Mobile device and method for secure on-line sign-up and provisioning for wi-fi hotspots using SOAP-XML techniques

US 9,258,706 B2
Filed: 09/09/2011
Issued: 02/09/2016
Est. Priority Date: 09/15/2010
Status: Active Grant

First Claim

Patent Images

1. A method performed by a mobile device for secure on-line sign-up and provisioning for Wi-Fi Hotspot 2.0 networks, the method comprising:

authenticating with a Wi-Fi access network (AN) through a Wi-Fi Hotspot using Extensible Authentication Protocol (EAP);

performing an initial Simple Object Access Protocol (SOAP) exchange with a subscription server to authenticate the subscription server and to provide an indication of a request reason; and

performing a final SOAP exchange with the subscription server over the Wi-Fi network, wherein, when the subscription server acts as an online sign-up server (OSU), the method includes;

exchanging information with the OSU to establish a subscription with a service provider for Wi-Fi network access and to receive a subscription management object (MO) including provisioned credentials for the subscription;

disassociating with the Wi-Fi Hotspot after the final SOAP exchange; and

re-associating with the Wi-Fi Hotspot to re-establish a Wi-Fi connection, the re-associating using an EAP technique and including;

providing the provisioned credentials to an AAA server over the re-established Wi-Fi connection.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of a mobile device and method for secure on-line sign-up and provisioning of credential for Wi-Fi hotspots using SOAP-XML techniques are generally described herein. Techniques for subscription remediation using SOAP-XML techniques are also generally described herein. In some embodiments, the mobile device may be configured to establish a transport-layer security (TLS) session with a sign-up server through a Wi-Fi Hotspot to receive a certificate of the sign-up server. When the certificate is validated, the mobile device may be configured to exchange device management messages with the sign-up server to sign-up for a Wi-Fi subscription and provisioning of credentials, and retrieve a subscription management object (MO) that includes a reference to the provisioned credentials for storage in a device management tree.

24 Citations

View as Search Results

20 Claims

1. A method performed by a mobile device for secure on-line sign-up and provisioning for Wi-Fi Hotspot 2.0 networks, the method comprising:
- authenticating with a Wi-Fi access network (AN) through a Wi-Fi Hotspot using Extensible Authentication Protocol (EAP);
  
  performing an initial Simple Object Access Protocol (SOAP) exchange with a subscription server to authenticate the subscription server and to provide an indication of a request reason; and
  
  performing a final SOAP exchange with the subscription server over the Wi-Fi network, wherein, when the subscription server acts as an online sign-up server (OSU), the method includes;
  
  exchanging information with the OSU to establish a subscription with a service provider for Wi-Fi network access and to receive a subscription management object (MO) including provisioned credentials for the subscription;
  
  disassociating with the Wi-Fi Hotspot after the final SOAP exchange; and
  
  re-associating with the Wi-Fi Hotspot to re-establish a Wi-Fi connection, the re-associating using an EAP technique and including;
  
  providing the provisioned credentials to an AAA server over the re-established Wi-Fi connection.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the initial SOAP exchange further includes:
    - providing device capability information of the mobile device, and wherein the request reason comprises credential provisioning and subscription remediation.
  - 3. The method of claim 1 wherein the initial SOAP exchange and the final SOAP exchange comprise messages configured in accordance with a SOAP technique using secure Hypertext Transfer Protocol (HTTPS) as an application layer protocol for transport, andwherein the messages are configured in accordance with an extensible-markup language (XML) message format.
  - 4. The method of claim 3 wherein the initial SOAP exchange comprises:
    - transmitting, by the mobile device, an online signup protocol (osp) post-device data (ospPostDevData) message in accordance with the SOAP technique to the subscription server, the message including device information (DevInfo) and device detail (DevDetail); and
      
      receiving an ospPostDevDataResponse message in accordance with the SOAP technique from the subscription server, the response message including a Execute;
      
      LaunchBrowsertoURl command, wherein the mobile device is configured to launch a browser, establish a secure HTTPS connection to an online server URI received in the response message and send an HTTPS GET request to the online server URI.
  - 5. The method of claim 1 further comprising:
    - receiving, as part of the initial SOAP exchange with the subscription server, an indication of a type of credentials to be provisioned,wherein the type of credentials to be provisioned includes one of certificate-based credentials, username/password credentials, or subscriber-information module (SIM) type credentials.
  - 6. The method of claim 1, wherein when subscription mediation is needed, the method includes receiving an action message indicating a need for subscription remediation after associating with the Wi-Fi Hotspot, andwherein during the initial SOAP exchange, the method further includes requesting subscription remediation with a subscription mediation server and exchanging information in accordance with a SOAP technique.

7. A device including one or more processors, the one or more processors including circuitry, the circuitry having logic to:
- authenticate with a Wi-Fi access network (AN) through a Wi-Fi Hotspot using Extensible Authentication Protocol (EAP);
  
  perform an initial Simple Object Access Protocol (SOAP) exchange with a subscription server to authenticate the subscription server, and to provide an indication of a request reason; and
  
  perform a final SOAP exchange with the subscription server over the Wi-Fi network, wherein, when the subscription server acts as an online sign-up server (OSU), the logic is further to;
  
  exchange information with the OSU to establish a subscription with a service provider for Wi-Fi network access and to receive a subscription management object (MO) including provisioned credentials for the subscription.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The device of claim 7 wherein as part of the initial SOAP exchange, the logic is further to:
    - provide device capability information of the device,wherein the request reason comprises one of credential provisioning and subscription remediation.
  - 9. The device of claim 7 wherein the initial SOAP exchange and the final SOAP exchange comprise messages configured in accordance with a SOAP technique using secure Hypertext Transfer Protocol (HTTPS) as an application layer protocol for transport, andwherein the messages are configured in accordance with an extensible-markup language (XML) message format.
  - 10. The device of claim 7, wherein the logic is further to:
    - provide a web page user prompt to receive user input;
      
      exchange the user input in a user exchange with the subscription server; and
      
      receive a notification from the subscription server as to whether the user exchange is complete.
  - 11. The device of claim 8, wherein when the reason for the request is provisioning of credentials, the logic is to receive, from the subscription server, an indication of a type of credentials to be provisioned by the server.
  - 12. The device of claim 8, wherein when the reason for the request is to request subscription mediation, the initial SOAP exchange is to include the device receiving an indication of an authentication from the subscription server.
  - 13. The device of claim 7, wherein the device further includes:
    - memory; and
      
      one or more transceivers.
  - 14. The device of claim 13, wherein the device further includes:
    - one or more antennas.

15. A method performed by a subscription server to provide secure on-line sign-up and provisioning for Wi-Fi Hotspot 2.0 networks for a mobile device, the method comprising:
- sending an accept message to a Wi-Fi hotspot from an AAA server to allow a mobile device access to the Wi-Fi network and establish a Wi-Fi connection with the mobile device;
  
  performing an initial Simple Object Access Protocol (SOAP) exchange with the mobile device to provision credentials or perform subscription remediation, the initial SOAP exchange including the mobile device authenticating the subscription server;
  
  performing a final SOAP exchange with the mobile device over the Wi-Fi network to allow the mobile device to receive a subscription management object (MO); and
  
  exchanging information with the mobile device to establish a subscription with a service provider for Wi-Fi network access, to provision credentials for the subscription, and to create the subscription MO for the provisioned credentials.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15 wherein the accept message is a RADIUS ACCESS-ACCEPT message that includes access restrictions to be enforced by the Wi-Fi Hotspot, the access restrictions to limit access of the mobile device to the Wi-Fi network for either provisioning of credentials or subscription remediation, andwherein the accept message is sent in response to the mobile device associating with the Wi-Fi Hotspot using an Extensible Authentication Protocol (EAP) technique.
  - 17. The method of claim 16 wherein as part of the initial SOAP exchange with the subscription server, the method includes:
    - determining a type of credentials to be provisioned and indicating the type of credentials to be provisioned to the mobile device, wherein the type of credentials to be provisioned includes one of certificate-based credentials, username/password credentials, or subscriber-information module (SIM) type credentials.

18. A non-transitory machine-readable medium that stores instructions for execution by one or more processors to configure a device to:
- associate with a Wi-Fi network through a Wi-Fi Hotspot using an Extensible Authentication Protocol (EAP) technique;
  
  perform an initial Simple Object Access Protocol (SOAP) exchange with a subscription server to authenticate the subscription server, and to provide an indication of a request reason; and
  
  perform a final SOAP exchange with the subscription server over the Wi-Fi network, wherein, when the subscription server acts as an online sign-up server (OSU), the instructions further configure the device to;
  
  exchange information with the OSU to establish a subscription with a service provider for Wi-Fi network access, and to receive a subscription management object (MO) including provisioned credentials for the subscription;
  
  disassociate with the Wi-Fi Hotspot after the final SOAP exchange; and
  
  re-associate with the Wi-Fi Hotspot to re-establish a Wi-Fi connection, the re-associating using an EAP technique and including;
  
  providing the provisioned credentials to an AAA server over the re-established Wi-Fi connection.
- View Dependent Claims (19, 20)
- - 19. The non-transitory machine-readable medium of claim 18 wherein the instructions further configure the device to:
    - provide device capability information of the device, wherein the request reason comprises one of provisioning of credentials or remediation of a subscription.
  - 20. The non-transitory machine-readable medium of claim 18, whereinthe initial and final SOAP exchanges comprise messages configured in accordance with a SOAP technique using secure Hypertext Transfer Protocol (HTTPS) as an application layer protocol for transport, andthe messages are configured in accordance with an extensible-markup language (XML) message format.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Gupta, Vivek, Canpolat, Necati
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US13/993,296
Publication Number

US 20130276076A1
Time in Patent Office

1,614 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04N 19/134   characterised by the elemen...

H04N 19/172   the region being a picture,...

H04N 19/176   the region being a block, e...

H04N 19/428   Recompression, e.g. by spat...

H04N 19/43   Hardware specially adapted ...

Mobile device and method for secure on-line sign-up and provisioning for wi-fi hotspots using SOAP-XML techniques

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Mobile device and method for secure on-line sign-up and provisioning for wi-fi hotspots using SOAP-XML techniques

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others