Subscriber certificate provisioning
First Claim
Patent Images
1. A method for provisioning a device with a certificate comprising:
- receiving credentials transmitted from the device through an access point, the credentials identifying a credentials username and password;
verifying whether the credentials are trusted according to a two-factor authentication process, the two-factor authentication process determining;
i) the credentials to be trusted in the event (i) the credentials username and password match with a trusted username and password previously associated with the device and (ii) an address associated with the access point is within a range of trusted addresses;
ii) the credentials to be untrusted in the event the username and password fail to match with the trusted username and password or the address fails to fall within the range of trusted addresses;
providing the device with an assertion in the event the credentials are trusted, the assertion being sufficient for the device to request the certificate;
preventing delivery of the assertion to the device in the event the credentials are untrusted until the device transmits trusted credentials;
wherein the certificate is provided from a certificate authority (CA) upon receipt of a security token included with a certificate request transmitted from the device, the security token being required by the CA prior to providing the certificate to the device; and
the security token being provided to the device from a registration authority (RA) upon receipt of the assertion being included within a security token request transmitted from the device, the assertion being required by the RA prior to providing the security token to the device.
1 Assignment
0 Petitions
Accused Products
Abstract
Provisioning a device with a certificate is contemplated. The certificate may be used to verify whether the device or a user of the device is authorized to access electronic content, services, and signaling. The certificate may be provisioned in relation to the device having successfully completed a two-factor authentication process so that an entity providing the certificate need not have to repeat the two-factor authentication process.
24 Citations
15 Claims
-
1. A method for provisioning a device with a certificate comprising:
-
receiving credentials transmitted from the device through an access point, the credentials identifying a credentials username and password; verifying whether the credentials are trusted according to a two-factor authentication process, the two-factor authentication process determining; i) the credentials to be trusted in the event (i) the credentials username and password match with a trusted username and password previously associated with the device and (ii) an address associated with the access point is within a range of trusted addresses; ii) the credentials to be untrusted in the event the username and password fail to match with the trusted username and password or the address fails to fall within the range of trusted addresses; providing the device with an assertion in the event the credentials are trusted, the assertion being sufficient for the device to request the certificate; preventing delivery of the assertion to the device in the event the credentials are untrusted until the device transmits trusted credentials; wherein the certificate is provided from a certificate authority (CA) upon receipt of a security token included with a certificate request transmitted from the device, the security token being required by the CA prior to providing the certificate to the device; and the security token being provided to the device from a registration authority (RA) upon receipt of the assertion being included within a security token request transmitted from the device, the assertion being required by the RA prior to providing the security token to the device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for provisioning a device with a certificate comprising:
-
receiving a certificate request from the device, the certificate request including a security token previously provided to the device after successfully completing a two-factor authentication process; providing the certificate to the device in the event the security token indicates the two-factor authentication process was completed by a trusted entity; denying the certificate to the device in the event the security token fails to indicate the two-factor authentication process was completed by a trusted entity; providing the security token to the device upon receipt of a security token request having an assertion, the assertion being provided to the device from the trusted entity after successfully completing the two-factor authentication process; the assertion being provided to the device from an identity provider (IdP), the security token being provided to the device from a registration authority (RA), and the certificate being provided from a certificate authority (CA); the IdP performing the two-factor authentication process and providing the assertion upon receipt of credentials transmitted from the device through an access point, the credentials identifying a credentials username and password input to the device by a user while connected to the access point; the IdP determining the two-factor authentication process to be successful in the event (i) the credentials username and password match with a trusted username and password previously associated with the device and (ii) an address associated with the credentials access point is within a range of trusted addresses; and the IdP determining the two-factor authentication process to be unsuccessful in the event the username and password fail to match with the trusted username and password or the address is not within the range of trusted addresses. - View Dependent Claims (9)
-
-
10. A non-transitory computer-readable medium having computer-readable code embodied therein for controlling a computing device to electronically facilitate certificate provisioning, the computer-readable code comprising instructions for:
-
transmitting an authentication request with credentials to request an assertion, the credentials sufficient for use in a two-factor authentication process; receiving an assertion upon successfully completing the two-factor authentication process, the two-factor authentication being successfully completed if a credentials username and password is verified and the credentials are transmitted through an access point having an address within a range of acceptable address; transmitting a security token request with the assertion to request a security token; receiving the security token upon verification of the assertion; transmitting a certificate request with the security token to request the certificate; receiving the certificate upon verification of the security token; and provisioning the computing device with the certificate. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification