Secure on-line sign-up and provisioning for Wi-Fi hotspots using a device-management protocol
First Claim
1. A device including one or more processors, the one or more processors including circuitry, the circuitry having logic to:
- associate with a Wi-Fi Alliance Hotspot 2.0 (HS2.0)-enabled Wi-Fi network;
establish a transport-layer security (TLS) session with a sign-up server;
send a first OMA-DM package 3 message over a wireless link of the TLS session, the first OMA-DM package 3 message including a generic alert;
send a second OMA-DM package 3 message over the wireless link of the TLS session subsequent to successful certificate enrollment; and
receive a first OMA-DM package 4 message in response to the second OMA-DM package 3 message, the first OMA-DM package 4 message to comprise a command to add a subscription management object (MO) to an OMA-DM tree of the device, the OMA-DM tree having a hierarchical structure comprised of at least a root and nodes, and wherein the OMA-DM tree comprises a fully-qualified domain name (FQDN) for at least one service provider, and a subscription MO for the at least one service provider.
3 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of a mobile device and method for secure on-line sign-up and provisioning of credentials for Wi-Fi hotspots are generally described herein. In some embodiments, the mobile device may be configured to establish a transport-layer security (TLS) session with a sign-up server through a Wi-Fi Hotspot to receive a certificate of the sign-up server. When the certificate is validated, the mobile device may be configured to exchange device management messages with the sign-up server to sign-up for a Wi-Fi subscription and provisioning of credentials, and retrieve a subscription management object (MO) that includes a reference to the provisioned credentials for storage in a device management tree. The credentials are transferred/provisioned securely to the mobile device. In some embodiments, an OMA-DM protocol may be used. The provisioned credentials may include certificates in the case of certificate-based credentials, machine-generated credentials such as username/password credentials, or SIM-type credentials.
79 Citations
21 Claims
-
1. A device including one or more processors, the one or more processors including circuitry, the circuitry having logic to:
-
associate with a Wi-Fi Alliance Hotspot 2.0 (HS2.0)-enabled Wi-Fi network;
establish a transport-layer security (TLS) session with a sign-up server;send a first OMA-DM package 3 message over a wireless link of the TLS session, the first OMA-DM package 3 message including a generic alert; send a second OMA-DM package 3 message over the wireless link of the TLS session subsequent to successful certificate enrollment; and receive a first OMA-DM package 4 message in response to the second OMA-DM package 3 message, the first OMA-DM package 4 message to comprise a command to add a subscription management object (MO) to an OMA-DM tree of the device, the OMA-DM tree having a hierarchical structure comprised of at least a root and nodes, and wherein the OMA-DM tree comprises a fully-qualified domain name (FQDN) for at least one service provider, and a subscription MO for the at least one service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium that stores instructions for execution by one or more processors to perform operations comprising:
-
associating with a Wi-Fi Alliance Hotspot 2.0 (HS2.0)-enabled Wi-Fi network; establishing a transport-layer security (TLS) session with a sign-up server; sending a first OMA-DM package 3 message over a wireless link of the TLS session, the first OMA-DM package 3 message including a generic alert; sending a second OMA-DM package 3 message over the wireless link of the TLS session subsequent to successful certificate enrollment; receiving a first OMA-DM package 4 message in response to the second OMA-DM package 3 message, the first OMA-DM package 4 message to comprise a command to add a subscription management object (MO) to an OMA-DM tree of the device, the OMA-DM tree having a hierarchical structure comprised of at least a root and nodes, and wherein the OMA-DM tree comprises a fully-qualified domain name (FQDN) for at least one service provider, and a subscription MO for the at least one service provider; and adding the subscription MO to the OMA-DM tree in response to receipt of the first OMA-DM package 4 message and based on a location specified in the first OMA-DM package 4 message. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. An apparatus for a station (STA), the apparatus comprising:
-
transceiver circuitry; and hardware processing circuitry to configure the transceiver circuitry to; associate with a Wi-Fi Alliance Hotspot 2.0 (HS2.0)-enabled Wi-Fi network;
establish a transport-layer security (TLS) session with a sign-up server;send a first OMA-DM package 3 message over a wireless link of the TLS session, the first OMA-DM package 3 message including a generic alert; send a second OMA-DM package 3 message over the wireless link of the TLS session subsequent to successful certificate enrollment; and receive a first OMA-DM package 4 message in response to the second OMA-DM package 3 message, the first OMA-DM package 4 message to comprise a command to add a subscription management object (MO) to an OMA-DM tree of the device, the OMA-DM tree having a hierarchical structure comprised of at least a root and nodes, and wherein the OMA-DM tree comprises a fully-qualified domain name (FQDN) for at least one service provider, and a subscription MO for the at least one service provider. - View Dependent Claims (20, 21)
-
Specification