Secure network enrollment

US 9,912,640 B2
Filed: 06/07/2017
Issued: 03/06/2018
Est. Priority Date: 07/07/2016
Status: Active Grant

First Claim

Patent Images

1. A method for enrolling a mobile device with a second network, the method comprising:

establishing a wireless network connection to a communication system;

receiving at a user equipment (UE), a first network identifier associated with a first network associated with the communication system;

communicating identification data to a provisioning device accessible via the first network based at least in part on the first network identifier;

receiving second network access data from the provisioning device, the second network access data including a first private network credential and a second private network credential;

requesting access to a second network associated with the communication system based at least in part on the second network access data;

receiving a second network identifier associated with the second network from the communication system;

establishing a first virtual private network (VPN) tunnel to a first private network based at least in part on the second network identifier and the first private network credential;

receiving a first private network identifier associated with the first private network;

establishing a second VPN tunnel to a second private network based at least in part on the first private network identifier and the second private network credential; and

receiving a second private network identifier associated with the second private network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A UE communicates with a network gateway to access a provisioning device via a provisioning network. The provisioning device uses identification data of the UE to authenticate the UE for a primary network, and provides primary network configuration data to the UE. Using the primary network configuration data, the UE communicates with the network gateway to access the primary network. The primary network configuration data can include data to enable the UE to establish communications with one or more private networks accessible via the primary network.

Citations

27 Claims

1. A method for enrolling a mobile device with a second network, the method comprising:
- establishing a wireless network connection to a communication system;
  
  receiving at a user equipment (UE), a first network identifier associated with a first network associated with the communication system;
  
  communicating identification data to a provisioning device accessible via the first network based at least in part on the first network identifier;
  
  receiving second network access data from the provisioning device, the second network access data including a first private network credential and a second private network credential;
  
  requesting access to a second network associated with the communication system based at least in part on the second network access data;
  
  receiving a second network identifier associated with the second network from the communication system;
  
  establishing a first virtual private network (VPN) tunnel to a first private network based at least in part on the second network identifier and the first private network credential;
  
  receiving a first private network identifier associated with the first private network;
  
  establishing a second VPN tunnel to a second private network based at least in part on the first private network identifier and the second private network credential; and
  
  receiving a second private network identifier associated with the second private network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein said establishing the first VPN tunnel to the first private network is further based at least in part on a network connection application received as at least a portion of the second network access data and executing on the UE.
  - 3. The method of claim 1, wherein the provisioning device communicates the identification data to an authentication device, wherein the authentication device authenticates the UE for the second network based at least in part on the identification data.
  - 4. The method of claim 3, wherein the provisioning device communicates the identification data to the authentication device using one or more VPN tunnels.
  - 5. The method of claim 3, wherein the provisioning device receives the second network access data from the authentication device and communicates the second network access data to the UE.
  - 6. The method of claim 5, wherein the second network access data is encrypted.
  - 7. The method of claim 6, further comprising decrypting the second network access data, wherein said requesting access to the second network is based at least in part on decrypted second network access data.
  - 8. The method of claim 1, wherein said requesting access to the second network is based at least in part on an access point identifier received as at least a portion of the second network access data and communicated to the communication system.
  - 9. The method of claim 1, wherein at least one of the first network identifier, the first private network identifier, the second network identifier, or the second private network identifier comprises an IP address.
  - 10. The method of claim 1, wherein the communication system comprises a mobile cellular network communication system that independently provides a mobile cellular network to a coverage area in which the UE is located.

11. A method for enrolling a mobile device with a second network, the method comprising:
- establishing a wireless network connection to a communication system;
  
  receiving at a user equipment (UE), a first network identifier associated with a first network associated with the communication system;
  
  establishing a first virtual private network (VPN) tunnel to a first private network based at least in part on the first network identifier and first private network credentials;
  
  receiving a first private network identifier associated with the first private network;
  
  communicating identification data to a provisioning device accessible via the first network based at least in part on the first network identifier and the first private network identifier;
  
  receiving second network access data from the provisioning device;
  
  requesting access to a second network associated with the communication system based at least in part on the second network access data;
  
  receiving a second network identifier associated with the second network from the communication system;
  
  deleting or discontinuing the use of the first network identifier based at least in part on at least one of said receiving the second network access data from the provisioning device or said receiving the second network identifier;
  
  establishing a second VPN tunnel to a second private network based at least in part on the second network identifier; and
  
  receiving a second private network identifier associated with the second private network.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, further comprising:
    - establishing a third VPN tunnel to a third private network based at least in part on the second private network identifier and third private network credentials, the third private network credentials forming at least a portion of the second network access data; and
      
      receiving a third private network identifier associated with the third private network.
  - 13. The method of claim 11, wherein the provisioning device communicates the identification data to an authentication device, wherein the authentication device authenticates the UE for the second network based at least in part on the identification data.
  - 14. The method of claim 13, wherein the provisioning device communicates the identification data to the authentication device using one or more VPN tunnels.
  - 15. The method of claim 13, wherein the provisioning device receives the second network access data from the authentication device and communicates the second network access data to the UE.
  - 16. The method of claim 11, wherein the communication system comprises a mobile cellular network communication system that independently provides a mobile cellular network to a coverage area in which the UE is located.

17. A system for enrolling a mobile device with a second network, the system comprising one or more processors configured to:
- establish a wireless network connection to a communication system;
  
  receive at a user equipment (UE), a first network identifier associated with a first network associated with the communication system;
  
  communicate identification data to a provisioning device accessible via the first network based at least in part on the first network identifier;
  
  receive second network access data from the provisioning device, the second network access data including a first private network credential and a second private network credential;
  
  request access to a second network associated with the communication system based at least in part on the second network access data;
  
  receive a second network identifier associated with the second network from the communication system;
  
  establish a first virtual private network (VPN) tunnel to a first private network based at least in part on the second network identifier and the first private network credential;
  
  receive a first private network identifier associated with the private network;
  
  establish a second VPN tunnel to a second private network based at least in part on the first private network identifier and the second private network credential; and
  
  receive a second private network identifier associated with the second private network.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The system of claim 17, wherein the provisioning device communicates the identification data to an authentication device, wherein the authentication device authenticates the UE for the second network based at least in part on the identification data.
  - 19. The system of claim 18, wherein the provisioning device communicates the identification data to the authentication device using one or more VPN tunnels.
  - 20. The system of claim 18, wherein the provisioning device receives the second network access data from the authentication device and communicates the second network access data to the UE.
  - 21. The system of claim 20, wherein the second network access data is encrypted.
  - 22. The system of claim 17, wherein the system comprises a mobile cellular network communication system that independently provides a mobile cellular network to a coverage area in which the UE is located.

23. A system for enrolling a mobile device with a second network, the system comprising one or more processors configured to:
- establish a wireless network connection to a communication system;
  
  receive at a user equipment (UE), a first network identifier associated with a first network associated with the communication system;
  
  establish a first virtual private network (VPN) tunnel to a first private network based at least in part on the first network identifier and first private network credentials;
  
  receive a first private network identifier associated with the first private network;
  
  communicate identification data to a provisioning device accessible via the first network based at least in part on the first network identifier and the first private network identifier;
  
  receive second network access data from the provisioning device;
  
  request access to a second network associated with the communication system based at least in part on the second network access data;
  
  receive a second network identifier associated with the second network from the communication system;
  
  delete or discontinue the use of the first network identifier based at least in part on at least one of receipt of the second network access data from the provisioning device or receipt of the second network identifier;
  
  establish a second VPN tunnel to a second private network based at least in part on the second network identifier; and
  
  receive a second private network identifier associated with the private network.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The system of claim 23, wherein the one or more processors are further configured to:
    - establish a third VPN tunnel to a third private network based at least in part on the second private network identifier and third private network credentials, the third private network credentials forming at least a portion of the second network access data; and
      
      receive a third private network identifier associated with the third private network.
  - 25. The system of claim 23, wherein the provisioning device communicates the identification data to an authentication device, wherein the authentication device authenticates the UE for the second network based at least in part on the identification data.
  - 26. The system of claim 25, wherein the provisioning device communicates the identification data to the authentication device using one or more VPN tunnels.
  - 27. The system of claim 23, wherein the system comprises a mobile cellular network communication system that independently provides a mobile cellular network to a coverage area in which the UE is located.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oceus Networks Inc.
Original Assignee
Oceus Networks Inc.
Inventors
Row, II, James Thomas
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US15/616,190
Publication Number

US 20180013724A1
Time in Patent Office

272 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/06   Answer-back mechanisms or c...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04W 12/06   Authentication

H04W 12/069   using certificates or pre-s...

H04W 48/16   Discovering, processing acc...

H04W 76/10   Connection setup

H04W 76/12   Setup of transport tunnels

Secure network enrollment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Secure network enrollment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links