Security for device management and firmware updates in an operator network
First Claim
1. An electronic device with a programmed card reader operable to provide security in over-the-air bootstrap provisioning, the electronic device comprising:
- a programmed card;
a root certificate stored in the programmed card that is accessed by the electronic device when the programmed card is inserted into programmed card reader;
the electronic device ensuring security during an over-the-air device management session with a remote server employing the root certificate;
the electronic device employing the root certificate to authenticate at least one of a message received from the remote server and a certificate received from the remote server.
2 Assignments
0 Petitions
Accused Products
Abstract
A SIM/Smartcards based approach to security within an operator'"'"'s network (OMA device management system), by providing certificates to mobile devices as a way of authenticating the servers. A root certificate is stored in the SIM/Smartcard of each mobile device and accessed by the electronic device when the SIM/Smartcard is inserted into programmed card reader. Typically, in a OMA device management system, there are device management (DM) servers, mobile variance platform (MVP) server and generator; each are provisioned with a unique certificate that refers to a root certificate issued or associated with the operator, device management certificate (DMCert), mobile variance platform certificate (MVPCert) and provider certificate (ProviderCert), respectively. The mobile device authenticates each server session for Bootstrap provisioning and update package sessions originated by the servers, by verifying the root certificate with the certificates of the servers that accompany Bootstrap provisioning and update package messages.
-
Citations
23 Claims
-
1. An electronic device with a programmed card reader operable to provide security in over-the-air bootstrap provisioning, the electronic device comprising:
-
a programmed card;
a root certificate stored in the programmed card that is accessed by the electronic device when the programmed card is inserted into programmed card reader;
the electronic device ensuring security during an over-the-air device management session with a remote server employing the root certificate;
the electronic device employing the root certificate to authenticate at least one of a message received from the remote server and a certificate received from the remote server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An OMA device management (OMA DM) system that facilitates secured over-the-air bootstrap provisioning and over-the-air device management, comprising:
-
a mobile handset provisioned with a root certificate;
a device management server, communicatively coupled to the mobile handset and having a device management server certificate;
the device management server being capable of providing security during over-the-air device management sessions;
a mobile variance platform management server, communicatively coupled to the device management server and having a mobile variance platform certificate; and
a generator, communicatively coupled to the mobile variance platform management server, having a provider certificate and being adapted to generate update packages for the mobile handset. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method of conducting secure device management, the method comprising:
-
retrieving a root certificate from a smartcard in a device;
employing the root certificate to verify a server certificate presented by a server;
processing data provided by the server; and
sending results back to the server. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification