Using derived credentials for enrollment with enterprise mobile device management services

US 10,285,056 B2
Filed: 04/10/2017
Issued: 05/07/2019
Est. Priority Date: 09/25/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

requesting, by a mobile computing device and using an enrollment application operating on the mobile computing device, configuration information for a device management server from an automatic discovery service;

receiving, by the mobile computing device, a message comprising the configuration information for the device management server from the automatic discovery service;

sending, by the mobile computing device and using the enrollment application, an enrollment request message to device management server, wherein the enrollment request message comprises the configuration information;

switching control, by the mobile computing device, from the enrollment application to a certificate management system application operating on the mobile computing device;

requesting, by the mobile computing device and using the certificate management system application, a derived credential from a certificate management system server;

storing, by the mobile computing device and using the certificate management system application, the derived credential in a shared vault on the mobile computing device;

retrieving, by the mobile computing device and using the enrollment application, the derived credential from the shared vault; and

providing, by the mobile computing device using the enrollment application and to the device management server, the derived credential to enroll the mobile computing device with at least one mobile device management service provided by the device management server wherein the derived credential comprises a first derived credential relating to mobile device management enrollment and a second derived credential relating to mobile application management enrollment.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer-readable media for using derived credentials to enroll a mobile computing device with an enterprise mobile device management system are described herein. In various embodiments, a mobile computing device, responsive to a command to enroll with an enterprise mobile device management server, may launch an enrollment application; send an enrollment request message to the enterprise mobile device management server; switch to a certificate management system application on the mobile computing device; request one or more derived credentials from a certificate management system server; store the one or more derived credentials in a shared vault on the mobile computing device; switch to the enrollment application; retrieve a derived credential of the one or more derived credentials stored in the shared vault; and, provide the derived credential to the enterprise mobile device management server to enroll the mobile computing device with at least one mobile device management service.

18 Citations

18 Claims

1. A method comprising:
- requesting, by a mobile computing device and using an enrollment application operating on the mobile computing device, configuration information for a device management server from an automatic discovery service;
  
  receiving, by the mobile computing device, a message comprising the configuration information for the device management server from the automatic discovery service;
  
  sending, by the mobile computing device and using the enrollment application, an enrollment request message to device management server, wherein the enrollment request message comprises the configuration information;
  
  switching control, by the mobile computing device, from the enrollment application to a certificate management system application operating on the mobile computing device;
  
  requesting, by the mobile computing device and using the certificate management system application, a derived credential from a certificate management system server;
  
  storing, by the mobile computing device and using the certificate management system application, the derived credential in a shared vault on the mobile computing device;
  
  retrieving, by the mobile computing device and using the enrollment application, the derived credential from the shared vault; and
  
  providing, by the mobile computing device using the enrollment application and to the device management server, the derived credential to enroll the mobile computing device with at least one mobile device management service provided by the device management server wherein the derived credential comprises a first derived credential relating to mobile device management enrollment and a second derived credential relating to mobile application management enrollment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - receiving a password from a user of the mobile computing device;
      
      generating a password validation value based on the received password;
      
      storing the password validation value in the shared vault on the mobile computing device; and
      
      providing the password to the certificate management system application.
  - 3. The method of claim 2, further comprising:
    - encrypting the derived credential based on the password prior to storing the derived credential in the shared vault.
  - 4. The method of claim 3, wherein encrypting the derived credential comprises using a private/public key pair.
  - 5. The method of claim 2, further comprising:
    - validating the password to the certificate management system application based on the password validation value.
  - 6. The method of claim 5, further comprising validating the password using password complexity validation rules.
  - 7. The method of claim 1, further comprising receiving, from the device management server, a message identifying the certificate management system application on the mobile computing device.
  - 8. The method of claim 1, further comprising:
    - receiving policies and applications from the device management server after completion of an enrollment process.
  - 9. The method of claim 1, further comprising:
    - authenticating the certificate management system application with the certificate management system server.
  - 10. The method of claim 1, further comprising:
    - switching, by the mobile computing device and based on storing the derived credential, to the enrollment application from the certificate management system application.

11. A device comprising:
- one or more processors; and
  
  memory storing computer executable instructions that, when executed by one or more processors, cause the device to;
  
  request, by the device and using an enrollment application operating on the device, configuration information for a device management server from an automatic discovery service;
  
  receive, by the device, a message comprising the configuration information for the device management server from the automatic discovery service;
  
  send, by the device and using the enrollment application, an enrollment request message to device management server, wherein the enrollment request message comprises the configuration information;
  
  switch control, by the device, from the enrollment application to a certificate management system application operating on the device;
  
  request, by the device and using the certificate management system application, a derived credential from a certificate management system server;
  
  store, by the device and using the certificate management system application, the derived credential in a shared vault on the device;
  
  retrieve, by the device and using the enrollment application, the derived credential from the shared vault; and
  
  provide, by the device using the enrollment application and to the device management server, the derived credential to enroll the device with at least one mobile device management service provided by the device management server, wherein the derived credential comprises a first derived credential relating to mobile device management enrollment and a second derived credential relating to mobile application management enrollment.
- View Dependent Claims (12, 13, 14)
- - 12. The device of claim 11, wherein the executable instructions further cause the device to receive, from the device management server, a message identifying the certificate management system application on the device.
  - 13. The device of claim 11, wherein the executable instructions further cause the device to receive policies and applications from the device management server after completion of an enrollment process.
  - 14. The device of claim 11, wherein the executable instructions further cause the device to authenticate the certificate management system application with the certificate management system server.

15. A non-transitory computer-readable medium storing computer-executable instructions that, when executed by a computer system, cause the computer system to perform a method comprising:
- requesting, by the computer system and using an enrollment application operating on the computer system, configuration information for a device management server from an automatic discovery service;
  
  receiving, by the computer system, a message comprising the configuration information for the device management server from the automatic discovery service;
  
  sending, by the computer system and using the enrollment application, an enrollment request message to device management server, wherein the enrollment request message comprises the configuration information;
  
  switching control, by the computer system, from the enrollment application to a certificate management system application operating on the computer system;
  
  requesting, by the computer system and using the certificate management system application, a derived credential from a certificate management system server;
  
  storing, by the computer system and using the certificate management system application, the derived credential in a shared vault on the computing system;
  
  retrieving, by the computer system and using the enrollment application, the derived credential from the shared vault; and
  
  providing, by the computer system using the enrollment application and to the device management server, the derived credential to enroll the computer system with at least one mobile device management service provided by the device management server, wherein the derived credential comprises a first derived credential relating to mobile device management enrollment and a second derived credential relating to mobile application management enrollment.
- View Dependent Claims (16, 17, 18)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the computer-executable instructions cause the computer system to further perform receiving, from the device management server, a message identifying the certificate management system application on the computer system.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the computer-executable instructions cause the computer system to further perform receiving policies and applications from the device management server after completion of an enrollment process.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the computer-executable instructions cause the computer system to further perform authenticating the certificate management system application with the certificate management system server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Mistry, Shaunak, Aftab, Younus
Primary Examiner(s)
Shayanfar, Ali

Application Number

US15/483,076
Publication Number

US 20180049026A1
Time in Patent Office

757 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 67/141   Setup of application sessio...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

Using derived credentials for enrollment with enterprise mobile device management services

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Using derived credentials for enrollment with enterprise mobile device management services

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links