SUBSCRIBER CERTIFICATE PROVISIONING

US 20130311771A1
Filed: 05/17/2012
Published: 11/21/2013
Est. Priority Date: 05/17/2012
Status: Active Grant

First Claim

Patent Images

1. A method for provisioning a device with a certificate comprising:

receiving credentials transmitted from the device through an access point, the credentials identifying a credentials username and password;

verifying whether the credentials are trusted according to a two-factor authentication process, the two-factor authentication process determining;

i) the credentials to be trusted in the event (i) the credentials username and password match with a trusted username and password previously associated with the device and (ii) an address associated with the access point is within a range of trusted addresses;

ii) the credentials to be untrusted in the event the username and password fail to match with the trusted username and password or the address fails to fall within the range of trusted addresses;

providing the device with an assertion in the event the credentials are trusted, the assertion being sufficient for the device to request the certificate; and

preventing delivery of the assertion to the device in the event the credentials are untrusted until the device transmits trusted credentials.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provisioning a device with a certificate is contemplated. The certificate may be used to verify whether the device or a user of the device is authorized to access electronic content, services, and signaling. The certificate may be provisioned in relation to the device having successfully completed a two-factor authentication process so that an entity providing the certificate need not have to repeat the two-factor authentication process.

42 Citations

View as Search Results

20 Claims

1. A method for provisioning a device with a certificate comprising:
- receiving credentials transmitted from the device through an access point, the credentials identifying a credentials username and password;
  
  verifying whether the credentials are trusted according to a two-factor authentication process, the two-factor authentication process determining;
  
  i) the credentials to be trusted in the event (i) the credentials username and password match with a trusted username and password previously associated with the device and (ii) an address associated with the access point is within a range of trusted addresses;
  
  ii) the credentials to be untrusted in the event the username and password fail to match with the trusted username and password or the address fails to fall within the range of trusted addresses;
  
  providing the device with an assertion in the event the credentials are trusted, the assertion being sufficient for the device to request the certificate; and
  
  preventing delivery of the assertion to the device in the event the credentials are untrusted until the device transmits trusted credentials.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising the certificate being provided from a certificate authority (CA) upon receipt of a security token included with a certificate request transmitted from the device, the security token being required by the CA prior to providing the certificate to the device.
  - 3. The method of claim 2 further comprising the CA providing the certificate without being provided the username and password associated with the device.
  - 4. The method of claim 2 further comprising the CA providing the certificate without the certificate request identifying the username and password associated with the device.
  - 5. The method of claim 2 further comprising the security token being provided to the device from a registration authority (RA) upon receipt of the assertion being included within a security token request transmitted from the device, the assertion being required by the RA prior to providing the security token to the device.
  - 6. The method of claim 5 further comprising the RA providing the security token to the device without being provided the username and password associated with the device.
  - 7. The method of claim 5 further comprising the RA providing the security token to the device without the security token request identifying the username and password associated with the device.
  - 8. The method of claim 1 further comprising an identity provider (IdP) determining the address to be trusted in the event the address is within the range of trusted addresses designated by a service provider to be trusted and the IdP determining the address to be untrusted in the event the credentials address fails to be within the range of the trusted addresses.
  - 9. The method of claim 8 further comprising the IdP associating the trusted username and password with the device and determining whether the credentials username and password match with the trusted username and password.

10. A method for provisioning a device with a certificate comprising:
- receiving a certificate request from the device, the certificate request including a security token previously provided to the device after successfully completing a two-factor authentication process;
  
  providing the certificate to the device in the event the security token indicates the two-factor authentication process was completed by a trusted entity; and
  
  denying the certificate to the device in the event the security token fails to indicate the two-factor authentication process was completed by a trusted entity.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10 further comprising providing the security token to the device upon receipt of a security token request having an assertion, the assertion being provided to the device from the trusted entity after successfully completing the two-factor authentication process.
  - 12. The method of claim 11 further comprising the assertion being provided to the device from an identity provider (IdP), the security token being provided to the device from a registration authority (RA), and the certificate being provided from a certificate authority (CA).
  - 13. The method of claim 12 further comprising:
    - the IdP performing the two-factor authentication process and providing the assertion upon receipt of credentials transmitted from the device through an access point, the credentials identifying a credentials username and password input to the device by a user while connected to the access point;
      
      the IdP determining the two-factor authentication process to be successful in the event (i) the credentials username and password match with a trusted username and password previously associated with the device and (ii) an address associated with the credentials access point is within a range of trusted addresses; and
      
      the IdP determining the two-factor authentication process to be unsuccessful in the event the username and password fail to match with the trusted username and password or the address is not within the range of trusted addresses.
  - 14. The method of claim 13 further comprising the CA providing the certificate without being notified of the credentials username and password and the RA providing the security token without being notified of the credentials username and password.

15. A non-transitory computer-readable medium having computer-readable code embodied therein for controlling a computing device to electronically facilitate certificate provisioning, the computer-readable code comprising instructions for:
- transmitting an authentication request with credentials to request an assertion, the credentials sufficient for use in a two-factor authentication process;
  
  receiving an assertion upon successfully completing the two-factor authentication process;
  
  transmitting a security token request with the assertion to request a security token;
  
  receiving the security token upon verification of the assertion;
  
  transmitting a certificate request with the security token to request the certificate;
  
  receiving the certificate upon verification of the security token; and
  
  provisioning the computing device with the certificate.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable medium of claim 15 wherein the computer-readable code further comprises instructions for requesting user input of a credentials username and password, the credentials username and password being included with the credentials for use in the two-factor authentication process.
  - 17. The computer-readable medium of claim 16 wherein the computer-readable code further comprises instructions for identifying an address of an access point through which the credentials are transmitted, the address be included with the credentials for use in the two-factor authentication process.
  - 18. The computer-readable medium of claim 17 wherein the computer-readable code further comprises instructions for transmitting the credentials to an identity provider (IdP).
  - 19. The computer-readable medium of claim 18 wherein the computer-readable code further comprises instructions for transmitting the assertion to a registration authority (RA) without identifying the credentials username and password within the security token request.
  - 20. The computer-readable medium of claim 19 wherein the computer-readable code further comprises instructions for transmitting the security token to a certificate authority (CA) without identifying the credentials username and password within the certificate request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cable Television Laboratories Incorporated
Original Assignee
Cable Television Laboratories Incorporated
Inventors
Hoggan, Stuart A.

Granted Patent

US 8,850,187 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/083   using passwords cryptograph...

H04L 63/107   wherein the security polici...

H04L 9/3268   using certificate validatio...

SUBSCRIBER CERTIFICATE PROVISIONING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SUBSCRIBER CERTIFICATE PROVISIONING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links