WO2013147873A1

WO2013147873A1 - Protecting context-sensitive data

Info

Publication number: WO2013147873A1
Application number: PCT/US2012/031613
Authority: WO
Inventors: David Lee; Raul Hernan Etkin; Jeongkeun Lee; Sung-Ju Lee
Original assignee: Hewlett Packard Development Co LP
Current assignee: Hewlett Packard Development Co LP
Priority date: 2012-03-30
Filing date: 2012-03-30
Publication date: 2013-10-03
Anticipated expiration: 2014-09-30

Description

PROTECTING CONTEXT-SENSITIVE DATA

BACKGROUND

[0001] Many remote sensing applications rely on receiving sensor data that is tagged with accurate context information, such as accurate timing information, accurate location information, etc., which is consistent across a remote sensor network. In such applications, the quality of the sensor data is closely related to the quality of the context information that accompanies it. High quality remote sensor data may have significant economic and strategic value, which may be lost if a competitor or adversary gains unauthorized access to the data. Accordingly, in addition to requiring its remote sensor network to tag sensor data with accurate context information, a remote sensing application may also require the remote sensing network to prevent unauthorized access to the sensor data, either from unauthorized access of the remote sensors directly or from unauthorized interception of the communications conveying the sensor data.

BRIEF DESCRIPTION OF THE DRAWINGS

[0002] FIG. 1 is a block diagram of a first example system to protect context- sensitive data as disclosed herein.

[0003] FIG. 2 is a block diagram of a second example system to protect context- sensitive data as disclosed herein.

[0004] FIG. 3 is a block diagram of an example access point that may be used to implement one or both of the example systems of FIGS. 1 and 2.

[0005] FIG. 4 is a block diagram of an example access point controller that may be used to implement one or both of the example systems of FIGS. 1 and 2.

[0006] FIG. 5 is a block diagram of an example data collector that may be used to implement one or both of the example systems of FIGS. 1 and 2.

[0007] FIG. 6 is a block diagram of an example sensor device that may be used to implement one or both of the example systems of FIGS. 1 and 2. [0008] FIG. 7 is a flowchart representative of example machine readable instructions that may be executed to implement one or both of the example systems of FIGS. 1 and 2.

[0009] FIG. 8 is a flowchart representative of example machine readable instructions that may be executed to implement the example data collector of FIG. 5.

[0010] FIG. 9 is a flowchart representative of example machine readable instructions that may be executed to implement the example access point controller of FIG. 4.

[0011] FIG. 10 is a flowchart representative of example machine readable instructions that may be executed to implement the example access point of FIG. 3.

[0012] FIG. 11 is a flowchart representative of example machine readable instructions that may be executed to implement the example sensor device of FIG. 6.

[0013] FIG. 12 is a block diagram of an example processing system that may execute the example machine readable instructions of FIGS. 7-10 and/or 11 to implement one or more of the example systems of FIGS. 1 and 2, the example access point of FIG. 3, the example access point controller of FIG. 4, the example data collector of FIG. 5 and the example sensor device of FIG. 6.

DETAILED DESCRIPTION

[0014] Example systems, methods, apparatus and articles of manufacture to protect context-sensitive data are disclosed herein. As noted above, it may be desirable to prevent unauthorized access to sensor data in a sensor network, either from unauthorized access of the remote sensors directly or from unauthorized interception of the communications conveying the sensor data, to preserve, for example, the economic and/or strategic value of the sensor data. However, remote sensors typically lack the resources (e.g., processing resources, power resources, etc.) to implement data security techniques. Instead, example systems, methods, apparatus and articles of manufacture disclosed herein protect remote sensor data (or any context-sensitive data) by causing the context information (e.g., timing information, location information, etc.) accompanying the payload data to be randomized in a manner that is transparent to or has nominal impact on the remote sensors in the network, thereby rendering the sensor data useless to anyone other than an authorized recipient of the data, while placing little to no additional burden on the limited resources of the sensors.

[0015] For example, a first system 100 to protect context-sensitive data as disclosed herein is illustrated in FIG. 1. The example system 100 of FIG. 1 implements a sensor network that includes one or more example sensors 105 (also referred to herein as sensor devices, sensor nodes, etc.). The sensor(s) 105 can be implemented by any type(s) or number of sensor(s), device(s), node(s), computing element(s), etc., capable of determining sensor data and reporting the sensor data to an example central processor 110. In the illustrated example, the sensor data reported by a sensor 105 includes payload data measured, collected, determined and/or otherwise obtained by one or more sensing devices included in the sensor 105. Examples of payload data that may be obtained and reported by the sensor(s) 105 include, but are not limited to, seismic data determined by accelerometer(s) included in the sensor, temperature data measurement by a temperature sensing element included in the sensor, pressure data measured by a pressure sensing element included in the sensor, biometric data collected by biometric sensing element(s) included in the sensor, etc.

[0016] As mentioned above, many sensing applications rely on receiving sensor data that is tagged with accurate context information, which is consistent across the sensor network. In such applications, the quality of the sensor data is closely related to the quality of the context information that accompanies it. For example, in seismic oil exploration applications, seismic waves are used to measure characteristics of a geological formation to ascertain formation regions that are likely to contain productive oil reservoirs. In such applications, a sensor network implemented by the example system 100 can be used to sense and collect the seismic waves. For example, the sensor(s) 105 can include accelerometers to measure and report payload data quantifying the seismic waves that are induced by vibrator trucks positioned in an area undergoing exploration. Furthermore, each sensor 105 can tag its respective payload data with context information in the form of location information for the sensor 105 reporting the payload data, timing information (e.g., timestamps) indicating the time when the payload data was obtained, etc. Such tagging of the sensor payload data with context information enables the central processor 110 to accurately combine the payload data reported by multiple sensors 105 in time and space, and analyze the reported payload data to accurately locate potential oil reservoirs of interest. [0017] In sensing applications that rely on context-sensitive data, such as in the preceding seismic oil exploration example, the context-sensitive sensor data may be rendered useless, or have significantly less value, to an unauthorized recipient if its associated context information (e.g., timing information, location information, etc.) is made unavailable.

Furthermore, such context information may have a significantly smaller data size or may be reported less frequently, or both, than the reported payload data that is to be tagged with the context information. For example, the location(s) of the sensor(s) 105 in the system 100 may be static or change relatively slowly such that one location value may be used to tag all of the sensor data reported by a sensor 105 during a reporting interval. As another example, the timing source(s) used by the sensor(s) 105 may be sufficiently stable such that one time value (e.g., one timestamp) may be used to tag a relatively large number N of data samples included in the sensor payload data, yielding one time value for every N payload data samples, where N » 1 (e.g., N = 500, 1000, etc.). Thus, the economic and/or strategic value of such context- sensitive sensor data may be preserved by protecting just the context information used to tag the sensor payload data, while leaving the substantially larger amount of payload data unchanged. Accordingly, the system 100 of FIG. 1 employs techniques that encrypt and/or otherwise randomize the context information reported by the sensor(s) 105, but leave the payload data unchanged (e.g., in an unencrypted, plaintext form), to thereby protect the context-sensitive sensor data as a whole while placing little to no additional burden on the limited resources of the sensor(s) 105.

[0018] In the illustrated example of FIG. 1, the sensor(s) 105 randomize the context information to be used to tag their reported payload data based on control information broadcast by an example access point 115 via any type(s) or number of wireless or wireline communication link(s), network(s), etc. The access point 115 can be implemented by any type(s) of access point, transmitter, beacon, basestation, etc. In some examples, the access point 115 broadcasts reference context information that is randomized (e.g., such as one or more of a randomized timing beacon, a randomized location beacon, etc.). For example, the access point 115 can generate the randomized, reference context information by adjusting one or more nonrandom context sources (e.g., a nonrandom timing reference, nonrandom location information) using a sequence of one or more randomization factors (e.g., a sequence of timing offset(s), location offset(s), etc.) provided to the access point 115 by the central processor 110, and/or generated in the access point 115 by a pseudo-random number generator seeded using seed value(s) provided by the central processor 110, etc.. In such examples, the sensor(s) 105 receive the randomized, reference context information and tag their respective payload data with randomized context information (e.g., randomized timing information, randomized location information, etc.) corresponding to the received reference context information (e.g., corresponding to received values of the randomized timing beacon, randomized location beacon, etc.). The sensor(s) 105 then report their respective payload data tagged with the randomized context information to the central processor 110. Further examples of sensors tagging payload data using randomized context information broadcast by access points are described in greater detail below.

[0019] In some examples, the access point 115 additionally or alternatively broadcasts a set of one or more randomization factors (e.g., such a time offsets, location offsets, etc.) to be used by the sensor(s) 105 to randomize nonrandom context information prior to tagging their respective payload data. For example, the sensor(s) 105 may generate and/or receive nonrandom context information (e.g., such as a nonrandom location beacon also broadcast by the access point 115, nonrandom positioning data received via a global positioning system (GPS) receiver, a nonrandom timing reference generated by an internal clock, etc.). The sensor(s) 105 may then adjust this nonrandom context information using the set of received randomization factors to generate the randomized context information to be used to tag the sensor payload data prior to being reported to the central processor 110.

Further examples of sensors generating randomized context information from randomization factors broadcast by access points are described in greater detail below.

[0020] In the example system 100 of FIG. 1, the sensor(s) 105 report their sensor data to the access point 115 via any type(s) or number of wireless or wireline communication link(s), network(s), etc. The access point 115, in turn, reports the received sensor data to the central processor 110 via any type(s) or number of wireless or wireline communication link(s), network(s), etc., and/or any other type(s) of communication interface(s) The central processor 110 can be implemented by any type(s) or number of network node/element(s), server (s), computer(s), processor(s), etc., capable of receiving and processing data, such as the example processing system 1200 of FIG. 12, which is described in greater detail below. In the illustrated example, the central processor 110 receives the sensor data reported by each sensor 105, which includes the sensor's pay load data tagged with the randomized context information, as described above. The central processor 110 then adjusts the randomized context information to enable the reported pay load data to be associated with nonrandom context information, thereby allowing pay load data from multiple sensor(s) 105 to be combined and analyzed based on the reported context information.

[0021] For example, in scenarios in which the reported, randomized context information corresponds to reference, randomized context information broadcast by the access point 115, the central processor 110 knows the sequence of randomization factors used by the access point 115 to generate the reference, randomized context information (e.g., because the central processor 110 stored the sequence of randomization factors used to configure the access point 115, or stored the seed value(s) used to configure the

pseudorandom number generator in the access point 115, etc.). Thus, the central processor 110 can use this same sequence of randomization factors to remove the effect of the randomization factors from the reported, randomized context information to yield the original nonrandom context information, which can then be associated with the respective tagged payload data. In examples in which the reported, randomized context information corresponds to nonrandom context information that is generated by the sensor(s) 105 based on a set of randomization factors broadcast by the access point 105, the central processor 110 knows the set of randomization factors that were broadcast by the access point 115 (e.g., because the central processor 110 stored the set of randomization factors when configuring the access point 115). Thus, the central processor 110 can use this same set of randomization factors to remove the effect of the randomization factors from the reported, randomized context information to yield the original nonrandom context information, which can then be associated with the respective tagged payload data.

[0022] A second example system 200 that is able to protect context-sensitive data as disclosed herein is illustrated in FIG. 2. The example system 200 includes example access points 205A and 205B to broadcast control information to and receive reported sensor data from respective example sensor clusters 210A and 210B. The access points 205A and 205B, like the access point 105 of FIG. 1, can each be implemented by any type of access point, transmitter, beacon, basestation, etc. In the illustrated example of FIG. 2, the sensor cluster 210A includes example sensors 215A-C, and the sensor cluster 210B includes example sensors 215D-F. The sensors 215A-F, like the sensor(s) 105, can be implemented by any type(s) or number of sensor(s), device(s), node(s), computing element(s), etc., capable of determining sensor data and reporting the sensor data to the example central processor 110. Examples of sensor payload data that can be reported by the sensors 215 A-F are described above in connection with FIG. 1.

[0023] Like in the example system 100 of FIG. 1, the sensors 215 A-F in the example system 200 of FIG. 2 randomize context information, which is to be used to tag their reported payload data, based on the control information broadcast by the access points 205 A- B via any type(s) or number of wireless or wireline communication link(s), network(s), etc. For example, like the access point 115 described above, the access points 205 A-B can each broadcast respective reference context information, which is randomized, to their respective sensor clusters 210A-B, which is then used by the sensors 215A-F to tag their respective payload data. In such examples, the access points 205A-B receive nonrandom reference context information from an example context source 220. As described above, each access point 205A-B generates respective, and potentially different, randomized context information by adjusting the received nonrandom context information using a respective sequence of randomization factors, which may be different for different ones of the access points 205A-B. In the example of FIG. 2, like in the example of FIG. 1 , each access point 205 A-B may be configured by the central processor 110 with a respective sequence of randomization factors, or with seed information that may be used to generate a respective sequence of randomization factors. Furthermore, in some examples, different access points 205 A-B may be configured by the central processor 110 to have different sequences of randomization factors such that different randomized context information is broadcast by each, or at least some of, the access points 205A-B.

[0024] For example, the reference context information broadcast by the access points 205 A-B may correspond to reference timing beacons that are broadcast to the sensors 215A-F for use in time-stamping their respective payload data to be reported. In such examples, the context source 220 can correspond to one or more GPS satellites providing a GPS-based timing reference, an atomic clock, etc., that transmit(s) a central (e.g., global) nonrandom timing reference to the access points 205 A-B via any type(s) or number of wireless or wireline communication link(s), network(s), etc. Such a central, nonrandom timing reference is consistent over the example system 200. In some examples, each access point 205A-B randomizes (or, equivalently, encrypts) the received, nonrandom timing reference by adding pseudorandom clock drift, jitter, or both, such that the access points 205A-B broadcast different, randomized timing beacons (also referred to herein as virtual timing references) in different sensor clusters 210A-B. In such examples, the sequences of randomization factors correspond to pseudorandom sequences of timing offsets, which may be different for different ones of the access points 205 A-B. A particular access point 205 A-B sequentially selects or otherwise obtains timing offsets from its respective pseudorandom sequence of timing offsets and adds timing offsets to the timing beacon values to be broadcast by the particular access point 205 A-B, thereby causing its broadcast timing beacon to be randomized based on its respective pseudorandom sequence of timing offsets. In some examples, a next timing offset is selected/obtained from the pseudorandom sequence of timing offsets for adding to each new timing beacon value to be broadcast, whereas in other examples, the same timing offset from the pseudorandom sequence of timing offsets is added to a group of timing beacon values to be broadcast.

[0025] For example, let {^ (t)}™ _x be a pseudorandom sequence of timing offsets to be used at the i^th access point (e.g., access point 205A or 205B) in the system 200 to create its respective timing beacon, or virtual reference, Vi (t) , from a global timing reference, gi (t) , received from the context source 220. In such an example, the i^th access point adds timing offsets from the pseudorandom sequence [e_i (t)}^ ₁ to the timing reference values 9i(t ^to yield its randomized timing beacon v^t), which can be represented mathematically as Vi t) = gi (t) + where t represents the timing index of the next timing beacon value to be broadcast by the i^th access point. In this example, the i^th access point uses a new timing offset, e; (t), from its pseudorandom sequence of timing offsets to adjust (e.g., add to) and, thus, randomize each new timing beacon value, v^t), to be broadcast. For example, the i^th access point may broadcast a new timing beacon value every T seconds (e.g., such as every T = 100 milliseconds, or some other value) and, thus, will select/obtain timing offsets, β₍ (t) , from its pseudorandom sequence at a rate of one every T seconds, and add a next timing offset from the sequence to each next timing beacon value to be broadcast.

[0026] In the preceding example, the sensor(s) in the cluster served by the i^th access point (e.g., such as the sensors 215A-C in the cluster 210A served by the access point 205 A, or the sensors 215D-F in the cluster 21 OB served by the access point 205B) use the values of the randomized timing beacon, Vi t), broadcast by the i^th access point to tag (e.g., time-stamp) payload data to be reported during a reporting interval. The sensor(s) then report their respective context-sensitive (e.g., time-sensitive) sensor data to the i^th access point, which in turn reports the data to the central processor 1 10.

[0027] In the example system 200 of FIG. 2, the central processor 1 10 is able to recover the global timing reference, §i (t) , from the randomized timing information (e.g., timestamps), Vi t) , used to tag the reported payload because the central processor 1 10 knows the pseudorandom sequence of timing offsets, {^ (t)}™ _{l 5} used by the i^th access point to generate its respective randomized timing beacon, v_t (t) . For example, during a

configuration operation, the central processor 110 may have provided the pseudorandom sequence of timing offsets, {^ (t)}™ _{l 5} to the i^th access point, or may have provided seed value(s) to the i^th access point for use by a pseudorandom number generator that is to generate the pseudorandom sequence of timing offsets, {e_i (t)}¹^ ₁, in the i^th access point. In either example, the central processor 110 can identify the i^th access point when the access point reports the sensor data from its cluster of sensors, and then retrieve the pseudorandom sequence of timing offsets, {^ (t)}™ _{l 5} associated with the i^th access point. The central processor 110 then adjusts the randomized timing information (e.g., timestamps), i7; (t) , associated with the reported payload data by subtracting timing offset(s) from the retrieved sequence of timing offsets, {βι

associated with the i^th access point to recover the global, nonrandom timing reference, §i (t) , thereby enabling the reported sensor payload data to be associated with nonrandom timing information. In other words, the central processor 110 adjusts the randomized timing information (e.g., timestamps), Vi t) , mathematically as §i (t) = Vi t)— to associate the reported payload data with the nonrandom timing reference, §i t) .

[0028] In some examples, the central processor 1 10 employs a sliding window or other correlation or comparison technique to align the retrieved sequence of timing offsets, {βι associated with the i^th access point with the randomized timing information, v_t (t) , included in the reported sensor data. For example, reported sensor data may include one randomized timing value (e.g., randomized timestamp), Vi t) , for every N payload data samples, as described above. Thus, the recovered, nonrandom timing reference, §i(t), is expected to increase by a fixed amount between successive values (e.g., N times the sampling interval between payload data samples). In such examples, the central processor 110 can employ a sliding window to subtract timing offset(s) beginning at different starting positions, t, in the retrieved sequence of timing offsets, [e_i (t)}^ ₁, from the randomized timestamps, Vi (t), until a nonrandom timing reference, §i (t), that exhibits the property of increasing by an expected amount between successive values is recovered.

[0029] In some examples, the preceding technique for using a sequence of random timing offsets to adjust a nonrandom timing reference to yield a randomized timing beacon can be adapted to enable the access points 205A-B to additionally or alternatively broadcast randomized location beacons. In such examples, the context source 220 can correspond to one or more GPS satellites from which the access points 205A-B can receive positioning data, a centralized location beacon, etc., that yields a consistent, nonrandom location reference across the example system 200. Furthermore, in such examples, like in the preceding example, each access point 205A-B randomizes (or, equivalently, encrypts) the received, nonrandom location reference by adding a respective pseudorandom sequence of location/positioning offsets (which may be different among the access points 205 A-B) to yield a respective, randomized location beacon to be broadcast by the access point 205 A-B. In some examples, a next location offset is selected/obtained from the pseudorandom sequence of location offsets for adding to each new location beacon value to be broadcast, whereas in other examples, the same location offset from the pseudorandom sequence of location offsets is added to a group of location beacon values to be broadcast by a particular access point 205 A-B. Similar to the preceding example, when reported sensor data is tagged with randomized location information corresponding to a randomized location beacon, the central processor 110 knows the respective pseudorandom sequence of location offsets for each access point 205 A-B (e.g., because the central processor 110 provided the sequence or provided seed values for use in generating the sequence), and, thus, is able to subtract the location offsets from the randomized location beacon values to recover the nonrandom location information.

[0030] In the preceding examples, the sensors 215A-F are able to report payload data that is tagged with randomized context information (e.g., randomized timing information, randomized location information) without performing any

randomizing/encryption operations because the randomized context information is provided (e.g., broadcast) by the access points 205 A-B. Furthermore, the randomization factors (e.g., timing offsets, location offsets, etc.) are kept secure because they are not broadcast by the access points 205A-B to the sensors 215A-F. Accordingly, context-sensitive sensor data may be protected by the example system 200 with little to no additional impact on the potentially limited resources of the sensors 215A-F.

[0031] In some examples, the access points 205 A-B in the example of FIG. 2, like the access point 105 of FIG. 1, additionally or alternatively broadcast respective sets of context randomization factors (e.g., such a time offsets, location offsets, etc.) to be used by the sensor(s) 215A-F in their respective clusters 210A-B to randomize nonrandom context information for tagging their respective payload data to be reported. In the example of FIG. 2, like in the example of FIG. 1, each access point 205 A-B may be configured by the central processor 110 with a respective set of randomization factors, such that different sets of context randomization factors are broadcast by different access points 205 A-B. In such examples, the sensor(s) 215A-F may generate and/or receive nonrandom context information (e.g., such as a nonrandom location beacon also broadcast by the access points 205 A-B in their respective clusters 210A-B, nonrandom positioning data received via a GPS receiver, a nonrandom timing reference generated by an internal clock, etc.). A particular one of the sensors 215A-F, such as the sensor 215A, may then adjust its local, nonrandom context information using the set of received randomization factors received from the access point 205A to generate randomized context information to be used to tag the payload data to be reported by the sensor 215A.

[0032] For example, the context information to be used to tag the reported sensor payload data may correspond to location information. For example, let p - be the location (or position) of the j^th sensor (e.g., one of the sensors 215A-F) in the system 200. The j^th sensor may generate/obtain nonrandom location information locally based on nonrandom location beacon also broadcast by the access points 205 A-B in their respective clusters 210A-B, nonrandom positioning data received via a GPS receiver, etc. Additionally, let {β₍(η)}™₌₁ be the respective set of pseudorandom location offsets configured by the central processor 110 for the i^th access point (e.g., access point 205A or 210B) in the system 200. When the j sensor is in the sensor cluster served by the t access point, the sensor receives the set of pseudorandom location offsets, {e_j (n)}™₌₁, broadcast by the i^th access point. The j^th sensor then adjusts its nonrandom location p - based on the set of pseudorandom location offsets, {6₍ (η)}™₌₁, to generate randomized location information, r_i -, for tagging the payload data to be reported by the j^th sensor. For example, the j^th sensor can generate its random location, r^, by adding one of the location offsets, e_j(n), to its nonrandom location p , which may be represented mathematically as Γ_ί - = p - + ^(n). In some examples, the i^th access point selects and broadcasts individual offsets e (n) from pseudorandom location offsets over time. In such examples, the j^th sensor simply adds the current received location offset e_j(n) to its nonrandom location p -. In other examples, the j^th sensor broadcasts the set of offsets, {e_j (n)}™₌₁, and the j^th sensor selects one of the offsets, e_j (n), for adding to its nonrandom location p - to generate the random location, r^. In the latter example, the j^th sensor may include the index of the selected offset in its reported sensor data to enable the central processor 110 to identify the correct offset to be used to recover the nonrandom location information p - from the reported, random location, Γ_ί · .

[0033] In some examples, the location of the j^th sensor may change over time. In such examples, the reported, random location of the j^th sensor also changes over time, which may be represented mathematically as (t) = p (t) + e^t), where t represents time. Also, in some examples, the context offset information (e.g., β; (η) or {e_j(n)}™₌₁) broadcast by the access points 205A-B in the system 200 may be encrypted to provide further security using any type(s) or numbers of encryption algorithms. In such examples, the context offset information broadcast by the access points 205A-B may be encrypted using one or more encryption keys. The sensors 215A-F are then able to decrypt the broadcasted context offset information using appropriate decryption keys.

[0034] In view of the foregoing, an example access point 300 that may be used to implement one or more of the access points 115 and 205 A-B is illustrated in FIG. 3. The example access point 300 includes an example context reference generator 305 to generate nonrandom, reference context information. For example, the context reference generator 305 can generate nonrandom timing beacon values from a central (e.g., global) nonrandom timing reference received from the context source 220. Additionally or alternatively, the context reference generator 305 can generate nonrandom location beacon values from nonrandom location reference/positioning data received from the context source 220, etc.

[0035] The example access point 300 also includes an example offset receiver 310 to receive a sequence/set of context offsets that are to be used by the access point 300 to determine randomized, reference context information from the nonrandom, reference context information generated by the context reference generator 305. Additionally or alternatively, in some examples, the sequence/set of context offsets received by the offset receiver 310 are to be broadcast by the access point 300 for use by sensor devices (e.g., one or more of the sensors 105 and 215 A-F) for randomizing context information at the sensor devices. In some examples, instead of receiving the sequence/set of context offsets, the offset receiver 310 receives one or more seed values and implements one or more pseudorandom number generators to generate the sequence/set of context offsets based on the seed value(s).

[0036] The example access point 300 also includes an example beacon randomizer 315 to randomize the nonrandom, reference context information, which is generated by the context reference generator 305, for broadcast as one or more beacons by the access point 300. For example, the beacon randomizer 315 can add timing offsets from a sequence of timing offsets obtained from the offset receiver 310 to nonrandom timing beacon values generated by the context reference generator 305 to determine randomized, reference timing beacon values to be broadcast by the access point 300. Additionally or alternatively, the beacon randomizer 315 can add location offsets from a sequence of location offsets obtained from the offset receiver 310 to nonrandom location beacon values generated by the context reference generator 305 to determine randomized, reference location beacon values to be broadcast by the access point 300.

[0037] In the illustrated example, the access point 300 also includes an example offset encoder 320 to encode the context offset(s) obtained by the offset receiver 310 for broadcast by the access point 300 (e.g., for use by sensor devices to locally randomize context information). In some examples, the offset encoder 320 encodes context offsets for broadcast individually at one or more broadcast intervals. In other examples, the offset encoder 320 encodes a set of context offsets to be broadcast as a batch. In some examples, the offset encoder 320 also encrypts the context offset(s) using any appropriate encryption algorithm (e.g., symmetric key algorithm, public/private key algorithm, etc.). [0038] To broadcast control information containing the randomized, reference context information generated by the beacon randomizer 315, and/or the context offset(s) encoded by the offset encoder 320, the access point 300 includes an access point transceiver 325. The access point transceiver 325 broadcasts the control information using any type(s) and/or number of wireless and/or wireline communication links. In the illustrated example of FIG. 3, the access point transceiver 325 also receives sensor data reported by sensor devices in a cluster served by the access point 300, and forwards the reported sensor data, along with information identifying the access point 300 itself, to, for example, the central processor 110.

[0039] Returning to the illustrated example of FIG. 2, the central processor 110 includes an example access point controller 225 and an example data collector 230. The example access point controller 225 is included in the central processor 110 for configuring the access points 205A-B with their respective sequences/sets of context randomization factors. An example implementation of the access point controller 225 is illustrated in FIG. 4. In the illustrated example of FIG. 4, the access point controller 225 includes an example context randomization processor 405 that determines the sequences/sets of context randomization factors to be sent to the access points 205 A-B. In some examples, the context randomization processor 405 additionally or alternatively determines seed value(s) to be used by pseudorandom number generators included in the access points 205A-B to generate respective sequences/sets of context randomization factors in the access points 205 A-B. The example access point controller 225 of FIG. 4 also includes an example transmitter 410 to transmit the sequences/sets of context randomization factors, and/or the seed values for generating the sequences/sets of context randomization factors, to the access points 205 A-B using any type(s) and number of wireless and/or wireline communication links. The access points 205 A-B then use these sequences/sets of context randomization factors to generate randomized reference context information to be broadcast, and/or broadcast the

sequences/sets of context randomization factors themselves, in control information for receipt by the sensors 215 A-F in the system 200.

[0040] Returning to the illustrated example of FIG. 2, the example data collector 230 is included in the central processor 110 for receiving and processing the sensor data reported by the sensors 215A-B. An example implementation of the data collector 230 is illustrated in FIG. 5. In the illustrated example of FIG. 5, the data collector 230 includes an example receiver 505 to receive, from the access points 205 A-B, sensor data that is reported by one or more sensor devices, such as the sensors 215A-F, to the access points 205A-B. In the illustrated example, the receiver 505 is to receive the reported sensor data from the access points 205 A-B via any type(s) and number of wireless and/or wireline communication links.

[0041] In some examples, the sensors 215A-F (or a subset of the sensors 215A-F) do not report the sensor data to the central processor 110 via the access points 205 A-B. Instead, the sensors 215A-F store their respective sensor data locally (e.g., such as in flash and/or other nonvolatile memory) for later collection via data transfers through one or more communication interfaces provided by the sensors 215A-F. In such examples, the receiver 505 may implement any type(s) and number of communication interface(s) to

communicatively couple (e.g., physically or otherwise) with the corresponding interface(s) on the sensors 215A-F to receive (e.g., retrieve) the sensor data stored locally at the sensors 215A-F.

[0042] As described above, the reported sensor data is tagged with randomized context information. In some examples, the reported sensor data is also associated with the particular access point that forwarded the sensor data. In the illustrated example of FIG. 5, the data collector 230 includes an example data processor 510 that knows (e.g., via data provided by the access point controller 225 and stored in the data collector 230) the sequences/sets of context randomization factors used to generate the randomized context information included in the reported sensor data. In some examples, the data processor 510 uses access point identification information provided with the reported sensor data to identify the particular sequence/set of context randomization factors used to generate the randomized context information included in the reported sensor data. The data processor 510 of the data collector 230 then uses the identified sequence/set of context randomization factors to adjust the reported, randomized context information, as described above, to enable the reported sensor data to be associated with nonrandom context information. After the reported sensor data is associated with nonrandom context information, the data processor 510 of the data collector 230 can combine and analyze the sensor data from multiple sensors in any appropriate manner.

[0043] In some examples, the sensors 215A-F in the example system 200 additionally or alternatively encrypt the context information that is to be used to tag their respective reported payload data. In some examples, a sensor, such as the sensor 215 A, encrypts the context information (e.g., such as timestamps, location data, etc.) that is to be used to tag the sensor payload data using an encryption algorithm that is based on an encryption key stored locally at the sensor 215 A. Examples of encryption algorithms supported by the system 200 include symmetric key encryption algorithms, asymmetric (public/private) key encryption algorithms, etc.

[0044] In examples in which the system 200 supports symmetric key encryption, a sensor, such as the sensor 215A, uses a symmetric key, K, to encrypt context information, such a timestamp, t, to yield encrypted context information. For example, the encrypted timestamp, t, resulting from encrypting the timestamp, t, using the symmetric key, K, can be represented mathematically as t = E [t, K] , where E represents any appropriate symmetric key encryption function. To decrypt the encrypted context information, the data collector 230 uses the same symmetric key, K, to decrypt the encrypted context information, such as the encrypted timestamp, t, using a decryption function D to yield the decrypted context information, such as the decrypted timestamp, t. Mathematically, such decryption performed by the data collector 230 can be represented mathematically as t = D [t, K], where D represents the decryption function that is the counterpart of the encryption function, E.

Examples of symmetric key encryption algorithms that can be supported by the system 200 include the Data Encryption Standard (DES), Triple DES, etc.

[0045] In examples in which the system supports asymmetric key encryption, such as RSA, a pair of public and private keys, [K_pub, K_pri], are used, respectively, to encrypt and decrypt context information. In such examples, a sensor, such as the sensor 215 A, uses the public key, K_pub, to encrypt the context information (e.g., a timestamp, t) using an encryption function, which may be represented mathematically as i = E[t,

. The data collector 230 can then use the private key, K_pri, to decrypt the encrypted context information (e.g., an encrypted timestamp, t) using a counterpart decryption function, which may be represented mathematically as t = D [t,

. In some examples, the asymmetric encryption and decryption functions E and D may be the same.

[0046] There are tradeoffs between using the symmetric and asymmetric encryption schemes, and the choice of which to use depends on the implementation environment. The symmetric key scheme can be simpler and have less power consumption due to its relatively low computational complexity. A symmetric key can be stored at a sensor at manufacturing time and, thus, does not require network connectivity during key configuration. However, the symmetric key may be open to discovery by an attacker who can gain access to the sensor hardware. In contrast, in the case of an asymmetric encryption scheme, the public key to be used by a sensor does not have to be kept secret and, instead, can be distributed publicly without protection. A possible drawback of asymmetric encryption is that it may have higher computational complexity and have higher power consumption than symmetric encryption.

[0047] In some examples in which the sensors 215 A-F are to encrypt the context information using encryption keys, the encryption key(s) are broadcast by the access points 205 A-B to the sensors 215A-F. For example, the access points 205 A-B can broadcast the public key, K_pub, to be used by a sensor, such as the sensor 215 A, to encrypt context information using an asymmetric encryption algorithm. The private key, K_pri , to be used by the data collector 230 to decrypt the encrypted context information can be kept private and protected in the data collector 230, which is generally not accessible to an eavesdropper.

[0048] In other examples, such as in networks spanning large areas, it may be possible to use a symmetric encryption algorithm at the expense of some loss in security. For example, if it can be assumed that an attacker cannot intercept the transmissions across the entire network due to its large size, an attacker can get access to only a small data subset that represents an insignificant fraction of the sensor data. In still other examples, a secure key exchange algorithm, such as the Diffie-Hellman algorithm, can be used to securely distribute a symmetric encryption key, which is to be used to encrypt the timestamps at the sensor 215A. In this approach, just the symmetric key transmission is protected from an

eavesdropper using a more complex technique, whereas a simpler symmetric encryption algorithm can be used by the sensor 215 A to encrypt the timestamps.

[0049] Another issue to consider is the bandwidth consumption incurred by key distribution. This bandwidth can be reduced by using the same encryption keys in sensors 215A-F covered by the same access point 205 A-B and, thus, in the same sensor cluster 210A- B. In such examples, a single broadcast transmission of the encryption key in a cluster suffices to distribute the same key over the cluster. However, this savings in bandwidth consumption may come at the expense of some loss of security due to key reuse.

[0050] Although FIG. 1 depicts one sensor 105, one central processor 110 and one access point 115, the system 100 can include any number of sensors, central processors and/or access points. Furthermore, although FIG. 2 depicts six sensors 215A-F, one central processor 110 and two access points 205 A-B, the system 200 can include any number of sensors, central processors and/or access points. Moreover, although the example systems 100 and 200 of FIGS. 1 and 2 have been described in the context of protecting context- sensitive data in sensor networks, the systems 100 and 200 are not limited thereto. For example, the systems 100 and 200 can be used to protect context-sensitive data in any type of network, system, application, etc. As such, the sensors 105 and 215A-F can correspond to any type(s) of devices capable of generating and reporting data that is context-sensitive.

[0051] An example sensor 600 that is to report randomized context information is illustrated in FIG. 6. The sensor 600 of FIG. 6 can be used to implement one or more of the sensors 105 and 215 A-F. In the illustrated example of FIG. 6, the sensor 600 includes an example sensor transceiver 605 to receive control information from an access point, such as one or more of the access points 115 and 205 A-B. As described above, the control information includes reference context information that is already randomized, and/or context offset(s) that are to be used by the sensor 600 to randomize context information locally at the sensor. The sensor transceiver 605 is also to transmit sensor data to the access point for reporting to, for example, the central processor 110. As such, the sensor transceiver 605 can support and type(s) and number of wireless and/or wireline communication links.

[0052] The example sensor 600 of FIG. 6 also includes an example context information extractor 610 to extract the randomized, reference context information (e.g., randomized timing beacon, randomized location beacon, etc.) included in the control information received via the sensor transceiver 605. In some examples, the context information extractor 610 is to additionally or alternatively extract context offset(s) included in the control information received via the sensor transceiver 605.

[0053] In examples in which the context information extractor 610 extracts randomized, reference context information from the control information, the context information extractor 610 provides the randomized, reference context information to an example data transmitter 615. The example data transmitter 615 uses the randomized, reference context information to tag sensor payload 620 with context information, as described above, prior to reporting the payload data 620 via the sensor transceiver 605.

[0054] In examples in which the context information extractor 610 extracts context offset(s) from the control information, context information extractor 610 provides the extracted offset(s) to an example context randomizer 625. The context randomizer 625 uses the context offset(s), as described above, to adjust nonrandom context information available at the sensor 600 to thereby randomize the context information. The context randomizer 625 then provides the randomized context information to the data transmitter 615, which uses the randomized context information to tag sensor payload 620 with context information, as described above, prior to reporting the payload data 620 via the sensor transceiver 605. In some examples, the context randomizer 625 also provides to the data transmitter 615 an index of the offset selected by the context randomizer 625 for randomizing the context information. This index may be included with the context-sensitive sensor data reported by the sensor 600 and used by, for example, the central processor 110 to select the appropriate context offset to recover the nonrandom context information from the reported, randomized context information.

[0055] In examples in which randomized, reference context information is included in control information broadcast by an access point, as described above, existing sensors that report context information can also automatically report randomized context information without modification. This is because such existing sensors will tag their respective sensor data using the randomized, reference context information broadcast by the access point.

[0056] While example manners of implementing the systems 100 and 200 have been illustrated in FIGS. 1-6, one or more of the elements, processes and/or devices illustrated in FIGS. 1-6 may be combined, divided, re-arranged, omitted, eliminated and/or implemented in any other way. Further, the one or more of the example sensors 105, 215A-F and 600, the example central processor 110, one or more of the example access points 115, 205 A-B and 300, the example context source 220, the example access point controller 225, the example data collector 230, the example context reference generator 305, the example offset receiver 310, the example beacon randomizer 315, the example offset encoder 320, the example access point transceiver 325, the example context randomization processor 405, the example transmitter 410, the example receiver 505, the example data processor 510, the example sensor transceiver 605, the example context information extractor 610, the example data transmitter 615, the example context randomizer 625 and/or, more generally, the example systems 100 and/or 200 may be implemented by hardware, software, firmware and/or any combination of hardware, software and/or firmware. Thus, for example, any of the example sensors 105, 215A-F and 600, the example central processor 110, the example access points 115, 205A-B and 300, the example context source 220, the example access point controller 225, the example data collector 230, the example context reference generator 305, the example offset receiver 310, the example beacon randomizer 315, the example offset encoder 320, the example access point transceiver 325, the example context randomization processor 405, the example transmitter 410, the example receiver 505, the example data processor 510, the example sensor transceiver 605, the example context information extractor 610, the example data transmitter 615, the example context randomizer 625 and/or, more generally, the example systems 100 and/or 200 could be implemented by one or more circuit(s), programmable processor(s), application specific integrated circuit(s) (ASIC(s)), programmable logic device(s) (PLD(s)) and/or field programmable logic device(s)

(FPLD(s)), etc. When any of the apparatus or system claims of this patent are read to cover a purely software and/or firmware implementation, at least one of the example systems 100 and/or 200, the example sensors 105, 215A-F and 600, the example central processor 110, the example access points 115, 205 A-B and 300, the example context source 220, the example access point controller 225, the example data collector 230, the example context reference generator 305, the example offset receiver 310, the example beacon randomizer 315, the example offset encoder 320, the example access point transceiver 325, the example context randomization processor 405, the example transmitter 410, the example receiver 505, the example data processor 510, the example sensor transceiver 605, the example context information extractor 610, the example data transmitter 615 and/or the example context randomizer 625 are hereby expressly defined to include a tangible computer readable medium such as a memory, digital versatile disk (DVD), compact disk (CD), Blu-ray disc™, etc., storing such software and/or firmware. Further still, the example systems 100 and/or 200 may include one or more elements, processes and/or devices in addition to, or instead of, those illustrated in FIGS. 1-6, and/or may include more than one of any or all of the illustrated elements, processes and devices.

[0057] Flowcharts representative of example machine readable instructions for implementing the example systems 100 and/or 200, the example sensors 105, 215A-F and 600, the example central processor 110, the example access points 115, 205 A-B and 300, the example context source 220, the example access point controller 225, the example data collector 230, the example context reference generator 305, the example offset receiver 310, the example beacon randomizer 315, the example offset encoder 320, the example access point transceiver 325, the example context randomization processor 405, the example transmitter 410, the example receiver 505, the example data processor 510, the example sensor transceiver 605, the example context information extractor 610, the example data transmitter 615 and/or the example context randomizer 625 are shown in FIGS. 7-11. In these examples, the machine readable instructions represented by each flowchart may comprise one or more programs for execution by a processor, such as the processor 1212 shown in the example processing system 1200 discussed below in connection with FIG. 12. The one or more programs, or portion(s) thereof, may be embodied in software stored on a tangible computer readable medium such as a CD-ROM, a floppy disk, a hard drive, a digital versatile disk (DVD), a Blu-ray disc™, or a memory associated with the processor 1212, but the entire program or programs and/or portions thereof could alternatively be executed by a device other than the processor 1212 (e.g., such as a controller and/or any other suitable device) and/or embodied in firmware or dedicated hardware (e.g., implemented by an ASIC, a PLD, an FPLD, discrete logic, etc.). Also, one or more of the machine readable instructions represented by the flowchart of FIGS. 7-11 may be implemented manually. Further, although the example machine readable instructions are described with reference to the flowcharts illustrated in FIGS. 7-11, many other methods of implementing the example systems 100 and/or 200, the example sensors 105, 215A-F and 600, the example central processor 110, the example access points 115, 205 A-B and 300, the example context source 220, the example access point controller 225, the example data collector 230, the example context reference generator 305, the example offset receiver 310, the example beacon randomizer 315, the example offset encoder 320, the example access point transceiver 325, the example context randomization processor 405, the example transmitter 410, the example receiver 505, the example data processor 510, the example sensor transceiver 605, the example context information extractor 610, the example data transmitter 615 and/or the example context randomizer 625 may alternatively be used. For example, with reference to the flowcharts illustrated in FIGS. 7-11, the order of execution of the blocks may be changed, and/or some of the blocks described may be changed, eliminated, combined and/or subdivided into multiple blocks.

[0058] As mentioned above, the example processes of FIGS. 7-11 may be implemented using coded instructions (e.g., computer readable instructions) stored on a tangible computer readable medium such as a hard disk drive, a flash memory, a read-only memory (ROM), a CD, a DVD, a cache, a random-access memory (RAM) and/or any other storage media in which information is stored for any duration (e.g., for extended time periods, permanently, brief instances, for temporarily buffering, and/or for caching of the

information). As used herein, the term tangible computer readable medium is expressly defined to include any type of computer readable storage and to exclude propagating signals. Additionally or alternatively, the example processes of FIGS. 7-11 may be implemented using coded instructions (e.g., computer readable instructions) stored on a non-transitory computer readable medium, such as a flash memory, a ROM, a CD, a DVD, a cache, a random-access memory (RAM) and/or any other storage media in which information is stored for any duration (e.g., for extended time periods, permanently, brief instances, for temporarily buffering, and/or for caching of the information). As used herein, the term non- transitory computer readable medium is expressly defined to include any type of computer readable medium and to exclude propagating signals. Also, as used herein, the terms "computer readable" and "machine readable" are considered equivalent unless indicated otherwise. Furthermore, as used herein, when the phrase "at least" is used as the transition term in a preamble of a claim, it is open-ended in the same manner as the term "comprising" is open ended. Thus, a claim using "at least" as the transition term in its preamble may include elements in addition to those expressly recited in the claim.

[0059] Example machine readable instructions 700 that may be executed to implement the example systems 100 and/or 200 of FIGS. 1-2 are represented by the flowchart shown in FIG. 7. With reference to the preceding figures, the machine readable instructions 700 of FIG. 7 begin execution at block 705 at which the access points 115 and/or 205 A-B broadcast control information to their respective sensor clusters, such as the sensor clusters 210A-B. As described above, the control information broadcast by the access points 115 and/or 205 A-B include randomized reference context information (e.g., such as randomized timing beacon(s), randomized location beacon(s), etc.) to be used by the sensors 105 and/or 215A-F to tag their respective sensor pay load data. Additionally or alternatively, the control information broadcast by the access points 115 and/or 205 A-B can include context randomization factors (such as timing offsets, location/positioning offsets) for use by the sensors 105 and/or 215 A-F in generating randomized context information for tagging their respective sensor payload data.

[0060] At block 710, the sensors 105 and/or 215A-F report sensor payload data that is tagged with reported context information that is randomized, as described above, based on the control information broadcast by the access points 115 and/or 205 A-B at block 705 and received by the sensors 105 and/or 215A-F. At block 710, the sensors 105 and/or 215A- F report their context-sensitive payload data to their serving access points 115 and/or 205 A- B, which in turn forward the reported sensor data to the data collector 230 included in the central processor 110.

[0061] At block 715, the data collector 230 receives the context-sensitive sensor data that is tagged with randomized context information and reported by the sensors 105 and/or 215A-F at block 710. The data collector 230 also adjusts the reported, randomized context information, as described above, to enable the reported sensor payload data to be associated with nonrandom context information (e.g., such as nonrandom timing information, nonrandom location information, etc.).

[0062] Example machine readable instructions 800 that may be executed to implement the example data collector 230 of FIGS. 2 and 5, which is included in the example central processor 110 of FIG. 2, are represented by the flowchart shown in FIG. 8. With reference to the preceding figures, the machine readable instructions 800 of FIG. 8 begin execution at block 805 at which the receiver 505 of the data collector 230 receives sensor data reported by the first cluster 210A of sensors 215A-C via the first access point 205A. The sensor data reported by each of the sensors 215A-C includes unprotected (e.g., plaintext) payload data, which is tagged with reported context information that is randomized (e.g., such as randomized timing information, randomized location information, etc.). As described above, the reported context information is randomized based on control information broadcast by the first access point 205A.

[0063] At block 810, the data collector 230 determines whether sensor data is to be received from another access point, such as the access point 205B. If sensor data is to be received from the access point 205B (block 810), at block 815 the receiver 505 of the data collector 230 receives sensor data reported by the second cluster 210B of sensors 215D-F via the second access point 205B. Like in block 805, at block 810 the sensor data reported by each of the sensors 215D-F includes unprotected (e.g., plaintext) payload data, which is tagged with reported context information that is randomized (e.g., such as randomized timing information, randomized location information, etc.). As described above, the reported context information is randomized based on control information broadcast by the access point 205B.

[0064] Processing then returns to block 810 until there are no additional access points from which sensor data is to be received. Then, at block 820 the data processor 510 of the data collector 230 adjusts the reported, randomized context information, as described above, to enable the reported sensor payload data to be associated with nonrandom context information (e.g., such as nonrandom timing information, nonrandom location information, etc.). For example, as described above, the data processor 510 can use access point identification information included or accompanying the sensor data forwarded by the access points 205 A-B to identify that the access point 205A forwarded the sensor data received at block 810. The data processor 510 can further use this access point identification information to identify the sequence/set of randomization factors (e.g., timing offsets, location offsets, etc.) used to randomize context information, as described above, in the cluster 210A of sensors 215 A-C served by the access point 205 A. As further described above, the data processor 510 uses the sequence/set of randomization factors associated with the identified access point 205A to recover (e.g., via subtraction) the nonrandom context information from the randomized context information included in the sensor data received at block 805. At block 820, the data processor 510 can perform similar processing to identify and use the sequence/set of randomization factors associated with the access point 205B to recover the nonrandom context information from the randomized context information included in the sensor data received at block 815. [0065] Example machine readable instructions 900 that may be executed to implement the example access point controller 225 of FIGS. 2 and 4, which is included in the example central processor 110 of FIG. 2, are represented by the flowchart shown in FIG. 9. With reference to the preceding figures, the machine readable instructions 900 of FIG. 9 begin execution at block 905 at which the example context randomization processor 405 of the access point controller 225 determines sequences/sets of context randomization factors (e.g., such as timing offsets, location offsets, etc.) to be sent to the access points 205A-B, and stores the sequences/sets of context randomization factors at the data collector 230 included in the central processor 110. As described above, the context randomization factors are used to determine randomized context information for tagging payload data to be reported by the sensors 215 A-F. As also described above, different context randomization factors can be sent and used by different access points 205A-B to cause context information to be randomized differently in different sensor clusters 210A-B/

[0066] At block 910, the transmitter 410 of the access point controller 225 transmits a first sequence/set of context randomization factors to the first access point 205 A. As described above, the first access point 205A then broadcasts first reference context information (e.g., such as a timing beacon, location beacon, etc.) that is randomized based on the first sequence/set of context randomization factors. Additionally or alternatively, the first access point 205A can broadcast randomization factor(s) from the first sequence/set of context randomization factors, which can be used by the sensors 215A-C to locally generate randomized context information, as described above.

[0067] At block 915, the transmitter 410 determines whether another access point, such as the access point 205B, is to be configured. If the access point 205B is to be configured (block 915), then at block 920 the transmitter 410 of the access point controller 225 transmits a second sequence/set of context randomization factors to the second access point 205B. As described above, the second access point 205B then broadcasts second reference context information (e.g., such as a second timing beacon, a second location beacon, etc.) that is randomized based on the second sequence/set of context randomization factors. Additionally or alternatively, the second access point 205B can broadcast randomization factor(s) from the second sequence/set of context randomization factors, which can be used by the sensors 215D-F to locally generate randomized context information, as described above.

[0068] In some examples, instead of determining and transmitting sequences/sets of context randomization factors to the access points 205 A-B, the example machine readable instructions 900 determine and transmit seed information to the access points 205 A-B. The seed information, which may be different for different access points 205 A-B, is used to initialize pseudorandom number generators that are to generate the sequences/sets of context randomization factors at the access points 205 A-B.

[0069] Example machine readable instructions 1000 that may be executed to implement the example access points 115, 205 A-B and/or 300 of FIGS. 1-3, are represented by the flowchart shown in FIG. 10. For convenience and without loss of generality, operation of the machine readable instructions 1000 is described from the perspective of the access point 300 of FIG. 3 being used to implement the access point 205A in the system 200 of FIG. 2. With reference to the preceding figures, the machine readable instructions 1000 of FIG. 10 begin execution at block 1005 at which the beacon randomizer 315 of the access point 300 is to use the sequence/set of context randomization factors (e.g., context offsets) obtained by the offset receiver 310 to randomize the nonrandom, reference context information (e.g., nonrandom timing reference information, nonrandom positioning/location information, etc.) obtained from the context reference generator 305, as described above.

[0070] At block 1010, the access point transceiver 325 broadcasts the randomized context information as one or more randomized context beacons (e.g., such as a randomized timing beacon, a randomized location beacon, etc.) for receipt by the sensors 215 A-C in the sensor cluster 210A. The sensors 215A-C use the received, randomized context beacon(s) to tag their respective sensor data with the context information that is randomized. At block 1015, the beacon randomizer 315 determines whether the randomized context information being broadcast is to be varied over time. For example, the beacon randomizer 315 may be configured to use a next randomization factor (e.g., next context offset) from a pseudorandom sequence of randomization factors (e.g., context offsets) for each new context beacon value to be broadcast (e.g., such as when a next offset in a pseudorandom sequence of timing offsets is to be added to each next timing beacon value to be broadcast). In such examples, at block 1020, the beacon randomizer 315 uses a next randomization factor from the sequence/set of randomization factors to determine new reference context information that is randomized. Processing then returns to block 1010 to enable the randomized context information (which may or may not be varied over time) to continue to be broadcast as one or more randomized context beacons.

[0071] Example machine readable instructions 1100 that may be executed to implement the example sensors 105, 215A-F and/or 600 of FIGS. 1-2 and 6, are represented by the flowchart shown in FIG. 11. For convenience and without loss of generality, operation of the machine readable instructions 1100 is described from the perspective of the sensor 600 of FIG. 6 being used to implement the sensor 215A in the system 200 of FIG. 2. With reference to the preceding figures, the machine readable instructions 1100 of FIG. 11 begin execution at block 1105 at which the context information extractor 610 of the sensor 600 extracts (and decrypts, if appropriate) context randomization factor(s) from control information received from the access point 205A via the sensor's receiver 600. At block 605, the context randomizer 625 of the sensor 600 processes nonrandom context information (e.g., such as nonrandom location information), which is available at the sensor 600, using the context randomization factor(s) obtained at block 1105 to determine context information (e.g., location information) that is randomized, as described above. At block 1115, the data transmitter 615 of the sensor 600 tags pay load data to be reported with the randomized context information determined at block 1110. At block 1120, the sensor transceiver 605 reports the payload data, which is tagged with the randomized context information, to the access point 205 for forwarding to the central processor 110.

[0072] FIG. 12 is a block diagram of an example processing system 1200 capable of executing the instructions of FIGS. 7-11 to implement the example systems 100 and/or 200, the example sensors 105, 215A-F and 600, the example central processor 110, the example access points 115, 205 A-B and 300, the example context source 220, the example access point controller 225, the example data collector 230, the example context reference generator 305, the example offset receiver 310, the example beacon randomizer 315, the example offset encoder 320, the example access point transceiver 325, the example context randomization processor 405, the example transmitter 410, the example receiver 505, the example data processor 510, the example sensor transceiver 605, the example context information extractor 610, the example data transmitter 615 and/or the example context randomizer 625 of FIGS. 1-6. The processing system 1200 can be, for example, a server, a personal computer, a mobile phone (e.g., a smartphone, a cell phone, etc.), a sensing device, etc.

[0073] The system 1200 of the instant example includes a processor 1212. For example, the processor 1212 can be implemented by one or more microprocessors and/or controllers from any desired family or manufacturer.

[0074] The processor 1212 includes a local memory 1213 (e.g., a cache) and is in communication with a main memory including a volatile memory 1214 and a non-volatile memory 1216 via a bus 1218. The volatile memory 1214 may be implemented by Static Random Access Memory (SRAM), Synchronous Dynamic Random Access Memory

(SDRAM), Dynamic Random Access Memory (DRAM), RAMBUS Dynamic Random Access Memory (RDRAM) and/or any other type of random access memory device. The non- volatile memory 1216 may be implemented by flash memory and/or any other desired type of memory device. Access to the main memory 1214, 1216 is controlled by a memory controller.

[0075] The processing system 1200 also includes an interface circuit 1220. The interface circuit 1220 may be implemented by any type of interface standard, such as an Ethernet interface, a universal serial bus (USB), and/or a PCI express interface.

[0076] One or more input devices 1222 are connected to the interface circuit 1220. The input device(s) 1222 permit a user to enter data and commands into the processor 1212. The input device(s) can be implemented by, for example, a keyboard, a mouse, a touchscreen, a track-pad, a trackball, a trackbar (such as an isopoint), a voice recognition system and/or any other human-machine interface.

[0077] One or more output devices 1224 are also connected to the interface circuit 1220. The output devices 1224 can be implemented, for example, by display devices (e.g., a liquid crystal display, a cathode ray tube display (CRT)), a printer and/or speakers. The interface circuit 1220, thus, typically includes a graphics driver card.

[0078] The interface circuit 1220 also includes a communication device, such as a modem or network interface card, to facilitate exchange of data with external computers via a network 1226 (e.g., an Ethernet connection, a digital subscriber line (DSL), a telephone line, coaxial cable, a cellular telephone system, etc.).

[0079] The processing system 1200 also includes one or more mass storage devices 1228 for storing machine readable instructions and data. Examples of such mass storage devices 1228 include floppy disk drives, hard drive disks, compact disk drives and digital versatile disk (DVD) drives.

[0080] Coded instructions 1232 corresponding to the instructions of FIGS. 7-11 may be stored in the mass storage device 1228, in the volatile memory 1214, in the nonvolatile memory 1216, in the local memory 1213 and/or on a removable storage medium, such as a CD or DVD 1236.

[0081] As an alternative to implementing the methods and/or apparatus described herein in a system such as the processing system of FIG. 12, the methods and or apparatus described herein may be embedded in a structure such as a processor and/or an ASIC (application specific integrated circuit).

[0082] From the foregoing, example systems, methods, apparatus and articles of manufacture to protect context-sensitive data have been disclosed. Example systems, such as the example systems 100 and 200 described above, to protect context-sensitive data as disclosed herein include example access points to broadcast, to example devices in an example network, control information including one or both of (1) randomized context information and (2) sets of randomization factors for randomizing context information. Such example systems also include an example data collector to receive data reported by the devices. The received data is tagged with randomized context information that is based on the control information broadcast by the access points. For example, the received data includes first payload data tagged with first context information randomized based on first control information received from a first access point. The received data also includes second payload data tagged with second context information randomized based on a second control information received from a first access point. In such example systems, the example data collector is also to adjust one or both of the first context information and the second context information to associate the first payload data and the second payload data with nonrandom context information. [0083] Example apparatus, such as the example data collector 230 described above, to process protected context-sensitive data as disclosed herein include an example receiver to receive data reported by example devices in an example network. The received data includes first payload data reported by a first device. The first payload data is tagged with first reported context information randomized based on first control information received by the first device from a first example access point. The received data also includes second payload data reported by a second device. The second payload data is tagged with second reported context information randomized based on second control information received by the second device from a second example access point. Such example apparatus also include an example processor to adjust one or both of the first context information or the second context information to associate the first payload data and the second payload data with nonrandom context information.

[0084] Example apparatus, such as one or more of the example access points 115, 205-A-B and 300 described above, to broadcast control information for protecting context- sensitive data as disclosed herein include an example processor to process nonrandom context information based on a first randomization factor to determine first context information that is randomized. Such example apparatus also include an example transmitter to broadcast the first randomized context information in an example network. In such examples, the first randomized context information is to be received by a first cluster of example devices for tagging context-sensitive data to be reported by the first cluster of devices. In some examples, the first randomized context information is different from second context information that is randomized based on a second randomization factor, and that is to be broadcast in the network for reception by a second cluster of example devices for tagging context-sensitive data to be reported by the second cluster of devices.

[0085] Example apparatus, such as the example access point controller 225 described above, to randomize context information for protecting context-sensitive data as disclosed herein include an example processor to determine sets of randomization factors for randomizing context information reported by example devices in an example network. Such example apparatus also include an example transmitter to send the randomization factors to example access points that are to broadcast one or both of (1) the sets of randomization factors and (2) reference context information randomized based on the sets of randomization factors. For example, a first access point may broadcast one or both of (1) a first set of randomization factors and (2) first reference context information, which is randomized based on the first set of randomization factors, for reception by a first cluster of devices for tagging context-sensitive data to be reported by the first cluster of devices. In some examples, a second access point may broadcast one or both of (1) a second set of randomization factors and (2) second reference context information, which is randomized based on the second set of randomization factors, for reception by a second cluster of devices for tagging context- sensitive data to be reported by the second cluster of devices. In some examples, the second set of randomization factors is different from the first set of randomization factors.

[0086] Example methods to implement one or more of the foregoing systems and apparatus, and example articles of manufacture (e.g., storage media) storing machine readable instructions which, when executed, cause example machine(s) to perform such example methods, are also disclosed herein.

[0087] Finally, although certain example systems, methods, apparatus and articles of manufacture have been described herein, the scope of coverage of this patent is not limited thereto. On the contrary, this patent covers all systems, methods, apparatus and articles of manufacture fairly falling within the scope of the appended claims either literally or under the doctrine of equivalents.

Claims

What Is Claimed Is:

1. An apparatus to process protected context-sensitive data, the apparatus comprising:

a receiver to receive data reported by devices in a network, the received data including first payload data reported by a first device, the first payload data being tagged with first reported context information randomized based on first control information broadcast by a first access point and received by the first device; and

a processor to adjust the first context information to associate the first payload data with nonrandom context information.

2. An apparatus as defined in claim 1 wherein the first reported context information comprises first timing information, the first control information comprises a first randomized timing beacon broadcast by the first access point, the nonrandom context information comprises a nonrandom timing reference, and the processor is to adjust the first timing information using a first randomization factor to associate the first payload data with the nonrandom timing reference, the first randomization factor being associated with the first randomized timing beacon.

3. An apparatus as defined in claim 2 wherein the first randomized timing beacon comprises the nonrandom timing reference adjusted by a first timing offset, and the processor is to set the first randomization factor to correspond to the first timing offset.

4. An apparatus as defined in claim 2 wherein the first randomized timing beacon comprises the nonrandom timing reference adjusted by a first timing offset that varies among a first sequence of timing offsets, and the processor is to vary the first randomization factor over time to be a next timing offset selected from the first sequence of timing offsets.

5. An apparatus as defined in claim 4 wherein the received data includes second payload data reported by a second device, the second payload data being tagged with second timing information randomized based on a second randomized timing beacon broadcast by a second access point and received by the second device, the second randomized timing beacon being different from the first randomized timing beacon, the second randomized timing beacon comprising the nonrandom timing reference adjusted by a second timing offset that varies among a second sequence of timing offsets, and the processor is to:

adjust the second timing information using a second randomization factor to associate the second payload data with the nonrandom timing reference, and:

vary the second randomization factor over time to be a next timing offset selected sequentially from the second sequence of timing offsets, the second sequence of timing offsets being different from the first sequence of timing offsets.

6. An apparatus as defined in claim 1 wherein the first reported context information comprises first randomized location information, the first control information comprises a first set of location randomization factors broadcast by the first access point, the nonrandom context information comprises nonrandom location information, and the processor is to adjust the first randomized location information using the first set of location randomization factors to associate the first payload data with the nonrandom location information.

7. An apparatus as defined in claim 6 wherein the first randomized location information comprises the nonrandom location information adjusted by a factor from the first set of location randomization factors, the received data includes a first index reported by the first device, the first index identifying the factor from the first set of location randomization factors used to adjust the nonrandom location information, and the processor is to:

select the first factor from the first sequence of timing offsets using the first index; and

adjust the first randomized location information using the first factor to associate the first payload data with the nonrandom location information.

8. A method to protect time- sensitive data, the method comprising:

receiving first payload data reported by a first device in a network, the first payload data being tagged with first reported context information randomized based on first control information received by the first device from a first access point;

receiving second payload data from a second device in the network, the second payload data being tagged with second reported context information randomized based on second control information received by the second device from a second access point, the second control information being different from the first control information; and

adjusting at least one of the first context information or the second context information to associate the first payload data and the second payload data with nonrandom context information.

9. A method as defined in claim 8 wherein the first reported context information corresponds to first reference context information broadcast by the first access point in the first control information, the first reference context information being randomized based on a first sequence of randomization factors associated with the first access point, and the second reported context information corresponds to second reference context information broadcast by the second access point in the second control information, the first reference context information being randomized based on a second sequence of randomization factors associated with the second access point, the second sequence of randomization factors being different from the first sequence of randomization factors.

10. A method as defined in claim 8 wherein the first reported context information comprises first timing information, the first control information comprises a first randomized timing beacon broadcast by the first access point, the first randomized timing beacon comprises a nonrandom timing reference adjusted by a first timing offset that varies among a first sequence of timing offsets, the nonrandom context information comprises the nonrandom timing reference, and adjusting one or both of the first context information or the second context information comprises:

adjusting the first timing information using a first randomization factor to associate the first payload data with the nonrandom timing reference, and:

varying the first randomization factor over time to be a next timing offset selected sequentially from the first sequence of timing offsets.

11. A method as defined in claim 8 wherein the first control information comprises a first set of location randomization factors broadcast by the first access point, the first reported context information comprises first randomized location information, the first randomized location information comprises nonrandom context information adjusted based on the first set of location randomization factors, the nonrandom context information comprises the nonrandom location information, and adjusting one or both of the first context information or the second context information comprises:

selecting a first randomization factor from the first set of location randomization factors based on a first index reported by the first device; and

adjusting the first randomized location information using the first randomization factor to associate the first payload data with the nonrandom location information.

12. A tangible storage medium comprising machine readable instructions which, when executed, cause a machine to at least:

receive first payload data reported by a first device in a network, the first payload data being tagged with first reported context information randomized based on first control information received by the first device from a first access point;

receive second payload data from a second device in the network, the second payload data being tagged with second reported context information randomized based on second control information received by the second device from a second access point, the second control information being different from the first control information; and

adjust at least one of the first context information or the second context information to associate the first payload data and the second payload data with nonrandom context information.

13. A storage medium as defined in claim 12 wherein the first reported context information corresponds to first reference context information broadcast by the first access point in the first control information, the first reference context information being randomized based on a first sequence of randomization factors associated with the first access point, and the second reported context information corresponds to second reference context information broadcast by the second access point in the second control information, the first reference context information being randomized based on a second sequence of

randomization factors associated with the second access point, the second sequence of randomization factors being different from the first sequence of randomization factors.

14. A storage medium as defined in claim 12 wherein the first reported context information comprises first timing information, the first control information comprises a first randomized timing beacon broadcast by the first access point, the first randomized timing beacon comprises a nonrandom timing reference adjusted by a first timing offset that varies among a first sequence of timing offsets, the nonrandom context information comprises the nonrandom timing reference, and the machine readable instructions, when executed, further cause the machine to:

adjust the first timing information using a first randomization factor to associate the first payload data with the nonrandom timing reference, and:

vary the first randomization factor over time to be a next timing offset selected sequentially from the first sequence of timing offsets.

15. A storage medium as defined in claim 12 wherein the first control information comprises a first set of location randomization factors broadcast by the first access point, the first reported context information comprises first randomized location information, the first randomized location information comprises nonrandom context information adjusted based on the first set of location randomization factors, the nonrandom context information comprises the nonrandom location information, and the machine readable instructions, when executed, further cause the machine to:

select a first randomization factor from the first set of location randomization factors based on a first index reported by the first device; and

adjust the first randomized location information using the first randomization factor to associate the first payload data with the nonrandom location information.