Bootstrap of NFC application using GBA
First Claim
1. A method in a communications system to provide services to a mobile handset using near field communication (NFC), the method comprising:
- configuring services for the mobile handset at a bootstrap controller that is communicating with a NFC application bootstrap server;
determining a group of NFC application devices that the mobile handset can access at the NFC application bootstrap server and generating a service identity for the services;
sending the service identity from the NFC application bootstrap server to the bootstrap controller;
establishing a NFC link between the mobile handset and the bootstrap controller;
deriving a first user credential at the mobile handset or receiving the first user credential at the mobile handset from the NFC application bootstrap server;
sending the service identity, a second user credential and other service information to the group of NFC application devices;
receiving an application setting for the services at the mobile handset through the bootstrap controller via the NFC link between the mobile handset and the bootstrap controller; and
providing the services to the mobile handset at one of the group of NFC application devices, by a NFC link between the mobile handset and the one of the NFC application devices,wherein the deriving the first user credential is based on data including a key data and a key reference obtained through a first bootstrap procedure between the mobile handset and the NFC application bootstrap server using mutual authentication, andwherein the data including the key data and the key reference are stored in the mobile handset in response to the first bootstrap procedure and are verified to determine whether the key reference is valid or not, and when the key reference is not valid, the method further comprises obtaining another data including the key reference through a second bootstrap procedure between the mobile handset and the NFC application bootstrap server before the deriving the first user credential.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a bootstrap system comprising a network system and a mobile handset where the mobile handset can easily receive services of NFC bootstrap application. The handset is effectively authenticated after a bootstrap controller in the network verifies whether a user credential derived in the mobile handset and a user credential separately received from a network server are equal. The application setting is sent to a handset from a bootstrap controller via ad-hoc near field communication (NFC) between the mobile handset and the bootstrap controller. Then the user of the mobile handset can receive various services of the NFC application after the network server delivers the user credential to the service devices with NFC interface.
17 Citations
11 Claims
-
1. A method in a communications system to provide services to a mobile handset using near field communication (NFC), the method comprising:
-
configuring services for the mobile handset at a bootstrap controller that is communicating with a NFC application bootstrap server; determining a group of NFC application devices that the mobile handset can access at the NFC application bootstrap server and generating a service identity for the services; sending the service identity from the NFC application bootstrap server to the bootstrap controller; establishing a NFC link between the mobile handset and the bootstrap controller; deriving a first user credential at the mobile handset or receiving the first user credential at the mobile handset from the NFC application bootstrap server; sending the service identity, a second user credential and other service information to the group of NFC application devices; receiving an application setting for the services at the mobile handset through the bootstrap controller via the NFC link between the mobile handset and the bootstrap controller; and providing the services to the mobile handset at one of the group of NFC application devices, by a NFC link between the mobile handset and the one of the NFC application devices, wherein the deriving the first user credential is based on data including a key data and a key reference obtained through a first bootstrap procedure between the mobile handset and the NFC application bootstrap server using mutual authentication, and wherein the data including the key data and the key reference are stored in the mobile handset in response to the first bootstrap procedure and are verified to determine whether the key reference is valid or not, and when the key reference is not valid, the method further comprises obtaining another data including the key reference through a second bootstrap procedure between the mobile handset and the NFC application bootstrap server before the deriving the first user credential. - View Dependent Claims (2, 3)
-
-
4. A method in a communications system to provide services to a mobile handset using near field communication (NFC), the method comprising:
-
configuring services for the mobile handset at a bootstrap controller that is communicating with a NFC application bootstrap server; determining a group of NFC application devices that the mobile handset can access at the NFC application bootstrap server and generating a service identity for the services; sending the service identity from the NFC application bootstrap server to the bootstrap controller; establishing a NFC link between the mobile handset and the bootstrap controller; establishing a secure tunnel over the NFC link between the mobile handset and the NFC application bootstrap server based on a device certificate; performing authentication over the secure tunnel based on the device certificate; deriving a first user credential at the mobile handset or receiving the first user credential over the secure tunnel at the mobile handset from the NFC application bootstrap server; sending the service identity, a second user credential and other service information to the group of NFC application devices; receiving an application setting for the services at the mobile handset through the bootstrap controller via the NFC link between the mobile handset and the bootstrap controller; and providing the services to the mobile handset at one of the group of NFC application devices, by a NFC link between the mobile handset and the one of the NFC application devices. - View Dependent Claims (8, 9)
-
-
5. A method in a communications system to provide services to a mobile handset using near field communication (NFC), the method comprising:
-
configuring services for the mobile handset at a bootstrap controller that is communicating with a NFC application bootstrap server; determining a group of NFC application devices that the mobile handset can access at the NFC application bootstrap server and generating a service identity for the services; sending the service identity from the NFC application bootstrap server to the bootstrap controller; establishing a NFC link between the mobile handset and the bootstrap controller; deriving a first user credential at the mobile handset or receiving the first user credential at the mobile handset from the NFC application bootstrap server; sending the service identity, a second user credential and other service information to the group of NFC application devices; receiving an application setting for the services at the mobile handset through the bootstrap controller via the NFC link between the mobile handset and the bootstrap controller; and providing the services to the mobile handset at one of the group of NFC application devices, by a NFC link between the mobile handset and the one of the NFC application devices, wherein before receiving an application setting, the method further comprises authenticating the mobile handset at the bootstrap controller based on a comparison result that the first user credential is equal to the second user credential, derived in the NFC application bootstrap server, wherein before authenticating the mobile handset at the bootstrap controller, the method further comprises; sending a key reference included in the data from the mobile handset to the bootstrap controller; sending a key establishment request for the second user credential identifying the mobile handset from the bootstrap controller to the NFC application bootstrap server; sending a key material request including the key reference from the NFC application bootstrap server to the bootstrap server function, sending a key material response including the key material from the bootstrap server function to the NFC application bootstrap server; deriving the second user credential identifying the mobile handset at the NFC application bootstrap server based on the key material response; and sending the second user credential and the application setting from the NFC application bootstrap server to the bootstrap controller. - View Dependent Claims (6, 7)
-
-
10. A NFC application bootstrap server, comprising:
-
a first network interface to a bootstrap controller; a second network interface to a mobile handset; a third network interface to a bootstrap server function; a fourth network interface to the group of NFC application devices; and circuitry configured to receive service information from the bootstrap controller through the first network interface, to provide application setting for a mobile handset through the first network interface, to receive through the second network interface a key establishment request to derive a user credential and to provide the user credential, to receive through the third network interface key material to configure services and a group of NFC application devices by using the service information and generating a service identity for the services that the mobile handset can access, to send the user credential, the service identity and other service information through the third network interface, and to derive a user credential using the key material. - View Dependent Claims (11)
-
Specification