Secure over-the-air provisioning for handheld and desktop devices and services

Assignee

• Cisco Technology, Inc. · US

Inventors

• Plamen Nedeltchev · San Jose, US
• Helder F. Antunes · معلمی نژاد, US
• David Sisto Iacobacci · Sunnyvale, US
• Pedro Leonardo · San Francisco, US
• Parag Pritam Thakore · Los Gatos, US
• Gautam Aggarwal · San Jose, US
• Anuj Sawani · San Jose, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W12/71
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In one embodiment, a device and a services provisioning system establish an over-the-air connection with each other, and perform device posture validation to obtain a unique identification (ID) of the device at the provisioning system. The device and provisioning system then participate in device and user authentication in response to a confirmed unique ID by a backend access control system, where the device generates a secure key pair after successful user authentication. In response to the device being approved for services (e.g., checked by the provisioning system via a registration system), the provisioning system provides a root certificate to the device, and the device sends a certificate enrollment request back to the provisioning system. In response to a certificate authority signing the certificate request, the provisioning system returns a valid certificate to the device, and the valid certificate is installed on the device.