Method and System for Mobile Device Credentialing
First Claim
1. A credentialing server configured to support downloading of subscriber credentials to un-credentialed communication devices, said credentialing server comprising:
- a registration subsystem configured to register communication devices to be credentialed with an external registration server by providing registration information for the communication devices to the registration server;
an authentication subsystem to interrogate registered communication devices for their device certificates and to submit the device certificates to an external authentication server for verification, said registered communication devices being referred to the credentialing server by the registration server; and
a credentialing subsystem to request subscription credentials from an operator credentialing entity for verified communication devices, refer the verified communication devices to an external provisioning server for subscription credentials provisioning, and transfer the subscription credentials to the provisioning server for subscription credentials provisioning of the verified communication devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems taught herein allow communication device manufacturers to preconfigure communication devices to use preliminary access credentials to gain temporary network access for downloading subscription credentials, and particularly allow the network operator issuing the subscription credentials to verify that individual devices requesting credentials are trusted. In one or more embodiments, a credentialing server is owned or controlled by the network operator, and is used by the network operator to verify that subscription credentials are issued only to trusted communication devices, even though such devices may be referred to the credentialing server by an external registration server and may be provisioned by an external provisioning server. Particularly, the credentialing server interrogates requesting devices for their device certificates and submits these device certificates to an external authorization server, e.g., an independent OCSP server, for verification. A common Public Key Infrastructure (PKI) may be used for operator and device certificates.
129 Citations
18 Claims
-
1. A credentialing server configured to support downloading of subscriber credentials to un-credentialed communication devices, said credentialing server comprising:
-
a registration subsystem configured to register communication devices to be credentialed with an external registration server by providing registration information for the communication devices to the registration server; an authentication subsystem to interrogate registered communication devices for their device certificates and to submit the device certificates to an external authentication server for verification, said registered communication devices being referred to the credentialing server by the registration server; and a credentialing subsystem to request subscription credentials from an operator credentialing entity for verified communication devices, refer the verified communication devices to an external provisioning server for subscription credentials provisioning, and transfer the subscription credentials to the provisioning server for subscription credentials provisioning of the verified communication devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of providing for subscriber credentials downloading to communication devices comprising:
-
registering communication devices to be credentialed at a registration server by providing registration information for the communication devices to the registration server; receiving credentials requests from registered communication devices referred by the registration server and, in response, interrogating the registered communication devices for their device certificates; submitting the device certificates to an external authentication authority for verification, wherein registered communication devices having verified device certificates are deemed to be verified communication devices; requesting subscription credentials from an operator credentialing entity for verified communication devices and correspondingly referring verified devices to an external provisioning server for subscription credentials provisioning; and subsequently transferring subscription credentials received from the operator credentialing entity for the verified devices to the external provisioning server. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification