Using derived credentials for enrollment with enterprise mobile device management services
First Claim
1. A method comprising:
- requesting, by a mobile computing device and using an enrollment application operating on the mobile computing device, configuration information for a device management server from an automatic discovery service;
receiving, by the mobile computing device, a message comprising the configuration information for the device management server from the automatic discovery service;
sending, by the mobile computing device and using the enrollment application, an enrollment request message to device management server, wherein the enrollment request message comprises the configuration information;
switching control, by the mobile computing device, from the enrollment application to a certificate management system application operating on the mobile computing device;
requesting, by the mobile computing device and using the certificate management system application, a derived credential from a certificate management system server;
storing, by the mobile computing device and using the certificate management system application, the derived credential in a shared vault on the mobile computing device;
retrieving, by the mobile computing device and using the enrollment application, the derived credential from the shared vault; and
providing, by the mobile computing device using the enrollment application and to the device management server, the derived credential to enroll the mobile computing device with at least one mobile device management service provided by the device management server wherein the derived credential comprises a first derived credential relating to mobile device management enrollment and a second derived credential relating to mobile application management enrollment.
7 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer-readable media for using derived credentials to enroll a mobile computing device with an enterprise mobile device management system are described herein. In various embodiments, a mobile computing device, responsive to a command to enroll with an enterprise mobile device management server, may launch an enrollment application; send an enrollment request message to the enterprise mobile device management server; switch to a certificate management system application on the mobile computing device; request one or more derived credentials from a certificate management system server; store the one or more derived credentials in a shared vault on the mobile computing device; switch to the enrollment application; retrieve a derived credential of the one or more derived credentials stored in the shared vault; and, provide the derived credential to the enterprise mobile device management server to enroll the mobile computing device with at least one mobile device management service.
18 Citations
18 Claims
-
1. A method comprising:
-
requesting, by a mobile computing device and using an enrollment application operating on the mobile computing device, configuration information for a device management server from an automatic discovery service; receiving, by the mobile computing device, a message comprising the configuration information for the device management server from the automatic discovery service; sending, by the mobile computing device and using the enrollment application, an enrollment request message to device management server, wherein the enrollment request message comprises the configuration information; switching control, by the mobile computing device, from the enrollment application to a certificate management system application operating on the mobile computing device; requesting, by the mobile computing device and using the certificate management system application, a derived credential from a certificate management system server; storing, by the mobile computing device and using the certificate management system application, the derived credential in a shared vault on the mobile computing device; retrieving, by the mobile computing device and using the enrollment application, the derived credential from the shared vault; and providing, by the mobile computing device using the enrollment application and to the device management server, the derived credential to enroll the mobile computing device with at least one mobile device management service provided by the device management server wherein the derived credential comprises a first derived credential relating to mobile device management enrollment and a second derived credential relating to mobile application management enrollment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A device comprising:
-
one or more processors; and memory storing computer executable instructions that, when executed by one or more processors, cause the device to; request, by the device and using an enrollment application operating on the device, configuration information for a device management server from an automatic discovery service; receive, by the device, a message comprising the configuration information for the device management server from the automatic discovery service; send, by the device and using the enrollment application, an enrollment request message to device management server, wherein the enrollment request message comprises the configuration information; switch control, by the device, from the enrollment application to a certificate management system application operating on the device; request, by the device and using the certificate management system application, a derived credential from a certificate management system server; store, by the device and using the certificate management system application, the derived credential in a shared vault on the device; retrieve, by the device and using the enrollment application, the derived credential from the shared vault; and provide, by the device using the enrollment application and to the device management server, the derived credential to enroll the device with at least one mobile device management service provided by the device management server, wherein the derived credential comprises a first derived credential relating to mobile device management enrollment and a second derived credential relating to mobile application management enrollment. - View Dependent Claims (12, 13, 14)
-
-
15. A non-transitory computer-readable medium storing computer-executable instructions that, when executed by a computer system, cause the computer system to perform a method comprising:
-
requesting, by the computer system and using an enrollment application operating on the computer system, configuration information for a device management server from an automatic discovery service; receiving, by the computer system, a message comprising the configuration information for the device management server from the automatic discovery service; sending, by the computer system and using the enrollment application, an enrollment request message to device management server, wherein the enrollment request message comprises the configuration information; switching control, by the computer system, from the enrollment application to a certificate management system application operating on the computer system; requesting, by the computer system and using the certificate management system application, a derived credential from a certificate management system server; storing, by the computer system and using the certificate management system application, the derived credential in a shared vault on the computing system; retrieving, by the computer system and using the enrollment application, the derived credential from the shared vault; and providing, by the computer system using the enrollment application and to the device management server, the derived credential to enroll the computer system with at least one mobile device management service provided by the device management server, wherein the derived credential comprises a first derived credential relating to mobile device management enrollment and a second derived credential relating to mobile application management enrollment. - View Dependent Claims (16, 17, 18)
-
Specification