Credential generation system and method for communications devices and device management servers

US 8,001,379 B2
Filed: 03/26/2008
Issued: 08/16/2011
Est. Priority Date: 03/26/2008
Status: Active Grant

First Claim

Patent Images

1. A method of mutually authenticating a communications device and a server, the method comprising:

generating with the communications device first and second credentials;

generating with the server third and fourth credentials;

providing the first credential from the communications device to the server;

providing the fourth credential from the server to the communications device;

authenticating the communications device when the first credential matches the third credential; and

authenticating the server when the fourth credential matches the second credential,wherein the communications device and the server use the same function to generate the credentials, the function using a unique identifier of the communications device including at least one of an electronic serial number (ESN), mobile equipment identifier (MEID), international mobile equipment identity (IMEI), and a media access control (MAC) address of the communications device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described for establishing credentials at a device and at a device management server for the purpose of exchanging secure credentials in order to mutually authenticate the device and the server. A credential generation algorithm is described which uses a plurality of seeds, including the hardware identity of the device, the server identity, and a shared private key, to generate two sets of credentials, one to be used by the device and the other to be used by the device management server. The credentials are exchanged between the device and the server during any session, thereby assuring mutual authentication.

20 Citations

View as Search Results

32 Claims

1. A method of mutually authenticating a communications device and a server, the method comprising:
- generating with the communications device first and second credentials;
  
  generating with the server third and fourth credentials;
  
  providing the first credential from the communications device to the server;
  
  providing the fourth credential from the server to the communications device;
  
  authenticating the communications device when the first credential matches the third credential; and
  
  authenticating the server when the fourth credential matches the second credential,wherein the communications device and the server use the same function to generate the credentials, the function using a unique identifier of the communications device including at least one of an electronic serial number (ESN), mobile equipment identifier (MEID), international mobile equipment identity (IMEI), and a media access control (MAC) address of the communications device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein at least one of the credentials includes a password.
  - 3. The method of claim 1, wherein at least one of the credentials includes a digest of a plurality of parameters.
  - 4. The method of claim 3, wherein the plurality of parameters includes a username, a password, and a nonce.
  - 5. The method of claim 1, wherein the credentials are unique to the communications device.
  - 6. The method of claim 1, wherein the credentials are unique to the server.
  - 7. The method of claim 1, wherein the credentials are unique to a service provider.
  - 8. The method of claim 1 comprising:
    - providing the unique identifier of the communications device from the communications device to the server; and
      
      providing a unique identifier of the server from the server to the communications device;
      
      wherein the first and second credentials are generated by the communications device as a function of the unique identifiers of the communications device and the server, and the third and fourth credentials are generated by the server as a function of the unique identifiers of the communications device and the server.

9. A method of mutually authenticating a communications device and a server, the method comprising:
- generating with the communications device first and second credentials;
  
  generating with the server third and fourth credentials;
  
  providing the first credential from the communications device to the server;
  
  providing the fourth credential from the server to the communications device;
  
  authenticating the communications device when the first credential matches the third credential; and
  
  authenticating the server when the fourth credential matches the second credential,wherein the communications device and the server use the same function to generate the credentials, the function including a one-way hash function which uses at least two parameters, the first and third credentials being generated with the at least two parameters arranged in a first order, and the second and fourth credentials being generated with the at least two parameters arranged in a second order.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 10. The method of claim 9, wherein the one-way hash function which uses at least three parameters including a private key.
  - 11. The method of claim 10, wherein the private key is unique to a service provider.
  - 12. The method of claim 9, wherein the credentials are unique to the communications device.
  - 13. The method of claim 9, wherein the credentials are unique to the server.
  - 14. The method of claim 9, wherein the credentials are unique to a service provider.
  - 15. The method of claim 9, wherein the function uses a unique identifier of the communications device.
  - 16. The method of claim 9, wherein at least one of the credentials includes a password.
  - 17. The method of claim 9, wherein at least one of the credentials includes a digest of a plurality of parameters.
  - 18. The method of claim 17, wherein the plurality of parameters includes a username, a password, and a nonce.
  - 19. The method of claim 9 comprising:
    - providing a first of the at least two parameters from the communications device to the server; and
      
      providing a second of the at least two parameters from the server to the communications device;
      
      wherein the first and second credentials are generated by the communications device as a function of the first and second parameters, and the third and fourth credentials are generated by the server as a function of the first and second parameters.
  - 20. The method of claim 19, wherein the first parameter includes a unique identifier of the communications device and the second parameter includes a unique identifier of the server.

21. A method of mutually authenticating a communications device and a device management server, the method comprising:
- generating with the communications device first and second credentials;
  
  generating with the device management server third and fourth credentials;
  
  providing the first credential from the communications device to the device management server;
  
  providing the fourth credential from the device management server to the communications device;
  
  authenticating the communications device when the first credential matches the third credential;
  
  authenticating the device management server when the fourth credential matches the second credential; and
  
  conducting a remote management session after the communications device and device management server are mutually authenticated.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 22. The method of claim 21, wherein the device management server operates in accordance with at least one standard including an Open Mobile Alliance Device management standard, a TR-69 standard, and a DOCSIS standard.
  - 23. The method of claim 21, wherein the credentials are generated using the same function.
  - 24. The method of claim 23, wherein the function uses a unique identifier of the communications device.
  - 25. The method of claim 21, wherein the credentials are unique to the communications device.
  - 26. The method of claim 21, wherein the credentials are unique to the server.
  - 27. The method of claim 21, wherein the credentials are unique to a service provider.
  - 28. The method of claim 21, wherein at least one of the credentials includes a password.
  - 29. The method of claim 21, wherein at least one of the credentials includes a digest of a plurality of parameters.
  - 30. The method of claim 29, wherein the plurality of parameters includes a username, a password, and a nonce.
  - 31. The method of claim 21 comprising:
    - providing a first parameter from the communications device to the server; and
      
      providing a second parameter from the server to the communications device;
      
      wherein the first and second credentials are generated by the communications device as a function of the first and second parameters, and the third and fourth credentials are generated by the server as a function of the first and second parameters.
  - 32. The method of claim 31, wherein the first parameter includes a unique identifier of the communications device and the second parameter includes a unique identifier of the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia of America Corporation (Nokia Corporation)
Original Assignee
Mformation Technologies Incorporated
Inventors
Daskalopoulos, Vasilios, Nath, Badri, Kushwaha, Rakesh
Primary Examiner(s)
Song, Hosuk

Application Number

US12/055,752
Publication Number

US 20090249069A1
Time in Patent Office

1,238 Days
Field of Search

713/150, 713/155, 713168-170, 713/186, 713181-184, 726 2- 6, 726 17- 21, 380/44
US Class Current

713/168
CPC Class Codes

H04L 2463/081 applying self-generating cr...

H04L 63/0869 for achieving mutual authen...

Credential generation system and method for communications devices and device management servers

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Credential generation system and method for communications devices and device management servers

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links