Secure network enrollment
First Claim
Patent Images
1. A method for accessing a second network associated with a mobile cellular network (MCN) communication system, the method comprising:
- requesting a first access point of a MCN communication system based at least in part on a first access point identifier communicated to the MCN communication system;
receiving at a user equipment, a first network identifier associated with the first access point from the MCN communication system;
establishing a first virtual private network tunnel to a first private network based at least in part on the first network identifier and first private network credentials;
receiving a first private network identifier associated with the first private network;
communicating identification data to a provisioning device on the first private network based at least in part on the first private network identifier, wherein the provisioning device communicates the identification data to an authentication device on a distinct private network via a distinct virtual private network tunnel and receives encrypted second network access data from the authentication device;
receiving from the provisioning device the encrypted second network access data;
decrypting the encrypted second network access data to obtain a second access point identifier for a second access point of the MCN communication system, second private network credentials for a second private network, and third private network credentials for a third private network;
terminating the first virtual private network tunnel to the first private network;
requesting the second access point of the communication system based at least in part on the second access point identifier;
receiving a second network identifier associated with the second access point from the MCN communication system;
establishing a second virtual private network tunnel to the second private network based at least in part on the second network identifier and the second private network credentials;
receiving a second private network identifier associated with the second private network;
establishing a third virtual private network tunnel to the third private network based at least in part on the second private network identifier and the third private network credentials, wherein the third private network is accessed via the second private network; and
receiving a third private network identifier associated with the third private network.
2 Assignments
0 Petitions
Accused Products
Abstract
A UE communicates with a network gateway to access a provisioning device via a provisioning network. The provisioning device uses identification data of the UE to authenticate the UE for a primary network, and provides primary network configuration data to the UE. Using the primary network configuration data, the UE communicates with the network gateway to access the primary network. The primary network configuration data can include data to enable the UE to establish communications with one or more private networks accessible via the primary network.
145 Citations
18 Claims
-
1. A method for accessing a second network associated with a mobile cellular network (MCN) communication system, the method comprising:
-
requesting a first access point of a MCN communication system based at least in part on a first access point identifier communicated to the MCN communication system; receiving at a user equipment, a first network identifier associated with the first access point from the MCN communication system; establishing a first virtual private network tunnel to a first private network based at least in part on the first network identifier and first private network credentials; receiving a first private network identifier associated with the first private network; communicating identification data to a provisioning device on the first private network based at least in part on the first private network identifier, wherein the provisioning device communicates the identification data to an authentication device on a distinct private network via a distinct virtual private network tunnel and receives encrypted second network access data from the authentication device; receiving from the provisioning device the encrypted second network access data; decrypting the encrypted second network access data to obtain a second access point identifier for a second access point of the MCN communication system, second private network credentials for a second private network, and third private network credentials for a third private network; terminating the first virtual private network tunnel to the first private network; requesting the second access point of the communication system based at least in part on the second access point identifier; receiving a second network identifier associated with the second access point from the MCN communication system; establishing a second virtual private network tunnel to the second private network based at least in part on the second network identifier and the second private network credentials; receiving a second private network identifier associated with the second private network; establishing a third virtual private network tunnel to the third private network based at least in part on the second private network identifier and the third private network credentials, wherein the third private network is accessed via the second private network; and receiving a third private network identifier associated with the third private network.
-
-
2. A method for enrolling a mobile device with a second network, the method comprising:
-
establishing a wireless network connection to a communication system; receiving at a user equipment (UE), a first network identifier associated with a first network associated with the communication system; communicating identification data to a provisioning device accessible via the first network based at least in part on the first network identifier, wherein the provisioning device communicates the identification data to an authentication device and the authentication device authenticates the UE for the second network based at least in part on the identification data; receiving second network access data from the provisioning device based at least in part on authentication of the UE by the authentication device; requesting access to a second network associated with the communication system based at least in part on the second network access data; receiving a second network identifier associated with the second network from the communication system; establishing a first virtual private network (VPN) tunnel to a first private network based at least in part on the second network identifier and first private network credentials received as at least a portion of the second network access data; receiving a first private network identifier associated with the first private network; establishing a second VPN tunnel to a second private network based at least in part on the first private network identifier and second private network credentials received as at least a portion of the second network access data; and receiving a second private network identifier associated with the second private network. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A wireless mobile communication device, comprising:
-
a transceiver configured to send and receive wireless data; and one or more processors in communication with one or more non-transitory computer-readable media comprising computer-executable instructions that when executed by the one or more processors, cause the one or more processors to; establish a network connection to a communication system, receive a provisioning network identifier associated with a provisioning network associated with the communication system, establish a first virtual private network (VPN) tunnel to a first private network based at least in part on the provisioning network identifier and first private network credentials, communicate identification data to a provisioning device accessible via the provisioning network based at least in part on the provisioning network identifier and the first private network identifier, wherein the provisioning device communicates the identification data to an authentication device via a second VPN tunnel between the provisioning device and the authentication device based at least in part on a second private network identifier associated with the provisioning device, and receives primary network access data from the authentication device, receive the primary network access data from the provisioning device, request access to a primary network associated with the communication system based at least in part on the primary network access data, receive a primary network identifier associated with the primary network from the communication system, establish a third virtual private network tunnel to a third private network based at least in part on the primary network identifier and third private network credentials forming at least a portion of the primary network access data, and receive a third private network identifier associated with the third private network. - View Dependent Claims (18)
-
Specification