CA2894990A1 - Automatic mobile provisioning system - Google Patents
Automatic mobile provisioning system Download PDFInfo
- Publication number
- CA2894990A1 CA2894990A1 CA2894990A CA2894990A CA2894990A1 CA 2894990 A1 CA2894990 A1 CA 2894990A1 CA 2894990 A CA2894990 A CA 2894990A CA 2894990 A CA2894990 A CA 2894990A CA 2894990 A1 CA2894990 A1 CA 2894990A1
- Authority
- CA
- Canada
- Prior art keywords
- deployable
- subscriber
- customer care
- hss
- care server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A system for automatically provisioning deployable mobile networks is provided. The system includes an enhanced customer care server in center, transferrable media carried by subscribers, and a verification module in the deployable. The enhanced customer care server comprises of a computer, a shared encryption key, a private key, and an 10 device. The transferrable media in some embodiments is a QR barcode sticker or mobile device internal storages.
The verification module in the deployable contains a computer, 10 device, a shared decryption key, and a public key. The verification module reads the subscriber information from the transferrable media. It verifies the signing signature and decrypts the subscriber information before porting into the deployable HSS.
The verification module in the deployable contains a computer, 10 device, a shared decryption key, and a public key. The verification module reads the subscriber information from the transferrable media. It verifies the signing signature and decrypts the subscriber information before porting into the deployable HSS.
Description
Automatic Mobile Provisioning System Technical Field [0001] The technology described herein relates to a cellular network subscriber provisioning for a deployable mobile network. Particular embodiments relate to systems and apparatus for setting up provisioning data for any authorized mobiles to use the service provided by the deployable mobile network.
Background
Background
[0002] The mobile network security has been improved significantly. Staring from 3G UMTS, mobile network performs mutual authentication, i.e. not only mobile handsets are authenticated by mobile networks but also mobile networks are authenticated by mobile handsets. Without knowing mobile subscribers secret information, a mobile network cannot offer services to mobile subscribers.
[0003] A mobile operator employs a centralized Home Subscriber Server (HSS) to program mobile subscriber information. When a mobile accesses the mobile network, HSS
is used to authenticate the mobile to access the mobile network and also used to authenticate the mobile network by the mobile subscriber. A centralized HSS is easy to accommodate frequent updates of mobile subscribers.
is used to authenticate the mobile to access the mobile network and also used to authenticate the mobile network by the mobile subscriber. A centralized HSS is easy to accommodate frequent updates of mobile subscribers.
[0004] The public safety LTE network consists of a fixed wireless network as well as many independent deployables (see Fig. 1). Each deployable is a complete and independent mobile network. In order for the deployable to offer mobile services to public safety personals, all public safety personals using the deployable require be pre-programmed into the deployable. The public safety personals may be transfers from one area to another and hence use different deployables.
Most likely all the personals will use the public safety fixed mobile network.
Hence all public safety personals needs be programmed not only on the centralized HSS of the fixed mobile network but also on each deployable's HSS. Since subscribers frequently change, it is extremely difficult in synchronizing subscriber infOrmation in centralized HSS and all deployables.
Most likely all the personals will use the public safety fixed mobile network.
Hence all public safety personals needs be programmed not only on the centralized HSS of the fixed mobile network but also on each deployable's HSS. Since subscribers frequently change, it is extremely difficult in synchronizing subscriber infOrmation in centralized HSS and all deployables.
[0005] There is a general desire for simplying subscriber provisioning procedures. Ideally once subscribers are programmed in the centralized HSS, these subscribers can be automatically programmed into deployables.
[0006] The foregoing examples of the related art and limitations related thereto are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent to those of skill in the art upon a reading of the specification and a study of the drawings.
Summary
Summary
[0007] The technology described herein provides an automatic provisioning system for deployable mobile networks. Figure 1 shows the public safety mobile networks.
It consists of a fixed mobile network and many complete and independent deployable mobile networks. The fixed mobile network is same as ones used in mobile operators. It comprises of a core network and many radia access networks (RAN). The centralized HSS holds subscribers information and their authentication secrets. Subscriber information is usually provisioned via a Customer Care Server. Deployable is a complete and independent mobile network packaged in a transportable form factor. Each deployable has its own HSS and requires mobile subscribers be provisioned into the HSS again.
It consists of a fixed mobile network and many complete and independent deployable mobile networks. The fixed mobile network is same as ones used in mobile operators. It comprises of a core network and many radia access networks (RAN). The centralized HSS holds subscribers information and their authentication secrets. Subscriber information is usually provisioned via a Customer Care Server. Deployable is a complete and independent mobile network packaged in a transportable form factor. Each deployable has its own HSS and requires mobile subscribers be provisioned into the HSS again.
[0008] The invention consists of an enhanced customer care server, a standard centralized HSS, subscriber information transferable media, deployable verification module, and the standard HSS
in deployables.
in deployables.
[0009] Particular embodiments provide an enhanced centralized customer care server. A
centralized care server is typically used to configure mobile subscriber information for the centralized HSS. With the enhancement, the same subscriber information is encrypted and signed by the enhanced customer care server. The result is written to a transferable media. Signature is used to prove that the information is trusted and can be used in deployable while the encryption is used to provide protection so that only the deployable who knows decryption key can use the information.
centralized care server is typically used to configure mobile subscriber information for the centralized HSS. With the enhancement, the same subscriber information is encrypted and signed by the enhanced customer care server. The result is written to a transferable media. Signature is used to prove that the information is trusted and can be used in deployable while the encryption is used to provide protection so that only the deployable who knows decryption key can use the information.
[0010] Certain embodiments also add organization such as country, states or province, municipal and depart such as fire, ambulance, police information into the encrypted subscriber information.
This additional information helps identify subscribers and helps specify filtering in deployables verification module.
This additional information helps identify subscribers and helps specify filtering in deployables verification module.
[0011] Particular embodiments employ i QR barcode sticker as transferable media. The sticker is attached to the mobile phone. The other embodiments directly employ mobiles' internal storage as transferable media.
[0012] Particular embodiments have a verification module inside the deployable to read subscriber information from transferable media, validate the authentic of the data by verifying the signature, check supported subscriber filters, and to decrypt and port the data into deployable HSS.
[0013] Certain embodiments use already in-service mobile devices to read information from the transferable media, send the data to the deployable to validate the authentic of the data by verifying the signature, check supported subscriber filters, decrypt the data, and port the data into deployable HSS.
Brief Description of Drawings
Brief Description of Drawings
[0014] Exemplary embodiments are illustrated in referenced figures of the drawings. It is intended that the embodiments and figures disclosed herein are to be considered illustrative rather than restrictive.
[0015] Fig. 1 illustrates the components of the public safety mobile networks combining fixed and deployable networks.
[0016] Fig. 2 illustrates an enhanced customer care server that generates, signs, and put the subscriber information into a transferring media.
[0017] Fig. 3 illustrates the deployable verification module that reads, validates, passes filtering, and ports subscriber data into deployable HSS.
[0018] Fig. 4 is a flowchart illustrating the process that occurs according to one embodiment when a subscriber information is generated.
[0019] Fig 5 is a flowchart illustrating the process that occurs according to one embodiment when a subscriber information is ported into the deployable.
Description
Description
[0020] Throughout the following description, specific details are set forth in order to provide a more thorough understanding to persons skilled in the art. However, well known elements such as mobile network elements defined in 3GPP and 3GPP2 standard bodies may not have been shown or described in detail to avoid unnecessarily obscuring the disclosure.
Accordingly, the description and drawings are to be regarded in an illustrative, rather than a restrictive, sense.
Accordingly, the description and drawings are to be regarded in an illustrative, rather than a restrictive, sense.
[0021] In embodiments described herein, an enhanced customer care server is used to provision the centralized HSS for the fixed mobile network as a normal customer care server. Figure 2 shows the enhanced customer care server 20. The enhancement 21 is further equipped with a computer module 22, an encryption key 23 and a private key 24 for digital signature. The computer may be part of the normal customer care server. The encryption key and corresponding public key are shared with all deployables. Typically the security portions of of a subscriber information, when presented to the customer care server, are already encrypted so that only the HSS application is able to decrypt and 'use the keys for subscriber authentications and authorizations. After successfully provisioning the centralized HSS, the computer 22 packs the whole subscriber information into a digital packet. Additionally the computer will also add subscriber organization data into the subscriber information. The computer encrypts the digital packet using the encryption key 23 so that only the public safety deployables are able to decrypt the package. The computer further signs the encrypted packet using the private key 24 to prove signed packet's authentic to the deployables.
[0022] The signed digital packet is written into a transferrable media using the 10 device 25 and attached to the corresponding mobile phone. In particular embodiments, the transferrable media is QR barcode stickers. In the other embodiments, the transferrable media is USB flash driver or mobile phones' internal storage. There is no specific requirement on the transferrable media so long as it can be easily attached to the mobile phone and carried by the subscriber.
[0023] When a public safety personal reaches an deployable areas, its mobile may not be provisioned into the deployable. In this case, the public safety personal simply presents its transferrable media to the deployable. The subscriber information will be immediately provisioned into the deployable and its phone is ready to use afterwards. The Fig 3 shows the deployable 30 that has verification module 31. The verification module consists of an 10 device 35, an encryption key 33, a public key 34, and computer 32. The verification module may share the same computer used in the deployable. The verification module uses its 10 device 35 to read the signed digital packet from the transferable media. The module first uses the public key 34 to verify the authentic of a signed packet. Once verified, it uses encryption key 33 to decrypt the digital packet. If there are filters configured, the computer subtracts organization info and exams the filters. If the subscriber information passes the filters, the computer ports the subscriber information into its HSS 36. In certain embodiments, the deployable may use any already provisioned mobile device as the 10 device using its Bluetooth, Near Field Communication, Camera, etc. to read the signed digital packet from the transferrable media.
The provisioned mobile device then sends the signed digital packet to the deployable. The verification, decryption, filtering, and porting procedures happen the same way as using internal 10 device.
The provisioned mobile device then sends the signed digital packet to the deployable. The verification, decryption, filtering, and porting procedures happen the same way as using internal 10 device.
[0024] Fig. 4 illustrates the procedure happens in the enhanced customer care server. The server first collects subscriber information and provisions the centralized HSS. It then packs the all subscriber info including additional organization information into a digital packet. It encrypts and signs the packet and then writes into a transferrable media.
[0025] Figure 5 illustrates the procedures that occur in the deployable. The procedures are the reverse of what happens in the enhanced customer care. The signed packet is first read by the deployable, then verified using the signing signature, and decrypted and ported in to the HSS in deployable.
Claims (11)
1. An automatic provisioning system comprising:
an enhanced customer care server;
a transferrable media carried by the subscriber or attached to the subscriber's mobile device;
a verification module in the deployable to automatically verify and port into the deployable HSS.
an enhanced customer care server;
a transferrable media carried by the subscriber or attached to the subscriber's mobile device;
a verification module in the deployable to automatically verify and port into the deployable HSS.
2. The system of claim 1 wherein the enhanced customer care server consists of computer, a shared encryption key, a private key, and an 10 device.
3. The system of claim 1 wherein the enhanced customer care server, after successfully provisioning the centralized HSS, packs all subscriber information including additional subscriber organization information into a digital packet for easy transferring.
4. The system of claim 1 wherein the enhanced customer care server further encrypts the digital packet using a shared encryption key so that the subscriber information is only accessible to the deployables.
4. The system of claim 1 wherein the enhanced customer care server further encrypts the digital packet using a shared encryption key so that the subscriber information is only accessible to the deployables.
4. The system of claim 1 wherein the enhanced customer care server further signs the encrypted digital packet to prove its authentic to the deployables.
5. The system of claim 1 wherein the enhanced customer care server writes the signed and encrypted digital packet into a transferrable media.
6. The system of claim 1 wherein the transferrable media is easy to carry by human or easy to attach to subscriber mobile devices.
7. The system of claim 1 wherein the transferrable media in certain embodiments is QR
barcode stickers which can be easily stuck into the back of subscriber mobile devices.
barcode stickers which can be easily stuck into the back of subscriber mobile devices.
8. The system of claim 1 wherein the transferrable media in other embodiments is the USB flash driver or mobile's internal storage.
9. The system of claim 1 wherein the deployable includes the verification module which consists of a 10 device, a computer, a shared encryption key, and a public key.
10. The verification module of claim 9 wherein using the 10 device to read the signed and encrypted digital packet from the transferrable media, verify the authentic by validating the signing signature using the public key, decrypt the packet using the shared encryption key, and port the decrypted subscriber information into the deployable HSS.
11. The verification module of claim 9 wherein the 10 device in certain embodiment is any of in-service mobile devices. The unprovisioned mobile device presents its signed and encrypted subscriber information to an already in-service mobile device via Bluetooth, Near Field Communication, or Camera communication mechanism. The in-service mobile device reads the digital packet and sends to the deployable for verification and porting to the deployable HSS.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2894990A CA2894990A1 (en) | 2015-06-23 | 2015-06-23 | Automatic mobile provisioning system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2894990A CA2894990A1 (en) | 2015-06-23 | 2015-06-23 | Automatic mobile provisioning system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2894990A1 true CA2894990A1 (en) | 2016-12-23 |
Family
ID=57575298
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2894990A Abandoned CA2894990A1 (en) | 2015-06-23 | 2015-06-23 | Automatic mobile provisioning system |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2894990A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019118204A1 (en) * | 2017-12-15 | 2019-06-20 | Motorola Solutions, Inc. | Profiles in deployable wireless communications systems |
| US10716001B2 (en) | 2017-08-14 | 2020-07-14 | Star Solutions International Inc. | Self-provisioning of mobile devices in deployable mobile telecommunications networks |
-
2015
- 2015-06-23 CA CA2894990A patent/CA2894990A1/en not_active Abandoned
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10716001B2 (en) | 2017-08-14 | 2020-07-14 | Star Solutions International Inc. | Self-provisioning of mobile devices in deployable mobile telecommunications networks |
| WO2019118204A1 (en) * | 2017-12-15 | 2019-06-20 | Motorola Solutions, Inc. | Profiles in deployable wireless communications systems |
| US10721608B2 (en) | 2017-12-15 | 2020-07-21 | Motorola Solutions, Inc. | Profiles in deployable wireless communications systems |
| GB2583194A (en) * | 2017-12-15 | 2020-10-21 | Motorola Solutions Inc | Profiles in deployable wireless communications systems |
| GB2583194B (en) * | 2017-12-15 | 2021-08-18 | Motorola Solutions Inc | Profiles in deployable wireless communications systems |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9788209B2 (en) | Apparatus and methods for controlling distribution of electronic access clients | |
| JP6262278B2 (en) | Method and apparatus for storage and computation of access control client | |
| EP2630816B1 (en) | Authentication of access terminal identities in roaming networks | |
| US20180091978A1 (en) | Universal Integrated Circuit Card Having A Virtual Subscriber Identity Module Functionality | |
| US10271213B2 (en) | Methods and apparatus for providing management capabilities for access control clients | |
| KR101743161B1 (en) | Policy-based techniques for managing access control | |
| CN111434087B (en) | Method and electronic device for providing communication service | |
| CN103477666B (en) | Mobile device is connected, is connected to vehicle and the cloud service of internet | |
| TWI469654B (en) | Methods and apparatus for delivering electronic identification components over a wireless network | |
| US9225696B2 (en) | Method for different users to securely access their respective partitioned data in an electronic apparatus | |
| TWI507005B (en) | Virtual subscriber identity module | |
| EP2887610B1 (en) | Binding mobile device secure software components to the SIM | |
| KR102173534B1 (en) | Methods for providing information of mobile network operator and apparatus for performing the same | |
| EP2879421B1 (en) | Terminal identity verification and service authentication method, system, and terminal | |
| US20140171029A1 (en) | Method and apparatus for authenticating subscribers to long term evolution telecommunication networks or universal mobile telecommunications system | |
| WO2019109640A1 (en) | Method and device for locking sim card | |
| Zhao et al. | SecureSIM: rethinking authentication and access control for SIM/eSIM | |
| CA2894990A1 (en) | Automatic mobile provisioning system | |
| Vahidian | Evolution of the SIM to eSIM | |
| WO2016030832A1 (en) | Method and system for mobile data and communication security | |
| TWM464940U (en) | Secret protection communication system based on position |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Dead |
Effective date: 20180117 |