Method of Authenticating Home Operator for Over-the-Air Provisioning of a Wireless Device

US 20090253409A1
Filed: 08/18/2008
Published: 10/08/2009
Est. Priority Date: 04/07/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method implemented by a registration server of providing authentication data to a wireless device for over-the-air provisioning of the wireless device, said method comprising:

receiving a registration request including a temporary device identifier for the wireless device from a home network;

associating home network data for the home network with the temporary device identifier and storing the home network data;

sending the home network first authentication data associated with the temporary device identifier for authenticating the home network to the wireless device during device activation;

receiving a connection request including the temporary device identifier from the wireless device; and

sending the wireless device the stored home network data associated with the temporary device identifier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus is provided for authentication between a home network and a wireless device during device activation using a registration server as a trusted agent. The wireless device owner subscribes to the services of the home network and the home network registers as the service provider with the registration server. When the home network registers with the registration server, the registration server provides authentication data to the home network to use for authentication with the wireless device. Because the wireless device has no prior knowledge of the home network, the wireless device connects to the registration server to obtain contact information for the home network. The registration server provides home network data to the wireless device. In some embodiments, the registration server may also provide second authentication data to the wireless device for authenticating the home network. When the wireless device subsequently connects to the home network to download permanent security credentials, the home network uses the information provided by the registration server to authenticate itself to the wireless device. The authentication procedure prevents a third party from fraudulently obtaining confidential information from the home network or the wireless device.

85 Citations

View as Search Results

44 Claims

1. A method implemented by a registration server of providing authentication data to a wireless device for over-the-air provisioning of the wireless device, said method comprising:
- receiving a registration request including a temporary device identifier for the wireless device from a home network;
  
  associating home network data for the home network with the temporary device identifier and storing the home network data;
  
  sending the home network first authentication data associated with the temporary device identifier for authenticating the home network to the wireless device during device activation;
  
  receiving a connection request including the temporary device identifier from the wireless device; and
  
  sending the wireless device the stored home network data associated with the temporary device identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising:
    - storing a key table associated with the temporary device identifier in memory, said key table comprising a plurality of key pairs including a key and a corresponding key index; and
      
      selecting a key pair from said key table for use in authenticating the home network to the wireless device.
  - 3. The method of claim 2 wherein sending the home network first authentication data comprises sending the home network at least one of the key and corresponding key index from the selected key pair.
  - 4. The method of claim 3 wherein sending the home network first authentication data comprises sending the home network both the key and corresponding key index from the selected key pair.
  - 5. The method of claim 4 further comprising sending the wireless device at least one of the key and corresponding key index from the selected key pair.
  - 6. The method of claim 4 further comprising sending the wireless device only the key index from the selected key pair.
  - 7. The method of claim 2 wherein sending the home network first authentication data comprises sending the home network the key from a selected key pair.
  - 8. The method of claim 7 further comprising sending the wireless device the key index from the selected key pair.
  - 9. The method of claim 1 wherein sending the home network first authentication data comprises sending an authentication key to said home network.
  - 10. The method of claim 9 wherein sending the wireless device second authentication data comprises sending the wireless device the authentication key provided to the home network.

11. A registration server for providing authentication data to a wireless device for over-the-air provisioning of the wireless device, said registration server comprising:
- a communication interface for communicating over a communication network with a wireless device and a home network for the wireless device;
  
  memory for storing registration information for said wireless device; and
  
  a registration processor connected to the communication interface and the memory, said registration processor being configured to;
  
  receive a registration request including a temporary device identifier for the wireless device from a home network;
  
  associate home network data for the home network with the temporary device identifier and store the home network data in memory;
  
  send the home network first authentication data associated with the temporary device identifier for authenticating the home network to the wireless device during device activation;
  
  receive a connection request including the temporary device identifier from the wireless device; and
  
  send the wireless device the stored home network data associated with the temporary device identifier.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The registration server of claim 11 wherein said memory stores a key table associated with the temporary device identifier, said key table comprising a plurality of key pairs including a key and a corresponding key index;
    - and wherein said registration processor is further configured to select a key pair from said key table for use in authenticating the home network to the wireless device.
  - 13. The registration server of claim 12 wherein sending the home network first authentication data comprises sending the home network at least one of the key and corresponding key index from the selected key pair.
  - 14. The registration server of claim 13 wherein the registration processor is further configured to send the home network both the key and corresponding key index from the selected key pair as the first authentication data.
  - 15. The registration server of claim 14 wherein the registration processor is further configured to send the wireless device at least one of the key and corresponding key index from the selected key pair as second authentication data.
  - 16. The registration server of claim 15 wherein the registration processor is further configured to send the wireless device only the key index from the selected key pair as second authentication data.
  - 17. The registration server of claim 12 wherein the registration processor is further configured to send the home network only the key from a selected key pair as the first authentication data.
  - 18. The registration server of claim 17 wherein the registration processor is further configured to send the wireless device the key index from the selected key pair as the first authentication data.
  - 19. The registration server of claim 11 wherein the registration processor is further configured to send the home network an authentication key as the first authentication data.
  - 20. The registration server of claim 19 wherein the registration processor is further configured to send the wireless device the authentication key provided to the home network as second authentication data.

21. A method implemented by a home network for activating a wireless device subscribing to the services of the home network, said method comprising:
- subscribing the wireless device to services of the home network and receiving a temporary device identifier from the wireless device user during a subscription process;
  
  sending a registration request including the temporary device identifier for the wireless device to a registration server to register as the service provider for the wireless device;
  
  receiving authentication data associated with the temporary device identifier from the registration server;
  
  receiving an activation request including the temporary device identifier from the wireless device;
  
  authenticating the home network to the wireless device using the authentication data provided by the registration server; and
  
  sending permanent security credentials to the wireless device to activate the wireless device.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The method of claim 21 wherein the authentication data comprises at least one of an authentication key and a corresponding key index selected from a key table associated with the temporary identifier.
  - 23. The method of claim 22 wherein the authentication data comprises both the key and the corresponding key index selected from the key table.
  - 24. The method of claim 23 wherein authenticating the home network to the wireless device using the authentication data provided by the registration server comprises sending a keyed hash of the key index to the wireless device to prove possession of both the key and the key index.
  - 25. The method of claim 21 wherein the authentication data comprises an authentication key associated with the temporary device identifier for the wireless device.
  - 26. The method of claim 21 further comprising authenticating the wireless device using the authentication data prior to sending permanent credentials to the wireless device.

27. A subscription system in a home network for provisioning a wireless device with permanent security credentials, said subscription system comprising:
- a communication interface for communicating over a communication network with a wireless device and a registration server; and
  
  a subscription processor connected to the communication interface and configured to;
  
  subscribe the wireless device to services of the home network during a subscription process;
  
  receive a temporary device identifier from the wireless device during the subscription process;
  
  send a registration request including the temporary device identifier for the wireless device to the registration server to register a subscription for the wireless device with the registration server;
  
  receive authentication data associated with the temporary device identifier from the registration server;
  
  receive an activation request including the temporary device identifier from the wireless device;
  
  authenticate the home network to the wireless device using the authentication data provided by the registration server; and
  
  send permanent credentials to the wireless device to activate the home device.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. The subscription system of claim 27 wherein the authentication data received by the subscription processor comprises at least one of an authentication key and a corresponding key index selected from a key table associated with the temporary identifier.
  - 29. The subscription system of claim 28 wherein the authentication data received by the subscription processor comprises both the key and the corresponding key index selected from the key table.
  - 30. The subscription system of claim 29 wherein the subscription processor authenticates the home network to the wireless device by sending a keyed hash of the key index to the wireless device to prove possession of both the key and the key index.
  - 31. The subscription system of claim 27 wherein the authentication data received by the subscription processor comprises a shared authentication key associated with the temporary device identifier for the wireless device.
  - 32. The subscription system of claim 27 wherein the subscription processor is further configured to authenticate the wireless device using the authentication data prior to sending permanent credentials to the wireless device.

33. A method implemented by a wireless device for activating the wireless device to receive services from a selected home network, said method comprising:
- sending a connection request including a temporary device identifier to a registration server;
  
  receiving home network data identifying the home network from the registration server responsive to the connection request;
  
  connecting to the home network;
  
  receiving from the home network an authentication message generated using first authentication data provided to the home network by the registration server;
  
  authenticating the home network based on first authentication data; and
  
  downloading permanent subscription credentials from the home network.
- View Dependent Claims (34, 35, 36, 37, 38)
- - 34. The method of claim 33 further comprising storing a key table in memory, said key table comprising a plurality of key pairs including a key and a corresponding key index, and wherein the first authentication data comprises at least one of a key and corresponding key index selected from the key table.
  - 35. The method of claim 34 wherein authenticating the home network comprises verifying the authentication message using at least one of a key or key index selected from the key table stored in memory.
  - 36. The method of claim 35 further comprising receiving second authentication data from the registration server corresponding to the first authentication data, and wherein verifying the authentication message comprises using the second authentication data to prove possession by the home network of a valid key in the key table.
  - 37. The method of claim 33 wherein authenticating the home network comprises receiving an authentication message incorporating the first authentication data from the home network during device activation and verifying the authentication message received from the home network based on second authentication data received by the wireless device from the registration server.
  - 38. The method of claim 33 wherein the first and second authentication data comprises a shared authentication key provided to the wireless device and the home network by the registration server.

39. A wireless device comprising:
- a communication circuit for communicating with a home network and a registration server over a wireless communication network; and
  
  a control processor connected to the communication circuit configured to;
  
  send a connection request including a temporary device identifier to the registration server;
  
  receive home network data identifying the home network from the registration server;
  
  receive from the home network an authentication message generated using first authentication data provided to the home network by the registration server;
  
  authenticate the home network based on the first authentication data; and
  
  download permanent subscription credentials from the home network.
- View Dependent Claims (40, 41, 42, 43, 44)
- - 40. The wireless device of claim 39 further comprising memory for storing a key table, said key table comprising a plurality of key pairs including a key and a corresponding key index, and wherein the first authentication data comprises at least one of a key and corresponding key index selected from the key table.
  - 41. The wireless device of claim 40 wherein the control processor is configured to verify the first authentication message received from the home network using at least one of a key or key index selected from the key table stored in memory.
  - 42. The wireless device of claim 41 wherein the control processor is further configured to receive second authentication data from the registration server corresponding to the first authentication data, and to verify the authentication message received from the home network using the second authentication data to prove possession by the home network of a valid key in the key table.
  - 43. The wireless device of claim 39 wherein the control processor is further configured to receive an authentication message incorporating the first authentication data from the home network during device activation and to verify the authentication message received from the home network based on second authentication data received by the wireless device from the registration server.
  - 44. The wireless device of claim 43 wherein the first and second authentication data comprises a shared authentication key provided to the wireless device and the home network by the registration server, and wherein the control processor is configured to authenticate the home network using the shared authentication key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Slavov, Kristian, Salmela, Patrik Mikael

Application Number

US12/193,165
Publication Number

US 20090253409A1
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0823   using certificates cryptogr...

H04L 67/12   specially adapted for propr...

H04L 9/0844   with user authentication or...

H04L 9/3273   for mutual authentication n...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 4/00   Services specially adapted ...

H04W 4/50   Service provisioning or rec...

H04W 4/70   Services for machine-to-mac...

Method of Authenticating Home Operator for Over-the-Air Provisioning of a Wireless Device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

85 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Method of Authenticating Home Operator for Over-the-Air Provisioning of a Wireless Device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links