Task Coordination in Distributed Systems
US-2015319226-A1 · Nov 5, 2015 · US
Using derived credentials for enrollment with enterprise mobile device management services
US9668136B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9668136-B2 |
| Application number | US-201514865376-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 25, 2015 |
| Priority date | Sep 25, 2015 |
| Publication date | May 30, 2017 |
| Grant date | May 30, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, systems, and computer-readable media for using derived credentials to enroll a mobile computing device with an enterprise mobile device management system are described herein. In various embodiments, a mobile computing device, responsive to a command to enroll with an enterprise mobile device management server, may launch an enrollment application; send an enrollment request message to the enterprise mobile device management server; switch to a certificate management system application on the mobile computing device; request one or more derived credentials from a certificate management system server; store the one or more derived credentials in a shared vault on the mobile computing device; switch to the enrollment application; retrieve a derived credential of the one or more derived credentials stored in the shared vault; and, provide the derived credential to the enterprise mobile device management server to enroll the mobile computing device with at least one mobile device management service.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, by a mobile computing device, a command to enroll with an enterprise mobile device management server; in response to receiving the command to enroll with the enterprise mobile device management server, launching, by the mobile computing device, an enrollment application; requesting, by the mobile computing device, using the enrollment application, configuration information for the enterprise mobile device management server from an automatic discovery service; after requesting the configuration information for the enterprise mobile device management server from the automatic discovery service, receiving, by the mobile computing device, a message comprising the configuration information for the enterprise mobile device management server from the automatic discovery service; sending, by the mobile computing device, using the enrollment application, an enrollment request message to the enterprise mobile device management server, wherein the enrollment request message comprises the configuration information for the enterprise mobile device management server received from the automatic discovery service; switching, by the mobile computing device, from the enrollment application to a certificate management system application on the mobile computing device; requesting, by the mobile computing device, using the certificate management system application, one or more derived credentials from a certificate management system server; storing, by the mobile computing device, using the certificate management system application, the one or more derived credentials in a shared vault on the mobile computing device; switching, by the mobile computing device, from the certificate management system application to the enrollment application; retrieving, by the mobile computing device, using the enrollment application, a derived credential of the one or more derived credentials stored in the shared vault on the mobile computing device; and providing, by the mobile computing device, using the enrollment application, the derived credential of the one or more derived credentials retrieved using the enrollment application to the enterprise mobile device management server to enroll the mobile computing device with at least one mobile device management service provided by the enterprise mobile device management server. 2. The method of claim 1 , further comprising: prompting, by the mobile computing device, using the enrollment application, a user of the mobile computing device, for an address of the enterprise mobile device management server. 3. The method of claim 1 , further comprising: receiving, by the mobile computing device, using the enrollment application, a password from a user of the mobile computing device; generating, by the mobile computing device, using the enrollment application, a password validation value based on the password received from the user of the mobile computing device; storing, by the mobile computing device, using the enrollment application, the password validation value in the shared vault on the mobile computing device; providing, by the mobile computing device, using the enrollment application, the password received from the user of the mobile computing device to the certificate management system application; and validating, by the mobile computing device, using the certificate management system application, the provided password to the certificate management system application based on the password validation value stored in the shared vault on the mobile computing device. 4. The method of claim 3 , further comprising: receiving, by the mobile computing device, responsive to the enrollment request message, a message from the enterprise mobile device management server comprising password complexity validation rules; and validating, by the mobile computing device, the password using the password complexity validation rules. 5. The method of claim 3 , wherein the generating the password validation value comprises: generating a hash of the password; and encrypting the hash of the password. 6. The method of claim 3 , further comprising: encrypting, by the mobile computing device, using the certificate management system application, the one or more derived credentials based on the password received from the user of the mobile computing device and provided to the certificate management system application, prior to storing the one or more derived credentials in the shared vault on the mobile computing device. 7. The method of claim 3 , further comprising: encrypting, by the mobile computing device, using the certificate management system application, the one or more derived credentials using a private/public key pair, prior to storing the one or more derived credentials in the shared vault on the mobile computing device. 8. The method of claim 1 , further comprising: prior to switching to the certificate management system application on the mobile computing device, receiving, by the mobile computing device, responsive to the enrollment request message, a message from the enterprise mobile device management server identifying the certificate management system application on the mobile computing device; and determining, by the mobile computing device, to switch to the certificate management system application on the mobile computing device based on the message received from the enterprise mobile device management server identifying the certificate management system application on the mobile computing device. 9. The method of claim 1 , further comprising: storing, by the mobile computing device, using the certificate management system application, at least one derived credential of the one or more derived credentials after an enrollment process is completed. 10. The method of claim 1 , wherein the enrollment application and the certificate management system application are digitally signed with an identical development signing certificate. 11. The method of claim 10 , further comprising: retrieving, by the mobile computing device, using one or more applications on the mobile computing device that are digitally signed with the same development signing certificate as the enrollment application and the certificate management system application, at least one derived credential of the one or more derived credentials from the shared vault; and using, by the mobile computing device the at least one derived credential of the one or more derived credentials retrieved from the shared vault to provide functionality in the one or more applications on the mobile computing device or to access enterprise resources with the one or more applications on the mobile computing device. 12. The method of claim 1 , further comprising: retrieving, by the mobile computing device, using the enrollment application, a first derived credential and a second derived credential from the shared vault; providing, by the mobile computing device, using the enrollment application, the first derived credential to the enterprise mobile device management server to complete mobile device management enrollment; and providing, by the mobile computing device, using the enrollment application, the second derived credential to the enterprise mobile device management server to complete mobile application management enrollment. 13. The method of claim 1 , wherein the mobile computing device is provisioned by the enterprise mobile device management server with policies and applications after an enrollment process is completed. 14. The method of claim 1 , further comprising: prior to requesting t
Assignees
Inventors
Classifications
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
Service provisioning or reconfiguring · CPC title
Subscription-based services using application servers or record carriers, e.g. SIM application toolkits · CPC title
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Setup of application sessions (admission control or resource allocation in data switching networks H04L47/70) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9668136B2 cover?
- Methods, systems, and computer-readable media for using derived credentials to enroll a mobile computing device with an enterprise mobile device management system are described herein. In various embodiments, a mobile computing device, responsive to a command to enroll with an enterprise mobile device management server, may launch an enrollment application; send an enrollment request message to…
- Who is the assignee on this patent?
- Citrix Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 30 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).