Apparatus and method for sponsored connectivity to wireless networks using application-specific network access credentials

What is claimed is: 1 . A method operational at a user device, the method comprising: receiving, from an application service provider, an application-specific certificate associated with at least one application service provided by the application service provider; determining that a wireless communication network provides application-specific access to the application service provided by the application service provider; transmitting a registration request including the application-specific certificate to the wireless communication network for authentication of the user device, the application-specific certificate including a public key associated with the application service; performing authentication and key agreement with the wireless communication network; and communicating with the application service after authentication and key agreement is successfully performed. 2 . The method of claim 1 , wherein authentication and key agreement with the wireless communication network is performed directly between the user device and the wireless communication network and independent to the application service provider. 3 . The method of claim 1 , wherein the public key associated with the application service is a user device public key, and the application-specific certificate further includes an application-specific digital signature, the application-specific digital signature including the user device public key signed by a private key of the application service provider. 4 . The method of claim 1 , wherein the application-specific certificate further includes an application identifier and an application-specific digital signature, the application-specific digital signature including the public key and the application identifier both signed by a private key of the application service provider, the application identifier uniquely associated with the application service. 5 . The method of claim 1 , further comprising: obtaining application-specific access to the application service after authentication and key agreement is successful. 6 . The method of claim 1 , wherein determining that the wireless communication network provides application-specific access includes receiving an announcement broadcast by the wireless communication network of an availability of the application service through the wireless communication network. 7 . The method of claim 1 , further comprising: receiving, from the application service provider, a plurality of certificates associated with trusted wireless communication networks, the plurality of certificates including a certificate having a wireless communication network public key that is a public key of the wireless communication network. 8 . The method of claim 7 , further comprising: authenticating the wireless communication network by verifying a wireless communication network digital signature using the wireless communication network public key, the wireless communication network digital signature included in an application service announcement received from the wireless communication network. 9 . The method of claim 1 , further comprising: enabling communication between the user device and a set of application services allowed by the application service provider after authentication and key agreement is successfully performed. 10 . A user device comprising: a wireless communication interface adapted to wirelessly communicate with a wireless communication network; and a processing circuit communicatively coupled to the communication interface, the processing circuit adapted to: receive, from an application service provider, an application-specific certificate associated with at least one application service provided by the application service provider; determine that a wireless communication network provides application-specific access to the application service provided by the application service provider; transmit a registration request including the application-specific certificate to the wireless communication network for authentication of the user device, the application-specific certificate including a public key associated with the application service; perform authentication and key agreement with the wireless communication network; and communicate with the application service after authentication and key agreement is successfully performed. 11 . The user device of claim 10 , wherein authentication and key agreement with the wireless communication network is performed directly between the user device and the wireless communication network and independent to the application service provider. 12 . The user device of claim 10 , wherein the public key associated with the application service is a user device public key, and the application-specific certificate further includes an application-specific digital signature, the application-specific digital signature including the user device public key signed by a private key of the application service provider. 13 . The user device of claim 10 , wherein the application-specific certificate further includes an application identifier and an application-specific digital signature, the application-specific digital signature including the public key and the application identifier both signed by a private key of the application service provider, the application identifier uniquely associated with the application service. 14 . The user device of claim 10 , wherein the processing circuit is further adapted to: obtain application-specific access to the application service after authentication and key agreement is successful. 15 . The user device of claim 10 , wherein the processing circuit adapted to determine that the wireless communication network provides application-specific access includes the processing circuit further adapted to: receive an announcement broadcast by the wireless communication network of an availability of the application service through the wireless communication network. 16 . The user device of claim 10 , wherein the processing circuit is further adapted to: receive, from the application service provider, a plurality of certificates associated with trusted wireless communication networks, the plurality of certificates including a certificate having a wireless communication network public key that is a public key of the wireless communication network. 17 . The user device of claim 16 , wherein the processing circuit is further adapted to: authenticate the wireless communication network by verifying a wireless communication network digital signature using the wireless communication network public key, the wireless communication network digital signature included in an application service announcement received from the wireless communication network. 18 . The user device of claim 10 , wherein the processing circuit is further adapted to: enable communication between the user device and a set of application services allowed by the application service provider after authentication and key agreement is successfully performed. 19 . A user device comprising: means for receiving, from an application service provider, an application-specific certificate associated with at least one application service provided by the application service provider; means for determining that a wireless communication network provides application-specific access to the application service provided by the application service provider; means for transmitting a registration request including the application-spec