CREDENTIAL GENERATION SYSTEM AND METHOD FOR COMMUNICATIONS DEVICES AND DEVICE MANAGEMENT SERVERS

US 20090249069A1
Filed: 03/26/2008
Published: 10/01/2009
Est. Priority Date: 03/26/2008
Status: Active Grant

First Claim

Patent Images

1. A method of mutually authenticating first and second entities, the method comprising:

generating first and second credentials;

generating third and fourth credentials;

providing the first credential from the first entity to the second entity;

providing the fourth credential from the second entity to the first entity;

authenticating the first entity when the first credential matches the third credential; and

authenticating the second entity when the fourth credential matches the second credential.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described for establishing credentials at a device and at a device management server for the purpose of exchanging secure credentials in order to mutually authenticate the device and the server. A credential generation algorithm is described which uses a plurality of seeds, including the hardware identity of the device, the server identity, and a shared private key, to generate two sets of credentials, one to be used by the device and the other to be used by the device management server. The credentials are exchanged between the device and the server during any session, thereby assuring mutual authentication.

Citations

20 Claims

1. A method of mutually authenticating first and second entities, the method comprising:
- generating first and second credentials;
  
  generating third and fourth credentials;
  
  providing the first credential from the first entity to the second entity;
  
  providing the fourth credential from the second entity to the first entity;
  
  authenticating the first entity when the first credential matches the third credential; and
  
  authenticating the second entity when the fourth credential matches the second credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein the credentials are generated using the same function.
  - 3. The method of claim 1, wherein the credentials are unique to the first entity.
  - 4. The method of claim 1, wherein the credentials are unique to the second entity.
  - 5. The method of claim 1, wherein the credentials are unique to a service provider.
  - 6. The method of claim 2, wherein the function uses a unique identifier of the first entity.
  - 7. The method of claim 6, wherein the first entity is a communications device and the unique identifier includes at least one of an electronic serial number (ESN), mobile equipment identifier (MEID), international mobile equipment identity (IMEI), and a media access control (MAC) address of the communications device.
  - 8. The method of claim 2, wherein the function includes a one-way hash function which uses at least two parameters, the first and third credentials being generated with the at least two parameters arranged in a first order, and the second and fourth credentials being generated with the at least two parameters arranged in a second order.
  - 9. The method of claim 1, wherein the first and second credentials are generated by the first entity.
  - 10. The method of claim 1, wherein the first and second credentials are provided to the first entity.
  - 11. The method of claim 1, wherein the third and fourth credentials are generated by the second entity.
  - 12. The method of claim 1, wherein the third and fourth credentials are provided to the second entity.
  - 13. The method of claim 1, wherein the second entity is a device management server.
  - 14. The method of claim 13, wherein the device management server operates in accordance with at least one standard including an Open Mobile Alliance Device management standard, a TR-69 standard, and a DOCSIS standard.
  - 15. The method of claim 8, wherein the one-way hash function which uses at least three parameters including a private key.
  - 16. The method of claim 15, wherein the private key is unique to a service provider.
  - 17. The method of claim 1, wherein the first entity is a communications device, the second entity is a device management server and the method comprises conducting a remote management session after the communications device and device management server are mutually authenticated.
  - 18. The method of claim 1, wherein at least one of the credentials includes a password.
  - 19. The method of claim 1, wherein at least one of the credentials includes a digest of a plurality of parameters.
  - 20. The method of claim 19, wherein the plurality of parameters includes a username, a password, and a nonce.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia of America Corporation (Nokia Corporation)
Original Assignee
Mformation Technologies Incorporated
Inventors
Daskalopoulos, Vasilios, Kushwaha, Rakesh, Nath, Badri

Granted Patent

US 8,001,379 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

H04L 2463/081 applying self-generating cr...

H04L 63/0869 for achieving mutual authen...

CREDENTIAL GENERATION SYSTEM AND METHOD FOR COMMUNICATIONS DEVICES AND DEVICE MANAGEMENT SERVERS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CREDENTIAL GENERATION SYSTEM AND METHOD FOR COMMUNICATIONS DEVICES AND DEVICE MANAGEMENT SERVERS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links