Methods for secured SCEP enrollment for client devices and devices thereof
First Claim
1. A method for secured SCEP enrollment for client devices implemented by a network traffic management system comprising one or more network traffic apparatuses, client devices, or server devices, the method comprising:
- receiving an encrypted certificate signing request and an encrypted device key from an enrolled mobile device, the encrypted certificate signing request and the encrypted device key being encrypted separately with different cryptographic keys;
decrypting the received encrypted device key to generate a decrypted device key without decrypting the encrypted certificate signing request;
forwarding the received encrypted certificate signing request to a simple certificate enrollment protocol server upon determining the decrypted device key is present in stored data and is being used only once;
receiving a signed device certificate from the simple certificate enrollment protocol server as a response to the forwarded encrypted certificate signing request; and
completing a secured simple certificate enrollment protocol enrollment by forwarding the signed device certificate to the enrolled mobile device.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, non-transitory computer readable media, and mobile application manager apparatus that assists secured SCEP enrollment of client devices includes receiving a certificate signing request and an encrypted device key from an enrolled mobile device. The received certificate signing request is forwarded to a simple certificate enrollment protocol server upon determining a validity of the received encrypted device key. A signed device certificate is received from the simple certificate enrollment protocol server as a response to the forwarded certificate signing request. The secured simple certificate enrollment protocol enrollment is completed forwarding the signed device certificate to the enrolled mobile device.
958 Citations
22 Claims
-
1. A method for secured SCEP enrollment for client devices implemented by a network traffic management system comprising one or more network traffic apparatuses, client devices, or server devices, the method comprising:
-
receiving an encrypted certificate signing request and an encrypted device key from an enrolled mobile device, the encrypted certificate signing request and the encrypted device key being encrypted separately with different cryptographic keys; decrypting the received encrypted device key to generate a decrypted device key without decrypting the encrypted certificate signing request; forwarding the received encrypted certificate signing request to a simple certificate enrollment protocol server upon determining the decrypted device key is present in stored data and is being used only once; receiving a signed device certificate from the simple certificate enrollment protocol server as a response to the forwarded encrypted certificate signing request; and completing a secured simple certificate enrollment protocol enrollment by forwarding the signed device certificate to the enrolled mobile device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable medium having stored thereon instructions for secured SCEP enrollment for client devices comprising executable code which when executed by one or more processors, causes the processors to:
-
receive an encrypted certificate signing request and an encrypted device key from an enrolled mobile device, the encrypted certificate signing request and the encrypted device key being encrypted separately with different cryptographic keys; decrypt the received encrypted device key to generate a decrypted device key without decrypting the encrypted certificate signing request; forward the received encrypted certificate signing request to a simple certificate enrollment protocol server upon determining the decrypted device key is present in stored data and is being used only once; receive a signed device certificate from the simple certificate enrollment protocol server as a response to the forwarded encrypted certificate signing request; and complete a secured simple certificate enrollment protocol enrollment by forwarding the signed device certificate to the enrolled mobile device. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A mobile application manager apparatus, comprising memory comprising programmed instructions stored in the memory and one or more processors configured to be capable of executing the programmed instructions stored in the memory to:
-
receive an encrypted certificate signing request and an encrypted device key from an enrolled mobile device, the encrypted certificate signing request and the encrypted device key being encrypted separately with different cryptographic keys; decrypt the received encrypted device key to generate a decrypted device key without decrypting the encrypted certificate signing request; forward the received encrypted certificate signing request to a simple certificate enrollment protocol server upon determining the decrypted device key is present in stored data and is being used only once; receive a signed device certificate from the simple certificate enrollment protocol server as a response to the forwarded encrypted certificate signing request; and complete a secured simple certificate enrollment protocol enrollment by forwarding the signed device certificate to the enrolled mobile device. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A network traffic management system, comprising one or more traffic management apparatuses, client devices, or server devices, the network traffic management system comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to:
-
receive an encrypted certificate signing request and an encrypted device key from an enrolled mobile device, the encrypted certificate signing request and the encrypted device key being encrypted separately with different cryptographic keys; decrypt the received encrypted device key to generate a decrypted device key without decrypting the encrypted certificate signing request; forward the received encrypted certificate signing request to a simple certificate enrollment protocol server upon determining the decrypted device key is present in stored data and is being used only once; receive a signed device certificate from the simple certificate enrollment protocol server as a response to the forwarded encrypted certificate signing request; and complete a secured simple certificate enrollment protocol enrollment by forwarding the signed device certificate to the enrolled mobile device. - View Dependent Claims (19, 20, 21, 22)
-
Specification