Automated security provisioning protocol for wide area network communication devices in open device environment

What is claimed is: 1. A method for performing a security provisioning protocol between a first communication device and a second communication device over at least one wide area communication network, the method at the first communication device comprising steps of: the first communication device automatically using access information not previously provisioned in the wide area communication network to gain access to the wide area communication network for an initial purpose of communicating with the second communication device; and the first communication device, upon gaining access to the wide area communication network, automatically performing an authenticated key exchange operation with the second communication device over the wide area communication network and establishing a secure communication key as a result of the authenticated key exchange operation for subsequent use by the first communication device for secure communications; wherein the wide area communication network is operated by a first entity and the second communication device is operated by a different second entity; wherein the first entity is a cellular communication network operator and the second entity is a machine-to-machine (M2M) operator. 2. The method of claim 1 , wherein the first communication device comprises a machine-to-machine (M2M) client device. 3. The method of claim 1 , wherein the second communication device comprises a bootstrap server. 4. The method of claim 1 , wherein the wide area communication network comprises a cellular communication network. 5. The method of claim 4 , wherein the first entity is a cellular communication network operator. 6. The method of claim 1 , wherein the second entity is an M 2 M operator. 7. The method of claim 1 , further comprising the step of storing the access information in the first communication device prior to deployment of the first communication device into an operating environment. 8. The method of claim 1 , wherein the access information comprises a group password. 9. The method of claim 1 , wherein the access information further comprises one or more parameters associated with the wide area communication network in the first communication device, wherein at least one of the one or more parameters are also used by the first communication device to gain access to the wide area communication network. 10. The method of claim 9 , wherein the access information further comprises one or more parameters associated with at least one other communication network. 11. The method of claim 10 , further comprising the step of the first communication device attempting to gain access to the at least one other communication network when unsuccessful at gaining access to the wide area communication network. 12. The method of claim 1 , wherein the access information further comprises a temporary identifier associated with the first communication device. 13. The method of claim 12 , further comprising the step of performing an access authentication operation over the wide area communication network between the first communication device and a third communication device operated by the second entity using the temporary identifier associated with the first communication device. 14. The method of claim 13 , wherein the temporary identifier associated with the first communication device is derived from an electronic serial number assigned to the first communication device. 15. The method of claim 13 , further comprising the step of performing a link layer and a network layer session setup operation, upon a successful access authentication operation, so that the first communication device can communicate with the second communication device through the wide area communication network. 16. The method of claim 1 , wherein the authenticated key exchange operation comprises an identity-based authenticated key exchange protocol. 17. The method of claim 16 , wherein the identity-based authenticated key exchange protocol utilizes an identity-based encryption operation. 18. The method of claim 17 , wherein the identity-based authenticated key exchange protocol further comprises: sending an encrypted first random key component from the first communication device to the second communication device, the first random key component having been computed at the first communication device and encrypted using a public key of the second communication device in accordance with the identity-based encryption operation; receiving an encrypted random key component pair at the first communication device from the second communication device, the random key component pair having been encrypted at the second communication device using a public key of the first communication device in accordance with the identity-based encryption operation, and the random key component pair having been formed from the first random key component and a second random key component computed at the second communication device; and sending the second random key component, in encrypted form, from the first communication device to the second communication device, the second random key component having been encrypted using the public key of the second communication device in accordance with the identity-based encryption operation; wherein the secure communication key for use in subsequent communications by the first communication device is computable at the first communication device based on the second random key component. 19. The method of claim 1 , wherein the authenticated key exchange operation comprises a password-based authenticated key exchange protocol. 20. The method of claim 19 , wherein the password-based authenticated key exchange protocol utilizes a Diffie-Hellman key exchange. 21. The method of claim 1 , further comprising the step of performing secure communications between the first communication device and at least one of the second communication device and at least one other communication device upon a successful authenticated key exchange operation. 22. The method of claim 21 , wherein the first communication device receives via secure communications a permanent network access identifier. 23. The method of claim 21 , wherein the first communication device receives one or more customized software components for use in an operating environment in which the first communication device is deployed. 24. The method of claim 1 , further comprising the step of performing an access authentication operation over the wide area communication network between the first communication device and a third communication device, wherein the access authentication operation uses a shared secret and a temporary network access identifier that are known to the first communication device, the second communication device, and the third communication device. 25. The method of claim 24 , wherein the second communication device provides the shared secret and the temporary network access identifier to the third communication device prior to the access authentication operation. 26. The method of claim 24 , wherein the second communication device obtains the shared secret and the temporary network access identifier from a manufacturer of the first communication device prior to the access authentication operation. 27. The method of claim 1 , wherein the first entity is a network operator and the second entity is an application provider.