Authentication in secure user plane location (SUPL) systems

US 9,119,065 B2
Filed: 12/04/2013
Issued: 08/25/2015
Est. Priority Date: 11/06/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a secure user plane location (SUPL) server, an indication from a mobile device of one or more transport layer security (TLS) cipher suites supported by the mobile device;

determining whether the one or more TLS cipher suites include a TLS pre-shared key (TLS-PSK) cipher suite that is supported by the SUPL server;

in response to determining that the one or more TLS cipher suites include the TLS-PSK cipher suite that is supported by the SUPL server, performing a generic bootstrapping architecture (GBA)-based authentication process to authenticate the mobile device; and

in response to determining that the one or more TLS cipher suites do not include a TLS-PSK cipher suite that is supported by the SUPL server, determining whether the SUPL server supports a certificate-based authentication method; and

in response to determining that the SUPL server supports the certificate-based authentication method, performing the certificate-based authentication method that includes sending a server certificate to the mobile device and receiving a device certificate from the mobile device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A particular method includes receiving, at a secure user plane location (SUPL) server, an indication from a mobile device of one or more transport layer security (TLS) cipher suites supported by the mobile device; determining whether the one or more TLS cipher suites include a TLS pre-shared key (TLS-PSK) cipher suite that is supported by the SUPL server; in response to determining whether the one or more TLS cipher suites include the TLS-PSK cipher suite that is supported by the SUPL server, performing a generic bootstrapping architecture (GBA)-based authentication process to authenticate the mobile device, or determining whether the SUPL server supports a certificate-based authentication method; and in response to determining that the SUPL server supports the certificate-based authentication method, performing the certificate-based authentication method that includes sending a server certificate to the mobile device and receiving a device certificate from the mobile device.

47 Citations

View as Search Results

12 Claims

1. A method comprising:
- receiving, at a secure user plane location (SUPL) server, an indication from a mobile device of one or more transport layer security (TLS) cipher suites supported by the mobile device;
  
  determining whether the one or more TLS cipher suites include a TLS pre-shared key (TLS-PSK) cipher suite that is supported by the SUPL server;
  
  in response to determining that the one or more TLS cipher suites include the TLS-PSK cipher suite that is supported by the SUPL server, performing a generic bootstrapping architecture (GBA)-based authentication process to authenticate the mobile device; and
  
  in response to determining that the one or more TLS cipher suites do not include a TLS-PSK cipher suite that is supported by the SUPL server, determining whether the SUPL server supports a certificate-based authentication method; and
  
  in response to determining that the SUPL server supports the certificate-based authentication method, performing the certificate-based authentication method that includes sending a server certificate to the mobile device and receiving a device certificate from the mobile device.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further comprising in response to determining that the SUPL server does not support the certificate-based authentication method, performing an alternative client authentication (ACA)-based authentication method when the mobile device is connected to a 3rd Generation Partnership Project (3GPP) network or a 3GPP2 network.
  - 3. The method of claim 1, wherein the certificate-based authentication method is independent of an access network used by the mobile device.

4. An apparatus comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory is configured to store instructions; and
  
  wherein the instructions are executable by the processor to;
  
  receive, at a secure user plane location (SUPL) server, an indication from a mobile device of one or more transport layer security (TLS) cipher suites supported by the mobile device;
  
  determine whether the one or more TLS cipher suites include a TLS pre-shared key (TLS-PSK) cipher suite that is supported by the SUPL server;
  
  in response to determining that the one or more TLS cipher suites include the TLS-PSK cipher suite that is supported by the SUPL server, perform a generic bootstrapping architecture (GBA)-based authentication process to authenticate the mobile device; and
  
  in response to determining that the one or more TLS cipher suites do not include a TLS-PSK cipher suite that is supported by the SUPL server, determine whether the SUPL server supports a certificate-based authentication method; and
  
  in response to determining that the SUPL server supports the certificate-based authentication method, perform a certificate-based authentication process that includes sending a server certificate to the mobile device and receiving a device certificate from the mobile device.
- View Dependent Claims (5, 6)
- - 5. The apparatus of claim 4, wherein the instructions are further executable by the processor to, in response to determining that the SUPL server does not support the certificate-based authentication method, perform an alternative client authentication (ACA)-based authentication method when the mobile device is connected to a 3rd Generation Partnership Project (3GPP) network or a 3GPP2 network.
  - 6. The apparatus of claim 4, wherein the certificate-based authentication process is independent of an access network used by the mobile device

7. An apparatus comprising:
- means for receiving, at a secure user plane location (SUPL) server, an indication from a mobile device of one or more transport layer security (TLS) cipher suites supported by the mobile device;
  
  means for determining whether the one or more TLS cipher suites include a TLS pre-shared key (TLS-PSK) cipher suite that is supported by the SUPL server;
  
  in response to determining that the one or more TLS cipher suites include the TLS-PSK cipher suite that is supported by the SUPL server, means for performing a generic bootstrapping architecture (GBA)-based authentication process to authenticate the mobile device; and
  
  in response to determining that the one or more TLS cipher suites do not include a TLS-PSK cipher suite that is supported by the SUPL server, means for determining whether the SUPL server supports a certificate-based authentication method; and
  
  in response to determining that the SUPL server supports the certificate-based authentication method, means for performing the certificate-based authentication method that includes sending a server certificate to the mobile device and receiving a device certificate from the mobile device.
- View Dependent Claims (8, 9)
- - 8. The apparatus of claim 7, further comprising in response to determining that the SUPL server does not support the certificate-based authentication method, means for performing an alternative client authentication (ACA)-based authentication method when the mobile device is connected to a 3rd Generation Partnership Project (3GPP) network or a 3GPP2 network.
  - 9. The apparatus of claim 7, wherein the certificate-based authentication method is independent of an access network used by the mobile device.

10. A non-transitory processor-readable medium comprising instructions that, when executed by a processor, cause the processor to:
- receive, at a secure user plane location (SUPL) server, an indication from a mobile device of one or more transport layer security (TLS) cipher suites supported by the mobile device;
  
  determine whether the one or more TLS cipher suites include a TLS pre-shared key (TLS-PSK) cipher suite that is supported by the SUPL server;
  
  in response to determining that the one or more TLS cipher suites include the TLS-PSK cipher suite that is supported by the SUPL server, perform a generic bootstrapping architecture (GBA)-based authentication process to authenticate the mobile device; and
  
  in response to determining that the one or more TLS cipher suites do not include a TLS-PSK cipher suite that is supported by the SUPL server, determine whether the SUPL server supports a certificate-based authentication method; and
  
  in response to determining that the SUPL server supports the certificate-based authentication method, perform a certificate-based authentication process that includes sending a server certificate to the mobile device and receiving a device certificate from the mobile device.
- View Dependent Claims (11, 12)
- - 11. The non-transitory processor-readable medium of claim 10, wherein the instructions are further executable by the processor to, in response to determining that the SUPL server does not support the certificate-based authentication method, perform an alternative client authentication (ACA)-based authentication method when the mobile device is connected to a 3^rdGeneration Partnership Project (3GPP) network or a 3GPP2 network.
  - 12. The non-transitory processor-readable medium of claim 10, wherein the certificate-based authentication process is independent of an access network used by the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Hawkes, Philip Michael, Wachter, Andreas Klaus, Escott, Adrian Edward, Edge, Stephen William
Primary Examiner(s)
Lanier, Benjamin
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US14/097,077
Publication Number

US 20140093081A1
Time in Patent Office

629 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/166   at the transport layer

H04L 63/205   involving negotiation or de...

H04W 12/04   Key management, e.g. using ...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

Authentication in secure user plane location (SUPL) systems

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication in secure user plane location (SUPL) systems

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links