Bootstrap of NFC application using GBA

US 8,646,034 B2
Filed: 04/22/2008
Issued: 02/04/2014
Est. Priority Date: 04/22/2008
Status: Active Grant

First Claim

Patent Images

1. A method in a communications system to provide services to a mobile handset using near field communication (NFC), the method comprising:

configuring services for the mobile handset at a bootstrap controller that is communicating with a NFC application bootstrap server;

determining a group of NFC application devices that the mobile handset can access at the NFC application bootstrap server and generating a service identity for the services;

sending the service identity from the NFC application bootstrap server to the bootstrap controller;

establishing a NFC link between the mobile handset and the bootstrap controller;

deriving a first user credential at the mobile handset or receiving the first user credential at the mobile handset from the NFC application bootstrap server;

sending the service identity, a second user credential and other service information to the group of NFC application devices;

receiving an application setting for the services at the mobile handset through the bootstrap controller via the NFC link between the mobile handset and the bootstrap controller; and

providing the services to the mobile handset at one of the group of NFC application devices, by a NFC link between the mobile handset and the one of the NFC application devices,wherein the deriving the first user credential is based on data including a key data and a key reference obtained through a first bootstrap procedure between the mobile handset and the NFC application bootstrap server using mutual authentication, andwherein the data including the key data and the key reference are stored in the mobile handset in response to the first bootstrap procedure and are verified to determine whether the key reference is valid or not, and when the key reference is not valid, the method further comprises obtaining another data including the key reference through a second bootstrap procedure between the mobile handset and the NFC application bootstrap server before the deriving the first user credential.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a bootstrap system comprising a network system and a mobile handset where the mobile handset can easily receive services of NFC bootstrap application. The handset is effectively authenticated after a bootstrap controller in the network verifies whether a user credential derived in the mobile handset and a user credential separately received from a network server are equal. The application setting is sent to a handset from a bootstrap controller via ad-hoc near field communication (NFC) between the mobile handset and the bootstrap controller. Then the user of the mobile handset can receive various services of the NFC application after the network server delivers the user credential to the service devices with NFC interface.

17 Citations

View as Search Results

11 Claims

1. A method in a communications system to provide services to a mobile handset using near field communication (NFC), the method comprising:
- configuring services for the mobile handset at a bootstrap controller that is communicating with a NFC application bootstrap server;
  
  determining a group of NFC application devices that the mobile handset can access at the NFC application bootstrap server and generating a service identity for the services;
  
  sending the service identity from the NFC application bootstrap server to the bootstrap controller;
  
  establishing a NFC link between the mobile handset and the bootstrap controller;
  
  deriving a first user credential at the mobile handset or receiving the first user credential at the mobile handset from the NFC application bootstrap server;
  
  sending the service identity, a second user credential and other service information to the group of NFC application devices;
  
  receiving an application setting for the services at the mobile handset through the bootstrap controller via the NFC link between the mobile handset and the bootstrap controller; and
  
  providing the services to the mobile handset at one of the group of NFC application devices, by a NFC link between the mobile handset and the one of the NFC application devices,wherein the deriving the first user credential is based on data including a key data and a key reference obtained through a first bootstrap procedure between the mobile handset and the NFC application bootstrap server using mutual authentication, andwherein the data including the key data and the key reference are stored in the mobile handset in response to the first bootstrap procedure and are verified to determine whether the key reference is valid or not, and when the key reference is not valid, the method further comprises obtaining another data including the key reference through a second bootstrap procedure between the mobile handset and the NFC application bootstrap server before the deriving the first user credential.
- View Dependent Claims (2, 3)
- - 2. The method according to claim 1, after establishing the NFC link between the mobile handset and the bootstrap controller, sending a device identity of the bootstrap controller and the service identity from the bootstrap controller to the mobile handset.
  - 3. The method according to claim 1, after establishing a NFC link between the mobile handset and the bootstrap controller, the method further comprises:
    - sending a device identity of the mobile handset from the mobile handset to the bootstrap controller.

4. A method in a communications system to provide services to a mobile handset using near field communication (NFC), the method comprising:
- configuring services for the mobile handset at a bootstrap controller that is communicating with a NFC application bootstrap server;
  
  determining a group of NFC application devices that the mobile handset can access at the NFC application bootstrap server and generating a service identity for the services;
  
  sending the service identity from the NFC application bootstrap server to the bootstrap controller;
  
  establishing a NFC link between the mobile handset and the bootstrap controller;
  
  establishing a secure tunnel over the NFC link between the mobile handset and the NFC application bootstrap server based on a device certificate;
  
  performing authentication over the secure tunnel based on the device certificate;
  
  deriving a first user credential at the mobile handset or receiving the first user credential over the secure tunnel at the mobile handset from the NFC application bootstrap server;
  
  sending the service identity, a second user credential and other service information to the group of NFC application devices;
  
  receiving an application setting for the services at the mobile handset through the bootstrap controller via the NFC link between the mobile handset and the bootstrap controller; and
  
  providing the services to the mobile handset at one of the group of NFC application devices, by a NFC link between the mobile handset and the one of the NFC application devices.
- View Dependent Claims (8, 9)
- - 8. The method according to claim 4, wherein before receiving the application setting for the services, the method further comprises:
    - verifying by comparison at the bootstrap controller that the first user credential is equal to a second user credential, derived in the NFC application bootstrap server, thereby indirectly authenticating the mobile handset.
  - 9. The method according to claim 8, wherein the verifying by comparison at the bootstrap controller comprises:
    - sending a key reference included in the data from the bootstrap controller to the mobile handset;
      
      sending a key establishment request for the first user credential identifying the mobile handset from the mobile handset to the NFC application bootstrap server;
      
      sending a key material request including the key reference from the NFC application bootstrap server to the bootstrap server function;
      
      sending a key material response including the key material from the bootstrap server function to the NFC application bootstrap server;
      
      deriving the first user credential identifying the mobile handset at the NFC application bootstrap server based on the key material;
      
      sending the first user credential identifying the mobile handset from the NFC application bootstrap server to the mobile handset; and
      
      sending the application setting for the services from the NFC application bootstrap server to the bootstrap controller.

5. A method in a communications system to provide services to a mobile handset using near field communication (NFC), the method comprising:
- configuring services for the mobile handset at a bootstrap controller that is communicating with a NFC application bootstrap server;
  
  determining a group of NFC application devices that the mobile handset can access at the NFC application bootstrap server and generating a service identity for the services;
  
  sending the service identity from the NFC application bootstrap server to the bootstrap controller;
  
  establishing a NFC link between the mobile handset and the bootstrap controller;
  
  deriving a first user credential at the mobile handset or receiving the first user credential at the mobile handset from the NFC application bootstrap server;
  
  sending the service identity, a second user credential and other service information to the group of NFC application devices;
  
  receiving an application setting for the services at the mobile handset through the bootstrap controller via the NFC link between the mobile handset and the bootstrap controller; and
  
  providing the services to the mobile handset at one of the group of NFC application devices, by a NFC link between the mobile handset and the one of the NFC application devices,wherein before receiving an application setting, the method further comprises authenticating the mobile handset at the bootstrap controller based on a comparison result that the first user credential is equal to the second user credential, derived in the NFC application bootstrap server,wherein before authenticating the mobile handset at the bootstrap controller, the method further comprises;
  
  sending a key reference included in the data from the mobile handset to the bootstrap controller;
  
  sending a key establishment request for the second user credential identifying the mobile handset from the bootstrap controller to the NFC application bootstrap server;
  
  sending a key material request including the key reference from the NFC application bootstrap server to the bootstrap server function,sending a key material response including the key material from the bootstrap server function to the NFC application bootstrap server;
  
  deriving the second user credential identifying the mobile handset at the NFC application bootstrap server based on the key material response; and
  
  sending the second user credential and the application setting from the NFC application bootstrap server to the bootstrap controller.
- View Dependent Claims (6, 7)
- - 6. The method according to claim 5, wherein the deriving the second user credential is based on data including a key data and a key reference obtained through a bootstrap procedure between the bootstrap controller and a NFC application bootstrap server using mutual authentication.
  - 7. The method according to claim 6, wherein the data is stored in the bootstrap controller by the bootstrap procedure and is verified to determine whether the key reference is valid, and when the key reference is not valid, another data is obtained through another bootstrap procedure before deriving the second user credential.

10. A NFC application bootstrap server, comprising:
- a first network interface to a bootstrap controller;
  
  a second network interface to a mobile handset;
  
  a third network interface to a bootstrap server function;
  
  a fourth network interface to the group of NFC application devices; and
  
  circuitry configured to receive service information from the bootstrap controller through the first network interface,to provide application setting for a mobile handset through the first network interface,to receive through the second network interface a key establishment request to derive a user credential and to provide the user credential,to receive through the third network interface key materialto configure services and a group of NFC application devices by using the service information and generating a service identity for the services that the mobile handset can access,to send the user credential, the service identity and other service information through the third network interface, andto derive a user credential using the key material.
- View Dependent Claims (11)
- - 11. The NFC application bootstrap server according to claim 10, wherein the circuitry is further configured to distribute the service identity and the user credential to the group of NFC application devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Murakami, Shingo, Oda, Toshikane
Primary Examiner(s)
Goodarzi, Nasser
Assistant Examiner(s)
KAY, MARY ANNE

Application Number

US12/935,721
Publication Number

US 20110029777A1
Time in Patent Office

2,114 Days
Field of Search

None
US Class Current

726/2
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 9/4401   Bootstrapping security arra...

H04L 63/0853   using an additional device,...

H04L 67/04   specially adapted for termi...

H04L 67/306   User profiles

H04L 67/34   involving the movement of s...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 4/50   Service provisioning or rec...

H04W 4/80   Services using short range ...

Bootstrap of NFC application using GBA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Bootstrap of NFC application using GBA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links