Abstract: In this paper we present a solution to one of the location-based query problems. This problem is a user wants to query a database of location data, known as Points Of Interest (POI), and does not want to reveal his/her location to the server due to privacy concerns. The owner of the location data, that is, the location server, does not want to simply distribute its data to all users. we propose a novel protocol for location based queries. our protocol is organized in two stages. In first stage user privately determines his/her location within public domain by using oblivious transfer this data contains both Id and associated symmetric key for the block of data in the private domain. In the second stage we are concentrating on the content protection where authorized user can only get the information he wants by using private information retrieval(PIR) method. Hence our protocol thus provides protection for both the user and the server. The user us protected because the server is unable to determine his/her location. Similarly, the servers data is protected since unauthorized user can only decrypt the block of data obtained by PIR with encryption key. The LBS has to ensure that LSís data is not accessed by any unauthorized user. During the process of transmission the users should not be allowed to discover any information for which they have not paid. It is thus crucial that solutions be devised that address the privacy of the users issuing queries, but also prevent users from accessing content to which they do not have authorization.

Keywords: private query, private information retrieval, oblivious transfer, DES algorithm.