Credential generation system and method for communications devices and device management servers
First Claim
1. A method of mutually authenticating a communications device and a server, the method comprising:
- generating with the communications device first and second credentials;
generating with the server third and fourth credentials;
providing the first credential from the communications device to the server;
providing the fourth credential from the server to the communications device;
authenticating the communications device when the first credential matches the third credential; and
authenticating the server when the fourth credential matches the second credential,wherein the communications device and the server use the same function to generate the credentials, the function using a unique identifier of the communications device including at least one of an electronic serial number (ESN), mobile equipment identifier (MEID), international mobile equipment identity (IMEI), and a media access control (MAC) address of the communications device.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for establishing credentials at a device and at a device management server for the purpose of exchanging secure credentials in order to mutually authenticate the device and the server. A credential generation algorithm is described which uses a plurality of seeds, including the hardware identity of the device, the server identity, and a shared private key, to generate two sets of credentials, one to be used by the device and the other to be used by the device management server. The credentials are exchanged between the device and the server during any session, thereby assuring mutual authentication.
20 Citations
32 Claims
-
1. A method of mutually authenticating a communications device and a server, the method comprising:
-
generating with the communications device first and second credentials; generating with the server third and fourth credentials; providing the first credential from the communications device to the server; providing the fourth credential from the server to the communications device; authenticating the communications device when the first credential matches the third credential; and authenticating the server when the fourth credential matches the second credential, wherein the communications device and the server use the same function to generate the credentials, the function using a unique identifier of the communications device including at least one of an electronic serial number (ESN), mobile equipment identifier (MEID), international mobile equipment identity (IMEI), and a media access control (MAC) address of the communications device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of mutually authenticating a communications device and a server, the method comprising:
-
generating with the communications device first and second credentials; generating with the server third and fourth credentials; providing the first credential from the communications device to the server; providing the fourth credential from the server to the communications device; authenticating the communications device when the first credential matches the third credential; and authenticating the server when the fourth credential matches the second credential, wherein the communications device and the server use the same function to generate the credentials, the function including a one-way hash function which uses at least two parameters, the first and third credentials being generated with the at least two parameters arranged in a first order, and the second and fourth credentials being generated with the at least two parameters arranged in a second order. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method of mutually authenticating a communications device and a device management server, the method comprising:
-
generating with the communications device first and second credentials; generating with the device management server third and fourth credentials; providing the first credential from the communications device to the device management server; providing the fourth credential from the device management server to the communications device; authenticating the communications device when the first credential matches the third credential; authenticating the device management server when the fourth credential matches the second credential; and conducting a remote management session after the communications device and device management server are mutually authenticated. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification