Security for device management and firmware updates in an operator network

US 20060039564A1
Filed: 10/11/2005
Published: 02/23/2006
Est. Priority Date: 11/17/2000
Status: Abandoned Application

First Claim

Patent Images

1. An electronic device with a programmed card reader operable to provide security in over-the-air bootstrap provisioning, the electronic device comprising:

a programmed card;

a root certificate stored in the programmed card that is accessed by the electronic device when the programmed card is inserted into programmed card reader;

the electronic device ensuring security during an over-the-air device management session with a remote server employing the root certificate;

the electronic device employing the root certificate to authenticate at least one of a message received from the remote server and a certificate received from the remote server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A SIM/Smartcards based approach to security within an operator'"'"'s network (OMA device management system), by providing certificates to mobile devices as a way of authenticating the servers. A root certificate is stored in the SIM/Smartcard of each mobile device and accessed by the electronic device when the SIM/Smartcard is inserted into programmed card reader. Typically, in a OMA device management system, there are device management (DM) servers, mobile variance platform (MVP) server and generator; each are provisioned with a unique certificate that refers to a root certificate issued or associated with the operator, device management certificate (DMCert), mobile variance platform certificate (MVPCert) and provider certificate (ProviderCert), respectively. The mobile device authenticates each server session for Bootstrap provisioning and update package sessions originated by the servers, by verifying the root certificate with the certificates of the servers that accompany Bootstrap provisioning and update package messages.

Citations

23 Claims

1. An electronic device with a programmed card reader operable to provide security in over-the-air bootstrap provisioning, the electronic device comprising:
- a programmed card;
  
  a root certificate stored in the programmed card that is accessed by the electronic device when the programmed card is inserted into programmed card reader;
  
  the electronic device ensuring security during an over-the-air device management session with a remote server employing the root certificate;
  
  the electronic device employing the root certificate to authenticate at least one of a message received from the remote server and a certificate received from the remote server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The electronic device of claim 1, wherein the programmed card is one of a SIM Card or Smart Card.
  - 3. The electronic device of claim 1, wherein the security in the over-the-air bootstrap provisioning comprises of the electronic device receiving authenticated bootstrap provisioning messages from a provisioning server wherein the authentication employs a provisioning server certificate based on the root certificate.
  - 4. The electronic device of claim 3, wherein the bootstrap provisioning message is signed using a first certificate that is derived from and authenticated by the root certificate and wherein the first certificate accompanies the bootstrap provisioning message.
  - 5. The electronic device of claim 3, wherein the bootstrap provisioning message is a SyncML based device management message received from a device management server.
  - 6. The electronic device of claim 4, wherein the root certificate is employed to authenticate a device management session with a device management server.
  - 7. The electronic device of claim 6, wherein the device management message is signed using a second certificate that is derived from and authenticated by the root certificate and wherein the second certificate accompanies the bootstrap provisioning message.
  - 8. The electronic device of claim 7, wherein the root certificate is retrieved from the programmed card by a DM client in the electronic device to authenticate a device management server.
  - 9. The electronic device of claim 8, wherein the root certificate is retrieved from the programmed card by a download agent in the electronic device to authenticate a download server.

10. An OMA device management (OMA DM) system that facilitates secured over-the-air bootstrap provisioning and over-the-air device management, comprising:
- a mobile handset provisioned with a root certificate;
  
  a device management server, communicatively coupled to the mobile handset and having a device management server certificate;
  
  the device management server being capable of providing security during over-the-air device management sessions;
  
  a mobile variance platform management server, communicatively coupled to the device management server and having a mobile variance platform certificate; and
  
  a generator, communicatively coupled to the mobile variance platform management server, having a provider certificate and being adapted to generate update packages for the mobile handset.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The OMA device management system of claim 10, wherein the root certificate provisioned in the mobile handset is issued by an operator.
  - 12. The OMA device management system of claim 11 wherein each of the device management server certificate, mobile variance platform certificate and provider certificate refer to the operator'"'"'s root certificate provisioned in the mobile handset.
  - 13. The OMA device management system of claim 11 wherein the device management server certificate is sent to the mobile handset, along with the device management messages for authentication and verification.
  - 14. The OMA device management system of claim 11 wherein the update package generated by the generator is signed with a provider certificate that refers back to the operator'"'"'s root certificate.
  - 15. The OMA device management system of claim 11, wherein the secured over-the-air device management and over-the-air bootstrap provisioning comprises of the root certificate provisioned in the mobile handset authenticating the device management server that presents the bootstrap provisioning and device management messages to the mobile handset.

16. A method of conducting secure device management, the method comprising:
- retrieving a root certificate from a smartcard in a device;
  
  employing the root certificate to verify a server certificate presented by a server;
  
  processing data provided by the server; and
  
  sending results back to the server.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The method of claim 16, wherein the secure device management comprises of secured over-the-air bootstrap provisioning or over-the-air device management sessions.
  - 18. The method of claim 16, wherein the employing the root certificate to verify a server certificate comprises of using a root certificate provisioned in the mobile handset that is issued by an operator to authenticate the device management server that sends device management messages and the bootstrap provisioning messages.
  - 19. The method of claim 16, wherein the processing data provided by the server comprises:
    - setting parameters and configuration from the bootstrap provisioning messages; and
      
      executing device management messages.
  - 20. The method of claim 16 wherein the sending of results comprises signing the results with the root certificate.
  - 21. The method of claim 16 wherein the employing comprises verifying that the server certificate is authentic.
  - 22. The method of claim 21 wherein the server is a firmware update management server.
  - 23. The method of claim 21 wherein the server is a provisioning server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Rao, Bindu Rama

Application Number

US11/247,463
Publication Number

US 20060039564A1
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

G06F 21/572   Secure firmware programming...

H04L 2209/80   Wireless

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

H04W 8/205   Transfer to or from user eq...

Security for device management and firmware updates in an operator network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Security for device management and firmware updates in an operator network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links