Method and apparatus for authenticating a mobile device

US 8,621,203 B2
Filed: 06/22/2009
Issued: 12/31/2013
Est. Priority Date: 06/22/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

initiating transmission, from a mobile device, of a request to an authentication platform, different from the mobile device, for generating a public-key certificate to access a service from the mobile device;

receiving, by the mobile device, an identity challenge, initiated from the authentication platform, corresponding to the request; and

initiating transmission of a tag specific to the mobile device to the authentication platform,wherein the tag is used by the authentication platform to generate the public-key certificate, andwherein the public-key certificate includes at least a public-key signature based in part on the tag, a public key corresponding to the mobile device, and a partial hash calculated over the tag.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for authenticating a mobile device. A mobile device initiates transmission of a request to an authentication platform for generating a public-key certificate to access a service from the mobile device. The mobile device receives an identity challenge and responds by initiating transmission of a tag specific to the mobile device to the authentication platform. The authentication platform uses the tag to generate a public-key certificate.

36 Citations

View as Search Results

18 Claims

1. A method comprising:
- initiating transmission, from a mobile device, of a request to an authentication platform, different from the mobile device, for generating a public-key certificate to access a service from the mobile device;
  
  receiving, by the mobile device, an identity challenge, initiated from the authentication platform, corresponding to the request; and
  
  initiating transmission of a tag specific to the mobile device to the authentication platform,wherein the tag is used by the authentication platform to generate the public-key certificate, andwherein the public-key certificate includes at least a public-key signature based in part on the tag, a public key corresponding to the mobile device, and a partial hash calculated over the tag.
- View Dependent Claims (2)
- - 2. A method of claim 1, wherein the tag is a service tag based on at least a portion of a fixed-form template including one or more unique identifiers corresponding to the mobile device, and wherein the one or more identifiers include an International Mobile Equipment Identity (IMEI) code, Medium Access Control (MAC) address, Bluetooth address (BTADDR), International Mobile Subscriber Identity (IMSI) code, Electronic Serial Number (ESN), Mobile Equipment Identifier (MEID), International Mobile Subscriber, chip specific identifier, or a combination thereof.

3. A method comprising:
- initiating transmission, from a mobile device, of a request to an authentication platform, different from the mobile device, for generating a public-key certificate to access a service from the mobile device;
  
  receiving, by the mobile device, an identity challenge, initiated from the authentication platform, corresponding to the request;
  
  initiating transmission of a tag specific to the mobile device to the authentication platform, wherein the tag is used by the authentication platform to generate the public-key certificate;
  
  initiating transmission of another request to access the service;
  
  receiving another identity challenge in response to the other request;
  
  generating, in response to the other identity challenge, a public-key signature calculated from a hash of the tag, a predetermined string, and the other identity challenge;
  
  initiating transmission of the public-key signature to the authentication platform for validation; and
  
  receiving a license file granting access to the service based on the validation.
- View Dependent Claims (4, 5)
- - 4. A method of claim 3, wherein the step of generating in response to the other identity challenge is performed by an embedded trusted environment within the mobile device, and wherein the public key signature is signed with a public key corresponding to the embedded trusted environment.
  - 5. A method of claim 3, wherein the validation is used to inhibit automatic or mass deployment of network identities.

6. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following,initiate transmission, from a mobile device, of a request to an authentication platform, different from the mobile device, for generating a public-key certificate to access a service from the mobile device,receive at the mobile device, an identity challenge from the authentication platform corresponding to the request,initiate transmission of a tag specific to the mobile device to the authentication platform, wherein the tag is used by the authentication platform to generate the public-key certificate,initiate transmission of another request to access the service,receive another identity challenge in response to the other request,generate, in response to the other identity challenge, a public-key signature calculated from a hash of the tag, a predetermined string, and the other identity challenge,initiate transmission of the public-key signature to the authentication platform for validation, andreceive a license file granting access to the service based on the validation.
- View Dependent Claims (7, 8, 9)
- - 7. An apparatus of claim 6, wherein the step of generating in response to the other identity challenge is performed by an embedded trusted environment within the mobile device, and wherein the public key signature is signed with a public key corresponding to the embedded trusted environment.
  - 8. An apparatus of claim 6, wherein the tag is a service tag based on at least a portion of a fixed-form template including one or more unique identifiers corresponding to the mobile device, and wherein the one or more identifiers include an International Mobile Equipment Identity (IMEI) code, Medium Access Control (MAC) address, Bluetooth address (BTADDR), International Mobile Subscriber Identity (IMSI) code, Electronic Serial Number (ESN), Mobile Equipment Identifier (MEID), International Mobile Subscriber, chip specific identifier, or a combination thereof.
  - 9. An apparatus of claim 6, wherein the apparatus is a mobile phone further comprising:
    - user interface circuitry and user interface software configured to facilitate user control of at least some functions of the mobile phone through use of a display and configured to respond to user input; and
      
      a display and display circuitry configured to display at least a portion of a user interface of the mobile phone, the display and display circuitry configured to facilitate user control of at least some functions of the mobile phone.

10. A method comprising:
- receiving, at an authentication platform, a request from a mobile device, different from the authentication platform, to generate a public-key certificate for accessing a service;
  
  initiating transmission of an identity challenge from the authentication platform to the mobile device;
  
  receiving a tag specific to the mobile device in response to the identity challenge;
  
  calculating a partial hash of the tag;
  
  calculating a full hash of the tag, a predetermined string, and the identity challenge;
  
  retrieving a public-key corresponding to the mobile device;
  
  generating a public-key signature from the full hash using the public key; and
  
  constructing the public-key certificate to include at least the public-key signature, the public key, and the partial hash.
- View Dependent Claims (11, 12, 13, 14)
- - 11. A method of claim 10, further comprising:
    - receiving another request from the mobile device to access the service;
      
      initiating transmission of another identity challenge to the mobile device;
      
      receiving, in response to the other identity challenge, another public-key signature calculated by the mobile device from another hash of the tag, the predetermined string, and the other identity challenge;
      
      retrieving the public-key certificate corresponding to the mobile device;
      
      extracting the public key and the partial hash from the public key-certificate;
      
      completing the partial hash by appending a hash of the predetermined string and the other identity challenge to the partial hash;
      
      generating a validation signature from the completed partial hash using the public key;
      
      validating the other public-key signature against the generated validation signature;
      
      creating a license file corresponding to the service based on the validation; and
      
      initiating transmission of the license file to the mobile device to grant access to the service.
  - 12. A method of claim 11, further comprising:
    - setting a service flag to grant access to the service by the mobile device based on the validation,wherein the service flag grants future access to the service without revalidation of the other public-key signature or the license file.
  - 13. A method of claim 10, wherein the tag is a service tag based on at least a portion of a fixed-form template including one or more unique identifiers corresponding to the mobile device, and wherein the one or more identifiers include an International Mobile Equipment Identity (IMEI) code, Medium Access Control (MAC) address, Bluetooth address (BTADDR), International Mobile Subscriber Identity (IMSI) code, Electronic Serial Number (ESN), Mobile Equipment Identifier (MEID), International Mobile Subscriber, chip specific identifier, or a combination thereof.
  - 14. A method of claim 10, wherein the validation is used to inhibit automatic or mass deployment of network identities.

15. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following,receive, at an authentication platform, a request from a mobile device, different from the authentication platform, to generate a public-key certificate for accessing a service;
  
  initiate transmission of an identity challenge from the authentication platform to the mobile device;
  
  receive a tag specific to the mobile device in response to the identity challenge;
  
  calculate a partial hash of the tag;
  
  calculate a full hash of the tag, a predetermined string, and the identity challenge;
  
  retrieve a public-key corresponding to the mobile device;
  
  generate a public-key signature from the full hash using the public key; and
  
  construct the public-key certificate to include at least the public-key signature, the public key, and the partial hash.
- View Dependent Claims (16, 17, 18)
- - 16. An apparatus of claim 15, wherein the apparatus is further caused to:
    - receive another request from the mobile device to access the service;
      
      initiate transmission of another identity challenge to the mobile device;
      
      receive, in response to the other identity challenge, another public-key signature calculated by the mobile device from another hash of the tag, the predetermined string, and the other identity challenge;
      
      retrieve the public-key certificate corresponding to the mobile device;
      
      extract the public key and the partial hash from the public key-certificate;
      
      complete the partial hash by appending a hash of the predetermined string and the other identity challenge to the partial hash;
      
      generate a validation signature from the completed partial hash using the public key;
      
      validate the other public-key signature against the generated validation signature;
      
      create a license file corresponding to the service based on the validation; and
      
      initiate transmission of the license file to the mobile device to grant access to the service.
  - 17. An apparatus of claim 16, wherein the other public-key signature has been validated, and the apparatus is further caused to:
    - set a service flag to grant access to the service by the mobile device based on the validation,wherein the service flag grants future access to the service without revalidation of the other public-key signature or the license file.
  - 18. An apparatus of claim 15, wherein the tag is a service tag based on at least a portion of a fixed-form template including one or more unique identifiers corresponding to the mobile device, and wherein the one or more identifiers include an International Mobile Equipment Identity (IMEI) code, Medium Access Control (MAC) address, Bluetooth address (BTADDR), International Mobile Subscriber Identity (IMSI) code, Electronic Serial Number (ESN), Mobile Equipment Identifier (MEID), International Mobile Subscriber, chip specific identifier, or a combination thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Ekberg, Jan-Erik, Kostiainen, Kari, Laitinen, Pekka, Aarni, Ville, Sainio, Miikka, Von Knorring, Niklas, Kolesnikov, Dmitry, Lahtiranta, Atte
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US12/488,943
Publication Number

US 20100325427A1
Time in Patent Office

1,653 Days
Field of Search

713/156, 713168-170, 713/173, 713/181, 726/4, 726/22, 726/26
US Class Current

713/156
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 12/47   using near field communicat...

Method and apparatus for authenticating a mobile device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for authenticating a mobile device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links