System and Method for Securely Issuing Subscription Credentials to Communication Devices
First Claim
1. A subscription credentialing system for providing subscription credentials to remote communication devices lacking subscription credentials for network access, said subscription credentialing system comprising a subscription server configured to:
- receive a credential request from an intermediate data device operating under the control of a requesting user and having a first communication link with the remote communication device and a second communication link with the subscription server;
prompt an external identity verification system to communicate with the intermediate data device to verify a device owner identity to be linked with the subscription credentials;
responsive to device owner identity verification, establish communication with the remote communication device through the intermediate data device and request a device certificate from the remote communication device;
prompt an external validation system to verify a validity of the device certificate;
responsive to validation of the device certificate, send a first transaction identifier and operator certificate to the remote communication device and correspondingly receive a signed return value from the remote communication device;
authenticate and decrypt the signed return value to recover a second transaction identifier and correspondingly generate a credentialing session key from the first and second transaction identifier; and
conduct an encrypted credentialing session with the remote communication device based on the session key, including the transfer of the subscription credentials.
1 Assignment
0 Petitions
Accused Products
Abstract
According to teachings presented herein, communication devices are conveniently provisioned with network subscription credentials after purchasing, without device manufacturer or network operators having to preload temporary subscription credentials or to otherwise make provisions for supporting direct over-the-air provisioning of the devices. Such devices may be, for example, cellular telephones or other mobile devices. Broadly, a user communicatively couples a communication device to be provisioned to an intermediate data device that has existing communication capabilities, e.g., a PC or already-provisioned mobile telephone. A subscription server or other entity then uses a communication link with the intermediate data device to provide subscription credentials to the communication device, subject to trusted-device and owner identity verifications.
87 Citations
15 Claims
-
1. A subscription credentialing system for providing subscription credentials to remote communication devices lacking subscription credentials for network access, said subscription credentialing system comprising a subscription server configured to:
-
receive a credential request from an intermediate data device operating under the control of a requesting user and having a first communication link with the remote communication device and a second communication link with the subscription server; prompt an external identity verification system to communicate with the intermediate data device to verify a device owner identity to be linked with the subscription credentials; responsive to device owner identity verification, establish communication with the remote communication device through the intermediate data device and request a device certificate from the remote communication device; prompt an external validation system to verify a validity of the device certificate; responsive to validation of the device certificate, send a first transaction identifier and operator certificate to the remote communication device and correspondingly receive a signed return value from the remote communication device; authenticate and decrypt the signed return value to recover a second transaction identifier and correspondingly generate a credentialing session key from the first and second transaction identifier; and conduct an encrypted credentialing session with the remote communication device based on the session key, including the transfer of the subscription credentials. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of providing subscription credentials to remote communication devices lacking subscription credentials for network access, said method comprising:
-
receiving a credential request from an intermediate data device operating under control of a requesting user and having a first communication link with the remote communication device; prompting an external identity verification system to communicate with the intermediate data device to verify a device owner identity to be linked with the subscription credentials; responsive to device owner identity verification, establishing communication with the remote communication device through the intermediate data device and requesting a device certificate from the remote communication device; prompting an external validation system to verify a validity of the device certificate; responsive to validation of the device certificate, sending a first transaction identifier and operator certificate to the remote communication device and correspondingly receiving a signed return value from the remote communication device; authenticating and decrypting the signed return value to recover a second transaction identifier and correspondingly generating a credentialing session key from the first and second transaction identifiers; and conducting an encrypted credentialing session with the remote communication device based on the session key, including transferring the subscription credentials. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
Specification