Methods and apparatus for use in enabling a mobile communication device with a digital certificate

US 10,015,158 B2
Filed: 02/29/2008
Issued: 07/03/2018
Est. Priority Date: 02/29/2008
Status: Active Grant

First Claim

Patent Images

1. A method performed by a mobile communication device, the method comprising:

the mobile communication device receiving configuration information from a host server over a secure connection; and

responsive to the mobile communication device receiving the configuration information;

the mobile communication device generating a public-private key pair of a type indicated in the configuration information;

the mobile communication device constructing a certificate request that contains the generated public key and signing the certificate request with the generated private key; and

the mobile communication device sending the certificate request to a certificate authority indicated in the configuration information.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one illustrative scenario, a mobile communication device causes a communication session to be established with a host server of a communication network. The mobile device performs communication operations in the communication session for activating a communication service, such as a data synchronization service, with the host server. In the communication session, the mobile device also receives configuration information which includes information for use in constructing a request message for obtaining a digital certificate from a certificate authority (CA). After receipt of the configuration information, the mobile device constructs the request message for the digital certificate and causes it to be sent to the host server. In response, the host server requests and obtains the digital certificate from the CA on behalf of the mobile device, and thereafter “pushes” the received digital certificate to the mobile device. The mobile device receives the digital certificate and stores it for use in subsequent communications. The host server may be part of a local area network (LAN) which includes a wireless LAN (WLAN) adapted to authenticate the mobile device based on the digital certificate, so that the mobile device may obtain access to the WLAN.

47 Citations

View as Search Results

40 Claims

1. A method performed by a mobile communication device, the method comprising:
- the mobile communication device receiving configuration information from a host server over a secure connection; and
  
  responsive to the mobile communication device receiving the configuration information;
  
  the mobile communication device generating a public-private key pair of a type indicated in the configuration information;
  
  the mobile communication device constructing a certificate request that contains the generated public key and signing the certificate request with the generated private key; and
  
  the mobile communication device sending the certificate request to a certificate authority indicated in the configuration information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method as recited in claim 1, further comprising:
    - responsive to the mobile communication device sending the certificate request, the mobile communication device receiving a digital certificate signed by the certificate authority indicated in the configuration information, the digital certificate containing the generated public key.
  - 3. The method as recited in claim 2, further comprising:
    - responsive to the mobile communication device receiving the digital certificate, the mobile communication device storing the digital certificate in a certificate keystore at the mobile communication device.
  - 4. The method as recited in claim 2, further comprising:
    - responsive to the mobile communication device receiving the digital certificate, the mobile communication device presenting the digital certificate to an authentication server in a certificate-based authentication process to obtain communication access in a network.
  - 5. The method as recited in claim 4, wherein the certificate-based authentication process is an extensible authentication protocol (EAP) process.
  - 6. The method as recited in claim 4, wherein the network is a wireless local area network (WLAN).
  - 7. The method as recited in claim 6, further comprising:
    - the mobile communication device receiving from the host server over the secure connection a WLAN profile comprising an identification of the WLAN.
  - 8. The method as recited in claim 1, wherein the secure connection is established over a radio link between the mobile communication device and a cellular telecommunications network.
  - 9. The method as recited in claim 1, wherein the secure connection is established over a wired connection between the mobile communication device and a computer connected in a local area network to the host server.
  - 10. The method as recited in claim 1, further comprising:
    - the mobile communication device causing a communication session to be established with the host server; and
      
      the mobile communication device performing communication operations in the communication session with the host server for activating a communication service provided by the host server to the mobile communication device.
  - 11. The method as recited in claim 10, wherein the communication service comprises a data synchronization service.
  - 12. The method as recited in claim 1, wherein the mobile communication device sending the certificate request to the certificate authority comprises:
    - the mobile communication device sending the certificate request to the host server over the secure connection for the host server to send to the certificate authority on behalf of the mobile communication device.
  - 13. The method as recited in claim 12, further comprising:
    - the mobile communication device receiving from the host server a digital certificate signed by the certificate authority indicated in the configuration information, the digital certificate containing the generated public key.

14. A method performed by a host server, the method comprising:
- the host server sending configuration information to a mobile communication device over a secure connection, the configuration information indicating a key type and a certificate authority;
  
  the host server receiving from the mobile communication device over the secure connection a certificate request that contains a public key and that is signed by a private key, the public key and the private key forming a public-private key pair generated by the mobile communication device, the key pair of the key type indicated in the configuration information; and
  
  the host server sending, on behalf of the mobile communication device, the certificate request to the certificate authority indicated in the configuration information.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The method as recited in claim 14, further comprising:
    - the host server obtaining, on behalf of the mobile communication device, a digital certificate signed by the certificate authority, the digital certificate containing the generated public key.
  - 16. The method as recited in claim 15, wherein the digital certificate is intended for presentation by the mobile communication device to an authentication server in a certificate-based authentication process to obtain communication access in a network.
  - 17. The method as recited in claim 16, wherein the certificate-based authentication process is an extensible authentication protocol (EAP) process.
  - 18. The method as recited in claim 16, wherein the network is a wireless local area network (WLAN).
  - 19. The method as recited in claim 18, further comprising:
    - the host server sending to the mobile communication device over the secure connection a WLAN profile comprising an identification of the WLAN.
  - 20. The method as recited in claim 14, wherein the secure connection is established over a radio link between the mobile communication device and a cellular telecommunications network.
  - 21. The method as recited in claim 14, wherein the secure connection is established over a wired connection between the mobile communication device and a computer connected in a local area network to the host server.
  - 22. The method as recited in claim 14, wherein the host server provides the mobile communication device with a communication service.
  - 23. The method as recited in claim 22, wherein the communication service comprises a data synchronization service.

24. A mobile communication device comprising:
- a wireless transceiver;
  
  one or more processors coupled to the wireless transceiver, the one or more processors being operative to receive configuration information from a host server over a secure connection and responsive to receiving the configuration information, to;
  
  generate a public-private key pair of a type indicated in the configuration information;
  
  construct a certificate request that contains the generated public key and sign the certificate request with the generated private key; and
  
  send the certificate request to a certificate authority indicated in the configuration information.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 25. The mobile communication device as recited in claim 24, the one or more processors being further operative, responsive to sending the certificate request, to receive a digital certificate signed by the certificate authority indicated in the configuration information, the digital certificate containing the generated public key.
  - 26. The mobile communication device as recited in claim 25, the one or more processors being further operative, responsive to receiving the digital certificate, to store the digital certificate in a certificate keystore at the mobile communication device.
  - 27. The mobile communication device as recited in claim 25, the one or more processors being further operative, responsive to receiving the digital certificate, to present the digital certificate to an authentication server in a certificate-based authentication process to obtain communication access in a network.
  - 28. The mobile communication device as recited in claim 27, wherein the certificate-based authentication process is an extensible authentication protocol (EAP) process.
  - 29. The mobile communication device as recited in claim 27, wherein the network is a wireless local area network (WLAN).
  - 30. The mobile communication device as recited in claim 24, further comprising a cellular communication subsystem coupled to the one or more processors, wherein the secure connection is established over a radio link between the mobile communication device and a cellular telecommunications network.
  - 31. The mobile communication device as recited in claim 24, further comprising a serial port coupled to the one or more processors, wherein the secure connection is established over a wired connection between the mobile communication device and a computer connected in a local area network to the host server.
  - 32. The mobile communication device as recited in claim 24, the one or more processors being further operative tocause a communication session to be established with the host server;
    - andperform communication operations in the communication session with the host server for activating a communication service provided by the host server to the mobile communication device.
  - 33. The mobile communication device as recited in claim 32, wherein the communication service comprises a data synchronization service.

34. A host server operative to:
- send configuration information to a mobile communication device over a secure connection, the configuration information indicating a key type and a certificate authority;
  
  receive from the mobile communication device over the secure connection a certificate request that contains a public key and that is signed by a private key, the public key and the private key forming a public-private key pair generated by the mobile communication device, the key pair of the key type indicated in the configuration information; and
  
  send, on behalf of the mobile communication device, the certificate request to the certificate authority indicated in the configuration information.
- View Dependent Claims (35, 36, 37, 38, 39, 40)
- - 35. The host server as recited in claim 34, further operative to:
    - obtain, on behalf of the mobile communication device, a digital certificate signed by the certificate authority, the digital certificate containing the generated public key.
  - 36. The host server as recited in claim 35, wherein the digital certificate is intended for presentation by the mobile communication device to an authentication server in a certificate-based authentication process to obtain communication access in a network.
  - 37. The host server as recited in claim 36, wherein the certificate-based authentication process is an extensible authentication protocol (EAP) process.
  - 38. The host server as recited in claim 36, wherein the network is a wireless local area network (WLAN).
  - 39. The host server as recited in claim 34, wherein the host server is operative to provide the mobile communication device with a communication service.
  - 40. The host server as recited in claim 39, wherein the communication service comprises a data synchronization service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Bender, Christopher Lyle, Shih, Sam Cheng-Fu, Adams, Neil Patrick
Primary Examiner(s)
Tabor, Amare F

Application Number

US12/039,960
Publication Number

US 20090222902A1
Time in Patent Office

3,777 Days
Field of Search

726 10, 713155-158, 713175, 713176, 380255, 380270
US Class Current
CPC Class Codes

G06F 21/33 using certificates

H04L 63/0823 using certificates cryptogr...

Methods and apparatus for use in enabling a mobile communication device with a digital certificate

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for use in enabling a mobile communication device with a digital certificate

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links