US Patent No. 9,281,949


Patent No. 9,281,949
Issue Date March 08, 2016
Title Device Using Secure Processing Zone To Establish Trust For Digital Rights Management
Inventorship Raj Nair, Lexington, MA (US)
Mikhail Mikhailov, Newton, MA (US)
Kevin J. Ma, Nashua, NH (US)
Assignee ERICSSON AB, Stockholm (SE)

Claim of US Patent No. 9,281,949

1. A method by which a signed client certificate is created for use by a client device in establishing mutually authenticated
secure communications with a backend server of an application service, the communications to be secured by a client private/public
key pair, the backend server storing a validation server public key used by the backend server to confirm a certificate signature
of the signed client certificate, comprising:
at the client device, generating a first message and sending it to a device validation server, the generating including (1)
generating the client private/public key pair using a random number generator, (2) generating a certificate signing request
including the client public key and a certificate hash value; (3) encrypting the certificate signing request together with
a device-specific authentication token and a locator value for the backend server, the encrypting producing encrypted values
and performed using a domain token shared among a plurality of client devices, and (4) forming the first message to include
the encrypted values and a hash of the domain token;

at the device validation server, (1) receiving the first message and confirming the hash of the domain token, (2) decrypting
the encrypted values using the domain token to obtain decrypted values including the certificate signing request, the device-specific
authentication token and the locator value, (3) generating the certificate signature from the decrypted values using a digital
signature process and a validation server private key, and (4) securely sending the certificate signature to the client device;

at the client device, forming the signed client certificate including the client public key and the certificate signature
received from the device validation server.