On-line signup and provisioning of certificate credentials for wireless devices

US 9,635,555 B2
Filed: 12/23/2014
Issued: 04/25/2017
Est. Priority Date: 12/27/2012
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable storage medium that stores instructions for execution by one or more processors to perform operations for operating a device in a wireless network, the operations to configure the device to:

initiate an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) connection with an online signup (OSU) server;

perform a certificate enrollment with the OSU server to enroll a credential; and

receive, in response to the certificate enrollment, a device management (DM) package 4 message including a management object that includes subscription parameters, wherein the subscription parameters include a parameter to indicate the date on which the credential was created or last updated, and a parameter to indicate a realm associated with the credential.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of a mobile device and method for secure online sign-up and provisioning of credentials for Wi-Fi hotspots are generally described herein. In some embodiments, provisioning occurs using a service set identifier (SSID) to associate with a hotspot and retrieve a virtual LAN (VLAN) identifier. The VLAN identifier is used to complete the signup and provisioning process. In some embodiments, a hotspot may implement a primary SSID and a dependent SSID. The mobile device associates with the hotspot using the dependent SSID to perform the secure online signup and provisioning process. Once credentials are obtained using the signup and provisioning process, the device can connect to the hotspot using the primary SSID and the already provisioned credentials. The provisioned credentials may include certificates, username/password, or SIM-type credentials.

Citations

13 Claims

1. A non-transitory computer-readable storage medium that stores instructions for execution by one or more processors to perform operations for operating a device in a wireless network, the operations to configure the device to:
- initiate an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) connection with an online signup (OSU) server;
  
  perform a certificate enrollment with the OSU server to enroll a credential; and
  
  receive, in response to the certificate enrollment, a device management (DM) package 4 message including a management object that includes subscription parameters, wherein the subscription parameters include a parameter to indicate the date on which the credential was created or last updated, and a parameter to indicate a realm associated with the credential.
- View Dependent Claims (2, 3, 4, 8)
- - 2. The non-transitory computer-readable storage medium of claim 1, wherein the subscription parameters include the date that the credential expires.
  - 3. The non-transitory computer-readable storage medium of claim 1, wherein the subscription parameters include a digital certificate type for the credential, and wherein the digital certificate type includes a value selected from a list including “
    - 802.1 ar” and
      
      “
      
      x509v3”
      
      .
  - 4. The non-transitory computer-readable storage medium of claim 1, wherein the logic is further to:
    - determine whether the device can authenticate to a hotspot based on a comparison between the realm associated with the credential and one or more realms in a list of network access identifier (NAI realms received in a NAI Realm Access Network Query Protocol (ANQP) element.
  - 8. The apparatus of claim 1, wherein the logic is further to:
    - determine whether the apparatus can authenticate to a hotspot based on a comparison between the realm associated with the credential and a list of network access identifier (NAI) realms in a NAI Realm Access Network Query Protocol (ANQP) element.

5. An apparatus including one or more processors, the one or more processors having logic to:
- initiate an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) connection with an online signup (OSU) server;
  
  perform a certificate enrollment with the OSU server to enroll a credential; and
  
  receive, in response to the certificate-enrollment, a device management (DM) package 4 message including a management object that includes subscription parameters, wherein the subscription parameters include a parameter to indicate the date on which the credential was created or last updated, and a parameter to indicate a realm associated with the credential.
- View Dependent Claims (6, 7, 9)
- - 6. The apparatus of claim 5, wherein the subscription parameters include the date that the credential expires.
  - 7. The apparatus of claim 5, wherein the subscription parameters include a digital certificate type for the credential, and wherein the digital certificate type includes a value selected from a list including “
    - 802.1 ar” and
      
      “
      
      x509v3”
      
      .
  - 9. The apparatus of claim 5, wherein the apparatus further includes:
    - a memory;
      
      two or more antennas; and
      
      a transceiver configured to be coupled to the two or more antennas.

10. A method performed by an apparatus in a wireless communication network, the method comprising:
- initiating an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) connection with an online signup (OSU) server;
  
  performing a certificate enrollment with the OSU server to enroll a credential; and
  
  receiving, in response to the certificate-enrollment, a device management (DM) package 4 message including a management object that includes subscription parameters, wherein the subscription parameters include a parameter to indicate the date on which the credential was created or last updated, and a parameter to indicate a realm associated with the credential.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10, wherein the subscription parameters include the date that the credential expires.
  - 12. The method of claim 10, wherein the subscription parameters include a digital certificate type for the credential, and wherein the digital certificate type includes a value selected from a list including “
    - 802.1 ar” and
      
      “
      
      x509v3”
      
      .
  - 13. The method of claim 10, further comprising:
    - determining whether the device can authenticate to a hotspot based on a comparison between the realm associated with the credential and a list of network access identifier (NAI) realms in a NAI Realm Access Network Query Protocol (ANQP) element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Gupta, Vivek G., Canpolat, Necati
Primary Examiner(s)
Taha, Shaq

Application Number

US14/580,839
Publication Number

US 20150110096A1
Time in Patent Office

854 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04L 63/0892   by using authentication-aut...

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

H04L 63/166   at the transport layer

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0847   involving identity based en...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3263   involving certificates, e.g...

H04W 12/04   Key management, e.g. using ...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/08   Access security

H04W 12/73   Access point logical identity

H04W 4/50   Service provisioning or rec...

H04W 84/12   WLAN [Wireless Local Area N...

On-line signup and provisioning of certificate credentials for wireless devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

On-line signup and provisioning of certificate credentials for wireless devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links