On-line signup and provisioning of certificate credentials for wireless devices
First Claim
1. A non-transitory computer-readable storage medium that stores instructions for execution by one or more processors to perform operations for operating a device in a wireless network, the operations to configure the device to:
- initiate an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) connection with an online signup (OSU) server;
perform a certificate enrollment with the OSU server to enroll a credential; and
receive, in response to the certificate enrollment, a device management (DM) package 4 message including a management object that includes subscription parameters, wherein the subscription parameters include a parameter to indicate the date on which the credential was created or last updated, and a parameter to indicate a realm associated with the credential.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of a mobile device and method for secure online sign-up and provisioning of credentials for Wi-Fi hotspots are generally described herein. In some embodiments, provisioning occurs using a service set identifier (SSID) to associate with a hotspot and retrieve a virtual LAN (VLAN) identifier. The VLAN identifier is used to complete the signup and provisioning process. In some embodiments, a hotspot may implement a primary SSID and a dependent SSID. The mobile device associates with the hotspot using the dependent SSID to perform the secure online signup and provisioning process. Once credentials are obtained using the signup and provisioning process, the device can connect to the hotspot using the primary SSID and the already provisioned credentials. The provisioned credentials may include certificates, username/password, or SIM-type credentials.
-
Citations
13 Claims
-
1. A non-transitory computer-readable storage medium that stores instructions for execution by one or more processors to perform operations for operating a device in a wireless network, the operations to configure the device to:
-
initiate an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) connection with an online signup (OSU) server; perform a certificate enrollment with the OSU server to enroll a credential; and
receive, in response to the certificate enrollment, a device management (DM) package 4 message including a management object that includes subscription parameters, wherein the subscription parameters include a parameter to indicate the date on which the credential was created or last updated, and a parameter to indicate a realm associated with the credential. - View Dependent Claims (2, 3, 4, 8)
-
-
5. An apparatus including one or more processors, the one or more processors having logic to:
-
initiate an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) connection with an online signup (OSU) server; perform a certificate enrollment with the OSU server to enroll a credential; and
receive, in response to the certificate-enrollment, a device management (DM) package 4 message including a management object that includes subscription parameters, wherein the subscription parameters include a parameter to indicate the date on which the credential was created or last updated, and a parameter to indicate a realm associated with the credential. - View Dependent Claims (6, 7, 9)
-
-
10. A method performed by an apparatus in a wireless communication network, the method comprising:
-
initiating an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) connection with an online signup (OSU) server; performing a certificate enrollment with the OSU server to enroll a credential; and
receiving, in response to the certificate-enrollment, a device management (DM) package 4 message including a management object that includes subscription parameters, wherein the subscription parameters include a parameter to indicate the date on which the credential was created or last updated, and a parameter to indicate a realm associated with the credential. - View Dependent Claims (11, 12, 13)
-
Specification