Activation of mobile devices in enterprise mobile management
First Claim
1. A method, comprising:
- generating, at a mobile device, a first device security certificate, the first device security certificate including a representation of an identifier of the mobile device and a representation of a device key in a signature of the first device security certificate;
transmitting, by the mobile device, the first device security certificate to an authentication server;
receiving, at the mobile device, a server security certificate from the authentication server in response to a successful authentication by the authentication server, the server security certificate including a representation of a server key in a signature of the server security certificate, the server key corresponding to the device key and to a representation of a shared secret stored on the mobile device and known by the authentication server;
validating, at the mobile device, the server security certificate based on the signature of the server security certificate that includes the representation of the server key;
establishing, by the mobile device, a secure connection with the authentication server based on the first device security certificate and the server security certificate; and
enrolling, at the mobile device, at least one second device security certificate for formal communication over the secure connection.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure is drawn to systems and methods for activating a mobile device in an enterprise mobile management context. The mobile device is configured to generate a first device security certificate which comprises a device key and an identifier of the mobile device. The device key corresponds to a shared secret known to the mobile device and to an authentication server. The mobile device sends the first device security certificate to the authentication server. The authentication server validates the mobile device by comparing the device key to a server key and by locating the identifier in a list of known identifiers. When the mobile device is validated, the authentication server sends a first server security certificate to the mobile device. The first device and server security certificates may then be used to establish a secure connection, over which a second set of device and server certificates may be enrolled.
-
Citations
18 Claims
-
1. A method, comprising:
-
generating, at a mobile device, a first device security certificate, the first device security certificate including a representation of an identifier of the mobile device and a representation of a device key in a signature of the first device security certificate; transmitting, by the mobile device, the first device security certificate to an authentication server; receiving, at the mobile device, a server security certificate from the authentication server in response to a successful authentication by the authentication server, the server security certificate including a representation of a server key in a signature of the server security certificate, the server key corresponding to the device key and to a representation of a shared secret stored on the mobile device and known by the authentication server; validating, at the mobile device, the server security certificate based on the signature of the server security certificate that includes the representation of the server key; establishing, by the mobile device, a secure connection with the authentication server based on the first device security certificate and the server security certificate; and enrolling, at the mobile device, at least one second device security certificate for formal communication over the secure connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A mobile device, comprising:
a processing unit; and a memory, communicatively coupled to the processing unit and comprising computer-readable program instructions executable by the processing unit for; generating, at a mobile device, a first device security certificate, the first device security certificate including a representation of an identifier of the mobile device and a representation of a device key in a signature of the first device security certificate; transmitting, by the mobile device, the first device security certificate to an authentication server; receiving, at the mobile device, a server security certificate from the authentication server in response to a successful authentication by the authentication server, the server security certificate including a representation of a server key in a signature of the server security certificate, the server key corresponding to the device key and to a representation of a shared secret stored on the mobile device and known by the authentication server; validating, at the mobile device, the server security certificate based on the signature of the server security certificate that includes the representation of the server key; establishing, by the mobile device, a secure connection with the authentication server based on the first device security certificate and the server security certificate; and enrolling, at the mobile device, at least one second device security certificate for formal communication over the secure connection. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
Specification