METHOD AND APPARATUS FOR INITIAL CERTIFICATE ENROLLMENT IN A WIRELESS COMMUNICATION SYSTEM

US 20160344559A1
Filed: 05/22/2015
Published: 11/24/2016
Est. Priority Date: 05/22/2015
Status: Active Grant

First Claim

Patent Images

1. A method for providing initial certification enrollment in a wireless communication system, the method comprising:

establishing, by a first mobile device, a first wireless connection with an infrastructure;

establishing, by the first mobile device, a second wireless connection with a second mobile device;

receiving, by the first mobile device, a first certification request from the second mobile device and over the second wireless connection, wherein the first certification request comprises a request for a digital certificate for the second mobile device and first biometric data associated with a user of the first mobile device;

obtaining second biometric data, wherein the second biometric data is associated with a user of the second mobile device;

conveying a second certification request to the infrastructure and over the first wireless connection, wherein the second certification request comprises the request for the digital certificate for the second mobile device, the first biometric data, and the second biometric data;

in response to conveying the second certification request to the infrastructure, receiving, from the infrastructure and over the first wireless connection, the digital certificate for the second mobile device; and

conveying, to the second mobile device over the second wireless connection, the digital certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are provided for initial certification enrollment in a wireless communication system. A first mobile device establishes a first wireless connection with an infrastructure and a second wireless connection with a second mobile device. The first mobile device receives, from the second mobile device, a first certification request that includes a request for a digital certificate for the second mobile device and first biometric data associated with a user of the first mobile device. The first mobile device obtains second biometric data associated with a user of the second mobile device and conveys a second certification request to the infrastructure that includes the request for the digital certificate for the second mobile device and the first and second biometric data. The first mobile device then receives, from the infrastructure, the digital certificate for the second mobile device and forwards, to the second mobile device, the digital certificate.

26 Citations

View as Search Results

20 Claims

1. A method for providing initial certification enrollment in a wireless communication system, the method comprising:
- establishing, by a first mobile device, a first wireless connection with an infrastructure;
  
  establishing, by the first mobile device, a second wireless connection with a second mobile device;
  
  receiving, by the first mobile device, a first certification request from the second mobile device and over the second wireless connection, wherein the first certification request comprises a request for a digital certificate for the second mobile device and first biometric data associated with a user of the first mobile device;
  
  obtaining second biometric data, wherein the second biometric data is associated with a user of the second mobile device;
  
  conveying a second certification request to the infrastructure and over the first wireless connection, wherein the second certification request comprises the request for the digital certificate for the second mobile device, the first biometric data, and the second biometric data;
  
  in response to conveying the second certification request to the infrastructure, receiving, from the infrastructure and over the first wireless connection, the digital certificate for the second mobile device; and
  
  conveying, to the second mobile device over the second wireless connection, the digital certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - conveying, by the first mobile device to the second mobile device, a digital certificate associated with the first mobile device;
      
      in response to conveying, to the second mobile device, the digital certificate associated with the first mobile device, receiving, from the second mobile device, a public key;
      
      wherein receiving the first certification request comprises receiving the first certification request signed by a private key corresponding to the public key; and
      
      wherein the method further comprises validating the first certification request based on the public key.
  - 3. The method of claim 2, wherein the digital certificate associated with the first mobile device is a registration authority certificate of the first mobile device.
  - 4. The method of claim 2, wherein the private key comprises a first private key and wherein conveying a second certification request to the infrastructure comprises:
    - signing the second certification request using a second private key to produce a signed second certification request; and
      
      conveying the signed second certification request to the infrastructure.
  - 5. The method of claim 4, wherein the second private key is a private key associated with a registration authority certificate of the first mobile device.
  - 6. The method of claim 5, further comprising validating the signed second certification request based on a first public key associated with the first private key and a second public key associated with the second private key.
  - 7. The method of claim 6, further comprising:
    - issuing the digital certificate for the second mobile device in response to validating the signed second certification request.
  - 8. The method of claim 4, wherein receiving, from the infrastructure and over the first wireless connection, the digital certificate for the second mobile device comprises:
    - receiving, from the infrastructure and over the first wireless connection, a certification response comprising the digital certificate for the second mobile device, wherein the certification response is signed by a third private key.
  - 9. The method of claim 1, wherein conveying the digital certificate comprises:
    - conveying, to the second mobile device over the second wireless connection, a certification response comprising the digital certificate, wherein the certification response is signed by a private key associated with the first mobile device.
  - 10. The method of claim 1, further comprising:
    - verifying an identity of the user of the first mobile device and an identity of the user of the second mobile device based on the first biometric data and the second biometric data; and
      
      issuing the digital certificate in response to verifying the identity of the user of the first mobile device and the identity of the user of the second mobile device.

11. A mobile device capable of facilitating initial certification enrollment in a wireless communication system, the mobile device comprising:
- a processor;
  
  an at least one memory device that is configured to store instructions that, when executed by the processor, cause the processor to;
  
  establish a first wireless connection with an infrastructure;
  
  establish a second wireless connection with another mobile device;
  
  receive a first certification request from the another mobile device and over the second wireless connection, wherein the first certification request comprises a request for a digital certificate for the another mobile device and first biometric data associated with a user of the mobile device;
  
  obtain second biometric data, wherein the second biometric data is associated with a user of the another mobile device;
  
  convey a second certification request to the infrastructure and over the first wireless connection, wherein the second certification request comprises the request for the digital certificate for the another mobile device, the first biometric data, and the second biometric data;
  
  in response to conveying the second certification request to the infrastructure, receive, from the infrastructure and over the first wireless connection, the digital certificate for the another mobile device; and
  
  convey, to the another mobile device over the second wireless connection, the digital certificate.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The mobile device of claim 11, wherein the at least one memory device is configured to store instructions that, when executed by the processor, cause the processor to:
    - convey, to the another mobile device, a digital certificate associated with the mobile device;
      
      in response to conveying, to the another mobile device, the digital certificate associated with the mobile device, receive, from the another mobile device, a public key;
      
      wherein receiving the first certification request comprises receiving the first certification request signed by a private key corresponding to the public key; and
      
      wherein the at least one memory device is configured to store instructions that, when executed by the processor, further cause the processor to validate the first certification request based on the public key.
  - 13. The mobile device of claim 12, wherein the at least one memory device is configured to maintain a registration authority certificate of the mobile device and wherein the digital certificate associated with the mobile device is the registration authority certificate.
  - 14. The mobile device of claim 12, wherein the private key comprises a first private key and wherein the at least one memory device is configured to convey a second certification request to the infrastructure by:
    - signing the second certification request using a second private key to produce a signed second certification request; and
      
      conveying the signed second certification request to the infrastructure.
  - 15. The mobile device of claim 14, wherein the second private key is a private key associated with a registration authority certificate of the mobile device.
  - 16. The mobile device of claim 14, wherein the at least one memory device is configured to receive, from the infrastructure and over the first wireless connection, the digital certificate for the another mobile device by:
    - receiving, from the infrastructure and over the first wireless connection, a certification response comprising the digital certificate for the another mobile device, wherein the certification response is signed by a third private key.
  - 17. The mobile device of claim 11, wherein the at least one memory device is configured to convey the digital certificate by:
    - conveying, to the another mobile device over the second wireless connection, a certification response comprising the digital certificate for the another mobile device, wherein the certification response is signed by a private key associated with the mobile device.

18. A public key infrastructure (PKI) device comprising:
- a processor;
  
  an at least one memory device that is configured to store instructions that, when executed by the processor, cause the processor to;
  
  receive, from a first mobile device, a certification request comprising a request for a digital certificate for a second mobile device, first biometric data associated with a user of the first mobile device, and second biometric data associated with a user of the second mobile device;
  
  verify an identity of the user of the first mobile device and an identity of the user of the second mobile device based on the first biometric data and the second biometric data; and
  
  issue the digital certificate in response to verifying the identity of the user of the first mobile device and the identity of the user of the second mobile device.
- View Dependent Claims (19)
- - 19. The public key infrastructure (PKI) device of claim 18, wherein the certification request is signed by a first private key associated with the second mobile device and a second private key associated with the first mobile device and wherein the at least one memory device is configured to store instructions that, when executed by the processor, cause the processor to:
    - validate the certification request based on a first public key associated with the first private key and a second public key associated with the second private key; and
      
      wherein the at least one memory device is configured to store instructions that, when executed by the processor, cause the processor to issue the digital certificate in response to verifying the identity of the user of the first mobile device and the identity of the user of the second mobile device and validating the certification request.

20. A public key infrastructure (PKI) device comprising:
- a processor;
  
  an at least one memory device that is configured to maintain;
  
  a Certificate Revocation List (CRL); and
  
  a Certificate Authorization List (CAL), wherein the CAL comprises a list of digital certificate serial numbers or hashes of digital certificate serial numbers that are associated with mobile devices that are authorized to participate in a given incident response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola Solutions, Inc.
Original Assignee
Motorola Solutions, Inc.
Inventors
MA, DING, AKERS, JONATHAN P.

Granted Patent

US 9,882,726 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0861   using biometrical features,...

H04L 63/18   using different networks or...

H04L 9/006   involving public key infras...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

H04W 12/069   using certificates or pre-s...

METHOD AND APPARATUS FOR INITIAL CERTIFICATE ENROLLMENT IN A WIRELESS COMMUNICATION SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR INITIAL CERTIFICATE ENROLLMENT IN A WIRELESS COMMUNICATION SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links