VALIDATING AUTHORIZATION FOR USE OF A SET OF FEATURES OF A DEVICE

US 20170041794A1
Filed: 03/28/2016
Published: 02/09/2017
Est. Priority Date: 08/07/2015
Status: Active Grant

First Claim

Patent Images

1. A method, operational at a device, comprising:

obtaining a proof of authority for the device to use a first set of selectively activated features at the device, signed by a first authorization server;

sending a request to use a network service to a network node, wherein the first set of selectively activated features includes first selectively activated features needed by the device to use the network service;

obtaining, from the network node, in response to sending the request to use the network service, a request for the proof of authority for the device;

sending, to the network node, the proof of authority for the device;

sending, to the network node, a request for a proof of authority for the network node to provide the network service;

obtaining, from the network node, the proof of authority for the network node to use a second set of selectively activated features at the network node, signed by a second authorization server, wherein the second set of selectively activated features includes second selectively activated features needed by the network node to provide the network service; and

validating the proof of authority for the network node before using the network service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device obtains proof of its authority to use a first set of selectively activated features (first proof). An authorization server signs the first proof with its private key. The device sends a request to use a network service to a network node. The device sends the first proof to the network node. The network node validates the first proof using a public key of the authorization server. The network node grants the request to use the network service. The device sends a request for proof of authority for the network node to provide the network service (second proof). The device obtains the second proof, signed by another authorization server, and validates the second proof before using the network service. The first proof and the second proof each include a list of selectively activated features, where the selectively activated features are needed to use or provide the network service.

Citations

50 Claims

1. A method, operational at a device, comprising:
- obtaining a proof of authority for the device to use a first set of selectively activated features at the device, signed by a first authorization server;
  
  sending a request to use a network service to a network node, wherein the first set of selectively activated features includes first selectively activated features needed by the device to use the network service;
  
  obtaining, from the network node, in response to sending the request to use the network service, a request for the proof of authority for the device;
  
  sending, to the network node, the proof of authority for the device;
  
  sending, to the network node, a request for a proof of authority for the network node to provide the network service;
  
  obtaining, from the network node, the proof of authority for the network node to use a second set of selectively activated features at the network node, signed by a second authorization server, wherein the second set of selectively activated features includes second selectively activated features needed by the network node to provide the network service; and
  
  validating the proof of authority for the network node before using the network service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the device is a chip component, a client device, a network access node, a mobility management entity, or a gateway device.
  - 3. The method of claim 1, wherein the device is a client device or a chip component, and the network node is a network access node.
  - 4. The method of claim 1, wherein the proof of authority for the device originates at the first authorization server, is signed with a private key of the first authorization server, and includes a listing of the first selectively activated features;
    - the method further comprising;
      
      validating the proof of authority for the device by validating the listing of the first selectively activated features using a public key of the first authorization server;
      
      obtaining feature activation keys associated with the first selectively activated features, encrypted with a public key of the device;
      
      decrypting the feature activation keys, using a private key of the device, known only to the device; and
      
      activating and/or maintaining activation of the first selectively activated features with the feature activation keys.
  - 5. The method of claim 1, wherein the proof of authority for the network node originates at the second authorization server, is signed with a private key of the second authorization server, and includes a listing of the second selectively activated features;
    - the method further comprising;
      
      validating the proof of authority for the network node by validating the listing of the second selectively activated features using a public key of the second authorization server.
  - 6. The method of claim 1, wherein the first authorization server is a local authorization server.
  - 7. The method of claim 1, further comprising:
    - identifying a third set of selectively activated features needed by the network node to use the network service; and
      
      using the network service based on determining whether the third set of selectively activated features is included in the second set of selectively activated features.
  - 8. The method of claim 1, wherein:
    - the proof of authority for the device originates at the first authorization server and is obtained, at the device, from the first authorization server, andthe proof of authority for the network node originates at the second authorization server and is obtained, at the device, from the network node.
  - 9. The method of claim 1, wherein the first authorization server and the second authorization server are one authorization server.
  - 10. The method of claim 1, wherein the proof of authority for the device is obtained from the first authorization server during a feature activation process, during which the device obtains authorization to activate the first selectively activated features.
  - 11. The method of claim 1, wherein the proof of authority for the device is data representative of an authorization certificate.
  - 12. The method of claim 1, wherein the proof of authority for the device is data representative of an authorization agreement indicating that the device is authorized to activate the first selectively activated features.

13. A device, comprising:
- a network communication circuit; and
  
  a processing circuit coupled to the network communication circuit, the processing circuit configured to;
  
  obtain a proof of authority for the device to use a first set of selectively activated features at the device, signed by a first authorization server;
  
  send a request to use a network service to a network node, wherein the first set of selectively activated features includes first selectively activated features needed by the device to use the network service;
  
  obtain, from the network node, in response to sending the request o use the network service, a request for the proof of authority for the device;
  
  send, to the network node, the proof of authority for the device;
  
  send, to the network node, a request for a proof of authority for the network node to provide the network service;
  
  obtain, from the network node, the proof of authority for the network node to use a second set of selectively activated features at the network node, signed by a second authorization server, wherein the second set of selectively activated features includes second selectively activated features needed by the network node to provide the network service; and
  
  validate the proof of authority for the network node before using the network service.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The device of claim 13, wherein the device is a chip component, a client device, a network access node, a mobility management entity, or a gateway device.
  - 15. The device of claim 13, wherein the proof of authority for the device originates at the first authorization server, is signed with a private key of the first authorization server, and includes:
    - a listing of the first selectively activated features; and
      
      the processing circuit is further configured to;
      
      validate the proof of authority for the device by validating the listing oft he first selectively activated features using a public key of the first authorization server;
      
      obtain feature activation keys associated with the first selectively activated features, encrypted with a public key of the device;
      
      decrypt the feature activation keys, using a private key of the device, known only to the device; and
      
      activate and/or maintain activation of the first selectively activated features with the feature activation keys.
  - 16. The device of claim 13, wherein the proof of authority for the network node originates at the second authorization server, is signed with a private key of the second authorization server, and includes:
    - a listing of the second selectively activated features; and
      
      the processing circuit is further configured to;
      
      validate the proof of authority for the network node by validating the listing of the second selectively activated features using a public key of the second authorization server.
  - 17. The device of claim 13, wherein the first authorization server is a local authorization server.
  - 18. The device of claim 13, wherein the processing circuit is further configured to:
    - identify a third set of selectively activated features needed by the network node to use the network service; and
      
      use the network service based on determining whether the third set of selectively activated features is included in the second set of selectively activated features.
  - 19. The device of claim 13, wherein the processing circuit is further configured to:
    - obtain, at the device, the proof of authority for the device from the first authorization server, wherein the proof of authority for the device originates at the first authorization server; and
      
      obtain, at the device, the proof of authority for the network node from the network node, wherein the proof of authority for the network node originates at the second authorization server.
  - 20. The device of claim 13, wherein the first authorization server and the second authorization server are one authorization server.
  - 21. The device of claim 13, wherein the processing circuit is further configured to obtain the proof of authority for the device from the first authorization server during a feature activation process, during which the device obtains authorization to activate the first selectively activated features.
  - 22. The device of claim 13, wherein the proof of authority for the device is data representative of an authorization certificate.
  - 23. The device of claim 13, wherein the proof of authority for the device is data representative of an authorization agreement indicating that the device is authorized to activate the first selectively activated features.

24. A method, operational at a network node, comprising:
- obtaining a request, from a device, to use a network service;
  
  obtaining a proof of authority for the device to use a first set of selectively activated features at the device, signed by an authorization server;
  
  validating the proof of authority for the device;
  
  identifying a second set of selectively activated features needed by the device to use the network service; and
  
  sending a response to the request based on results of validating the proof of authority for the device and determining whether the second set of selectively activated features is included in the first set of selectively activated features.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 25. The method of claim 24, wherein the network node is a network access node, a mobility management entity, or a gateway device.
  - 26. The method of claim 24, wherein:
    - the first set of selectively activated features includes first selectively activated features, andthe proof of authority for the device originates at the authorization server and includes;
      
      a listing of the first selectively activated features, signed with a private key of the authorization server; and
      
      the method further comprising;
      
      validating the proof of authority for the device by validating the listing of the first selectively activated features using a public key of the authorization server.
  - 27. The method of claim 24, wherein the proof of authority for the device originates at the authorization server and is obtained, at the network node, from the device.
  - 28. The method of claim 24, wherein the proof of authority for the device originates at the authorization server and is obtained, at the network node, in a form of a capability profile of the device, from a home subscriber server (HSS).
  - 29. The method of claim 24, wherein the proof of authority for the device is data representative of an authorization certificate.
  - 30. The method of claim 24, wherein the proof of authority for the device is data representative of an authorization agreement indicating that the device is authorized to activate the first set of selectively activated features.
  - 31. The method of claim 24, wherein identifying the second set of selectively activated features comprises:
    - deriving selectively activated features needed by the device to use the network service from a model-specific and/or a device-specific list of authorized selectively activated features maintained by the authorization server.
  - 32. The method of claim 24, wherein identifying the second set of selectively activated features comprises:
    - deriving selectively activated features needed by the device to use the network service from a model-specific and/or a device-specific list of licensable selectively activated features maintained by the authorization server.
  - 33. The method of claim 24, further comprising:
    - verifying that the device holds a private key that corresponds to a public key of the device included with the proof of authority for the device, wherein sending the response to the request is further based on a result of the verifying.

34. A network node, comprising:
- a network communication circuit; and
  
  a processing circuit coupled to the network communication circuit, the processing circuit configured to;
  
  obtain a request, from a device, to use a network service;
  
  obtain a proof of authority for the device to use a first set of selectively activated features at the device, signed by an authorization server;
  
  validate the proof of authority for the device;
  
  identify a second set of selectively activated features needed by the device to use the network service; and
  
  send a response to the request based on determining whether the second set of selectively activated features is included in the first set of selectively activated features.
- View Dependent Claims (35, 36, 37, 38, 39)
- - 35. The network node of claim 34, wherein the network node is a network access node, a mobility management entity, or a gateway device.
  - 36. The network node of claim 34, wherein:
    - the first set of selectively activated features includes first selectively activated features, andthe proof of authority for the device originates at the authorization server and includes;
      
      a listing of the first selectively activated features, signed with a private key of the authorization server; and
      
      the processing circuit is further configured to;
      
      validate the listing of the first selectively activated features using a public key of the authorization server, to validate the proof of authority for the device.
  - 37. The network node of claim 34, wherein:
    - the proof of authority for the device originates at the authorization server and the processing circuit is further configured to;
      
      obtain the proof of authority for the device, at the network node, from the device.
  - 38. The network node of claim 34, wherein when identifying the second set of selectively activated features, the processing circuit is further configured to:
    - derive selectively activated features needed by the device to use the network service from a model-specific and/or a device-specific list of authorized selectively activated features maintained by the authorization server.
  - 39. The network node of claim 34, wherein when identifying the second set of selectively activated features, the processing circuit is further configured to:
    - derive selectively activated features needed by the device to use the network service from a model-specific and/or a device-specific list of licensable selectively activated features maintained by the authorization server.

40. A method operational at a server, comprising:
- obtaining a first list of selectively activated features of a device; and
  
  updating a second list of selectively activated features of the device, stored at the server, based on the first list, wherein the second list is associated with a subscription profile of the device, to reflect a change to an authorization status of at least one selectively activated feature in the second list.
- View Dependent Claims (41, 42, 43, 44, 45, 46)
- - 41. The method of claim 40, wherein the server is a home subscriber server (HSS).
  - 42. The method of claim 41, further comprising:
    - sending, responsive to a query concerning capability of the device, a capability profile including the second list of selectively activated features of the device.
  - 43. The method of claim 40, wherein the first list of selectively activated features originates at an authorization server and is signed with a private key of the authorization server;
    - the method further comprising;
      
      validating the first list of selectively activated features using a public key of the authorization server.
  - 44. The method of claim 43, wherein the authorization server is a local authorization server.
  - 45. The method of claim 40, wherein the first list of selectively activated features is data representative of an authorization certificate signed by an authorization server.
  - 46. The method of claim 40, wherein the first list of selectively activated features is data representative of an authorization agreement indicating that the device is authorized to activate the selectively activated features.

47. A server comprising:
- a network communication circuit for communicating over a network; and
  
  a processing circuit coupled to the network communication circuit, the processing circuit configured to;
  
  obtain a first list of selectively activated features of a device; and
  
  update a second list of selectively activated features of the device, stored at the server, based on the first list, wherein the second list is associated with a subscription profile of the device, to reflect a change to an authorization status of at least one selectively activated feature in the second list.
- View Dependent Claims (48, 49, 50)
- - 48. The server if claim 47, wherein the server is a home subscriber server (HSS).
  - 49. The server of claim 47, wherein the processing circuit is further configured to:
    - send, responsive to a query concerning capability of the device, a capability profile including the second list of selectively activated features of the device.
  - 50. The server of claim 47, wherein the first list of selectively activated features originates at an authorization server and is signed with a private key of the authorization server, and the processing circuit is further configured to:
    - validate the first list of selectively activated features using a public key of the authorization server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Lee, Soo Bum, Horn, Gavin Bernard, Smee, John, Pankaj, Rajesh, Rouse, Thomas

Granted Patent

US 11,082,849 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/105   Arrangements for software l...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 63/12   Applying verification of th...

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 67/01   Protocols

H04L 67/303   Terminal profiles

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/35   Protecting application or s...

H04W 76/14   Direct-mode setup

H04W 88/02   Terminal devices

H04W 88/08   Access point devices

VALIDATING AUTHORIZATION FOR USE OF A SET OF FEATURES OF A DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

VALIDATING AUTHORIZATION FOR USE OF A SET OF FEATURES OF A DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links