Provisioning drm credentials on a client device using an update server
US-2015326563-A1 · Nov 12, 2015 · US
Segmented network mobile device provisioning system
US9992606B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9992606-B2 |
| Application number | US-201514634462-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 27, 2015 |
| Priority date | Feb 27, 2015 |
| Publication date | Jun 5, 2018 |
| Grant date | Jun 5, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed is a personal device container system. The personal device container system typically includes a processor, a memory, and an access management module stored in the memory. The personal device container system is typically configured to establish network communication between a personal computing device and a provisioning system that validates the identity of the personal computing device and provides a certificate to the personal computing device. Thereafter, the personal computing device requests access to a secured network segment and provides the certificate to the personal device container system. The personal device container system then authenticates the personal computing device's certificate before allowing the personal computing device to communicate with the secured network segment. User credentials associated with a user are authenticated before user-specific content associated with the user is provided to the personal computing device. Accordingly, a user-specific experience may be provided to different users of the personal computing device.
First claim
Opening claim text (preview).
What is claimed is: 1. A personal device container system, comprising: a processor; a memory; a communication interface in communication with a distributed network, the distributed network comprising one or more data stores having personal computing device provisioning information stored therein; an access management module stored in the memory, executable by the processor and configured for: receiving, from a personal computing device, a first request to connect to a provisioning network segment to provision the personal computing device to communicate with a secured network segment, wherein the provisioning network segment and the secured network segment are part of a common network, wherein the first request comprises a first set of security credentials to authenticate the personal computing device; authenticating the personal computing device to communicate with the provisioning network segment based on the first set of security credentials; creating a first network tunnel between the personal computing device and the provisioning network segment, wherein the provisioning network segment comprises a provisioning device capable of communicating a certificate to the personal computing device via the first network tunnel to provision the personal computing device; receiving provisioning filter rules for filtering messages communicated via the first network tunnel; determining that the personal computing device has communicated a provisioning request to the provisioning device via the first network tunnel, wherein the provisioning request is compliant with the provisioning filter rules; determining that the provisioning request is compliant with the provisioning filter rules; routing the provisioning request to the provisioning device based on determining that the provisioning request is compliant with the provisioning filter rules; receiving a second request, from the personal computing device, for the personal computing device to communicate with the secured network segment, wherein the second request comprises the certificate; authenticating the personal computing device to communicate with the secured network segment based on the certificate; receiving secured filter rules for filtering messages communicated via a second network tunnel; receiving a geographic perimeter from which the personal computing device is allowed to communicate via the second network tunnel; and after authenticating the personal computing device to communicate with the secured network segment: creating the second network tunnel between the personal computing device and the secured network segment based on authenticating the personal computing device to communicate with the secured network segment; determining that the personal computing device has communicated a secured message to a first device that is a part of the secured network segment via the second network tunnel, wherein the secured message is compliant with the secured filter rules; routing the secured message to the first device that is part of the secured network segment; determining that a second message to the first device has been communicated via the second network tunnel, wherein the second message communicated via the second network tunnel further comprises a geographic location of the personal computing device when the personal computing device communicated the second message; determining the geographic location of the personal computing device from the second message; determining that the location of the personal computing device is not located within the geographic perimeter; blocking delivery of the second message based on determining that the location of the personal computing device is not located within the geographic perimeter; and in response to determining that the location of the personal computing device is not located within the geographic perimeter, communicating a remote command for the personal computing device to perform a security function. 2. The personal device container system of claim 1 , wherein the distributed network comprises a wireless connection to the distributed network, wherein allowing the personal computing device to connect the distributed network comprises providing a wireless connection to the personal computing device. 3. The personal device container system of claim 1 , wherein the access management module is further configured for: receiving a third message, communicated via the second network tunnel, wherein the third message is directed to a device that is not located within the secured network segment; and filtering the third message based on the third message being directed to a device that is not located within the secured network segment. 4. The personal device container system of claim 1 , wherein the first request to connect to the provisioning network segment comprises a first secure session identifier (SSID), wherein the second request to connect to the secured network segment comprises a second SSID that is different than the first SSID, wherein creating the first network tunnel is further based on receiving the first SSID, and wherein creating the second network tunnel is further based on receiving the second SSID. 5. The personal device container system of claim 1 , wherein the personal device container system comprises a foreign controller, a control point, and an operations router, wherein the foreign controller directs communications from the personal computing device to the provisioning segment using the first network tunnel and directs communications from the personal computing device to the secured network segment using the second network tunnel, wherein the control point utilizes the provisioning network rules to filter communications over the first network tunnel, and wherein the operations router utilizes the secured network rules to filter communications over the second network tunnel. 6. The personal device container system of claim 1 , wherein the security function comprises the personal computing device performing a wipe of information stored on the personal computing device. 7. The personal device container system of claim 1 , wherein the security function comprises locking the personal computing device. 8. A computer program product for provisioning personal computing devices for use on a secured network comprising a non-transitory computer-readable storage medium having computer-executable instructions for: receiving, from a personal computing device, a first request to connect to a provisioning network segment to provision the personal computing device to communicate with a secured network segment, wherein the provisioning network segment and the secured network segment are part of a common network, wherein the first request comprises a first set of security credentials to authenticate the personal computing device; authenticating the personal computing device to communicate with the provisioning network segment based on the first set of security credentials; creating a first network tunnel between the personal computing device and the provisioning network segment, wherein the provisioning network segment comprises a provisioning device capable of communicating a certificate to the personal computing device via the first network tunnel to provision the personal computing device; receiving provisioning filter rules for filtering messages communicated via the first network tunnel; determining that the personal computing device has communicated a provisioning request to the provisioning device via the first network tunnel, wherein the provisioning request is compliant with the provisioning filter rules; determining that the provisioning request is compliant with the provisioning filter rules; routing the provisioni
Assignees
Inventors
Classifications
Filtering policies (mail message filtering H04L51/212) · CPC title
Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences · CPC title
- H04W4/50Primary
Service provisioning or reconfiguring · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
WLAN [Wireless Local Area Networks] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9992606B2 cover?
- Disclosed is a personal device container system. The personal device container system typically includes a processor, a memory, and an access management module stored in the memory. The personal device container system is typically configured to establish network communication between a personal computing device and a provisioning system that validates the identity of the personal computing dev…
- Who is the assignee on this patent?
- Bank Of America
- What technology area does this patent fall under?
- Primary CPC classification H04W4/50. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 05 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).