Authentication in secure user plane location (SUPL) systems

US 9,402,177 B2
Filed: 12/04/2013
Issued: 07/26/2016
Est. Priority Date: 11/06/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including;

a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and

a request for a device certificate of the mobile device;

receiving a reply message from the mobile device that includes a device certificate of the mobile device, wherein the reply message is encrypted using the public key of the SUPL server; and

authenticating, at the SUPL server, the mobile device by verifying whether the mobile device is associated with an authorized SUPL user based on the device certificate, wherein the device certificate includes a device identification (ID), and wherein authenticating the mobile device comprises comparing the device ID to a stored device ID, wherein the stored device ID is previously securely verified by the SUPL server as being associated with the authorized SUPL user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A particular method includes generating, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including: a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and a request for a device certificate of the mobile device. The method also includes receiving a reply from the mobile device that includes a device certificate of the mobile device; and authenticating the mobile device as associated with a SUPL user based on the device certificate.

49 Citations

View as Search Results

15 Claims

1. A method comprising:
- generating, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including;
  
  a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and
  
  a request for a device certificate of the mobile device;
  
  receiving a reply message from the mobile device that includes a device certificate of the mobile device, wherein the reply message is encrypted using the public key of the SUPL server; and
  
  authenticating, at the SUPL server, the mobile device by verifying whether the mobile device is associated with an authorized SUPL user based on the device certificate, wherein the device certificate includes a device identification (ID), and wherein authenticating the mobile device comprises comparing the device ID to a stored device ID, wherein the stored device ID is previously securely verified by the SUPL server as being associated with the authorized SUPL user.
- View Dependent Claims (2, 3, 4, 15)
- - 2. The method of claim 1, wherein the mobile device comprises a SUPL enabled terminal (SET) and the SUPL server comprises a SUPL location platform (SLP).
  - 3. The method of claim 1, wherein the message is sent in response to receiving from the mobile device an indication of one or more transport layer security (TLS) cipher suites supported by the mobile device, and wherein the message further includes a selection of at least one of the one or more TLS cipher suites.
  - 4. The method of claim 1, wherein the device certificate includes a device identifier of the mobile device.
  - 15. The method of claim 1, further comprising:
    - decrypting the reply message, at the SUPL server, using a private key of the SUPL server to obtain the device certificate of the mobile device.

5. A non-transitory processor-readable medium comprising instructions that, when executed by a processor, cause the processor to:
- generate, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including;
  
  a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and
  
  a request for a device certificate of the mobile device;
  
  receive a reply message from the mobile device that includes a device certificate of the mobile device, wherein the reply message is encrypted using the public key of the SUPL server; and
  
  authenticate, at the SUPL server, the mobile device by verifying whether the mobile device is associated with an authorized SUPL user based on the device certificate, wherein the device certificate includes a device identification (ID), and wherein authenticating the mobile device comprises comparing the device ID to a stored device ID, wherein the stored device ID is previously securely verified by the SUPL server as being associated with the authorized SUPL user.
- View Dependent Claims (6, 7, 8)
- - 6. The non-transitory processor-readable medium of claim 5, wherein the mobile device comprises a SUPL enabled terminal (SET) and the SUPL server comprises a SUPL location platform (SLP).
  - 7. The non-transitory processor-readable medium of claim 5, wherein the message is sent in response to receiving from the mobile device an indication of one or more transport layer security (TLS) cipher suites supported by the mobile device, and wherein the message further includes a selection of at least one of the one or more TLS cipher suites.
  - 8. The non-transitory processor-readable medium of claim 5, wherein the device certificate includes a device identifier of the mobile device.

9. An apparatus comprising:
- a hardware processor; and
  
  a memory coupled to the processor, wherein the memory is configured to store instructions; and
  
  wherein the instructions are executable by the processor to;
  
  generate, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including;
  
  a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and
  
  a request for a device certificate of the mobile device;
  
  receive a reply message from the mobile device that includes a device identifier of the mobile device, wherein the reply message is encrypted using the public key of the SUPL server; and
  
  authenticate, at the SUPL server, the mobile device by verifying whether the mobile device is associated with an authorized SUPL user based on the device certificate, wherein the device certificate includes a device identification (ID), and wherein authenticating the mobile device comprises comparing the device ID to a stored device ID, wherein the stored device ID is previously securely verified by the SUPL server as being associated with the authorized SUPL user.
- View Dependent Claims (10)
- - 10. The apparatus of claim 9, wherein the message is sent in response to receiving at the SUPL server from the mobile device an indication of one or more transport layer security (TLS) cipher suites supported by the mobile device, and wherein the message further includes a selection of at least one of the one or more TLS cipher suites.

11. An apparatus comprising:
- means for generating, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including;
  
  a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and
  
  a request for a device certificate of the mobile device;
  
  means for receiving a reply message from the mobile device that includes a device certificate of the mobile device, wherein the reply message is encrypted using the public key of the SUPL server; and
  
  means for authenticating, at the SUPL server, the mobile device by verifying whether the mobile device is associated with an authorized SUPL user based on the device certificate, wherein the device certificate includes a device identification (ID), and wherein means for authenticating the mobile device comprises means for comparing the device ID to a stored device ID, wherein the stored device ID is previously securely verified by the SUPL server as being associated with the authorized SUPL user.
- View Dependent Claims (12, 13, 14)
- - 12. The apparatus of claim 11, wherein the mobile device comprises a SUPL enabled terminal (SET) and the SUPL server comprises a SUPL location platform (SLP).
  - 13. The apparatus of claim 11, wherein the message is sent in response to receiving from the mobile device an indication of one or more transport layer security (TLS) cipher suites supported by the mobile device, and wherein the message further includes a selection of at least one of the one or more TLS cipher suites.
  - 14. The apparatus of claim 11, wherein the device certificate includes a device identifier of the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Hawkes, Philip Michael, Wachter, Andreas Klaus, Escott, Adrian Edward, Edge, Stephen William
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US14/097,070
Publication Number

US 20140094147A1
Time in Patent Office

965 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/166   at the transport layer

H04L 63/205   involving negotiation or de...

H04W 12/04   Key management, e.g. using ...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

Authentication in secure user plane location (SUPL) systems

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication in secure user plane location (SUPL) systems

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links