Method and apparatus for sharing wireless network subscription services

US 9,338,159 B2
Filed: 03/19/2012
Issued: 05/10/2016
Est. Priority Date: 03/19/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

determining whether a first mobile terminal possesses one or more first credentials that are configured to be issuable to another mobile terminal, wherein at least one of the one or more first credentials comprise a subscription identifier issued by a server and the at least one of the one or more first credentials is configured to grant access to one or more wireless network subscription services;

causing, by a processor, a certificate enrollment procedure to be initiated by the first mobile terminal in an instance in which the first mobile terminal possesses one or more first credentials that are configured to be issuable to the another mobile terminal, wherein the certificate enrollment procedure results in a public key to be transmitted to the first mobile terminal and a first client certificate to be issued to the first mobile terminal that comprises a subscription identifier and a flag indicating whether the first client certificate is able to be shared with the another mobile terminal;

receiving at least one second credential that is distinct from the first credential and is in the form of a client certificate generated by the first mobile terminal, the client certificate comprising the public key of the another mobile terminal signed by a private key of the first mobile terminal and having the subscription identifier; and

accessing the one or more wireless network subscription services with the client certificate based on a verification of the private key and the subscription identifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus and computer program product are provided for enabling multiple mobile terminals to access a subscription service. The method may further include causing a client certificate to be issued to the first mobile terminal as a result of the certificate enrollment procedure. In some example embodiments, the client certificate comprises a subscription identifier and a flag indicating whether the client certificate is to be sharable with a second mobile terminal. The method may further include causing a certificate enrollment procedure to be initiated by a second mobile terminal with the first mobile terminal in an instance in which the first mobile terminal possesses one or more credentials that are configured to be shared with another mobile terminal. The method may further include the second mobile terminal receiving at least one credential in the form of a client certificate from the first mobile terminal.

16 Citations

20 Claims

1. A method comprising:
- determining whether a first mobile terminal possesses one or more first credentials that are configured to be issuable to another mobile terminal, wherein at least one of the one or more first credentials comprise a subscription identifier issued by a server and the at least one of the one or more first credentials is configured to grant access to one or more wireless network subscription services;
  
  causing, by a processor, a certificate enrollment procedure to be initiated by the first mobile terminal in an instance in which the first mobile terminal possesses one or more first credentials that are configured to be issuable to the another mobile terminal, wherein the certificate enrollment procedure results in a public key to be transmitted to the first mobile terminal and a first client certificate to be issued to the first mobile terminal that comprises a subscription identifier and a flag indicating whether the first client certificate is able to be shared with the another mobile terminal;
  
  receiving at least one second credential that is distinct from the first credential and is in the form of a client certificate generated by the first mobile terminal, the client certificate comprising the public key of the another mobile terminal signed by a private key of the first mobile terminal and having the subscription identifier; and
  
  accessing the one or more wireless network subscription services with the client certificate based on a verification of the private key and the subscription identifier.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, wherein the first mobile terminal is configured to initiate a subscription purchase procedure with the server such that the first mobile terminal enrolls in a certificate creation process.
  - 3. The method according to claim 2, wherein the certificate creation process further comprises receiving a client certificate from the server, and wherein the subscription identifier is a WiFiSubscriptionID.
  - 4. The method according to claim 1 further comprising causing a message to be transmitted to the first mobile terminal, wherein the message is a Hypertext Transfer Protocol (HTTP) GET message that comprises a predefined uniform resource identifier.
  - 5. The method according to claim 1, wherein the client certificate from the first mobile terminal enables access a subscription to the one or more wireless network subscription services belonging to the first mobile terminal.

6. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least;
  
  determine whether a first mobile terminal possesses one or more credentials that are configured to be issuable to another mobile terminal, wherein at least one of the one or more first credentials comprise a subscription identifier issued by a server and the at least one of the one or more first credentials is configured to grant access to one or more wireless network subscription services;
  
  cause a certificate enrollment procedure to be initiated by the first mobile terminal in an instance in which the first mobile terminal possesses one or more first credentials that are configured to be issuable to the another mobile terminal, wherein the certificate enrollment procedure results in a public key to be transmitted to the first mobile terminal and a first client certificate to be issued to the first mobile terminal that comprises a subscription identifier and a flag indicating whether the first client certificate is able to be shared with the another mobile terminal;
  
  receive at least one second credential that is distinct from the first credential and is in the form of a client certificate generated by the first mobile terminal, the client certificate comprising the public key of the another mobile terminal signed by a private key of the first mobile terminal and having the subscription identifier; and
  
  access the one or more wireless network subscription services with the client certificate based on a verification of the private key and the subscription identifier.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The apparatus according to claim 6, wherein the first mobile terminal is configured to initiate a subscription purchase procedure with the server such that the first mobile terminal enrolls in a certificate creation process.
  - 8. The apparatus according to claim 7, wherein the certificate creation process further comprises receiving a client certificate from the server, and wherein the subscription identifier is a WiFiSubscriptionID.
  - 9. The apparatus according to claim 6 wherein the at least one memory including the computer program code is further configured to, with the at least one processor, cause the apparatus to cause a message to be transmitted to the first mobile terminal, wherein the message is a Hypertext Transfer Protocol (HTTP) GET message that comprises a predefined uniform resource identifier.
  - 10. The apparatus according to claim 6, wherein the client certificate from the first mobile terminal enables access a subscription to the one or more wireless network subscription services belonging to the first mobile terminal.

11. A method comprising:
- receiving a certificate enrollment procedure request from a first mobile terminal;
  
  causing, by a processor, a first client certificate to be issued to the first mobile terminal as a result of the certificate enrollment procedure initiated by the first mobile terminal, wherein the first client certificate comprises a subscription identifier and a flag indicating whether the client certificate is able to be shared with an issuable to at least a second mobile terminal;
  
  receiving an authentication request for access to a wireless network subscription service from the second mobile terminal, wherein the authentication request comprises a second client certificate of the second mobile terminal signed by a private key of the first mobile terminal and having the subscription identifier, the second client certificate being distinct from the first client certificate; and
  
  causing the second mobile terminal to be authenticated with the second client certificate based upon verification of the private key and the subscription identifier.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method according to claim 11, further comprising:
    - determining whether the client certificate has the subscription identifier belonging to that first mobile terminal that was previously issued and comprises a flag indicating that the client certificate is issuable to the second mobile terminal.
  - 13. The method according to claim 12, further comprising:
    - causing the subscription identifier of the first mobile terminal to be authenticated by confirming a public key of the first mobile terminal in the second client certificate.
  - 14. The method according to claim 12 wherein the first mobile terminal is configured to operate as a certificate authority, wherein the second mobile terminal is authenticated based on credentials issued by the first mobile terminal.
  - 15. The method according to claim 12, further comprising authenticating a second mobile terminal in an instance in which a subscription identifier in the second client certificate is the same as the subscription identifier in the first client certificate issued to the first mobile terminal, wherein the subscription identifier is a WiFiSubscriptionID.
  - 16. The method according to claim 12, further comprising:
    - causing a challenge to be transmitted to the second mobile terminal, wherein the challenge is signed by a private key of the second mobile terminal; and
      
      determining whether a public key of the second mobile terminal that is signed by a private key of the first mobile terminal is verified based on the challenge.
  - 17. The method according to claim 12, further comprising:
    - causing the first client certificate of the first mobile terminal to be revoked such that the second client certificate issued to the second mobile terminal is revoked.
  - 18. The method according to claim 12, further comprising:
    - determining data usage of the first mobile terminal based on data usage of the first mobile terminal and the second mobile terminal.
  - 19. The method according to claim 12, wherein the authentication request is Hotspot 2.0 authentication request.
  - 20. The method according to claim 12, wherein the second mobile terminal is authenticated on the wireless network subscription service based on a subscription of the first mobile terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Technologies Oy (Nokia Corporation)
Inventors
Bajko, Gabor
Primary Examiner(s)
Lewis, Lisa
Assistant Examiner(s)
Tsang, Henry

Application Number

US13/423,653
Publication Number

US 20130247161A1
Time in Patent Office

1,513 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0823   using certificates cryptogr...

H04L 9/3268   using certificate validatio...

H04W 12/06   Authentication

H04W 12/43   using shared identity modul...

H04W 8/20   Transfer of user or subscri...

H04W 84/12   WLAN [Wireless Local Area N...

Method and apparatus for sharing wireless network subscription services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for sharing wireless network subscription services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links