Method and apparatus for distributing authorization to provision mobile devices on a wireless network
First Claim
Patent Images
1. A method comprising:
- operating a first provisioning system authorized to provision a processing device on a network, wherein the provisioning system is within a trusted environment; and
using the first provisioning system to authorize a second provisioning system outside the trusted environment to provision the processing device.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for distributing authorization to provision devices on a wireless network are described. A primary trusted provisioning domain (TPD) operating within a trusted environment established by the wireless carrier'"'"'s firewall can provision the mobile devices. The primary TPD may distribute the authorization to provision one or more of the mobile devices to one or more secondary TPDs operating outside the trusted environment. Digital signatures may be used to authenticate provisioning requests from TPDs.
146 Citations
55 Claims
-
1. A method comprising:
-
operating a first provisioning system authorized to provision a processing device on a network, wherein the provisioning system is within a trusted environment; and
using the first provisioning system to authorize a second provisioning system outside the trusted environment to provision the processing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
operating a primary trusted provisioning domain (TPD); and
using the primary TPD to provision a mobile device on a wireless network by sending a provisioning message to the mobile device, the provisioning message specifying a secondary TPD authorized to provision the mobile device and an identifier of one or more parameters which the secondary TPD is authorized to provision. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method comprising:
-
operating a primary provisioning server within a predefined trusted environment, the primary provisioning server having authorization to provision a plurality of mobile devices on a wireless network;
using the primary provisioning server to provision a digital certificate of the primary provisioning server in each of the mobile devices;
using the primary provisioning server to provision a digital certificate of a secondary provisioning server in the mobile devices, wherein the secondary provisioning server is on a second network outside the trusted environment; and
using the primary provisioning server to provision the mobile devices with information indicating to the mobile devices authorization of the secondary provisioning server to provision the mobile devices. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
-
27. A provisioning system comprising:
-
a processor;
a data communication device coupled to the processor to communicate data with one or more remote systems; and
a memory coupled to the processor and storing instructions for execution by the processor to cause the provisioning system to provision a mobile device on a wireless network by sending a provisioning message to the mobile device, the provisioning message specifying a second provisioning system authorized to provision the mobile device and an identifier of one or more parameters which the second provisioning system is authorized to provision. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A machine-readable program storage medium storing instructions which, when executed in a processing system, configure the processing system to operate as a primary provisioning server within a predefined trusted environment, the primary provisioning server having authorization to provision a plurality of mobile devices on a wireless network, such that the instructions configure the processing system to execute a process comprising:
-
provisioning a digital certificate of the primary provisioning server in each of the mobile devices;
provisioning a digital certificate of a secondary provisioning server in the mobile devices, wherein the secondary provisioning server operates outside the trusted environment; and
provisioning the mobile devices with information indicating to the mobile devices authorization of the secondary provisioning server to provision the mobile devices. - View Dependent Claims (33, 34, 35, 36, 37, 38)
-
-
39. An apparatus comprising:
-
means for operating a first provisioning system authorized to provision a processing device on a network, wherein the provisioning system is within a trusted environment; and
means for using the first provisioning system to authorize a second provisioning system outside the trusted environment to provision the processing device.
-
-
40. A method of operating a mobile device on a wireless network, the method comprising:
-
receiving a provisioning message from a first trusted provisioning domain (TPD), the provisioning message specifying a second TPD and indicating a parameter which the second TPD is authorized to provision in the mobile device;
storing information identifying the second TPD and the parameter in response to the provisioning message; and
provisioning the parameter in the mobile device in response to a provisioning message from the second TPD. - View Dependent Claims (41, 42, 43)
-
-
44. A method of operating a mobile device on a wireless network, the method comprising:
-
receiving a provisioning message from a remote source, the provisioning message specifying a parameter;
determining whether the remote source is a primary trusted provisioning domain (TPD);
if the remote source is the primary TPD, provisioning the parameter in the mobile device in response to the provisioning message;
if the remote source is not the primary TPD, determining whether the remote source is a secondary TPD authorized to provision the parameter, based on a provisioning authorization previously received by the mobile device from the primary TPD; and
if the remote source is a secondary TPD authorized to provision the parameter, provisioning the parameter in the mobile device in response to the provisioning message. - View Dependent Claims (45, 46, 47)
-
-
48. A mobile device configured to operate on a wireless network, the mobile device comprising:
-
a processor;
a data communication device coupled to the processor to communicate data with one or more remote systems via the wireless network; and
a memory coupled to the processor and storing instructions for execution by the processor to configure the mobile device to execute a process comprising receiving a provisioning message from a first trusted provisioning domain (TPD) via the wireless network, the provisioning message specifying a second TPD and indicating a parameter which the second TPD is authorized to provision in the mobile device;
storing information identifying the second TPD and the parameter in response to the provisioning message; and
provisioning the parameter in the mobile device in response to a provisioning message from the second TPD. - View Dependent Claims (49, 50, 51)
-
-
52. A mobile device configured to operate on a wireless network, the mobile device comprising:
-
a processor;
a data communication device coupled to the processor to communicate data with one or more remote systems via the wireless network; and
a memory coupled to the processor and storing instructions for execution by the processor to configure the mobile device to execute a process comprising receiving a provisioning message from a remote source, the provisioning message specifying a parameter;
determining whether the remote source is a primary trusted provisioning domain (TPD);
if the remote source is the primary TPD, provisioning the parameter in the mobile device in response to the provisioning message;
if the remote source is not the primary TPD, determining whether the remote source is a secondary TPD authorized to provision the parameter, based on a provisioning authorization previously received by the mobile device from the primary TPD; and
if the remote source is a secondary TPD authorized to provision the parameter, provisioning the parameter in the mobile device in response to the provisioning message. - View Dependent Claims (53, 54, 55)
-
Specification