The quest for personal control over mobile location privacy

How to protect location privacy of mobile users is an important issue in ubiquitous computing. However, location privacy protection is particularly challenging: on one hand, the administration requires all legitimate users to provide identity information in order to grant them permission to use its wireless service; on the other hand, mobile users would prefer not to expose any information that could enable anyone, including the administration, to get some clue regarding their whereabouts; mobile users would like to have complete personal control of their location privacy. To address this issue, we propose an authorized-anonymous-ID-based scheme; this scheme effectively eliminates the need for a trusted server or administration, which is assumed in the previous work. Our key weapon is a cryptographic technique called blind signature, which is used to generate an authorized anonymous ID that replaces the real ID of an authorized mobile device. With authorized anonymous IDs, we design an architecture capable of achieving complete personal control over location privacy while maintaining the authentication function required by the administration.