Plug and play mobile services

US 7,644,163 B2
Filed: 01/13/2004
Issued: 01/05/2010
Est. Priority Date: 01/13/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

sending an access-request signal comprising a well-known uniform resource locator to a network by a terminal for connecting to a help-portal server of said network and for requesting a provisioning signal or a management session signal for configuring the terminal;

receiving by the terminal, in response to said sending the access-request signal, an identity of said help-portal server using a chain of trust comprising at least two consecutive exchanges of information between trusted elements of the network and the terminal; and

re-sending, in response to said receiving said identity of said help-portal server, said access-request signal to the help-portal server by the terminal with a request to provide the provisioning signal or the management session signal to the terminal, wherein, after being configured using the provisioning signal or the management session signal, the terminal is enabled for handling data-protocol services and dynamically configured for the data-protocol services specific to a service provider in a secure way based on said chain of trust so as to be able to connect said terminal to an IP backbone network via said network, which provides said data-protocol services and which is provided by said service provider wherein identifying said help-portal server comprises;

identifying to the terminal a trusted access point node name by a trusted home location register of the network;

re-sending the access-request signal to the trusted access point node by the terminal;

identifying to the terminal a trusted domain name service server of the network by the trusted access point node;

re-sending said access-request signal by the terminal to the trusted domain name service server for identifying an address mapping for the help-portal server; and

identifying said address mapping to the terminal by the trusted domain name service server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention describes “plug and play” methodology for configuring a terminal, enabled for handling data-protocol services (e.g. GRPS), for the data-protocol services specific to a service provider so as to be able to connect said terminal to an IP backbone network via a network, which provides said data-protocol services and which is provided by said service provider. The invention further consists of using a well-known access point node (APN) name, and a well-known uniform resource locator (URL) string to access a service provider specific help-portal server of the network to request information for configuring the terminal. A core part of the invention is the fact that the security of the download is ensured by means of a chain of trust that originates with a trusted home location register or the well-known APN name, and is built using a trusted APN, the well-known URL string and a trusted domain name service.

Citations

35 Claims

1. A method, comprising:
- sending an access-request signal comprising a well-known uniform resource locator to a network by a terminal for connecting to a help-portal server of said network and for requesting a provisioning signal or a management session signal for configuring the terminal;
  
  receiving by the terminal, in response to said sending the access-request signal, an identity of said help-portal server using a chain of trust comprising at least two consecutive exchanges of information between trusted elements of the network and the terminal; and
  
  re-sending, in response to said receiving said identity of said help-portal server, said access-request signal to the help-portal server by the terminal with a request to provide the provisioning signal or the management session signal to the terminal, wherein, after being configured using the provisioning signal or the management session signal, the terminal is enabled for handling data-protocol services and dynamically configured for the data-protocol services specific to a service provider in a secure way based on said chain of trust so as to be able to connect said terminal to an IP backbone network via said network, which provides said data-protocol services and which is provided by said service provider wherein identifying said help-portal server comprises;
  
  identifying to the terminal a trusted access point node name by a trusted home location register of the network;
  
  re-sending the access-request signal to the trusted access point node by the terminal;
  
  identifying to the terminal a trusted domain name service server of the network by the trusted access point node;
  
  re-sending said access-request signal by the terminal to the trusted domain name service server for identifying an address mapping for the help-portal server; and
  
  identifying said address mapping to the terminal by the trusted domain name service server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein said data-protocol services specific to said service provider are provided by a general packet radio service.
  - 3. The method of claim 1, wherein the access-request signal is sent by a browser user agent block of the terminal.
  - 4. The method of claim 1, wherein the well-known uniform resource locator is allowed by an access control profile of the terminal.
  - 5. The method of claim 1, further comprising:
    - sending the provisioning signal or the management session signal to the terminal for configuring the terminal.
  - 6. The method of claim 5, wherein the provisioning signal is sent over an IP bearer or sent using a short message service protocol.
  - 7. The method of claim 6, wherein said provisioning signal is sent over the IP bearer using a hyper text transfer protocol or a hyper text transfer protocol secure.
  - 8. The method of claim 6, wherein said provisioning signal is sent over air.
  - 9. The method as in claim 1, wherein a security of configuring the terminal is ensured by means of the chain of trust built by the trusted home location register, by a well-known access point node name for accessing the trusted access point node, by the trusted access point node, by the trusted domain name service sewer and by the well-known uniform resource locator.
  - 10. The method of claim 1, wherein after said sending the request signal to the help-portal sewer, the method fun her comprises:
    - sending a user authentication request signal to an authentication block of the network or to the terminal or to both, the authentication block and the terminal, respectively, by the help-portal sewer, and receiving authentication confirmation signal back from the authentication block or from the terminal, respectively, or from both, the authentication block and the terminal; and
      
      determining if the terminal is authentic by the help-portal server based on the authentication confirmation signals.
  - 11. The method of claim 1, wherein said access-request signal contains user identification information, a generic uniform resource locator request for the help-portal server or for the help-portal server and a device management server, and a well-known access point node name for accessing the trusted access point node or a wildcard access point node.
  - 12. The method of claim 10, wherein if it is determined that the terminal is authentic, the method further comprises:
    - sending a triggering signal to a provisioning sewer by the help-portal server; and
      
      sending the provisioning signal by the provisioning server to the terminal and so configuring said terminal.
  - 13. The method of claim 10, wherein if it is determined that the terminal is authentic, the method further comprises the:
    - sending an initial provisioning triggering signal to a device management server for initial provisioning; and
      
      sending a further triggering signal by the help-portal server to an initialization content handler of the terminal, said further triggering signal containing a proxy address and a password for connecting to the device management server.
  - 14. The method of claim 13, further comprising:
    - determining if the further triggering signal contains an instruction of making a connection to the device management server by the terminal.
  - 15. The method of claim 14, wherein if the further triggering signal contains the instruction for making the connection to the device management server by the terminal, the method further comprises:
    - sending a start signal to a device management agent block of the terminal by an initialization content handler block;
      
      sending a further access-request signal containing a network access authentication to the device management server by the device management agent block; and
      
      sending the management session signal by the device management server to the terminal for further configuring the terminal.
  - 16. The method of claim 1, wherein before sending the access-request signal to the network, the method further comprises:
    - starting a browser user agent by a starting signal.

17. A cellular communication system, comprising:
- a processora terminal, enabled for handling data-protocol services and dynamically configured for the data-protocol services specific to a service provider in a secure way based on a chain of trust, responsive to a provisioning signal or to a management session signal for configuring the terminal, for sending an access-request signal comprising a well-known uniform resource locator for connecting to a help-portal server, for re-sending, in response to identifying said help-portal server,said access-request signal to the help-portal server with a request to provide the provisioning signal or the management session signal to the terminal; and
  
  a network provided by said service provider and comprising said help-portal server, responsive to the access-request signal, for providing the data-protocol services specific to the service provider, for said identifying, in response to said sending the access-request signal, said help-portal server to said terminal using said chain of trust comprising at least two consecutive exchanges of information between trusted elements of the network and the terminal, for providing the provisioning signal or the management session signal to the terminal to perform said configuring and for enabling after said configuring a connection of said terminal to an IP backbone network via the network, wherein said help-portal server of said network is responsive to the access-request signal and to one or both authentication confirmation signals, for providing a triggering signal, or an initial provisioning triggering signal and a further triggering signal;
  
  said network further comprises;
  
  a trusted domain name service server, responsive to the re-sending of the access-request signal from the terminal based on an identification of the trusted domain name service server provided by a trusted access point node, for identifying to the terminal an address mapping for the help-portal server;
  
  the trusted access point node, responsive to the re-sending of the access-request signal based on an identification of the trusted access point node provided by a trusted home location register, for providing to the terminal the trusted domain name service server;
  
  the trusted home location register, responsive to the access-request signal, for providing the trusted access point node to the terminal; and
  
  optionallyan authentication block, responsive to an authentication request signal, for providing the one authentication confirmation signal to the help-portal server.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 18. The cellular communication system of claim 17, wherein the well-known uniform resource locator is allowed by an access control profile of the terminal.
  - 19. The cellular communication system of claim 17, wherein said data-protocol services specific to said service provider are provided by a general packet radio service.
  - 20. The cellular communication system of claim 17, wherein the terminal comprises:
    - a browser user agent block, responsive to a starting signal, for providing the access-request signal to the network.
  - 21. The cellular communication system of claim 17, wherein a security of configuring the terminal is ensured by means of the chain of trust built by the trusted home location register, by a well-known access point node name for accessing the trusted access point node, and further built by the trusted access point node, by the trusted domain name service server and by the well-known uniform resource locator.
  - 22. The cellular communication system of claim 17, wherein said access-request signal contains user identification information, a generic uniform resource locator request for the help-portal server or for the help-portal server and a device management server, and a well-known access point node name for accessing the trusted access point node or a wildcard access point node.
  - 23. The cellular communication system of claim 17, wherein the network further comprises:
    - a provisioning server, responsive to the triggering signal by the help-portal server, for providing the provisioning signal to the terminal.
  - 24. The cellular communication system of claim 17, wherein the network further comprises:
    - a device management server, responsive to said initial provisioning triggering signal, to a further access-request signal containing a network access authentication provided by the terminal in response to said further triggering signal, for providing the management session signal to the terminal for configuring the terminal.
  - 25. The cellular communication system of claim 24, wherein the terminal further comprises:
    - an initialization content handler, responsive to the further triggering signal containing a proxy address and a password for connecting to the device management server, for providing a start signal; and
      
      a device management agent block, responsive to the start signal, for providing the further access-request signal.
  - 26. The cellular communication system of claim 17, wherein the provisioning signal is sent over an IP bearer or sent using a short message service protocol.
  - 27. The cellular communication system of claim 26, wherein said provisioning signal is sent over the IP bearer using a hyper text transfer protocol or a hyper text transfer protocol secure.
  - 28. The cellular communication system of claim 26, wherein said provisioning signal is sent over air.

29. A terminal apparatus, comprising:
- a processor;
  
  a browser user agent block, for sending an access-request signal comprising a well-known uniform resource locator to a network for connecting to a help-portal server of said network, for re-sending, in response to identifying said help-portal server, said access-request signal to the help-portal server with a request to provide a provisioning signal or a management session signal to the terminal apparatus,wherein said terminal apparatus is configured to receive an identity of said help-portal server using a chain of trust comprising at least two consecutive exchanges of information between trusted elements of the network and the browser user agent block, wherein said trusted elements of the network comprise a trusted home location register, a trusted access point node, and a trusted domain name service server, andwherein, after being configured using the provisioning signal or the management session signal, the terminal apparatus is enabled for handling data-protocol services and dynamically configured for the data-protocol services specific to a service provider in a secure way based on said chain of trust so as to be able to connect said terminal to an IP backbone network via the network, which is configured to provide said data-protocol services and which is provided by said service provider, wherein security of configuring the terminal apparatus is ensured by the chain of trust built by the trusted home location register, by a well-known access point node name provided by the trusted home location register to the terminal apparatus, and further built by the trusted access point node identifying to the terminal apparatus the trusted domain name service server in response to the re-sending of the access-request signal based on an identification of the trusted access point node provided by the trusted home location register and by the trusted domain name service server providing an address mapping to the terminal apparatus for locating the help-portal server in response to the re-sending of the access-request signal based on an identification of the trusted domain name service server provided by the trusted access point node.
- View Dependent Claims (30, 34)
- - 30. The terminal apparatus of claim 29, wherein said data-protocol services specific to said service provider are provided by a general packet radio service.
  - 34. The terminal apparatus of claim 29, wherein the security of configuring the terminal apparatus is ensured by means of the chain of trust built by the trusted home location register, by the well-known access point node name for accessing the trusted access point node, and further built by the trusted access point node, by the trusted domain name service server and by the well-known uniform resource locator.

31. A network, comprising:
- a processor;
  
  a help-portal server, for providing data-protocol services specific to a service provider, responsive to re-sending of an access-request signal from a terminal for providing a provisioning signal or a management session signal to the terminal to perform dynamic configuring of said terminal for the data-protocol services specific to the service provider in a secure way based on a chain of trust so as to enable after said configuring a connection of said terminal to an IP backbone network via the network, which is configured to provide said data-protocol services and which is provided by said service provider, wherein the re-sending of the access-request signal is in response to said terminal sending said access-request signal comprising a well-known uniform resource locator for connecting to said help-portal server of said network, the network is configured to identify said help-portal server to said terminal using said chain of trust comprising at least two consecutive exchanges of information between trusted elements of the network and the terminal, wherein said trusted elements of the network comprise;
  
  a trusted home location register, responsive to the access-request signal, for providing a trusted access point node to the terminal,the trusted access point node, responsive to the re-sending of the access-request signal based on an identification of the trusted access point node provided by the trusted home location register, for providing to the terminal a trusted domain name service server;
  
  the trusted domain name service server, responsive to the re-sending of the access-request signal from the terminal based on an identification of the trusted domain name service server provided by the trusted access point node, for identifying to the terminal an address mapping for the help-portal server.
- View Dependent Claims (32, 33, 35)
- - 32. The network of claim 31, wherein the help-portal server is configured to provide an authentication request signal, and said network further comprises:
    - an authentication block, responsive to said authentication request signal, for providing an authentication confirmation signal to the help-portal server.
  - 33. The network of claim 31, wherein the help-portal server is configured to provide a triggering signal in response to said access-request signal, and said network comprises:
    - a provisioning server, responsive to the triggering signal by the help-portal server, for providing the provisioning signal to the terminal.
  - 35. The network of claim 31, wherein a security of configuring the terminal is ensured by means of the chain of trust built by the trusted home location register, by a well-known access point node name for accessing the trusted access point node, and further built by the trusted access point node, by the trusted domain name service server and by the well-known uniform resource locator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Gustafsson, Patrik
Primary Examiner(s)
Lee; Philip C

Application Number

US10/757,560
Publication Number

US 20050153683A1
Time in Patent Office

2,184 Days
Field of Search

455/418, 455/436, 455/411, 455/347, 370/401, 370/348, 370/337, 713/176, 717/171, 709/227, 709/203
US Class Current

709/227
CPC Class Codes

H04L 2101/375   Access point names [APN]

H04L 41/0809   Plug-and-play configuration

H04L 61/00   Network arrangements, proto...

H04L 61/30   Managing network names, e.g...

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

H04M 1/72406   by software upgrading or do...

H04W 12/06   Authentication

H04W 80/04   Network layer protocols, e....

H04W 92/02   Inter-networking arrangements

Plug and play mobile services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Plug and play mobile services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links