AUTHENTICATION IN SECURE USER PLANE LOCATION (SUPL) SYSTEMS
First Claim
Patent Images
1. A method of authentication, comprising:
- storing, at a mobile device, at least one security credential that is specific to the mobile device, wherein the at least one security credential includes a device identifier of the mobile device; and
transmitting the at least one security credential to a secure user plane location (SUPL) location platform (SLP) to authenticate the mobile device as associated with a SUPL user based on a comparison of the device identifier to a stored device identifier.
4 Assignments
0 Petitions
Accused Products
Abstract
A particular method includes storing, at a mobile device, at least one security credential that is specific to the mobile device. The method also includes transmitting the at least one security credential to a secure user plane location (SUPL) location platform (SLP) to authenticate the mobile device as associated with a SUPL user based on a comparison of the device identifier to a stored device identifier.
-
Citations
70 Claims
-
1. A method of authentication, comprising:
-
storing, at a mobile device, at least one security credential that is specific to the mobile device, wherein the at least one security credential includes a device identifier of the mobile device; and transmitting the at least one security credential to a secure user plane location (SUPL) location platform (SLP) to authenticate the mobile device as associated with a SUPL user based on a comparison of the device identifier to a stored device identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus comprising:
-
a memory storing at least one security credential that is specific to a mobile device, wherein the at least one security credential includes a device identifier of the mobile device; and a processor configured to cause the mobile device to transmit the at least one security credential to a secure user plane location (SUPL) location platform (SLP) to authenticate the mobile device as associated with a SUPL user based on a comparison of the device identifier to a stored device identifier. - View Dependent Claims (9)
-
-
10. An apparatus comprising:
-
means for storing at least one security credential that is specific to a mobile device, wherein the at least one security credential includes a device identifier of the mobile device; and means for causing the mobile device to transmit the at least one security credential to a secure user plane location (SUPL) location platform (SLP) to authenticate the mobile device as associated with a SUPL user based on a comparison of the device identifier to a stored device identifier. - View Dependent Claims (11)
-
-
12. A non-transitory processor-readable medium comprising instructions that, when executed by a processor, cause the processor to:
generate, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including; a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and a request for a device certificate of the mobile device; receive a reply from the mobile device that includes a device certificate of the mobile device; and authenticate the mobile device as associated with a SUPL user based on the device certificate. - View Dependent Claims (13, 14, 15)
-
16. An apparatus comprising:
-
a processor; and a memory coupled to the processor, wherein the memory is configured to store instructions; and wherein the instructions are executable by the processor to; generate, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including; a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and a request for a device certificate of the mobile device; receive a reply from the mobile device that includes a device identifier of the mobile device; and authenticate the mobile device as associated with a SUPL user based on the device certificate. - View Dependent Claims (17)
-
-
18. A method comprising:
-
receiving, at a secure user plane location (SUPL) server, an indication from a mobile device of one or more transport layer security (TLS) cipher suites supported by the mobile device; determining whether the one or more TLS cipher suites include a TLS pre-shared key (TLS-PSK) cipher suite that is supported by the SUPL server; in response to determining that the one or more TLS cipher suites include the TLS-PSK cipher suite that is supported by the SUPL server, performing a generic bootstrapping architecture (GBA)-based authentication process to authenticate the mobile device; and in response to determining that the one or more TLS cipher suites do not include a TLS-PSK cipher suite that is supported by the SUPL server, determining whether the SUPL server supports a certificate-based authentication method; in response to determining that the SUPL server supports the certificate-based authentication method, performing the certificate-based authentication method that includes sending a server certificate to the mobile device and receiving a device certificate from the mobile device. - View Dependent Claims (19, 20)
-
-
21. An apparatus comprising:
-
a processor; and a memory coupled to the processor, wherein the memory is configured to store instructions; and wherein the instructions are executable by the processor to; receive, at a secure user plane location (SUPL) server, an indication from a mobile device of one or more transport layer security (TLS) cipher suites supported by the mobile device; determine whether the one or more TLS cipher suites include a TLS pre-shared key (TLS-PSK) cipher suite that is supported by the SUPL server; in response to determining that the one or more TLS cipher suites include the TLS-PSK cipher suite that is supported by the SUPL server, perform a generic bootstrapping architecture (GBA)-based authentication process to authenticate the mobile device; and in response to determining that the one or more TLS cipher suites do not include a TLS-PSK cipher suite that is supported by the SUPL server, determine whether the SUPL server supports a certificate-based authentication method; in response to determining that the SUPL server supports the certificate-based authentication method, perform a certificate-based authentication process that includes sending a server certificate to the mobile device and receiving a device certificate from the mobile device. - View Dependent Claims (22, 23)
-
-
24. A method comprising:
-
receiving, at a mobile device, a session initiation message from a secure user plane location (SUPL) server to initiate a SUPL session between the SUPL server and the mobile device; and in response to the mobile device receiving a valid session initiation message key from the SUPL server prior to the mobile device receiving the session initiation message; authenticating the session initiation message using the valid session initiation message key; and initiating the SUPL session with the SUPL server in response to successful authentication of the session initiation message. - View Dependent Claims (25, 26, 27, 28, 29)
-
-
30. An apparatus comprising:
-
a processor; and a memory coupled to the processor, wherein the memory is configured to store instructions; and wherein the instructions are executable by the processor to; receive, at a mobile device, a session initiation message from a secure user plane location (SUPL) server to initiate a SUPL session between the SUPL server and the mobile device; and in response to the mobile device receiving a valid session initiation message key from the SUPL server prior to the mobile device receiving the session initiation message; authenticate the session initiation message using the valid session initiation message key; and initiate the SUPL session with the SUPL server in response to successful authentication of the session initiation message. - View Dependent Claims (31, 32)
-
-
33. A method comprising:
transmitting a message from a mobile device to a secure user plane location (SUPL) server, wherein the message includes a SUPL INIT Root Key Status parameter. - View Dependent Claims (34, 35, 36)
-
37. A method comprising:
transmitting, from a secure user plane location (SUPL) server to a mobile device, a SUPL END message that includes a SUPL INIT Key Response parameter. - View Dependent Claims (38)
-
39. A method comprising:
-
receiving, at a mobile device, a session re-initiation message from a secure user plane location (SUPL) server to continue a SUPL session between the SUPL server and the mobile device; and in response to the mobile device receiving a valid session initiation message key from the SUPL server prior to the mobile device receiving the session re-initiation message; authenticating the session re-initiation message using the valid session initiation message key; and continuing the SUPL session with the SUPL server in response to successful authentication of the session re-initiation message. - View Dependent Claims (40, 41)
-
-
42. An apparatus comprising:
-
a processor; and a memory coupled to the processor, wherein the memory is configured to store instructions; and wherein the instructions are executable by the processor to; receive, at a mobile device, a session re-initiation message from a secure user plane location (SUPL) server to continue a SUPL session between the SUPL server and the mobile device; and in response to the mobile device receiving a valid session initiation message key from the SUPL server prior to the mobile device receiving the session re-initiation message; authenticate the session re-initiation message using the valid session initiation message key; and continue the SUPL session with the SUPL server in response to successful authentication of the session re-initiation message. - View Dependent Claims (43, 44)
-
-
45. A method comprising:
-
receiving, at a web server, a message from a secure user plane location (SUPL)-enabled mobile device, wherein the message includes a security credential of the mobile device; receiving, at the web server, user identification information from the mobile device; authenticating the user identification information as identifying an authorized user of a SUPL service; and sending the security credential of the mobile device to a SUPL server to enable the SUPL server to authenticate the mobile device as associated with the authorized user of the SUPL service. - View Dependent Claims (46, 47, 48, 49)
-
-
50. An apparatus comprising:
-
a processor; and a memory coupled to the processor, wherein the memory is configured to store instructions; and wherein the instructions are executable by the processor to; receive, at a web server, a message from a secure user plane location (SUPL)-enabled mobile device, wherein the message includes a security credential of the mobile device; receive, at the web server, user identification information from the mobile device; authenticate the user identification information as identifying an authorized user of a SUPL service; and send the security credential of the mobile device to a SUPL server to enable the SUPL server to authenticate the mobile device as associated with the authorized user of the SUPL service. - View Dependent Claims (51)
-
-
52. An apparatus, comprising:
-
means for receiving, at a web server, a message from a secure user plane location (SUPL)-enabled mobile device, wherein the message includes a security credential of the mobile device; means for receiving, at the web server, user identification information from the mobile device; means for authenticating the user identification information as identifying an authorized user of a SUPL service; and means for sending the security credential of the mobile device to a SUPL server to enable the SUPL server to authenticate the mobile device as associated with the authorized user of the SUPL service. - View Dependent Claims (53)
-
-
54. A non-transitory processor-readable medium comprising instructions that, when executed by a processor, cause the processor to:
-
receive, at a web server, a message from a secure user plane location (SUPL)-enabled mobile device, wherein the message includes a security credential of the mobile device; receive, at the web server, user identification information from the mobile device; authenticate the user identification information as identifying an authorized user of a SUPL service; and send the security credential of the mobile device to a SUPL server to enable the SUPL server to authenticate the mobile device as associated with the authorized user of the SUPL service. - View Dependent Claims (55)
-
-
56. A method comprising:
-
receiving, at a secure user plane location (SUPL) server, a first identifier and a first password from a mobile device; authenticating the first identifier and the first password as associated with an authorized user of a SUPL service; and sending a second identifier and a second password to the mobile device to replace the first identifier and the first password, wherein the SUPL server is configured to establish a SUPL session with the mobile device upon receiving the second identifier and the second password from the mobile device. - View Dependent Claims (57, 58, 59, 60)
-
-
61. An apparatus comprising:
-
a processor; and a memory coupled to the processor, wherein the memory is configured to store instructions; and wherein the instructions are executable by the processor to; receive, at a secure user plane location (SUPL) server, a first identifier and a first password from a mobile device; authenticate the first identifier and the first password as associated with an authorized user of a SUPL service; and send a second identifier and a second password to the mobile device to replace the first identifier and the first password, wherein the SUPL server is configured to establish a SUPL session with the mobile device upon receiving the second identifier and the second password from the mobile device. - View Dependent Claims (62)
-
-
63. An apparatus comprising:
-
means for receiving, at a secure user plane location (SUPL) server, a first identifier and a first password from a mobile device; means for authenticating the first identifier and the first password as associated with an authorized user of a SUPL service; and means for sending a second identifier and a second password to the mobile device to replace the first identifier and the first password, wherein the SUPL server is configured to establish a SUPL session with the mobile device upon receiving the second identifier and the second password from the mobile device. - View Dependent Claims (64)
-
-
65. A non-transitory processor-readable medium comprising instructions that, when executed by a processor, cause the processor to:
-
receive, at a secure user plane location (SUPL) server, a first identifier and a first password from a mobile device; authenticate the first identifier and the first password as associated with an authorized user of a SUPL service; and send a second identifier and a second password to the mobile device to replace the first identifier and the first password, wherein the SUPL server is configured to establish a SUPL session with the mobile device upon receiving the second identifier and the second password from the mobile device. - View Dependent Claims (66)
-
-
67. A method comprising:
transmitting a SUPL INIT message including a Protection Level parameter from a secure user plane location (SUPL) server to a mobile device. - View Dependent Claims (68)
-
69. A method comprising:
transmitting a SUPL REINIT message including a Protection Level parameter from a secure user plane location (SUPL) server to a mobile device. - View Dependent Claims (70)
Specification