Systems and methods for remote credentials management

US 8,875,265 B2
Filed: 01/25/2013
Issued: 10/28/2014
Est. Priority Date: 05/14/2012
Status: Active Grant

First Claim

Patent Images

1. A method of obtaining provisioning information via a service provider network for a device, the method comprising:

transmitting, via the service provider network, an attach request for provisioning service, the attach request including device vendor information having a unique identifier for the device;

receiving a request for subscription authentication from the service provider network;

transmitting a subscription challenge response based at least in part on a predetermined credential shared by multiple devices configured to obtain provisioning information for each of the multiple devices using the shared predetermined credential via the service provider network, the multiple devices including the device; and

receiving provisioning information from the service provider network upon authentication of the device vendor information and the subscription challenge response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present application relates generally to wireless communication systems and more specifically to systems, methods, and devices for remote credentials management within wireless communication systems. In one aspect, a method of obtaining provisioning information via a service provider network, such as a cellular network, for a device is provided. The method includes transmitting an attach request via the service provider network for provisioning service, the attach request including device vendor information which includes a unique identifier for the device. The method further includes receiving provisioning information from the service provider upon authentication of the device vendor information. In other aspects, systems and methods for providing provisioning information are described.

Citations

42 Claims

1. A method of obtaining provisioning information via a service provider network for a device, the method comprising:
- transmitting, via the service provider network, an attach request for provisioning service, the attach request including device vendor information having a unique identifier for the device;
  
  receiving a request for subscription authentication from the service provider network;
  
  transmitting a subscription challenge response based at least in part on a predetermined credential shared by multiple devices configured to obtain provisioning information for each of the multiple devices using the shared predetermined credential via the service provider network, the multiple devices including the device; and
  
  receiving provisioning information from the service provider network upon authentication of the device vendor information and the subscription challenge response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the attach request comprises a provisioning type.
  - 3. The method of claim 2, wherein the provisioning type for the attach request is included in an information element of the attach request.
  - 4. The method of claim 1, further comprising:
    - receiving a challenge request to authenticate the device vendor information; and
      
      transmitting a challenge response based at least in part on device vendor information.
  - 5. The method of claim 1, further comprising:
    - obtaining a session key, the session key based at least in part on the device vendor information; and
      
      securing communications between the device and the service provider network based at least in part on the session key.
  - 6. The method of claim 1, further comprising:
    - detaching from the service provider network upon receipt of the provisioning information; and
      
      obtaining service based at least in part on the received provisioning information.
  - 7. The method of claim 1, wherein the device vendor information further includes an encryption certificate associated with a vendor of the device.
  - 8. The method of claim 1, wherein the unique identifier for the device comprises at least one of an international mobile equipment identifier and a mobile equipment identifier.
  - 9. The method of claim 1, wherein the service provider network comprises a cellular network.

10. An apparatus for obtaining provisioning information via a service provider network, the apparatus comprising:
- an attachment manager configured to transmit, via the service provider network, an attach request for provisioning service, the attach request including device vendor information having a unique identifier for the apparatus;
  
  a challenge request receiver configured to receive a subscription challenge request to authenticate a subscription for the apparatus; and
  
  a challenge response transmitter configured to transmit a subscription challenge response based at least in part on a predetermined credential shared by multiple devices configured to obtain provisioning information for each of the multiple devices using the shared predetermined credential via the service provider network, the multiple devices including the apparatus; and
  
  a credential manager configured to receive provisioning information from the service provider network upon authentication of the device vendor information and the subscription challenge response.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus of claim 10, wherein the attach request comprises a provisioning type.
  - 12. The apparatus of claim 11, wherein the provisioning type for the attach request is included in an information element of the attach request.
  - 13. The apparatus of claim 10, further comprising:
    - wherein the challenge request receiver is configured to receive a device challenge request to authenticate the device vendor information; and
      
      wherein the challenge response transmitter is configured to transmit a device challenge response based at least in part on device vendor information.
  - 14. The apparatus of claim 10, further comprising:
    - a session key manager configured to obtain a session key based at least in part on the device vendor information; and
      
      a secure communication module configured to securely communicate with the service provider network based at least in part on the session key.
  - 15. The apparatus of claim 10, wherein the attachment processor is further configured to:
    - detach from the service provider network upon receipt of the provisioning information; and
      
      obtaining service based at least in part on the received provisioning information.
  - 16. The apparatus of claim 10, wherein the device vendor information further includes an encryption certificate associated with a vendor of the apparatus.
  - 17. The apparatus of claim 10, wherein the unique identifier for the apparatus comprises at least one of an international mobile equipment identifier and a mobile equipment identifier.
  - 18. The apparatus of claim 10, wherein the service provider network is a cellular network.

19. An apparatus for obtaining provisioning information via a service provider network, the apparatus comprising:
- means for transmitting, via the service provider network, an attach request for provisioning service, the attach request including device vendor information having a unique identifier for the apparatus;
  
  means for receiving a challenge request to authenticate a subscription for the apparatus; and
  
  means for transmitting a challenge response based at least in part on a predetermined credential shared by multiple devices configured to obtain provisioning information for each of the multiple devices using the shared predetermined credential via the service provider network, the multiple devices including the apparatus; and
  
  means for receiving provisioning information from the service provider network upon authentication of the device vendor information and the subscription challenge response.

20. A non-transitory computer readable storage medium comprising instructions executable by a processor of an apparatus, the instructions causing the apparatus to:
- transmit, via a service provider network, an attach request for provisioning service, the attach request including device vendor information having a unique identifier for the apparatus;
  
  receive a request for subscription authentication from the service provider network;
  
  transmit a challenge response based at least in part on a predetermined credential shared by multiple devices configured to obtain provisioning information for each of the multiple devices using the shared predetermined credential via the service provider network, the multiple devices including the apparatus; and
  
  receive provisioning information from the service provider network upon authentication of the device vendor information and the subscription challenge response.

21. A method of providing provisioning information via a service provider network to a device, the method comprising:
- receiving an attach request from the device via the service provider network for provisioning service, the attach request including device vendor information having a unique identifier for the device;
  
  transmitting a request for subscription authentication from the service provider network;
  
  receiving a subscription challenge response;
  
  authenticating the device based at least in part on the device vendor information;
  
  determining if the subscription challenge response is associated with a subscription based at least in part on a predetermined credential shared by multiple devices configured to obtain provisioning information for each of the multiple devices using the shared predetermined credential via the service provider network, the multiple devices including the device; and
  
  transmitting provisioning information associated with the subscription upon determining the device is authenticated and associated with the subscription.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The method of claim 21, wherein the attach request comprises a provisioning type.
  - 23. The method of claim 22, wherein the provisioning type for the attach request is included in an information element of the attach request.
  - 24. The method of claim 21, further comprising:
    - transmitting a device challenge request to authenticate the device;
      
      receiving a device challenge response; and
      
      determining if the device challenge response is associated with the subscription based at least in part on device vendor information, wherein transmitting provisioning information associated with the subscription is further based upon determining the device challenge response is associated with the subscription.
  - 25. The method of claim 21, further comprising:
    - generating a session key, the session key based at least in part on device vendor information; and
      
      securing communications between the device and the service provider network based at least in part on the session key.
  - 26. The method of claim 21, wherein the device vendor information further comprises an encryption certificate associated with a vendor of the device.
  - 27. The method of claim 21, wherein the unique identifier for the device comprises at least one of an international mobile equipment identifier for the device and a mobile equipment identifier for the device.
  - 28. The method of claim 21, wherein the service provider network is a cellular network.
  - 29. The method of claim 21, further comprising, upon determining the device is unauthenticated:
    - obtaining a subscription offer from a credential provider;
      
      transmitting the subscription offer to the device;
      
      receiving a message indicating acceptance of the subscription offer; and
      
      transmitting provisioning information based on the accepted subscription offer.
  - 30. The method of claim 21, further comprising detaching the device from the service provider network upon transmission of the provisioning information.

31. An apparatus for providing provisioning information via a service provider network for a device, the apparatus comprising:
- an attachment manager configured to receive an attach request from the device via the service provider network for provisioning service, the attach request including device vendor information having a unique identifier for the device;
  
  a challenge request circuit configured to cause transmission of a subscription challenge request to authenticate a subscription for the device;
  
  a challenge response circuit configured to receive a subscription challenge response;
  
  an authenticator configured to;
  
  authenticate the device based at least in part on the device vendor information; and
  
  determine if the subscription challenge response is associated with a subscription based at least in part on a predetermined credential shared by multiple devices configured to obtain provisioning information for each of the multiple devices using the shared predetermined credential via the service provider network, the multiple devices including the device; and
  
  a credential manager configured to cause the transmission of provisioning information associated with the subscription upon determining the device is authenticated and associated with the subscription.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 32. The apparatus of claim 31, wherein the attach request comprises a provisioning type.
  - 33. The apparatus of claim 32, wherein the provisioning type for the attach request is included in an information element of the attach request.
  - 34. The apparatus of claim 31,wherein the challenge request circuit is configured to cause transmission of a device challenge request to authenticate the device,wherein the challenge response circuit is configured to receive a device challenge response,wherein the authenticator is further configured to determine if the device challenge response is associated with the subscription based at least in part on device vendor information, andwherein the credential manager is further configured to cause the transmission of provisioning information associated with the subscription upon determining the device challenge response is associated with the subscription.
  - 35. The apparatus of claim 31, further comprising:
    - a session key generator configured to generate a session key based at least in part on the device vendor information; and
      
      a secure communication module configured to secure communication between the service provider network and the device based at least in part on the session key.
  - 36. The apparatus of claim 31, wherein the device vendor information further includes an encryption certificate associated with a vendor of the device.
  - 37. The apparatus of claim 31, wherein the unique identifier for the device includes at least one of an international mobile equipment identifier for the device and a mobile equipment identifier for the device.
  - 38. The apparatus of claim 31, wherein the service provider network is a cellular network.
  - 39. The apparatus of claim 31, further comprising a subscription offer circuit configured to, upon determining the device is unauthenticated:
    - obtain a subscription offer from a credential provider;
      
      transmit the subscription offer to the device;
      
      receive a message indicating acceptance of the subscription offer; and
      
      transmit provisioning information based on the accepted subscription offer.
  - 40. The apparatus of claim 31, wherein the attachment manager is further configured to detach the device from the service provider network upon transmission of the provisioning information.

41. An apparatus for providing subscription information via a service provider network to a device, the apparatus comprising:
- means for receiving an attach request from the device via the service provider network for provisioning service, the attach request including device vendor information having a unique identifier for the device;
  
  means for transmitting a subscription challenge request to authenticate a subscription for the device;
  
  means for receiving a subscription challenge response;
  
  means for authenticating the device based at least in part on device vendor information and for determining if the subscription challenge response is associated with a subscription based at least in part on a predetermined credential shared by multiple devices configured to obtain provisioning information for each of the multiple devices using the shared predetermined credential via the service provider network, the multiple devices including the device; and
  
  means for transmitting provisioning information associated with the subscription upon determining the device is authenticated and associated with the subscription.

42. A non-transitory computer readable storage medium comprising instructions executable by a processor of an apparatus, the instructions causing the apparatus to:
- receive an attach request from a device via the service provider network for provisioning service, the attach request including device vendor information having a unique identifier for the device;
  
  transmit a request for subscription authentication from the service provider network;
  
  receive a subscription challenge response from the device;
  
  authenticate the device based at least in part on device vendor information;
  
  determine if the subscription challenge response is associated with a subscription based at least in part on a predetermined credential shared by multiple devices configured to obtain provisioning information for each of the multiple devices using the shared predetermined credential via the service provider network, the multiple devices including the device; and
  
  transmit provisioning information associated with the subscription upon determining the device is authenticated and associated with the subscription.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Palanigounder, Anand
Primary Examiner(s)
NGUYEN, TU T

Application Number

US13/750,816
Publication Number

US 20130305330A1
Time in Patent Office

641 Days
Field of Search

726/6
US Class Current

726/6
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 63/0876   based on the identity of th...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 4/70   Services for machine-to-mac...

H04W 8/205   Transfer to or from user eq...

Systems and methods for remote credentials management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for remote credentials management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links