Method and apparatus for distributing authorization to provision mobile devices on a wireless network
First Claim
Patent Images
1. A method comprising:
- operating a primary trusted domain (TPD), wherein the primary TPD includes a primary provisioning server that operates within a trusted environment;
using the primary TPD to provision a mobile device on a wireless network by sending a provisioning message from the primary TPD to the mobile device, the provisioning message specifying a secondary TPD authorized to provision the mobile device via a network and an identifier of one or more parameters which the secondary TPD is authorized to provision, the secondary TPD comprising a provisioning server; and
using the primary TPD to provision the mobile device with a digital certificate of the secondary TPD identifying the secondary TPD to enable the secondary TPD to provision the mobile device using a digital signature.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for distributing authorization to provision devices on a wireless network are described. A primary trusted provisioning domain (TPD) operating within a trusted environment established by the wireless carrier'"'"'s firewall can provision the mobile devices. The primary TPD may distribute the authorization to provision one or more of the mobile devices to one or more secondary TPDs operating outside the trusted environment. Digital signatures may be used to authenticate provisioning requests from TPDs.
140 Citations
30 Claims
-
1. A method comprising:
-
operating a primary trusted domain (TPD), wherein the primary TPD includes a primary provisioning server that operates within a trusted environment; using the primary TPD to provision a mobile device on a wireless network by sending a provisioning message from the primary TPD to the mobile device, the provisioning message specifying a secondary TPD authorized to provision the mobile device via a network and an identifier of one or more parameters which the secondary TPD is authorized to provision, the secondary TPD comprising a provisioning server; and using the primary TPD to provision the mobile device with a digital certificate of the secondary TPD identifying the secondary TPD to enable the secondary TPD to provision the mobile device using a digital signature. - View Dependent Claims (2, 3, 4)
-
-
5. A method comprising:
-
operating a primary provisioning server within a predefined trusted environment, the primary provisioning server having authorization to provision a plurality of mobile devices on a wireless network; using the primary provisioning server to provision a digital certificate of the primary provisioning server in each of the mobile devices; using the primary provisioning server to provision a digital certificate of a secondary provisioning server in the mobile devices by sending the digital certificate of the secondary provisioning server from the primary provisioning server to each of the mobile devices, wherein the secondary provisioning server is on a second network outside the trusted environment; and using the primary provisioning server to provision the mobile devices with information indicating to the mobile devices authorization of the secondary provisioning server to provision the mobile devices by sending the information indicating authorization from the primary provisioning server to each of the mobile devices. - View Dependent Claims (6, 7, 8, 9, 10, 11)
-
-
12. A machine-readable program storage medium storing instructions which, when executed in a processing system, configure the processing system to operate as a primary provisioning server within a predefined trusted environment, the primary provisioning server having authorization to provision a plurality of mobile devices on a wireless network, such that the instructions configure the processing system to execute a process comprising:
-
provisioning a digital certificate of the primary provisioning server in each of the mobile devices; provisioning a digital certificate of a secondary provisioning server in the mobile devices by sending the digital certificate of the secondary provisioning server from the primary provisioning server to each of the mobile devices, wherein the secondary provisioning server operates outside the trusted environment; and provisioning the mobile devices with information indicating to the mobile devices authorization of the secondary provisioning server to provision the mobile devices by sending the information indicating authorization from the primary provisioning to each of the mobile devices. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A method of operating a mobile device on a wireless network, the method comprising:
-
receiving at the mobile device, via the wireless network, a provisioning message from a first trusted provisioning domain (TPD), the provisioning message specifying a second TPD and indicating a parameter which the second TPD is authorized to provision in the mobile device, the secondary TPD comprising a provisioning server; storing information identifying the second TPD and the parameter in the mobile device in response to the provisioning message; provisioning the parameter in the mobile device in response to a provisioning message received over a network from the second TPD; and receiving a digital certificate of the second TPD from the first TPD; and using the digital certificate in the mobile device to authenticate the provisioning message from the second TPD. - View Dependent Claims (20, 21)
-
-
22. A method of operating a mobile device on a wireless network, the method comprising:
-
receiving a provisioning message from a remote source, the provisioning message specifying a parameter; determining whether the remote source is a primary trusted provisioning domain (TPD); if the remote source is the primary TPD, provisioning the parameter in the mobile device in response to the provisioning message; if the remote source is not the primary TPD, determining whether the remote source is a secondary TPD authorized to provision the parameter, based on a provisioning authorization previously received by the mobile device from the primary TPD; if the remote source is a secondary TPD authorized to provision the parameter, provisioning the parameter in the mobile device in response to the provisioning message; receiving a digital certificate of the secondary TPD from the primary TPD; and using the digital certificate in the mobile device to authenticate the provisioning message. - View Dependent Claims (23, 24)
-
-
25. A mobile device configured to operate on a wireless network, the mobile device comprising:
-
a processor; a data communication device coupled to the processor to communicate data with one or more remote systems via the wireless network; and a memory coupled to the processor and storing instructions for execution by the processor to configure the mobile device to execute a process comprising receiving a provisioning message at the mobile device from a first trusted provisioning domain (TPD) via the wireless network, the provisioning message specifying a second TPD and indicating a parameter which the second TPD is authorized to provision in the mobile device; storing information identifying the second TPD and the parameter in the mobile device in response to the provisioning message; provisioning the parameter in the mobile device in response to a provisioning message from the second TPD; receiving a digital certificate of the second TPD from the first TPD; and using the digital certificate in the mobile device to authenticate the provisioning message from the second TPD. - View Dependent Claims (26, 27)
-
-
28. A mobile device configured to operate on a wireless network, the mobile device comprising:
-
a processor; a data communication device coupled to the processor to communicate data with one or more remote systems via the wireless network; and a memory coupled to the processor and storing instructions for execution by the processor to configure the mobile device to execute a process comprising receiving a provisioning message from a remote source, the provisioning message specifying a parameter; determining whether the remote source is a primary trusted provisioning domain (TPD); if the remote source is the primary TPD, provisioning the parameter in the mobile device in response to the provisioning message; if the remote source is not the primary TPD, determining whether the remote source is a secondary TPD authorized to provision the parameter, based on a provisioning authorization previously received by the mobile device from the primary TPD; if the remote source is a secondary TPD authorized to provision the parameter, provisioning the parameter in the mobile device in response to the provisioning message; receiving a digital certificate of the secondary TPD from the primary TPD; and using the digital certificate in the mobile device to authenticate the provisioning message. - View Dependent Claims (29, 30)
-
Specification