Method and system for mobile device credentialing
First Claim
1. A method of facilitating over-the-air mobile communication device activation comprising, at a centralized device directory server:
- storing a device record that comprises preliminary subscription credential information for a mobile device;
sending at least part of the preliminary subscription credential information securely to an initial provisioning party, for use in initially provisioning the mobile device;
receiving a device identifier for the mobile device from a credential server of a given network operator associated with an intended end-user of the mobile device, and correspondingly linking network address information of the credential server to the device record;
receiving a validation request from an authentication server, responsive to the mobile device attempting to access a wireless communication network using the preliminary subscription credential information;
sending an authentication vector to the authentication server that is based on a secret key included in the preliminary subscription credential information, if the preliminary subscription credential information for the mobile device is valid;
receiving a credential server address request from the mobile device, subsequent to the mobile device gaining temporary access to the wireless communication network via the authentication vector; and
sending network address information for the credential server to the mobile device, as linked in the device record stored for the mobile device.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems taught herein allow mobile device manufacturers to preconfigure mobile devices for subscription with any network operator having access to a centralized device directory server. The directory server stores device records, each including a preliminary subscription identity. Manufacturers individually provision new mobile devices with these preliminary subscription identities, and network operators preliminarily register subscribers by submitting requests to the directory server that cause it to link individual device records with the appropriate credential server addresses. Mobile devices gain temporary network access by submitting their preliminary subscription identities, which get passed along to the directory server for verification. In turn, the directory server generates authentication vectors giving the mobile devices temporary network access, and returns the appropriate credential server addresses. The mobile devices use the address information to submit secure requests for permanent subscription credentials, and the involved credential servers securely return permanent subscription credentials responsive to valid requests.
48 Citations
18 Claims
-
1. A method of facilitating over-the-air mobile communication device activation comprising, at a centralized device directory server:
-
storing a device record that comprises preliminary subscription credential information for a mobile device; sending at least part of the preliminary subscription credential information securely to an initial provisioning party, for use in initially provisioning the mobile device; receiving a device identifier for the mobile device from a credential server of a given network operator associated with an intended end-user of the mobile device, and correspondingly linking network address information of the credential server to the device record; receiving a validation request from an authentication server, responsive to the mobile device attempting to access a wireless communication network using the preliminary subscription credential information; sending an authentication vector to the authentication server that is based on a secret key included in the preliminary subscription credential information, if the preliminary subscription credential information for the mobile device is valid; receiving a credential server address request from the mobile device, subsequent to the mobile device gaining temporary access to the wireless communication network via the authentication vector; and sending network address information for the credential server to the mobile device, as linked in the device record stored for the mobile device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for facilitating over-the-air mobile communication device activation including a centralized device directory server that comprises one or more processing circuits configured to:
-
store a device record that comprises preliminary subscription credential information for a mobile device; send at least part of the preliminary subscription credential information securely to an initial provisioning party, for use in initially provisioning the mobile device; receive a device identifier for the mobile device from a credential server of a given network operator associated with an intended end-user of the mobile device, and correspondingly link network address information of the credential server to the device record; receive a validation request from an authentication server, responsive to the mobile device attempting to access a wireless communication network using the preliminary subscription credential information; send an authentication vector to the authentication server that is based on a secret key included in the preliminary subscription credential information, if the preliminary subscription credential information for the mobile device is valid; and receive a credential server address request from the mobile device, subsequent to the mobile device gaining temporary access to the wireless communication network via the authentication vector, and to correspondingly send network address information for the credential server to the mobile device, as linked in the device record stored for the mobile device. - View Dependent Claims (10, 11, 12, 13, 18)
-
- 14. The system of 12, wherein the authentication server is communicatively coupled to the wireless communication network and is configured to receive the Preliminary International Mobile Subscriber Identity, PIMSI, and to correspondingly receive an authentication vector for the mobile station in response to transferring the Preliminary International Mobile Subscriber Identity, PIMSI, to the centralized device directory server for verification, and to return the authentication vector to the wireless communication network for granting temporary access to the mobile device.
Specification