Secure network enrollment

US 9,686,238 B1
Filed: 07/07/2016
Issued: 06/20/2017
Est. Priority Date: 07/07/2016
Status: Active Grant

First Claim

Patent Images

1. A method for accessing a second network associated with a mobile cellular network (MCN) communication system, the method comprising:

requesting a first access point of a MCN communication system based at least in part on a first access point identifier communicated to the MCN communication system;

receiving at a user equipment, a first network identifier associated with the first access point from the MCN communication system;

establishing a first virtual private network tunnel to a first private network based at least in part on the first network identifier and first private network credentials;

receiving a first private network identifier associated with the first private network;

communicating identification data to a provisioning device on the first private network based at least in part on the first private network identifier, wherein the provisioning device communicates the identification data to an authentication device on a distinct private network via a distinct virtual private network tunnel and receives encrypted second network access data from the authentication device;

receiving from the provisioning device the encrypted second network access data;

decrypting the encrypted second network access data to obtain a second access point identifier for a second access point of the MCN communication system, second private network credentials for a second private network, and third private network credentials for a third private network;

terminating the first virtual private network tunnel to the first private network;

requesting the second access point of the communication system based at least in part on the second access point identifier;

receiving a second network identifier associated with the second access point from the MCN communication system;

establishing a second virtual private network tunnel to the second private network based at least in part on the second network identifier and the second private network credentials;

receiving a second private network identifier associated with the second private network;

establishing a third virtual private network tunnel to the third private network based at least in part on the second private network identifier and the third private network credentials, wherein the third private network is accessed via the second private network; and

receiving a third private network identifier associated with the third private network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A UE communicates with a network gateway to access a provisioning device via a provisioning network. The provisioning device uses identification data of the UE to authenticate the UE for a primary network, and provides primary network configuration data to the UE. Using the primary network configuration data, the UE communicates with the network gateway to access the primary network. The primary network configuration data can include data to enable the UE to establish communications with one or more private networks accessible via the primary network.

145 Citations

18 Claims

1. A method for accessing a second network associated with a mobile cellular network (MCN) communication system, the method comprising:
- requesting a first access point of a MCN communication system based at least in part on a first access point identifier communicated to the MCN communication system;
  
  receiving at a user equipment, a first network identifier associated with the first access point from the MCN communication system;
  
  establishing a first virtual private network tunnel to a first private network based at least in part on the first network identifier and first private network credentials;
  
  receiving a first private network identifier associated with the first private network;
  
  communicating identification data to a provisioning device on the first private network based at least in part on the first private network identifier, wherein the provisioning device communicates the identification data to an authentication device on a distinct private network via a distinct virtual private network tunnel and receives encrypted second network access data from the authentication device;
  
  receiving from the provisioning device the encrypted second network access data;
  
  decrypting the encrypted second network access data to obtain a second access point identifier for a second access point of the MCN communication system, second private network credentials for a second private network, and third private network credentials for a third private network;
  
  terminating the first virtual private network tunnel to the first private network;
  
  requesting the second access point of the communication system based at least in part on the second access point identifier;
  
  receiving a second network identifier associated with the second access point from the MCN communication system;
  
  establishing a second virtual private network tunnel to the second private network based at least in part on the second network identifier and the second private network credentials;
  
  receiving a second private network identifier associated with the second private network;
  
  establishing a third virtual private network tunnel to the third private network based at least in part on the second private network identifier and the third private network credentials, wherein the third private network is accessed via the second private network; and
  
  receiving a third private network identifier associated with the third private network.

2. A method for enrolling a mobile device with a second network, the method comprising:
- establishing a wireless network connection to a communication system;
  
  receiving at a user equipment (UE), a first network identifier associated with a first network associated with the communication system;
  
  communicating identification data to a provisioning device accessible via the first network based at least in part on the first network identifier, wherein the provisioning device communicates the identification data to an authentication device and the authentication device authenticates the UE for the second network based at least in part on the identification data;
  
  receiving second network access data from the provisioning device based at least in part on authentication of the UE by the authentication device;
  
  requesting access to a second network associated with the communication system based at least in part on the second network access data;
  
  receiving a second network identifier associated with the second network from the communication system;
  
  establishing a first virtual private network (VPN) tunnel to a first private network based at least in part on the second network identifier and first private network credentials received as at least a portion of the second network access data;
  
  receiving a first private network identifier associated with the first private network;
  
  establishing a second VPN tunnel to a second private network based at least in part on the first private network identifier and second private network credentials received as at least a portion of the second network access data; and
  
  receiving a second private network identifier associated with the second private network.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 3. The method of claim 2, wherein said establishing at least one of the first VPN tunnel to the first private network or the second VPN tunnel to the second private network is further based at least in part on a network connection application received as at least a portion of the second network access data and executing on the UE.
  - 4. The method of claim 2, wherein the provisioning device authenticates the UE for the second network based at least in part on the identification data.
  - 5. The method of claim 2, wherein the provisioning device communicates the identification data to the authentication device using one or more VPN tunnels.
  - 6. The method of claim 2, wherein the provisioning device receives the second network access data from the authentication device and communicates the second network access data to the UE.
  - 7. The method of claim 6, wherein the second network access data is encrypted.
  - 8. The method of claim 7, further comprising decrypting the second network access data, wherein said requesting access to the second network is based at least in part on decrypted second network access data.
  - 9. The method of claim 2, wherein said requesting access to the second network is based at least in part on an access point identifier received as at least a portion of the second network access data and communicated to the communication system.
  - 10. The method of claim 2, further comprising communicating with one or more devices in at least one of the first private network based at least in part on the first private network identifier or the second private network based at least in part on the second private network identifier.
  - 11. The method of claim 2, wherein at least one of the first network identifier, the first private network identifier, the second private network identifier, or the second network identifier comprises an IP address.
  - 12. The method of claim 2, wherein the communication system comprises a mobile cellular network communication system that independently provides a mobile cellular network to a coverage area in which the UE is located.
  - 13. The method of claim 2, further comprising:
    - establishing a third VPN tunnel to a third private network based at least in part on the first network identifier and third private network credentials; and
      
      receiving a third private network identifier associated with the third private network, wherein said communicating identification data to the provisioning device is based at least in part on the third private network identifier.
  - 14. The method of claim 13, further comprising terminating the third VPN tunnel based at least in part on at least one of said receiving the second network access data from the provisioning device or said receiving the second network identifier.
  - 15. The method of claim 13, further comprising at least one of deleting the third private network identifier or discontinuing the use of the third private network identifier based at least in part on at least one of said receiving the second network access data from the provisioning device or said receiving the second network identifier.
  - 16. The method of claim 13, wherein said establishing the third VPN tunnel to the third private network is further based at least in part on a first network connection application executing on the UE.

17. A wireless mobile communication device, comprising:
- a transceiver configured to send and receive wireless data; and
  
  one or more processors in communication with one or more non-transitory computer-readable media comprising computer-executable instructions that when executed by the one or more processors, cause the one or more processors to;
  
  establish a network connection to a communication system,receive a provisioning network identifier associated with a provisioning network associated with the communication system,establish a first virtual private network (VPN) tunnel to a first private network based at least in part on the provisioning network identifier and first private network credentials,communicate identification data to a provisioning device accessible via the provisioning network based at least in part on the provisioning network identifier and the first private network identifier, wherein the provisioning device communicates the identification data to an authentication device via a second VPN tunnel between the provisioning device and the authentication device based at least in part on a second private network identifier associated with the provisioning device, and receives primary network access data from the authentication device,receive the primary network access data from the provisioning device,request access to a primary network associated with the communication system based at least in part on the primary network access data,receive a primary network identifier associated with the primary network from the communication system,establish a third virtual private network tunnel to a third private network based at least in part on the primary network identifier and third private network credentials forming at least a portion of the primary network access data, andreceive a third private network identifier associated with the third private network.
- View Dependent Claims (18)
- - 18. The communication device of claim 17, wherein the primary network access data further comprises fourth private network credentials and the communication device is further configured to:
    - establish a fourth virtual private network tunnel to a fourth private network based at least in part on the third private network identifier and the fourth private network credentials, andreceive a fourth private network identifier associated with the fourth private network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oceus Networks Inc.
Original Assignee
Oceus Networks Inc.
Inventors
Row, II, James Thomas
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US15/204,793
Time in Patent Office

348 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 12/06   Answer-back mechanisms or c...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04W 12/06   Authentication

H04W 12/069   using certificates or pre-s...

H04W 48/16   Discovering, processing acc...

H04W 76/10   Connection setup

H04W 76/12   Setup of transport tunnels

Secure network enrollment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

145 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure network enrollment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

145 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links