Subscriber certificate provisioning

US 8,850,187 B2
Filed: 05/17/2012
Issued: 09/30/2014
Est. Priority Date: 05/17/2012
Status: Active Grant

First Claim

Patent Images

1. A method for provisioning a device with a certificate comprising:

receiving credentials transmitted from the device through an access point, the credentials identifying a credentials username and password;

verifying whether the credentials are trusted according to a two-factor authentication process, the two-factor authentication process determining;

i) the credentials to be trusted in the event (i) the credentials username and password match with a trusted username and password previously associated with the device and (ii) an address associated with the access point is within a range of trusted addresses;

ii) the credentials to be untrusted in the event the username and password fail to match with the trusted username and password or the address fails to fall within the range of trusted addresses;

providing the device with an assertion in the event the credentials are trusted, the assertion being sufficient for the device to request the certificate;

preventing delivery of the assertion to the device in the event the credentials are untrusted until the device transmits trusted credentials;

wherein the certificate is provided from a certificate authority (CA) upon receipt of a security token included with a certificate request transmitted from the device, the security token being required by the CA prior to providing the certificate to the device; and

the security token being provided to the device from a registration authority (RA) upon receipt of the assertion being included within a security token request transmitted from the device, the assertion being required by the RA prior to providing the security token to the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provisioning a device with a certificate is contemplated. The certificate may be used to verify whether the device or a user of the device is authorized to access electronic content, services, and signaling. The certificate may be provisioned in relation to the device having successfully completed a two-factor authentication process so that an entity providing the certificate need not have to repeat the two-factor authentication process.

24 Citations

View as Search Results

15 Claims

1. A method for provisioning a device with a certificate comprising:
- receiving credentials transmitted from the device through an access point, the credentials identifying a credentials username and password;
  
  verifying whether the credentials are trusted according to a two-factor authentication process, the two-factor authentication process determining;
  
  i) the credentials to be trusted in the event (i) the credentials username and password match with a trusted username and password previously associated with the device and (ii) an address associated with the access point is within a range of trusted addresses;
  
  ii) the credentials to be untrusted in the event the username and password fail to match with the trusted username and password or the address fails to fall within the range of trusted addresses;
  
  providing the device with an assertion in the event the credentials are trusted, the assertion being sufficient for the device to request the certificate;
  
  preventing delivery of the assertion to the device in the event the credentials are untrusted until the device transmits trusted credentials;
  
  wherein the certificate is provided from a certificate authority (CA) upon receipt of a security token included with a certificate request transmitted from the device, the security token being required by the CA prior to providing the certificate to the device; and
  
  the security token being provided to the device from a registration authority (RA) upon receipt of the assertion being included within a security token request transmitted from the device, the assertion being required by the RA prior to providing the security token to the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising the CA providing the certificate without being provided the username and password associated with the device.
  - 3. The method of claim 1 further comprising the CA providing the certificate without the certificate request identifying the username and password associated with the device.
  - 4. The method of claim 1 further comprising the RA providing the security token to the device without being provided the username and password associated with the device.
  - 5. The method of claim 1 further comprising the RA providing the security token to the device without the security token request identifying the username and password associated with the device.
  - 6. The method of claim 1 further comprising an identity provider (IdP) determining the address to be trusted in the event the address is within the range of trusted addresses designated by a service provider to be trusted and the IdP determining the address to be untrusted in the event the credentials address fails to be within the range of the trusted addresses.
  - 7. The method of claim 6 further comprising the IdP associating the trusted username and password with the device and determining whether the credentials username and password match with the trusted username and password.

8. A method for provisioning a device with a certificate comprising:
- receiving a certificate request from the device, the certificate request including a security token previously provided to the device after successfully completing a two-factor authentication process;
  
  providing the certificate to the device in the event the security token indicates the two-factor authentication process was completed by a trusted entity;
  
  denying the certificate to the device in the event the security token fails to indicate the two-factor authentication process was completed by a trusted entity;
  
  providing the security token to the device upon receipt of a security token request having an assertion, the assertion being provided to the device from the trusted entity after successfully completing the two-factor authentication process;
  
  the assertion being provided to the device from an identity provider (IdP), the security token being provided to the device from a registration authority (RA), and the certificate being provided from a certificate authority (CA);
  
  the IdP performing the two-factor authentication process and providing the assertion upon receipt of credentials transmitted from the device through an access point, the credentials identifying a credentials username and password input to the device by a user while connected to the access point;
  
  the IdP determining the two-factor authentication process to be successful in the event (i) the credentials username and password match with a trusted username and password previously associated with the device and (ii) an address associated with the credentials access point is within a range of trusted addresses; and
  
  the IdP determining the two-factor authentication process to be unsuccessful in the event the username and password fail to match with the trusted username and password or the address is not within the range of trusted addresses.
- View Dependent Claims (9)
- - 9. The method of claim 8 further comprising the CA providing the certificate without being notified of the credentials username and password and the RA providing the security token without being notified of the credentials username and password.

10. A non-transitory computer-readable medium having computer-readable code embodied therein for controlling a computing device to electronically facilitate certificate provisioning, the computer-readable code comprising instructions for:
- transmitting an authentication request with credentials to request an assertion, the credentials sufficient for use in a two-factor authentication process;
  
  receiving an assertion upon successfully completing the two-factor authentication process, the two-factor authentication being successfully completed if a credentials username and password is verified and the credentials are transmitted through an access point having an address within a range of acceptable address;
  
  transmitting a security token request with the assertion to request a security token;
  
  receiving the security token upon verification of the assertion;
  
  transmitting a certificate request with the security token to request the certificate;
  
  receiving the certificate upon verification of the security token; and
  
  provisioning the computing device with the certificate.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The computer-readable medium of claim 10 wherein the computer-readable code further comprises instructions for requesting user input of the credentials username and password.
  - 12. The computer-readable medium of claim 11 wherein the computer-readable code further comprises instructions for identifying the address of the access point through which the credentials are transmitted.
  - 13. The computer-readable medium of claim 10 wherein the computer-readable code further comprises instructions for transmitting the credentials to an identity provider (IdP).
  - 14. The computer-readable medium of claim 13 wherein the computer-readable code further comprises instructions for transmitting the assertion to a registration authority (RA) without identifying the credentials username and password within the security token request.
  - 15. The computer-readable medium of claim 14 wherein the computer-readable code further comprises instructions for transmitting the security token to a certificate authority (CA) without identifying the credentials username and password within the certificate request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cable Television Laboratories Incorporated
Original Assignee
Cable Television Laboratories Incorporated
Inventors
Hoggan, Stuart A.
Primary Examiner(s)
Poltorak, Peter

Application Number

US13/473,745
Publication Number

US 20130311771A1
Time in Patent Office

866 Days
Field of Search

None
US Class Current

713/156
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/083   using passwords cryptograph...

H04L 63/107   wherein the security polici...

H04L 9/3268   using certificate validatio...

Subscriber certificate provisioning

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Subscriber certificate provisioning

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links