Method for configuring a remote station with a certificate from a local root certificate authority for securing a wireless network
US-9288672-B2 · Mar 15, 2016 · US
Network authentication
US9762569B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9762569-B2 |
| Application number | US-201214435578-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 15, 2012 |
| Priority date | Oct 15, 2012 |
| Publication date | Sep 12, 2017 |
| Grant date | Sep 12, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present invention addresses apparatuses, methods and computer program product for providing improved authentication of a network by a network node. A network node identification and a vendor certificate are configured in a network node, a usage certificate is created for the network node, which is signed by the vendor with a signature, and contains verification information indicating that the usage certificate relates to this network node and authentication information for allowing the network node to authenticate a network, the usage certificate is transmitted to an operator of an operator network, the network node requests the usage certificate from the operator, when the network node is initially connected to the operator network, the network node determines validity of the signature in the usage certificate received upon the request, and the network node checks whether the received usage certificate actually relates to the network node being initially connected to the operator network, based on the information contained in the usage certificate.
First claim
Opening claim text (preview).
What is claimed is: 1. A method executed at a network node, the method comprising: storing a network node identification and a vendor certificate on the network node, wherein the network node is a base station; requesting, upon installation of the network node in an operator network, a usage certificate for the network node from an operator of an operator network, which is signed by a vendor with a signature, and contains verification information identifying the network node and authentication information for allowing the network node to authenticate the operator network, wherein the usage certificate restricts usage of the network node such that the network node is prevented from operating in networks other than the operator network; verifying the validity of the signature in the usage certificate received from the request based upon the vendor certificate; and storing the usage certificate upon validating that the received usage certificate relates to the network node being initially connected to the operator network, based on verifying the verification information, and verifying the authentication information contained in the usage certificate, wherein the network node and operator network utilize the usage certificate to perform mutual authentication and establish a security association. 2. The method according to claim 1 , wherein the authentication information comprises at least one operator certificate. 3. The method according to claim 1 , wherein the network node identification comprises a single individual network node identification the method further comprising checking whether the network node identification of the network node being initially connected to the operator network coincides with the single network node identification. 4. The method according to claim 1 , wherein the network node identification comprises a plurality of network node identifications, the method further comprising checking whether the network node identification of the network node being initially connected to the operator network is comprised in the plurality of network node identifications. 5. The method according to claim 1 , wherein the usage certificate is signed by a certificate linked to the usage certificate via a certificate chain that is comprised in the usage certificate. 6. The method according to claim 1 , wherein the usage certificate is designated to a specific validity period, the method further comprising checking whether the validity period of received usage certificate has elapsed or not. 7. The method according to claim 1 , wherein when the signature in the usage certificate received upon the request by the network node is determined to be at least one of 1) invalid and 2) the received usage certificate does not relate to the network node being initially connected to the operator network, the network node prohibits authenticating the network and repeats requesting the usage certificate from the operator. 8. The method according to claim 1 , wherein the usage certificate is embedded in the operator network, and is transmitted to the network node via the operator network. 9. The method according to claim 1 , wherein the usage certificate transmitted to the operator is transmitted to the network node by means outside of the operator network when the network node is initially connected to the operator network. 10. A network node apparatus, comprising: at least one processor; and at least one memory including computer program code, wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the network node apparatus at least to: store a network node identification and a vendor certificate on the network node apparatus, wherein the network node apparatus is a base station; request, upon installation of the network node in an operator network, a usage certificate for the network node from an operator of an operator network, which is signed by the vendor with a signature, and contains verification information identifying the network node apparatus and authentication information for allowing the network node apparatus to authenticate the operator network, wherein the usage certificate restricts usage of the network node apparatus such that the network node apparatus is prevented from operating in networks other than the operator network; verify the validity of the signature in the usage certificate received from the request based on the vendor certificate; and store the usage certificate upon validating that the received usage certificate relates to the network node apparatus being initially connected to the operator network, based on verifying the verification information, and verifying the authentication information contained in the usage certificate, wherein the network node apparatus and the operator network utilize the usage certificate to perform mutual authentication and establish a security association. 11. The apparatus according to claim 10 , wherein the authentication information comprises at least one operator certificate. 12. The apparatus according to claim 10 , wherein the network node identification comprises a single individual network node identification, and the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus at least to check whether the network node identification of the network node apparatus being initially connected to the operator network coincides with the single network node identification. 13. The apparatus according to claim 10 , wherein the network node identification comprises a plurality of network node identifications, and the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus at least to check whether the network node identification of the network node apparatus being initially connected to the operator network is comprised in the plurality of network node identifications. 14. The apparatus according to claim 10 , wherein the usage certificate is signed by a certificate linked to the usage certificate via a certificate chain that is comprised in the usage certificate. 15. The apparatus according to claim 10 , wherein the usage certificate is designated to a specific validity period, and the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus at least to check whether the validity period of received usage certificate has elapsed or not. 16. The apparatus according to claim 10 , wherein when the signature in the usage certificate received upon the request by the network node apparatus is determined to be at least one of 1) invalid and 2) the received usage certificate does not relate to the network node apparatus being initially connected to the operator network, the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus at least to prohibit authenticating the operator network and to repeat requesting the usage certificate from the operator. 17. The apparatus according to claim 10 , wherein the usage certificate is embedded in the operator network, and is transmitted to the network node apparatus via the operator network. 18. The apparatus according to claim 10 , wherein the usage certificate transmitted to the operator is transmitted to the network node apparatus by means outside of the operator network when the network node apparatus is initially connected to
Assignees
Inventors
Classifications
- H04L9/3265Primary
using certificate chains, trees or paths; Hierarchical trust model · CPC title
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9762569B2 cover?
- The present invention addresses apparatuses, methods and computer program product for providing improved authentication of a network by a network node. A network node identification and a vendor certificate are configured in a network node, a usage certificate is created for the network node, which is signed by the vendor with a signature, and contains verification information indicating that t…
- Who is the assignee on this patent?
- Nokia Solutions & Networks Oy
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3265. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 12 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).