Secure loading security information for encrypting communications between a device and an end point server

US 10,389,748 B2
Filed: 09/16/2016
Issued: 08/20/2019
Est. Priority Date: 08/05/2016
Status: Active Grant

First Claim

Patent Images

1. A method of distributing security information used to encrypt and decrypt end-to-end communication with an end point server, the method comprising:

providing a mobile network comprising an access point connected to a network having the end point server, a security server and a home location register, the security server storing the security information used to encrypt and decrypt the end-to-end communications with the end point server;

providing a mobile device comprising a processor, a user memory containing a software application programmed to use the security information to encrypt and decrypt the end-to-end communications with the end point server, a security identity module (SIM) and a cellular modem, adapted to communicate with the mobile network;

operating the access point of the mobile network to initially place the mobile device in a quarantine state in which the mobile device cannot access the end point server;

sending an authentication message from the mobile device to the home location register corresponding to the security identity module,using the home location register to trigger, by the authentication message, a registration by the home location register of the mobile device on the mobile network and a downloading of the security information from the security server to the mobile device, wherein the downloading of the security information takes place over the air using a short message service (SMS) and/or unstructured supplementary service data (USSD) messages; and

after a successful download of the security information to the mobile device, using the access point to activate an operation state for the mobile device, to thereby exit the quarantine state, so that the mobile device can access the end point server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of distributing security information to a device quarantines the device and then, in the quarantine state, downloads security information using a method protected by the inherent security in the mobile network such as USSD or SMS.

31 Citations

12 Claims

1. A method of distributing security information used to encrypt and decrypt end-to-end communication with an end point server, the method comprising:
- providing a mobile network comprising an access point connected to a network having the end point server, a security server and a home location register, the security server storing the security information used to encrypt and decrypt the end-to-end communications with the end point server;
  
  providing a mobile device comprising a processor, a user memory containing a software application programmed to use the security information to encrypt and decrypt the end-to-end communications with the end point server, a security identity module (SIM) and a cellular modem, adapted to communicate with the mobile network;
  
  operating the access point of the mobile network to initially place the mobile device in a quarantine state in which the mobile device cannot access the end point server;
  
  sending an authentication message from the mobile device to the home location register corresponding to the security identity module,using the home location register to trigger, by the authentication message, a registration by the home location register of the mobile device on the mobile network and a downloading of the security information from the security server to the mobile device, wherein the downloading of the security information takes place over the air using a short message service (SMS) and/or unstructured supplementary service data (USSD) messages; and
  
  after a successful download of the security information to the mobile device, using the access point to activate an operation state for the mobile device, to thereby exit the quarantine state, so that the mobile device can access the end point server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method according to claim 1, wherein the quarantine state is implemented by the access point responding to a request for a data connection from the mobile device by placing the mobile device into a local subnetwork which contains only predetermined servers and does not contain the end point server.
  - 3. A method according to claim 2, wherein a trust server is provided on the local subnetwork of the quarantine state, the method further comprising downloading data to the mobile device from the trust server through the local subnetwork in the quarantine state.
  - 4. A method according to claim 1, wherein the operation state is implemented by the access point placing the mobile device into a local subnetwork which contains the end point server.
  - 5. A method according to claim 1, wherein the mobile device has an international mobile station equipment identity (IMEI) wherein the method further comprises the step of locking the SIM to the mobile device determined by the IMEI so that the SIM will only operate in the device having the IMEI before the step of sending an authentication message.
  - 6. A method according to claim 1, wherein the step of sending an authentication message from the mobile device to the home location register is carried out on first power up of the device.
  - 7. A method according to claim 1, further comprising repeating steps of:
    - using the access point of the mobile network to place the mobile device in the quarantine state;
      
      sending an authentication message from the mobile device to the home location register;
      
      using the home location register to trigger, by the authentication message, the registration of the mobile device on the mobile network, and the downloading of the security information from the security server to the device; and
      
      after a successful download of the security information to the mobile device, using the access point to activate an operation state for the mobile device.
  - 8. A method according to claim 1, wherein the SIM is hard coded with an access point name so that the SIM can only request a packet data connection to that access point name.
  - 9. A method according to claim 1 wherein the security information comprises a security certificate, a key, or both.
  - 10. A method according to claim 1, wherein the downloading of security information takes place using SMS messages.
  - 11. A method according to claim 1 wherein the downloading of security information takes place using USSD messages.

12. A mobile network system, comprising:
- a mobile network comprising an access point connected to a network having an end point server, a security server and a home location register, the security server storing security information used to encrypt and decrypt end-to-end communications with the end point server; and
  
  a mobile device comprising a processor, a user memory containing a software application programmed to use the security information to encrypt and decrypt the end-to-end communications with the end point server, a security identity module (SIM) and a cellular modem adapted to communicate with the mobile network,wherein the mobile network system is arranged;
  
  to operate the access point of the mobile network to initially place the mobile device in to a quarantine state so that the mobile device cannot access the end point server; and
  
  to receive an authentication message from the mobile device via the mobile network in the home location register indicated by a SIM in the mobile device,using the home location register to trigger, by the authentication message, a registration by the home location register of the mobile device on the mobile network and a download of the security information from the security server, to be used by a software application of the mobile device to encrypt and decrypt the end-to-end communications with the end point server, to the mobile device over the air using the short message service (SMS) and/or unstructured supplementary service data (USSD) messages; and
  
  after a successful download of the security information to the mobile device, to activate an operation state in the access point thereby exiting the quarantine state, so that the mobile device can access the end point server through the access point.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Eseye Limited
Original Assignee
Eseye Limited
Inventors
Marsden, Ian
Primary Examiner(s)
Simitoski, Michael

Application Number

US15/267,536
Publication Number

US 20180041541A1
Time in Patent Office

1,068 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2101/654   International mobile subscr...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/1441   Countermeasures against mal...

H04M 2203/6009   Personal information, e.g. ...

H04M 2203/6081   Service authorization mecha...

H04M 2207/18   wireless networks

H04M 3/42178   by downloading data to subs...

H04M 3/42382   Text-based messaging servic...

H04W 12/04   Key management, e.g. using ...

H04W 12/35   Protecting application or s...

H04W 4/14   Short messaging services, e...

H04W 8/04   Registration at HLR or HSS ...

H04W 8/265   for initial activation of n...

Y04S 40/20   Information technology spec...

Secure loading security information for encrypting communications between a device and an end point server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Secure loading security information for encrypting communications between a device and an end point server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links