Although location-based applications have existed for several years,
verifying the correctness of a user's claimed location is a challenge
that has only recently gained attention in the research community.
Existing architectures for the generation and verification of such
location proofs have limited flexibility.  For example, they do not
support the proactive gathering of location proofs, where, at the time
of acquiring a location proof, a user does not yet know for which
application or service she will use this proof.  Supporting proactive
location proofs is challenging because these proofs might enable proof
issuers to track a user or they might violate a user's location
privacy by revealing more information about a user's location than
strictly necessary to an application.  We present six essential design
goals that a flexible location proof architecture should meet.
Furthermore, we introduce a location proof architecture that realizes
our design goals and that includes user anonymity and location privacy
as key design components, as opposed to previous proposals.  Finally,
we demonstrate how some of the design goals can be achieved by
adopting proper cryptographic techniques.