On-line signup server for provisioning of certificate credentials to wireless devices
First Claim
Patent Images
1. A non-transitory computer-readable storage medium that stores instructions for execution by one or more processors to perform operations for operating an online signup (OSU) server in a wireless network, the operations to configure the OSU to:
- receive a request from a device in the wireless network to initiate an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) connection;
perform a certificate enrollment on behalf of the device to enroll a credential; and
provide, subsequent to the certificate enrollment, a device management (DM) package 4 message including a management object that includes subscription parameters, wherein the subscription parameters include a parameter to indicate the date on which the credential was created or last updated, and a parameter to indicate a realm associated with the credential.
0 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of a mobile device and method for secure online sign-up and provisioning of credentials for Wi-Fi hotspots are generally described herein. In some embodiments, provisioning occurs using a service set identifier (SSID) to associate with a hotspot and retrieve a virtual LAN (VLAN) identifier. The VLAN identifier is used to complete the signup and provisioning process. In some embodiments, a hotspot may implement a primary SSID and a dependent SSID. The mobile device associates with the hotspot using the dependent SSID to perform the secure online signup and provisioning process. Once credentials are obtained using the signup and provisioning process, the device can connect to the hotspot using the primary SSID and the already provisioned credentials. The provisioned credentials may include certificates, username/password, or SIM-type credentials.
-
Citations
10 Claims
-
1. A non-transitory computer-readable storage medium that stores instructions for execution by one or more processors to perform operations for operating an online signup (OSU) server in a wireless network, the operations to configure the OSU to:
-
receive a request from a device in the wireless network to initiate an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) connection; perform a certificate enrollment on behalf of the device to enroll a credential; and provide, subsequent to the certificate enrollment, a device management (DM) package 4 message including a management object that includes subscription parameters, wherein the subscription parameters include a parameter to indicate the date on which the credential was created or last updated, and a parameter to indicate a realm associated with the credential. - View Dependent Claims (2)
-
-
3. The non-transitory computer-readable storage medium of claim wherein the subscription parameters include a digital certificate type for the credential, and wherein the digital certificate type includes a value selected from a list including “
- 802.1ar” and
“
x509v3”
.
- 802.1ar” and
-
4. An apparatus including one or more processors, the one or more processors having logic to:
-
receive a request from a requesting apparatus to initiate an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) connection; perform a certificate enrollment on behalf of the requesting apparatus to enroll a credential; and provide, subsequent to the certificate-enrollment, a device management (DM) package 4 message including a management object that includes subscription parameters, wherein the subscription parameters include a parameter to indicate the date on which the credential was created or last updated, and a parameter to indicate a realm associated with the credential. - View Dependent Claims (5, 6, 7)
-
-
8. A method performed by an online signup (OSU) server in a wireless communication network, the method comprising:
-
receiving a request from a device in the wireless communication network to initiate an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) connection; performing a certificate enrollment with the device to enroll a credential; and providing, subsequent to the certificate-enrollment, a device management (DM) package 4 message including a management object that includes subscription parameters, wherein the subscription parameters include a parameter to indicate the date on which the credential was created or last updated, and a parameter to indicate a realm associated with the credential. - View Dependent Claims (9, 10)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIntel Corporation
-
Original AssigneeIntel Corporation
-
InventorsGupta, Vivek G., Canpolat, Necati
-
Primary Examiner(s)Taha, Shaq
-
Application NumberUS15/495,404Publication NumberTime in Patent Office407 DaysField of SearchUS Class CurrentCPC Class CodesH04L 63/061 for key exchange, e.g. in p...H04L 63/0823 using certificates cryptogr...H04L 63/083 using passwords cryptograph...H04L 63/0876 based on the identity of th...H04L 63/0884 by delegation of authentica...H04L 63/0892 by using authentication-aut...H04L 63/107 wherein the security polici...H04L 63/108 when the policy decisions a...H04L 63/166 at the transport layerH04L 9/0643 Hash functions, e.g. MD5, S...H04L 9/0847 involving identity based en...H04L 9/3239 involving non-keyed hash fu...H04L 9/3263 involving certificates, e.g...H04W 12/04 Key management, e.g. using ...H04W 12/0431 Key distribution or pre-dis...H04W 12/08 Access securityH04W 12/73 Access point logical identityH04W 4/50 Service provisioning or rec...H04W 84/12 WLAN [Wireless Local Area N...
