Switching between networks
US-9380077-B2 · Jun 28, 2016 · US
Using derived credentials for enrollment with enterprise mobile device management services
US10285056B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10285056-B2 |
| Application number | US-201715483076-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 10, 2017 |
| Priority date | Sep 25, 2015 |
| Publication date | May 7, 2019 |
| Grant date | May 7, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, systems, and computer-readable media for using derived credentials to enroll a mobile computing device with an enterprise mobile device management system are described herein. In various embodiments, a mobile computing device, responsive to a command to enroll with an enterprise mobile device management server, may launch an enrollment application; send an enrollment request message to the enterprise mobile device management server; switch to a certificate management system application on the mobile computing device; request one or more derived credentials from a certificate management system server; store the one or more derived credentials in a shared vault on the mobile computing device; switch to the enrollment application; retrieve a derived credential of the one or more derived credentials stored in the shared vault; and, provide the derived credential to the enterprise mobile device management server to enroll the mobile computing device with at least one mobile device management service.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: requesting, by a mobile computing device and using an enrollment application operating on the mobile computing device, configuration information for a device management server from an automatic discovery service; receiving, by the mobile computing device, a message comprising the configuration information for the device management server from the automatic discovery service; sending, by the mobile computing device and using the enrollment application, an enrollment request message to device management server, wherein the enrollment request message comprises the configuration information; switching control, by the mobile computing device, from the enrollment application to a certificate management system application operating on the mobile computing device; requesting, by the mobile computing device and using the certificate management system application, a derived credential from a certificate management system server; storing, by the mobile computing device and using the certificate management system application, the derived credential in a shared vault on the mobile computing device; retrieving, by the mobile computing device and using the enrollment application, the derived credential from the shared vault; and providing, by the mobile computing device using the enrollment application and to the device management server, the derived credential to enroll the mobile computing device with at least one mobile device management service provided by the device management server wherein the derived credential comprises a first derived credential relating to mobile device management enrollment and a second derived credential relating to mobile application management enrollment. 2. The method of claim 1 , further comprising: receiving a password from a user of the mobile computing device; generating a password validation value based on the received password; storing the password validation value in the shared vault on the mobile computing device; and providing the password to the certificate management system application. 3. The method of claim 2 , further comprising: encrypting the derived credential based on the password prior to storing the derived credential in the shared vault. 4. The method of claim 3 , wherein encrypting the derived credential comprises using a private/public key pair. 5. The method of claim 2 , further comprising: validating the password to the certificate management system application based on the password validation value. 6. The method of claim 5 , further comprising validating the password using password complexity validation rules. 7. The method of claim 1 , further comprising receiving, from the device management server, a message identifying the certificate management system application on the mobile computing device. 8. The method of claim 1 , further comprising: receiving policies and applications from the device management server after completion of an enrollment process. 9. The method of claim 1 , further comprising: authenticating the certificate management system application with the certificate management system server. 10. The method of claim 1 , further comprising: switching, by the mobile computing device and based on storing the derived credential, to the enrollment application from the certificate management system application. 11. A device comprising: one or more processors; and memory storing computer executable instructions that, when executed by one or more processors, cause the device to: request, by the device and using an enrollment application operating on the device, configuration information for a device management server from an automatic discovery service; receive, by the device, a message comprising the configuration information for the device management server from the automatic discovery service; send, by the device and using the enrollment application, an enrollment request message to device management server, wherein the enrollment request message comprises the configuration information; switch control, by the device, from the enrollment application to a certificate management system application operating on the device; request, by the device and using the certificate management system application, a derived credential from a certificate management system server; store, by the device and using the certificate management system application, the derived credential in a shared vault on the device; retrieve, by the device and using the enrollment application, the derived credential from the shared vault; and provide, by the device using the enrollment application and to the device management server, the derived credential to enroll the device with at least one mobile device management service provided by the device management server, wherein the derived credential comprises a first derived credential relating to mobile device management enrollment and a second derived credential relating to mobile application management enrollment. 12. The device of claim 11 , wherein the executable instructions further cause the device to receive, from the device management server, a message identifying the certificate management system application on the device. 13. The device of claim 11 , wherein the executable instructions further cause the device to receive policies and applications from the device management server after completion of an enrollment process. 14. The device of claim 11 , wherein the executable instructions further cause the device to authenticate the certificate management system application with the certificate management system server. 15. A non-transitory computer-readable medium storing computer-executable instructions that, when executed by a computer system, cause the computer system to perform a method comprising: requesting, by the computer system and using an enrollment application operating on the computer system, configuration information for a device management server from an automatic discovery service; receiving, by the computer system, a message comprising the configuration information for the device management server from the automatic discovery service; sending, by the computer system and using the enrollment application, an enrollment request message to device management server, wherein the enrollment request message comprises the configuration information; switching control, by the computer system, from the enrollment application to a certificate management system application operating on the computer system; requesting, by the computer system and using the certificate management system application, a derived credential from a certificate management system server; storing, by the computer system and using the certificate management system application, the derived credential in a shared vault on the computing system; retrieving, by the computer system and using the enrollment application, the derived credential from the shared vault; and providing, by the computer system using the enrollment application and to the device management server, the derived credential to enroll the computer system with at least one mobile device management service provided by the device management server, wherein the derived credential comprises a first derived credential relating to mobile device management enrollment and a second derived credential relating to mobile application management enrollment. 16. The non-transitory computer-readable medium of claim 15 , wherein the computer-executable instructions cause the computer system to further perform rece
Assignees
Inventors
Classifications
Service provisioning or reconfiguring · CPC title
Subscription-based services using application servers or record carriers, e.g. SIM application toolkits · CPC title
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
Setup of application sessions (admission control or resource allocation in data switching networks H04L47/70) · CPC title
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10285056B2 cover?
- Methods, systems, and computer-readable media for using derived credentials to enroll a mobile computing device with an enterprise mobile device management system are described herein. In various embodiments, a mobile computing device, responsive to a command to enroll with an enterprise mobile device management server, may launch an enrollment application; send an enrollment request message to…
- Who is the assignee on this patent?
- Citrix Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 07 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).