Methods and apparatus for use in obtaining a digital certificate for a mobile communication device

US 9,479,339 B2
Filed: 02/29/2008
Issued: 10/25/2016
Est. Priority Date: 02/29/2008
Status: Active Grant

First Claim

Patent Images

1. A method performed by a host server, the method comprising:

pushing, from the host server to a mobile communication device, information for instructing the mobile communication device to obtain a digital certificate from a certificate authority;

receiving, from the mobile communication device over a secure connection, a single, signed certificate request message that contains a public key generated by the mobile communication device and certificate authority information identifying the certificate authority from which the host server is to request a certificate for the mobile communication device, the certificate request message having been signed with a private key generated by the mobile communication device, the public key and the private key forming a public-private key pair;

based on the certificate authority information received in the signed certificate request message, selecting from a plurality of possible protocols a particular protocol for communicating with the certificate authority;

on behalf of the mobile communication device, using the particular protocol to send to the certificate authority a request comprising the signed certificate request message that was received from the mobile communication device;

on behalf of the mobile communication device, polling the certificate authority for an indication of approval of the signed certificate request message;

responsive to approval of the single, signed certificate request message, obtaining a digital certificate signed by the certificate authority, the digital certificate containing the public key; and

pushing the digital certificate to the mobile communication device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one illustrative scenario, a mobile device receives configuration information which includes information for use in constructing a request message for obtaining a digital certificate from a certificate authority (CA). After receipt of the configuration information, the mobile device constructs the request message for the digital certificate and causes it to be sent to a host server of a communication network. In response, the host server requests and obtains the digital certificate from the CA on behalf of the mobile device, and thereafter “pushes” the received digital certificate to the mobile device. The mobile device receives the digital certificate and stores it for use in subsequent communications. The host server may be part of a local area network (LAN) which includes a wireless LAN (WLAN) adapted to authenticate the mobile device based on the digital certificate, so that the mobile device may obtain access to the WLAN.

Citations

14 Claims

1. A method performed by a host server, the method comprising:
- pushing, from the host server to a mobile communication device, information for instructing the mobile communication device to obtain a digital certificate from a certificate authority;
  
  receiving, from the mobile communication device over a secure connection, a single, signed certificate request message that contains a public key generated by the mobile communication device and certificate authority information identifying the certificate authority from which the host server is to request a certificate for the mobile communication device, the certificate request message having been signed with a private key generated by the mobile communication device, the public key and the private key forming a public-private key pair;
  
  based on the certificate authority information received in the signed certificate request message, selecting from a plurality of possible protocols a particular protocol for communicating with the certificate authority;
  
  on behalf of the mobile communication device, using the particular protocol to send to the certificate authority a request comprising the signed certificate request message that was received from the mobile communication device;
  
  on behalf of the mobile communication device, polling the certificate authority for an indication of approval of the signed certificate request message;
  
  responsive to approval of the single, signed certificate request message, obtaining a digital certificate signed by the certificate authority, the digital certificate containing the public key; and
  
  pushing the digital certificate to the mobile communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as recited in claim 1, wherein presentation of the digital certificate by the mobile communication device to an authentication server in a certificate-based authentication process is used to provide the mobile communication device with communication access in a network.
  - 3. The method as recited in claim 2, wherein the network is a wireless local area network (WLAN).
  - 4. The method as recited in claim 3, wherein the certificate-based authentication process is an extensible authentication protocol (EAP) process.
  - 5. The method as recited in claim 1, wherein the secure connection is established over a radio link between the mobile communication device and a cellular telecommunications network.
  - 6. The method as recited in claim 1, wherein the secure connection is established over a wired connection between the mobile communication device and a computer connected in a local area network to the host server.
  - 7. The method as recited in claim 1, wherein the host server provides the mobile communication device with a data synchronization service.

8. A host server comprising a computer processor and a non-transitory computer-readable storage device with computer-executable instructions stored thereon that, when executed by the computer processor, cause the host server to perform operations comprising:
- push, from the host server to a mobile communication device, information for instructing the mobile communication device to obtain a digital certificate from a certificate authority;
  
  receive, from the mobile communication device over a secure connection, a single, signed certificate request message that contains a public key generated by the mobile communication device and certificate authority information identifying the certificate authority from which the host server is to request a certificate for the mobile communication device, the certificate request message having been signed with a private key generated by the mobile communication device, the public key and the private key forming a public-private key pair;
  
  based on the certificate authority information received in the signed certificate request message, select from a plurality of possible protocols a particular protocol for communicating with the certificate authority;
  
  on behalf of the mobile communication device, use the particular protocol to send to the certificate authority a request comprising the signed certificate request message that was received from the mobile communication device;
  
  on behalf of the mobile communication device, poll the certificate authority for an indication of approval of the signed certificate request message;
  
  responsive to approval of the single, signed certificate request message, obtain a digital certificate signed by the certificate authority, the digital certificate containing the public key; and
  
  push the digital certificate to the mobile communication device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The host server as recited in claim 8, wherein presentation of the digital certificate by the mobile communication device to an authentication server in a certificate-based authentication process is used to provide the mobile communication device with communication access in a network.
  - 10. The host server as recited in claim 9, wherein the network is a wireless local area network (WLAN).
  - 11. The host server as recited in claim 10, wherein the certificate-based authentication process is an extensible authentication protocol (EAP) process.
  - 12. The host server as recited in claim 8, wherein the secure connection is established over a radio link between the mobile communication device and a cellular telecommunications network.
  - 13. The host server as recited in claim 8, wherein the secure connection is established over a wired connection between the mobile communication device and a computer connected in a local area network to the host server.
  - 14. The host server as recited in claim 8, wherein the host server provides the mobile communication device with a data synchronization service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Bender, Christopher Lyle, Shih, Sam Cheng-Fu, Adams, Neil Patrick
Primary Examiner(s)
Edwards, Linglan
Assistant Examiner(s)
BECHTEL, KEVIN M

Application Number

US12/039,991
Publication Number

US 20090222657A1
Time in Patent Office

3,161 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0823   using certificates cryptogr...

H04L 67/303   Terminal profiles

H04L 67/55   Push-based network services

H04L 9/3265   using certificate chains, t...

H04L 9/3268   using certificate validatio...

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

H04W 4/12   Messaging; Mailboxes; Annou...

H04W 84/12   WLAN [Wireless Local Area N...

Methods and apparatus for use in obtaining a digital certificate for a mobile communication device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for use in obtaining a digital certificate for a mobile communication device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links