information d identification cryptée reçue, et fournit à l abonné le service dépendant de la position par l intermédiaire de l équipement électronique mobile en conformité avec une réponse à la demande de position émanant du NLS. 13. Système selon la revendication 12, dans lequel le service dépendant de la position est fourni directement au client par le SP. 7. Procédé selon la revendication 6, dans lequel, avant de transmettre l information d identification cryptée, le client signe l information avec une signature numérique et dans lequel avant de fournir une réponse à la demande de position, le NLS utilise une clé publique précédemment obtenue associée au client pour vérifier l information en conformité avec la signature numérique Système selon la revendication 12, dans lequel l équipement électronique mobile est une station mobile dans un réseau cellulaire.. Système selon la revendication 12, dans lequel un numéro d identification de la transaction permettant le suivi et l identification de la transaction est transmis avec l information d identification cryptée. 8. Procédé selon la revendication 1, dans lequel la clé de cryptage est obtenue du NLS pendant l état hors ligne. 9. Procédé selon la revendication 1, dans lequel l étape de transmission de l information d identification cryptée du client au SP est effectuée hors ligne.. Procédé selon la revendication 1, dans lequel le SP fournit le service dépendant de la position en conformité avec une réponse à la demande de position émanant du NLS et en conformité avec une planification précédemment établie correspondant au client Système selon la revendication, dans lequel le numéro d identification de la transaction est crypté pour produire un mot de passe à une seule utilisation avant qu il soit transmis avec l information d identification cryptée. 17. Système selon la revendication 12, dans lequel la clé de cryptage est une clé publique et l identification de l abonné est cryptée à l aide d un procédé de cryptographie à clé publique, PKC. 18. Système selon la revendication 12, dans lequel la clé publique est obtenue du NLS pendant l état hors ligne. 11. Procédé selon la revendication 1, dans lequel avant de lancer une demande de position, le SP crypte la demande de position et l information d identification cryptée, et avant de fournir une réponse à la demande de position, le NLS utilise une clé de cryptage précédemment obtenue associée au SP pour décrypter la demande de position et l information. 19. Système selon la revendication 12, dans lequel l information d identification cryptée est transmise du client au SP pendant l état hors ligne.. Système selon la revendication 12, dans lequel le SP fournit le service dépendant de la position en conformité avec une réponse à la demande de po- 11

12 21 EP 1 3 B1 22 sition provenant du NLS et en conformité avec une planification précédemment établie correspondant au client. 21. Entité de réseau (270) destinée à fournir des informations de position anonymes concernant des clients mobiles (), l entité de réseau comprenant : des moyens qui déterminent des positions des clients mobiles et qui associent chaque information d identification d un client mobile à une position correspondante ; des moyens qui décryptent l information d identification cryptée du client () reçue avec une demande de position d un fournisseur de service (60) pour déterminer une position correspondante demandée dépendant de l information d identification du client mobile ; des moyens qui fournissent la position correspondante demandée du client mobile au fournisseur de service (60) en réponse à la demande de position sans identifier le client mobile. 22. Entité de réseau selon la revendication 21, dans lequel le client mobile est une station mobile dans un réseau cellulaire. 23. Entité de réseau selon la revendication 22, dans lequel l information d identification du client est cryptée et décryptée à l aide d un procédé de cryptographie à clé publique, PKC. 24. Produit à base de programme informatique fournissant un service dépendant de la position d un SP (60) à un client (), le produit à base de programme informatique comprenant : un support de stockage lisible par ordinateur ayant des moyens codés formant programmes lisibles par ordinateur présents sur ledit support, lesdits moyens codés formant programmes lisibles par ordinateur comportant : une logique qui crypte l information d identification du client à l aide d une clé publique échangée avec un NLS (270), dans lequel le NLS stocke un enregistrement indiquant une position associée à l information d identification ; une logique qui transmet l information d identification cryptée du client au SP ; une logique qui lance une demande de position du SP vers le NLS, la demande de position comportant l information d identification cryptée reçue du client ; et une logique qui fournit le service dépendant de la position en conformité avec une réponse à la demande de position émanant du NLS. 2. Produit à base de programme informatique selon la revendication 24, dans lequel le client est un abonné d une station mobile. 26. Produit à base de programme informatique selon la revendication 24, dans lequel l identification du client est cryptée à l aide d un procédé de cryptographie à clé publique, PKC. 27. Client mobile () destiné à recevoir de façon anonyme des services dépendant de la position sur un réseau de communication, le client mobile comprenant : des moyens destinés à recevoir une clé de cryptage d un NLS (270) ; des moyens qui cryptent une information d identification de client mobile correspondante en utilisant une clé de cryptage précédemment obtenue du NLS (270), et qui transmettent à un fournisseur de service (60) l information d identification cryptée du client avec une demande de services dépendant de la position ; et des moyens qui reçoivent et traitent les services dépendant de la position en réponse à la demande. 28. Client mobile selon la revendication 27, dans lequel le client mobile est une station mobile dans un réseau cellulaire. 29. Client mobile selon la revendication 27, dans lequel le client mobile comporte en outre des moyens qui échangeant des clés de cryptage avec une entité de réseau responsable de la conservation d informations de position correspondant au client mobile.. Client mobile selon la revendication 29, dans lequel le client mobile comporte en outre des moyens qui, avant la transmission, signent l information d identification du client et la demande de services dépendant de la position avec une signature numérique pour fournir une vérification du client mobile à l entité de réseau. 31. Client mobile selon la revendication 27, dans lequel l information d identification du client est cryptée à l aide d un procédé de cryptographie à clé publique, PKC. 32. Client mobile selon la revendication 27, dans lequel le client mobile comporte en outre des moyens qui cryptent une information d identification de transaction correspondante et transmettent au fournisseur de service l information d identification de transaction cryptée avec la demande de services dépendant 12

13 23 EP 1 3 B1 24 de la position, l information d identification de transaction cryptée assurant un suivi et une vérification de la transaction. 33. Client mobile selon la revendication 32, dans lequel l information d identification de transaction cryptée joue le rôle de mot de passe à une seule utilisation

14 EP 1 3 B1 14

15 EP 1 3 B1

16 EP 1 3 B1 16

17 EP 1 3 B1 17

18 EP 1 3 B1 18

19 EP 1 3 B1 REFERENCES CITED IN THE DESCRIPTION This list of references cited by the applicant is for the reader s convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard. Patent documents cited in the description EP A [0003] 19