System and method for provisioning device certificates

US 8,527,770 B2
Filed: 07/20/2006
Issued: 09/03/2013
Est. Priority Date: 07/20/2006
Status: Active Grant

First Claim

Patent Images

1. A method for provisioning a device certificate on a device configurable to communicate wirelessly with one or more backend servers via a communication network, the method comprising:

transmitting to a server in the communication network an activation request for activating the device on the communication network;

during activation of the device, transmitting, from the device to the server, a device certificate request for the device, the device certificate request including at least a user identifier and a device identifier; and

receiving at the device, from the server, a device certificate that comprises a signed version of the device certificate request, the signed version of the device certificate request having been generated using a private key of a predefined certification authority, wherein the device certificate binds together the user identifier and the device identifier.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for provisioning a device certificate on a device. The device is configured to communicate wirelessly with a plurality of backend servers via a communication network. The communication network includes a mobile data server. An activation request is initiated to the mobile data server for activating the device on the communication network. During activation, a device certificate request is provided to the mobile data server for the device. The device certificate request includes at least a user identifier, a device identifier and a device public key. The device certificate request is forwarded from the mobile data server to a predefined certification authority. A device certificate from the predefined certification authority is received at the device in response to the device certificate request.

Citations

36 Claims

1. A method for provisioning a device certificate on a device configurable to communicate wirelessly with one or more backend servers via a communication network, the method comprising:
- transmitting to a server in the communication network an activation request for activating the device on the communication network;
  
  during activation of the device, transmitting, from the device to the server, a device certificate request for the device, the device certificate request including at least a user identifier and a device identifier; and
  
  receiving at the device, from the server, a device certificate that comprises a signed version of the device certificate request, the signed version of the device certificate request having been generated using a private key of a predefined certification authority, wherein the device certificate binds together the user identifier and the device identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 31, 32)
- - 2. The method of claim 1, wherein the user identifier is an email address.
  - 3. The method of claim 1, wherein the device identifier is a device personal identification number.
  - 4. The method of claim 1, wherein the device identifier is a device serial number.
  - 5. The method of claim 1, wherein the device identifier is a device IMSI.
  - 6. The method of claim 1, wherein the device certificate request is in the form of a Public-Key Cryptography Standards No. 10 certificate signing request.
  - 7. The method of claim 1, wherein the predefined certification authority is maintained by the server in the communication network.
  - 8. The method of claim 1, wherein the predefined certification authority is a third party certification authority.
  - 9. The method of claim 1, wherein the predefined certification authority is maintained by an administrator of the server in the communication network.
  - 10. The method of claim 1, further comprising the step of establishing a secure communications tunnel between the device and the server in the communication network before requesting the device certificate.
  - 11. The method of claim 10, wherein the device and the server each generate and exchange a pair of public encryption keys.
  - 12. The method of claim 11, wherein the device and the server each use the public encryption key pairs and a shared secret to generate and verify a master encryption key.
  - 13. The method of claim 12, wherein the shared secret is an authentication password.
  - 31. The method of claim 1, further comprising:
    - receiving the user identifier at the device.
  - 32. The method of claim 1, wherein the device certificate request further includes a device public key.

14. A method for provisioning a device certificate on a device configurable to communicate wirelessly with one or more backend servers via a communication network including a server, the method comprising the steps of:
- obtaining at the server an activation request for activating the device on the communication network;
  
  during activation of the device, receiving at the server, from the device, a device certificate request for the device, the device certificate request including at least a user identifier and a device identifier; and
  
  providing to the device, from the server, a device certificate that comprises a signed version of the device certificate request, the signed version of the device certificate request having been generated using a private key of a predefined certification authority, wherein the device certificate binds together the user identifier and the device identifier.
- View Dependent Claims (33, 34)
- - 33. The method of claim 14, wherein the device certificate request further includes a device public key.
  - 34. The method of claim 14, further comprising:
    - forwarding the device certificate request from the server to the predefined certification authority.

15. A wireless communication device configured:
- to transmit to a server of a communication network an activation request for activating the device on the communication network;
  
  during activation of the device, to transmit, from the device to the server, a device certificate request for the device, the device certificate request including at least a user identifier and a device identifier; and
  
  to receive at the device, from the server, a device certificate that comprises a signed version of the device certificate request, the signed version of the device certificate request having been generated using a private key of a predefined certification authority, wherein the device certificate binds together the user identifier and the device identifier.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 35, 36)
- - 16. The device of claim 15, wherein the user identifier is an email address.
  - 17. The device of claim 15, wherein the device identifier is a device personal identification number.
  - 18. The device of claim 15, wherein the device identifier is a device serial number.
  - 19. The device of claim 15, wherein the device identifier is a device IMSI.
  - 20. The device of claim 15, wherein the device certificate request is in the form of a Public-Key Cryptography Standards No. 10 certificate signing request.
  - 21. The device of claim 15, wherein the predefined certification authority is maintained by the server in the communication network.
  - 22. The device of claim 15, wherein the predefined certification authority is a third party certification authority.
  - 23. The device of claim 15, wherein the predefined certification authority is maintained by an administrator of the server in the communication network.
  - 24. The device of claim 15, further configured to establish a secure communications tunnel with the server in the communication network before requesting the device certificate.
  - 25. The device of claim 24, wherein the device generates and exchanges a pair of public encryption keys with the server.
  - 26. The device of claim 25, configured to use the public encryption key pairs and a shared secret to generate and verify a master encryption key.
  - 27. The device of claim 26, wherein the shared secret is an authentication password.
  - 35. The device of claim 15, further configured to:
    - receive the user identifier at the device.
  - 36. The device of claim 15, wherein the device certificate request further includes a device public key.

28. A computer program product for provisioning a device certificate on a device configurable to communicate wirelessly with one or more backend servers via a communication network, the computer program product comprising instructions which, when executed on the device, cause the device to implement the steps of:
- transmitting to a server of the communication network an activation request for activating the device on the communication network;
  
  during activation of the device, providing, from the device to the server, a device certificate request for the device, the device certificate request including at least a user identifier and a device identifier; and
  
  receiving at the device, from the server, a device certificate that comprises a signed version of the device certificate request, the signed version of the device certificate request having been generated using a private key of a predefined certification authority, wherein the device certificate binds together the user identifier and the device identifier.
- View Dependent Claims (29, 30)
- - 29. The computer program product of claim 28, the instructions, when executed on the device to further cause the device to implement the step of:
    - receiving the user identifier at the device.
  - 30. The computer program product of claim 28, wherein the device certificate request further includes a device public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Research In Motion Limited (Blackberry Limited)
Inventors
Brown, Michael K., Brown, Michael S., Kirkup, Michael
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
JHAVERI, JAYESH M

Application Number

US11/458,783
Publication Number

US 20080022103A1
Time in Patent Office

2,602 Days
Field of Search

380/270, 380/277, 705/76, 709/223, 713/175, 713/189, 713155-158, 713/173
US Class Current

713/175
CPC Class Codes

G06F 2221/2129   Authenticate client device ...

H04L 2209/80   Wireless

H04L 63/0272   Virtual private networks

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 12/72   Subscriber identity

H04W 88/02   Terminal devices

System and method for provisioning device certificates

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for provisioning device certificates

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links