WO2013008048A1 - Procédé et appareil permettant de produire des identifiants d'accès au réseau - Google Patents

Procédé et appareil permettant de produire des identifiants d'accès au réseau Download PDF

Info

Publication number
WO2013008048A1
WO2013008048A1 PCT/IB2011/001628 IB2011001628W WO2013008048A1 WO 2013008048 A1 WO2013008048 A1 WO 2013008048A1 IB 2011001628 W IB2011001628 W IB 2011001628W WO 2013008048 A1 WO2013008048 A1 WO 2013008048A1
Authority
WO
WIPO (PCT)
Prior art keywords
secure element
identifiers
network
processor
secure
Prior art date
Application number
PCT/IB2011/001628
Other languages
English (en)
Inventor
Jan-Erik Ekberg
Rune Adolf Lindholm
Jukka Tapio Virtanen
Original Assignee
Nokia Corporation
Nokia, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corporation, Nokia, Inc. filed Critical Nokia Corporation
Priority to PCT/IB2011/001628 priority Critical patent/WO2013008048A1/fr
Publication of WO2013008048A1 publication Critical patent/WO2013008048A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/60Subscription-based services using application servers or record carriers, e.g. SIM application toolkits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/61Time-dependent

Definitions

  • Example embodiments of the present invention relate generally to mobile terminal technology and, more particularly, relate to a method and apparatus for enabling provision of one or more secure elements.
  • a method and apparatus may provide an efficient and reliable mechanism for enabling provision of one or more secure elements.
  • SIM subscriber identity module
  • many network operators utilize subscriber identity module (SIM) Lock capabilities to restrict the use of the mobile phones used by subscribers.
  • SIM Lock their mobile phones and may offer communications services to subscribers in exchange for a contract to pay for the use of a communications network for a specified period of time.
  • a mobile phone that is SIM locked may be unlocked by entering a code typically provided by a network operator.
  • network operators desire to protect the integrity of the SIM Lock so that the SIM Lock may not be broken, since the service provider typically utilizes the SIM Lock to obtain income through its service.
  • a smart card for example, a SIM card
  • a smart card may be replaced with a smart card from another network operator, which may enable the mobile phone to be utilized on networks operated by a different network operator, which may result in lost revenues for the original network provider providing the communications services.
  • SIM Lock may be an elaborate technical effort to achieve.
  • the hardware architecture of a mobile phone is combined with a secure device bootup phase and secure or isolated channels may be arranged between modem stacks and a physical SIM installed in the mobile phone.
  • a secure device bootup phase typically the hardware architecture of a mobile phone is combined with a secure device bootup phase and secure or isolated channels may be arranged between modem stacks and a physical SIM installed in the mobile phone.
  • many mobile phones currently available have their SIM Lock broken. This problem exists even in high-end mobile phones where there are security mechanisms in place that attempt to mitigate the threat of attacks to break the SIM Lock.
  • smart cards may be utilized by network operators to provide prepaid services. For example, money may be paid by a customer to a network operator in advance for usage of a predetermined amount of communications services. This money and the predetermined amount of services may be associated with an account that is linked to a smart card.
  • An account for example, a prepaid account
  • subscription associated with a smart card is typically identified by a globally unique identifier, such as an International Mobile Subscriber Identity (IMSI), which is typically allocated in ranges to network operators. In some cases the IMSIs may serve to identify smart cards.
  • IMSIs International Mobile Subscriber Identity
  • some network operators may use an Integrated Circuit Card Identifier (ICCID) of an UICC as an identification of a smart card for card management purposes.
  • ICCID Integrated Circuit Card Identifier
  • the IMSI(s) may be stored in a network authentication center (AuC) related to authentication key material in which the smart card may be authenticated.
  • a network may bind communication of a specific device to a Mobile Subscriber Integrated Services Digital Network (ISDN) Number (MSISDN) (for example, a telephone number).
  • the MSISDN may also be globally unique, but its range may be significantly larger than an IMSI.
  • a topic of concern related to providing prepaid services is that some network operators may suffer from IMSI numbering exhaustion and/or ICCID numbering exhaustion, since an authentication center may store a large number of IMSIs associated with a large number of smart card accounts or subscriptions.
  • a problem experienced by the network operators may be that prepaid smart cards are used and thrown away, but there is typically no indication to the network as to when such a smart card is discarded and the smart card may never be topped up (for example, paid) any more.
  • network operators may run out of IMSIs and ICCIDs, and as such authentication centers may be populated with network access credentials such as, for example, IMSI, and key tuples that may never be used. Maintaining these large numbers of IMSIs, and/or ICCIDs which may or may not be actively utilized by some of the subscribers may consume memory and processing resources of the network providers.
  • an IMSI, or an ICCID is reused (a new UICC is populated with an old IMSI or ICCID) there may be a risk of a previous customer assigned the IMSI or ICCID not obtaining communications services if the pre-paid account is eventually topped off for the previously used smart card.
  • SIM Locks are typically broken even in instances in which there are security mechanisms in place to mitigate attacks to break the SIM Lock
  • IMSIs and/or ICCIDs that are typically maintained by network providers
  • some example embodiments may provide an efficient and reliable mechanism for providing a more secure provisioning lock for one or more secure elements (for example, smart cards, embedded SIMs (eSIMs) or software SIMs (soft SIMs)). Additionally, some example embodiments may facilitate efficient usage of identifiers (for example, IMSIs, MSISDNs, or ICCIDs) of secure elements based on the expiration of communications services associated with the secure elements and/or one or more prepaid subscriptions expiring for communications services that may be provided for communication devices that include secure elements (for example, smart cards, eSIMs, or soft SIMs).
  • secure elements for example, smart cards, embedded SIMs (eSIMs) or software SIMs (soft SIMs)
  • identifiers for example, IMSIs, MSISDNs, or ICCIDs
  • Some example embodiments may implement a provisioning lock for secure elements.
  • some example embodiments may provide a permanent hardware or cryptographically secured communication channel between a modem (also referred to herein as a modem processor), a processor and a secure element(s) to secure communications with the secure elements and so that secret/private information may not be obtained from the secure element(s) using unauthorized devices. This may eliminate a mechanism for hacking/wiring a secure element(s) forcefully to the modem or processor.
  • the secure elements of the example embodiments may be secure devices.
  • Example embodiments of the invention may enable secure elements (for example smart cards, user identity modules (UIMs), UICCs, SIM cards, eSIMs, or soft SIMs) or a network entity (for example, a trusted service manager (TSM)) to store a signed certificate (for example, a digital certificate) or record that identifies the lifetime such as, for example, an expiry period that may define a time period that a particular network operator may be authorized for providing
  • secure elements for example smart cards, user identity modules (UIMs), UICCs, SIM cards, eSIMs, or soft SIMs
  • a network entity for example, a trusted service manager (TSM)
  • TSM trusted service manager
  • the secure elements of the example embodiments may locally enforce expiry data.
  • the example embodiments may allow secure elements to communicate with authorized entities (such as, for example, a TSM) for exchange of data (for example, identifiers (for example, IMSIs, MSISDNs, or ICCIDs), security keys, or applications.
  • authorized entities such as, for example, a TSM
  • data for example, identifiers (for example, IMSIs, MSISDNs, or ICCIDs), security keys, or applications.
  • the example embodiments may disallow or prohibit the secure elements from communicating with other devices (for example, unauthorized devices, such as network devices of other network operators).
  • the example embodiments may enable the secure elements to communicate with other devices such as, for example, network devices maintained by network operators for provision of communications services from one or more of these network devices.
  • the example embodiments may enable identities (for example, IMSIs, MSISDNs, or ICCIDs) associated with the secure elements associated with the prior network operator providing communications services to be reallocated to other secure elements.
  • identities for example, IMSIs, MSISDNs, or ICCIDs
  • the example embodiments may efficiently utilize identities of secure elements and may conserve memory resources by minimizing the number of identities that may be need to be stored in a memory device of a network operator or in a memory device maintained on behalf of a network operator.
  • the non-existence of such a certificate may, but need not, denote that no new secure element secrets and identities should be provisioned by a network entity (for example, a TSM Issuer) to a corresponding secure element(s).
  • a network entity for example, a TSM Issuer
  • new secure element secrets and identifies may be provisioned by a network entity to a corresponding secure element(s) even in the absence of a certificate.
  • the expiry period may be associated with prepaid services related to prepaid subscriptions corresponding to respective secure elements. In this regard, in an instance in which a prepaid service is not utilized upon expiration of the expiry period, the example embodiments may reallocate the secrets and identities of the secure elements to other smart elements.
  • a method for provisioning one or more secure elements may include receiving, via a secure element of an apparatus, information relating to an enforcement mechanism.
  • the information of the enforcement mechanism may include data indicating an expiry period associated with a time period in which the secure element communicates with a network entity on behalf of a network operator providing communications services to the apparatus.
  • an apparatus for provisioning one or more secure elements may include a processor and a memory including computer program code.
  • the memory and the computer program code are configured to, with the processor, cause the apparatus to at least perform operations including receiving, via a secure element of the apparatus, information relating to an enforcement mechanism.
  • the information of the enforcement mechanism may include data indicating an expiry period associated with a time period in which the secure element communicates with a network entity on behalf of a network operator providing communications services to the apparatus.
  • a computer program product for provisioning one or more secure elements is provided.
  • the computer program product includes at least one computer-readable storage medium having computer executable program code instructions stored therein.
  • the computer executable program code instructions may include program code instructions configured to facilitate receipt, via a secure element of an apparatus, of information relating to an enforcement mechanism.
  • the information of the enforcement mechanism may include data indicating an expiry period associated with a time period in which the secure element communicates with a network entity on behalf of a network operator providing communications services to the apparatus.
  • Some example embodiments may provide a more secure and reliable mechanism for provisioning data to secure elements (for example, smart cards, eSIMs or soft SIMs.) Additionally, some example embodiments may enable network operators to more efficiently manage identities issued to secure elements by reallocating the identities that are no longer being used by other secure elements. As such, network operators may enjoy improved capabilities with respect to provisioning secure elements.
  • secure elements for example, smart cards, eSIMs or soft SIMs.
  • FIG. 1 is a schematic block diagram of a system according to example embodiments of the invention.
  • FIG. 2 is a schematic block diagram of an apparatus according to example embodiments of the invention.
  • FIG. 3 is a schematic block diagram of a network device according to example embodiments of the invention.
  • FIG. 4 is a schematic block diagram of a network entity according to example embodiments of the invention.
  • FIG. 5 is a block diagram of a system according to example embodiments of the invention.
  • FIG. 6 illustrates a flowchart for provisioning one or more secure elements according to example embodiments of the invention.
  • circuitry refers to (a) hardware-only circuit implementations (for example, implementations in analog circuitry and/or digital circuitry); (b) combinations of circuits and computer program product(s) comprising software and/or firmware instructions stored on one or more computer readable memories that work together to cause an apparatus to perform one or more functions described herein; and (c) circuits, such as, for example, a microprocessor(s) or a portion of a microprocessor(s), that require software or firmware for operation even if the software or firmware is not physically present.
  • This definition of 'circuitry' applies to all uses of this term herein, including in any claims.
  • the term 'circuitry' also includes an implementation comprising one or more processors and/or portion(s) thereof and accompanying software and/or firmware.
  • the term 'circuitry' as used herein also includes, for example, a baseband integrated circuit or applications processor integrated circuit for a mobile phone or a similar integrated circuit in a server, a cellular network device, other network device, and/or other computing device.
  • a secure element may include a SIM, embedded SIM (eSIM), softSIM, universal subscriber identity module (USIM), embedded USIM (eUSIM), softUSIM, UICC, embedded UICC (eUICC), UIM, removable UIM (R-UIM), and/or the like.
  • the secure element may be removable or non-removable.
  • a provisioning lock may be used to protect the network access credentials stored in a secure element.
  • the secure element may need to be unlocked using the appropriate provisioning credentials.
  • a provisioning lock may refer to enforcement of a time period in which one or more network entities of a network operator/provider having an agreement (for example, a subscription) to provide communications services to a communication device(s) or one or more entities operating on behalf of the network operator/provider may communicate with a secure element(s) of communication device(s), but other devices may, but need not, be disallowed or prohibited from communicating with the secure element(s) prior to the expiration of the time period (also referred to herein as an expiry period).
  • an agreement for example, a subscription
  • FIG. 1 illustrates a generic system diagram in which a device such as a mobile terminal 10 is shown in a communication environment according to some example embodiments.
  • a system in accordance with some example embodiments may include a first communication device (for example, mobile terminal 10) and a second communication device 20 capable of
  • embodiments of the present invention may further include one or more additional communication devices, one of which is depicted in FIG. 1 as a third communication device 25.
  • additional communication devices one of which is depicted in FIG. 1 as a third communication device 25.
  • not all systems that employ an embodiment of the present invention may comprise all the devices illustrated and/or described herein.
  • the network 30 may include a collection of various different nodes (of which the second and third communication devices 20 and 25 may be examples), devices or functions that may be in communication with each other via
  • the network 30 may be capable of supporting communication in accordance with any one or more of a number of First-Generation (1G), Second-Generation (2G), 2.5G, Third-Generation (3G), 3.5G, 3.9G, Fourth-Generation (4G) mobile communication protocols, Long Term Evolution (LTE) or Evolved Universal Terrestrial Radio Access Network (E- UTRAN), Self Optimizing/Organizing Network (SON) intra-LTE, inter-Radio Access Technology (RAT) Network and/or the like.
  • the network 30 may be a peer-to-peer (P2P) network.
  • One or more communication terminals such as the mobile terminal 10 and the second and third communication devices 20 and 25 may be in communication with each other via the network 30 and each may include an antenna or antennas for transmitting signals to and for receiving signals from one or more base sites.
  • the base sites could be, for example one or more base stations (BS) that is a part of one or more cellular or mobile networks or one or more access points (APs) that may be coupled to a data network, such as a Local Area Network (LAN), Wireless Local Area Network (WLAN), a Wi-Fi Network, a Metropolitan Area Network (MAN), and/or a Wide Area Network (WAN), such as the Internet.
  • LAN Local Area Network
  • WLAN Wireless Local Area Network
  • MAN Metropolitan Area Network
  • WAN Wide Area Network
  • processing elements for example, personal computers, server computers or the like
  • the mobile terminal 10 and the second and third communication devices 20 and 25 may be enabled to communicate with the other devices or each other.
  • the mobile terminal 10 and the second and third communication devices 20 and 25 as well as other devices may communicate according to numerous communication protocols including Hypertext Transfer Protocol (HTTP) and/or the like, to thereby carry out various communication or other functions of the mobile terminal 10 and the second and third communication devices 20 and 25, respectively.
  • HTTP Hypertext Transfer Protocol
  • RF Radio Frequency
  • NFC Near Field Communication
  • BT Bluetooth
  • IR Infrared
  • LAN Local Area Network
  • WLAN Wireless LAN
  • WiMAX Worldwide Interoperability for Microwave Access
  • Wi-Fi Wireless Fidelity
  • UWB Ultra- Wide Band
  • Wibree techniques and/or the like.
  • the mobile terminal 10 and the second and third communication devices 20 and 25 may be enabled to communicate with the network 30 and each other by any of numerous different access mechanisms.
  • W-CDMA Wideband Code Division Multiple Access
  • CDMA2000 Global System for Mobile communications
  • GSM Global System for Mobile communications
  • GPRS General Packet Radio Service
  • WLAN Wireless Local Area Network
  • WiMAX Wireless Fidelity
  • DSL Digital Subscriber Line
  • Ethernet Ethernet and/or the like.
  • the first communication device may be a mobile communication device such as, for example, a wireless telephone or other devices such as a personal digital assistant (PDA), mobile computing device, camera, video recorder, audio/video player, positioning device, game device, television device, radio device, or various other like devices or combinations thereof.
  • the second communication device 20 and the third communication device 25 may be mobile or fixed communication devices.
  • the second communication device 20 and the third communication device 25 may be servers, remote computers or terminals such as personal computers (PCs) or laptop computers.
  • the network 30 may be an ad hoc or distributed network arranged to be a smart space. Thus, devices may enter and/or leave the network 30 and the devices of the network 30 may be capable of adjusting operations based on the entrance and/or exit of other devices to account for the addition or subtraction of respective devices or nodes and their
  • the mobile terminal as well as the second and third communication devices 20 and 25 may employ an apparatus (for example, apparatus of FIG. 2) capable of functioning according to example embodiments of the invention.
  • the second communication device 20 may be a network device and the third communication device 25 may be a network entity (for example, a trusted service manager (TSM)), as described more fully below.
  • TSM trusted service manager
  • FIG. 2 illustrates a schematic block diagram of an apparatus for
  • FIG. 2 in which certain elements of an apparatus 50 are displayed.
  • the apparatus 50 of FIG. 2 may be employed, for example, on the mobile terminal 10 (and/or the second communication device 20 or the third communication device 25).
  • the apparatus 50 may be embodied on a network device of the network 30.
  • the apparatus 50 may alternatively be embodied at a variety of other devices, both mobile and fixed (such as, for example, any of the devices listed above).
  • an embodiment may be employed on a combination of devices.
  • the apparatus 50 may include or otherwise be in communication with a processor 70, a user interface 67, a communication interface 74, a memory device 76, a display 85, a secure element 38 and a modem processor 36.
  • the display 85 may be a touch screen display.
  • the memory device 76 may include, for example, volatile and/or non-volatile memory.
  • the memory device 76 may be an electronic storage device (for example, a computer readable storage medium) comprising gates configured to store data (for example, bits) that may be retrievable by a machine (for example, a computing device like processor 70).
  • a machine for example, a computing device like processor 70.
  • the memory device 76 may be a tangible memory device that is not transitory.
  • the memory device 76 may be configured to store information, data, files, applications, instructions or the like for enabling the apparatus to carry out various functions in accordance with example embodiments of the invention.
  • the memory device 76 could be configured to buffer input data for processing by the processor 70.
  • the memory device 76 could be configured to store instructions for execution by the processor 70.
  • the memory device 76 may be one of a plurality of databases that store information and/or media content (for example, pictures and/or videos.)
  • the apparatus 50 may, according to some example embodiments, be a mobile terminal (for example, mobile terminal 10) or a fixed communication device or computing device configured to employ example embodiments of the invention.
  • the apparatus 50 may be embodied as a chip or chip set.
  • the apparatus 50 may comprise one or more physical packages (for example, chips) including materials, components and/or wires on a structural assembly (for example, a baseboard).
  • the structural assembly may provide physical strength, conservation of size, and/or limitation of electrical interaction for component circuitry included thereon.
  • the apparatus 50 may therefore, in some cases, be configured to implement embodiments of the invention on a single chip or as a single "system on a chip.”
  • a chip or chipset may constitute means for performing one or more operations for providing the functionalities described herein.
  • the chip or chipset may constitute means for enabling user interface navigation with respect to the functionalities and/or services described herein.
  • the processor 70 may be embodied in a number of different ways.
  • the processor 70 may be embodied as one or more of various processing means such as a coprocessor, microprocessor, a controller, a digital signal processor (DSP), processing circuitry with or without an accompanying DSP, or various other processing devices including integrated circuits such as, for example, an ASIC (application specific integrated circuit), an FPGA (field programmable gate array), a microcontroller unit (MCU), a hardware accelerator, a special- purpose computer chip, or the like.
  • the processor 70 may be configured to execute instructions stored in the memory device 76 or otherwise accessible to the processor 70.
  • the processor 70 may represent an entity (for example, physically embodied in circuitry) capable of performing operations according to embodiments of the invention while configured accordingly.
  • the processor 70 when the processor 70 is embodied as an ASIC, FPGA or the like, the processor 70 may be specifically configured hardware for conducting the operations described herein.
  • the processor 70 when the processor 70 is embodied as an executor of software instructions, the instructions may specifically configure the processor 70 to perform the algorithms and operations described herein when the instructions are executed.
  • the processor 70 may be a processor of a specific device (for example, a mobile terminal or network device) adapted for employing embodiments of the invention by further configuration of the processor 70 by instructions for performing the algorithms and operations described herein.
  • the processor 70 may include, among other things, a clock, an arithmetic logic unit (ALU) and logic gates configured to support operation of the processor 70.
  • ALU arithmetic logic unit
  • the processor 70 may be configured to operate a connectivity program, such as a browser, Web browser or the like.
  • the connectivity program may enable the apparatus 50 to transmit and receive Web content, such as for example location-based content or any other suitable content, according to a Wireless Application Protocol (WAP), for example.
  • WAP Wireless Application Protocol
  • the communication interface 74 may be any means such as a device or circuitry embodied in either hardware, a computer program product, or a combination of hardware and software that is configured to receive and/or transmit data from/to a network and/or any other device or module in communication with the apparatus 50.
  • the communication interface 74 may include, for example, an antenna (or multiple antennas) and supporting hardware and/or software for enabling communications with a wireless communication network (for example, network 30).
  • a wireless communication network for example, network 30
  • the communication interface 74 may alternatively or also support wired communication. As such, the
  • communication interface 74 may include a communication modem and/or other hardware/software for supporting communication via cable, digital subscriber line (DSL), universal serial bus (USB), Ethernet or other mechanisms.
  • DSL digital subscriber line
  • USB universal serial bus
  • the user interface 67 may be in communication with the processor 70 to receive an indication of a user input at the user interface 67 and/or to provide an audible, visual, mechanical or other output to the user.
  • the user interface 67 may include, for example, a keyboard, a mouse, a joystick, a display, a touch screen, a microphone, a speaker, or other input/output mechanisms.
  • the apparatus is embodied as a server or some other network devices
  • the user interface 67 may be limited, remotely located, or eliminated.
  • the processor 70 may comprise user interface circuitry configured to control at least some functions of one or more elements of the user interface, such as, for example, a speaker, ringer, microphone, display, and/or the like.
  • the processor 70 and/or user interface circuitry comprising the processor 70 may be configured to control one or more functions of one or more elements of the user interface through computer program instructions (for example, software and/or firmware) stored on a memory accessible to the processor 70 (for example, memory device 76, and/or the like).
  • computer program instructions for example, software and/or firmware
  • a memory accessible to the processor 70 for example, memory device 76, and/or the like.
  • the apparatus 50 may also include one or more means for sharing and/or obtaining data.
  • the apparatus may comprise a short range radio frequency (RF) transceiver and/or interrogator 64 so data may be shared with and/or obtained from electronic devices (for example, a RF access point(s)) in accordance with RF techniques.
  • the apparatus may comprise other short range transceivers, such as, for example an infrared (IR) transceiver 66, a BluetoothTM (BT) transceiver 68 operating using BluetoothTM brand wireless technology developed by the Bluetooth Special Interest Group, and/or the like.
  • the Bluetooth transceiver 68 may be configured to operate according to WibreeTM radio standards.
  • the apparatus 50 may also include a WLAN transceiver 69 configured to transmit and/or receive data from electronic devices (for example, a WLAN access point(s)) according to a WLAN technique such as, for example, IEEE 802.1 1 techniques.
  • the WLAN transceiver 69 may also be configured to transmit and/or receive data from electronic devices according to various wireless networking techniques, including, but not limited to, Wi-Fi, LAN techniques, and/or the like.
  • the apparatus 50 and, in particular, the short range transceiver may be capable of transmitting data to and/or receiving data from electronic devices (for example, within a proximity of the apparatus, such as within 10 meters, for example).
  • the apparatus 50 may further include a secure element 38.
  • the secure element 38 may be in communication with modem processor 36 and the processor 70.
  • the secure element 38 may include a memory device (for example, secure element memory 52), a processor (for example, secure element processor 54) and an interface 51 configured to communicate via one or more communication channels 71 , 73.
  • the communication channel 71 and the communication channel 73 may be secure channels (for example, cryptographically secure channels).
  • the secure element 38 may be, for example, a smart card, SIM card, eSIM, softSIM, USIM, eUSIM, softUSIM, UICC, embedded UICC, UIM, R-UIM, and/or the like.
  • the secure element 38 may be removable or non-removable.
  • the secure element 38 When the secure element 38 is removable (for example, a R-UIM), the secure element 38 may be removable from the apparatus 50. As described above, in other example embodiments, the secure element 38 may be non-removable from the apparatus 50.
  • the UICC may include a subscriber identity module (SIM) application, universal SIM (USIM) application, internet protocol multimedia services identity module (ISIM) application or the like for accessing corresponding public land mobile networks (PLMNs), although it should be understood that one or more of these applications may also be used to access one or more other networks.
  • SIM subscriber identity module
  • USIM universal SIM
  • ISIM internet protocol multimedia services identity module
  • the memory 52 of the secure element 38 may store information elements related to identities or accounts (for example, of a subscriber) and any other suitable data.
  • the memory of the secure element 38 may store information elements such as, for example (for example, one or more International Mobile Subscriber Identities (IMSIs), Mobile Subscriber Integrated Services
  • an MSISDN(s) and an IMSI(s) may correspond to numbers used for identifying identities or accounts (for example, of a subscriber).
  • an IMSI may identify the secure element 38
  • an MSISDN may be a telephone number associated with the secure element 38.
  • content of the secure element 38 may not be accessible until the identities or accounts are validated.
  • the secure element (SE) memory 52 may also store payment card information (for example, prepaid information) associated with the identities or accounts (for example, of a subscriber). According to some example
  • payment card information may relate to one or more accounts that are backed and supported by one or financial institutions (for example, banks and/or credit card companies) holding funds belonging to the cardholder, or offering credit to the cardholder (for example, credit and/or debit card information associated with the identities or accounts).
  • the prepaid information may relate to money paid, or credit applied to an account (for example, of a subscriber) in advance for a specified amount of communications services or a predetermined time period for receiving communications services.
  • the secure element memory 52 may also store data associated with one or more enforcement mechanisms.
  • an enforcement mechanism(s) may define an allowable time period in which a network operator may provide communications services to the apparatus 50 based on an account associated with the secure element 38.
  • other network providers may, but need not, be unable to communicate with the apparatus 50 or may be unable to provide communications services to the apparatus 50.
  • these other network providers may be locked out from communicating and/or providing communications services to the apparatus 50 during the allowable time period.
  • the provisioning lock for example, prohibiting other network operators from communicating with the secure element
  • the secure element 38 may be enforced inside the secure element 38, for example, based in part on data of the secure element 38.
  • the secure element memory 52 may store data indicating an expiration time period (also referred to herein as expiration period or expiry period) of communications services provided to identities or accounts by a network operator.
  • an expiration time period also referred to herein as expiration period or expiry period
  • communications services provided before the expiration of the expiration time period may no longer be provided by a network operator that previously provided the communications services.
  • the network operator may reuse the network access credentials (for example, IMSI(s), ICCID(s), MSIDSS(s)) associated with an account corresponding to the secure element 38, as described more fully below.
  • the data indicating the expiry period may be associated with or part of a digital certificate.
  • one or more security keys for example, a public key, a private key
  • the secure element memory 52 may store applications and in some cases the processor 54 of the secure element 38 may execute the applications. Additionally, the secure element 38 (for example, via secure element processor 54) may exchange communications with a modem processor 36 and/or the processor 70. The secure element 38 may communicate with the modem processor 36 and/or the processor 70 via the secure communication channel 71.
  • the secure element 38 may communicate with the modem processor 36 and/or the processor 70 via communication channel 71 by accessing its interface 51.
  • the communication channel 71 may, but need not, be a cryptographic secure channel.
  • the communication channel 71 may enable transfer of data across the channel 71 that may be resistant to interception and tampering.
  • secure element 38, the modem processor 36 and/or the processor 70 may each utilize a security key(s) (for example, a shared secret key, or public/private key) for communicating via communication channel 71.
  • the sender for example, modem processor 36
  • communications may include the security key(s) (for example, shared secret key) in the data of the communications and the receiver (for example, secure element 38) of the communications may analyze the data in the received communications to determine whether the security key(s) is valid.
  • the receiver may, but need not, determine whether the security key(s) is valid by examining a security key(s) which may be stored in memory (for example, secure element memory 52) to determine whether the security key(s) corresponds to a same key (for example, the same shared secret key).
  • the receiver for example, secure element 38
  • the sender for example, modem processor 36
  • the example embodiments may provide a manner in which to securely transfer the data stored in the secure element 38.
  • network access credentials for example, an IMSI(s), ICCID(s) and/or MSISDN(s)
  • the potential for breaking a subsidy lock and using the apparatus 50 on another network may be reduced.
  • the processor 70 may be embodied as, include or otherwise control the SE processor 54 of the 38.
  • the SE processor 54 may be any means such as a device or circuitry operating in accordance with software or otherwise embodied in hardware or a combination of hardware and software (for example, processor 70 operating under software control, the processor 70 embodied as an ASIC or FPGA specifically configured to perform the operations described herein, or a combination thereof) thereby configuring the device or circuitry to perform the corresponding functions of the SE processor 54, as described herein.
  • a device or circuitry for example, the processor 70 in one example
  • executing the software forms the structure associated with such means.
  • the SE processor 54 may be a coprocessor, controller, microprocessor or other processing element including integrated circuits (for example, embodied as an ASIC or FPGA) or circuitry configured to execute instructions, which may be stored in SE memory 52, or perform other logical functions or corresponding operations described herein.
  • integrated circuits for example, embodied as an ASIC or FPGA
  • FPGA field-programmable gate array
  • the SE processor 54 may be configured to communicate with a network entity, such as, for example, a trusted service manager (TSM) 90 (also referred to herein as trusted service manager (TSM) network entity 90) to receive expiry period information as well as secret/private information (for example, IMSIs, MSISDNs and/or applications) associated with a time period for usage of communications services provided by a corresponding network operator.
  • TSM trusted service manager
  • the SE processor 54 and the TSM 90 may communicate via a secure (for example, a cryptographic channel) communication channel 73 (for example, over the air (OTA) and/or optionally via network 30 in some example embodiments).
  • OTA over the air
  • the expiry period information may include information indicating a time period that the apparatus may utilize communications services provided by a corresponding network operator/provider, as described more fully below.
  • the secure element 38 may, but need not, prevent subscriptions from other network operators to be provisioned to the secure element 38.
  • the secure element 38 may be locked prior to the expiration of the time period.
  • the secure element 38 may communicate with other network operators for provision of communications services, for example.
  • the network operator may reuse the IMSI(s), ICCID(s) and MSISDN(s) and may, but need not, reallocate the IMSIs ICCIDs, and/or MSISDNs to other secure elements 38.
  • one or more memory devices maintained by a network operator/provider may be efficiently utilized since the reuse/reallocation of IMSIs, ICCIDs and/or MSISDNs to other secure elements 38 may minimize the potential of overloading the memory devices of the network operator/provider.
  • the information associated with the expiry period may relate to expiration periods for prepaid services (for example, unused time or remaining monetary value) associated with an account
  • a corresponding network operator/provider may reuse/reallocate the IMSIs, ICCIDs, MSISDNs to other secure elements (for example, secure elements 38), as described more fully below.
  • the modem processor 36 may be any means such as a device or circuitry configured to implement a protocol engine that may run/execute the signaling to a communications network (for example, a GSM, WCDMA, or LTE
  • the modem processor 36 may be configured to communicate with any communications network that utilizes secure elements (for example, smart cards, eSIMs, or soft SIMs) as a manner in which to identify one or more subscribers and also for charging the subscribers for usage of communications services provided by the communications network.
  • secure elements for example, smart cards, eSIMs, or soft SIMs
  • the memory 45 may include, for example, volatile and/or non-volatile memory.
  • the memory 45 may be configured to store protocol data as well as one or more keys for communicating with the secure element 38 and/or the processor 70 via the secure communication channel, in a manner analogous to that described above.
  • the processor 44 may be any means such as a device (for example, coprocessor, microprocessor, or controller) or circuitry operating in accordance with software or otherwise embodied in hardware or a combination of hardware and software (for example, processor 70 operating under software control, the processor 70 embodied as an ASIC or FPGA specifically configured to perform the operations described herein, or a combination thereof) thereby configuring the device or circuitry to perform the corresponding functions of the modem processor 36.
  • the processor 44 may facilitate the execution of the signaling to a communications network and may facilitate one or more communications with the secure element 38 and/or processor 70 in a secure manner by including a key(s) in the communications and/or verifying that a received key(s) in received communications is valid. Referring now to FIG.
  • the network device 100 may be a server.
  • the network device 100 may be a personal computer, a laptop computer, a workstation, or a network infrastructure device.
  • the network device may be maintained by a network operator/provider.
  • the network operator/provider may provide communications services to one or more apparatuses (for example, apparatuses 50).
  • the network device 100 generally includes a processor 104 and an associated memory 106.
  • the memory 106 may comprise volatile and/or non-volatile memory, and may store content, data and/or the like.
  • the memory 106 may store client applications, instructions, and/or the like for the processor 104 to perform the various operations of the network device 100.
  • the processor 104 may also be connected to one or more communication interfaces 107 (also referred to herein as communication interface(s) 107) or other means for displaying, transmitting and/or receiving data, content, and/or the like.
  • One or more of the interfaces of the communication interface(s) 107 may enable communications in accordance with one or more devices (for example, apparatus 50 or one or more network entities (for example, TSM 90).)
  • the user input interface 105 may comprise any of a number of devices allowing the network device 100 to receive data from a user, such as a keypad, a touch display, a joystick or other input device.
  • the processor 104 may comprise user interface circuitry configured to control at least some functions of one or more elements of the user input interface.
  • the processor 104 and/or user interface circuitry of the processor may be configured to control one or more functions of one or more elements of the user interface through computer program instructions (for example, software and/or firmware) stored on a memory accessible to the processor (for example, volatile memory, non-volatile memory, and/or the like).
  • the processor 104 may be embodied as one or more of various processing means such as a coprocessor, microprocessor, a controller, a digital signal processor (DSP), processing circuitry with or without an accompanying DSP, or various other processing devices including integrated circuits such as, for example, an ASIC (application specific integrated circuit), an FPGA (field programmable gate array), a microcontroller unit (MCU), a hardware accelerator, a special- purpose computer chip, or the like.
  • the processor 104 may be configured to execute instructions stored in the memory device 106.
  • the network device 100 may provide information associated with one or more expiry periods and associated data to one more network entities such as, for example, one or more TSMs 90.
  • the processor 104 of the network device 100 maintained by the network
  • TSM(s) 90 may instruct a TSM(s) 90 to provision code (for example, software code) and data to one or more secure elements 38 associated with identities or accounts (for example, of subscribers) associated with
  • a TSM(s) 90 may manage and control the provisioning of data to the secure elements 38 on behalf of the network operator/provider.
  • the network entity may be a TSM 90 which may receive information from one more network operators/providers for provisioning code and/or data to one or more secure elements (for example, secure elements 38).
  • the TSM 90 (for example, the third communication device 25)) generally includes a processor 94 and an associated memory 96.
  • the memory 96 may comprise volatile and/or non-volatile memory, and may store content, data and/or the like.
  • the memory may store content, data, information, and/or the like transmitted from, and/or received by, the network entity.
  • the memory 96 may store client applications, instructions, and/or the like for the processor 94 to perform the various operations of the TSM 90 in accordance with some embodiments of the invention, as described herein.
  • the processor 94 may also be connected to at least one interface or other means for displaying, transmitting and/or receiving data, content, and/or the like.
  • the interface(s) may comprise at least one communication interface 98 or other means for transmitting and/or receiving data, content, and/or the like, as well as at least one user input interface 95.
  • the user input interface 95 may comprise any of a number of devices allowing the network entity to receive data from a user, such as a keypad, a touch display, a joystick or other input device.
  • the processor 94 may comprise user interface circuitry configured to control at least some functions of one or more elements of the user input interface.
  • the processor and/or user interface circuitry of the processor may be configured to control one or more functions of one or more elements of the user interface through computer program instructions (for example, software and/or firmware) stored on a memory accessible to the processor (for example, volatile memory, non-volatile memory, and/or the like).
  • computer program instructions for example, software and/or firmware
  • a memory accessible to the processor for example, volatile memory, non-volatile memory, and/or the like.
  • the processor 94 may be embodied as, include or otherwise control the TSM issuer manager 97.
  • the TSM issuer manager 97 may be any means such as a device or circuitry operating in accordance with software or otherwise embodied in hardware or a combination of hardware and software (for example, processor 94 operating under software control, the processor 94 embodied as an ASIC or FPGA specifically configured to perform the operations described herein, or a combination thereof) thereby configuring the device or circuitry to perform the corresponding functions of the TSM issuer manager 97, as described below.
  • a device or circuitry for example, the processor 94 in one example
  • executing the software forms the structure associated with such means.
  • the TSM issuer manager 97 may communicate expiry period information as well as other associated data to one or more secure elements 38 on behalf of a network operator/provider (for example, a network operator/provider of network device 100).
  • the secure elements (for example, secure elements 38) may relate to apparatuses 50 of subscribers subscribing to the communications services provided by the network operator/provider.
  • the expiry period information provided by the TSM issuer manager 97 to one or more secure elements may include information indicating/denoting that the secure elements may communicate with the TSM 90 prior to the expiration of the expiry time period, but should not communicate with network operators that are not currently providing communications services to the apparatuses 50 associated with the secure elements (for example, secure elements 38), as described more fully below.
  • the information may include secrets, digital certificates, applications (algorithms) and/or identities (for example, IMSIs, ICCIDs, MSISDNs.)
  • the system 147 may include a communication device 101 (for example, apparatus 50), a network device 102 (for example, network device 100 (for example, second communication device 20)) and a network entity 108 (for example, TSM 90 (for example, third communication device 25)).
  • a communication device 101 for example, apparatus 50
  • a network device 102 for example, network device 100 (for example, second communication device 20)
  • a network entity 108 for example, TSM 90 (for example, third communication device 25)
  • the system 147 illustrates one communication device 101 , one network device 102 and one network entity 108, it should be pointed out that the system 147 may include any suitable number of communication devices 101 , network devices 102 and network entities 108 without departing from the spirit and scope of the invention.
  • the network device 102 may be maintained by a network operator/provider having an account/subscription to provide
  • the account/subscription may relate to prepaid communications services.
  • the network device 102 may provide the network entity 108 with enforcement mechanism information indicating an expiry period along with associated data related to an
  • the expiry period information may, but need not, be provided in a digital certificate, which may require one or more keys in order to access the information of the digital certificate.
  • the enforcement mechanism information associated with the expiry period may be provided in software code.
  • the expiry period may denote the time period in which the subscriber has agreed to allow the network operator/provider to provide communications services to the communication device 101 and may include data indicating that the network entity 108, and in some embodiments, the network device 102, are authorized to communicate with the secure element (for example, secure element 38) of communicate device 101 but may specify that other network providers may be prohibited (for example, locked out) from communicating with the secure element of the communication device 101 prior to the expiration of the time period.
  • the associated data may include, but is not limited to, one or more items of secret information (for example, identities (for example, IMSIs, or MSISDNs), or applications associated with the account/subscription of the subscriber of the communication device 101.
  • the network entity 108 may provide the enforcement mechanism information (for example, expiry period information) and the associated data to the secure element of the communication device 107 via the secure communication channel 103 (for example, communication channel 73).
  • the secure element may verify that one or more keys (for example, a public key(s), or a private key(s)) corresponds to one or more keys (for example, a public key(s), or a private key(s)) in the enforcement mechanism information (for example, a digital certificate including the expiry data or software code associated with the expiry data) in order to authenticate the information sent to the secure element by the network entity 108.
  • the SE processor 54 determines that the key(s) matches, the SE may communicate with the network entity 108.
  • the secure element may not communicate further with the network entity 108.
  • the SE processor 54 of the secure element of the communication device 101 may analyze the expiry period information associated with the enforcement mechanism information and may determine that the secure element should only communicate with the network entity 108 prior to the expiration of the time period associated with the expiry period information. In this manner, the network entity 108 may provide information to the secure element of the communication device 101 in a secure manner prior to the expiration of the time period associated with the expiry period.
  • the enforcement mechanism information may include data indicating the network operator/provider that assigned the expiry period to the secure element.
  • the SE processor 54 may analyze the data associated with the expiry period and may send a message to the display 85 instructing the display 85 to notify the subscriber/user of the communication device 101 that the expiry period may expire in a certain time period (for example, a predetermined amount of time until the expiration of the expiry period) if the subscription is not renewed with the network operator/provider.
  • the network entity 108 may allow the SE (for example, SE 38) to communicate with other network
  • the secure element may be unlocked.
  • the network entity 108 may reallocate the identities such as, for example, the IMSI(s), ICCIDs, the MSISDN(s) previously utilized by the secure element to one or more other secure elements of communications devices.
  • the memory of the TSM 90 may be more efficiently utilized since storage capacity may be conserved by not necessarily needing to create new identity information for each new subscription associated with other secure elements.
  • the secure element of communication device 101 may be able to continue to communicate with the network entity 108 as well as other network operators/providers even after the expiration of the expiry period for an additional time period (for example, 7 days or 8 days.) However, in an instance in which the subscription is not renewed prior to the expiration of this additional time period, the secure element of the communication device 101 may be unable to communicate further with the network entity 108.
  • an additional time period for example, 7 days or 8 days.
  • the enforcement mechanism information provided to the secure element of a communication device may additionally or alternatively be associated with expiry period information corresponding to the prepaid services.
  • secret information such as, for example, IMSIs, MSISDNs, or secret keys may be deleted or removed from a corresponding secure element.
  • this secret information may be utilized by the network entity 108 and/or network device 102 for reallocation to one or more other secure elements, as described more fully below.
  • the expiry period information associated with prepaid services may be based on examples such as unused time (for example, unused cellular minutes) associated with
  • communications services for a prepaid subscription at the expiration of the expiry period remaining monetary value associated with a prepaid subscription that is not utilized by the expiration of the expiry period or any other relevant parameters associated with prepaid services, such as, for example, prepaid subscriptions associated with one or more locations. For example, a prepaid purchase of a subscription for usage of a secure element in a given location for a given time period corresponding to the expiry period.
  • the SE processor 54 may determine that there is unused time associated with a prepaid subscription/account at the expiration of the expiry period, or remaining monetary value on a prepaid subscription/account at the expiration of the expiry period, or that the
  • the SE processor 54 may delete or remove one or more items of secret information (for example, IMSI(s), or MSISDN(s)) from the SE memory 52.
  • the network entity 108 and/or network device 102 may reuse/reallocate the items of secret information (for example, IMSI(s), MSISDN(s), or secret keys) to one or more other secure elements.
  • the memory capacity of a memory (for example, memory 96) of the network entity 108 and/or a memory (for example, memory 106) of the network device 102 may be conserved by minimizing the quantity of items of secret information that may otherwise stored on behalf of other secure elements.
  • the network entity 108 (for example, via processor 94 and/or TSM issuer manager 97) and/or the network device 102 (for example via processor 104) may remotely access the memory (for example, SE memory 54) of the secure element and remove or delete the items of secret information (for example, I SIs, MSISDNs, or secret keys) from the secure element (for example, secure element 38) of a communication device (for example, communication device 101).
  • the network entity 108 for example, TSM 90
  • the TSM issuer manager 97 may send a message to the network device 102
  • the SE processor 54, the network entity 108 (for example, via processor 94, TSM issuer manager 97) and/or the network device 102 (for example, via processor 104) may delete an IMSI(s) or an ICCID(s) and corresponding keys (for example, secret keys) each time prepaid money runs out that may have been credited/applied to a prepaid subscription/account.
  • an apparatus for example, SE processor 54 may receive, via a secure element (for example, secure element 38), information relating to an enforcement mechanism.
  • the enforcement mechanism may include data indicating an expiry period associated with a time period in which the user identity module communicates with a network entity (for example, TSM 90) on behalf of a network operator providing communications services to the apparatus.
  • the secure element may, but need not, be a non-removable secure element.
  • an apparatus for example, SE processor 54
  • an apparatus for example, SE processor 54
  • FIG. 6 is a flowchart of a system, method and computer program product according to some example embodiments of the invention. It will be understood that each block of the flowchart, and combinations of blocks in the flowchart, can be implemented by various means, such as hardware, firmware, and/or a computer program product including one or more computer program instructions. For example, one or more of the procedures described above may be embodied by computer program instructions. In this regard, in some example embodiments, the computer program instructions which embody the procedures described above are stored by a memory device (for example, memory device 76, SE memory 52, memory 96, memory 106) and executed by a processor (for example, processor 70, processor 94, processor 104, SE processor 54, TSM issuer manager 97). As will be appreciated, any such computer program instructions may be loaded onto a computer or other memory device (for example, memory device 76, SE memory 52, memory 96, memory 106) and executed by a processor (for example, processor 70, processor 94, processor 104, SE processor 54, TSM issuer manager
  • the computer program instructions are stored in a computer-readable memory that can direct a computer or other programmable apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instructions which implement the function(s) specified in the flowchart blocks.
  • the computer program instructions may also be loaded onto a computer or other programmable apparatus to cause a series of operations to be performed on the computer or other programmable apparatus to produce a computer-implemented process such that the instructions which execute on the computer or other programmable apparatus implement the functions specified in the flowchart blocks.
  • blocks of the flowchart support combinations of means for performing the specified functions. It will also be understood that one or more blocks of the flowchart, and combinations of blocks in the flowchart, can be implemented by special purpose hardware-based computer systems which perform the specified functions, or combinations of special purpose hardware and computer instructions.
  • an apparatus for performing the method of FIG. 6 above may comprise a processor (for example, the processor 70, the processor 94, the processor 104, the SE processor 54, the TSM issuer manager 97) configured to perform some or each of the operations (600 - 610) described above.
  • the processor may, for example, be configured to perform the operations (600 - 610) by performing hardware implemented logical functions, executing stored instructions, or executing algorithms for performing each of the operations.
  • the apparatus may comprise means for performing each of the operations described above.
  • the apparatus may comprise means for performing each of the operations described above.
  • examples of means for performing operations may comprise, for example, the processor 70 (for example, as means for performing any of the operations described above), the processor 94, the processor 104, the SE processor 54, the TSM issuer manager 97 and/or a device or circuitry for executing instructions or executing an algorithm for processing information as described above.

Abstract

La présente invention se rapporte à un appareil permettant de produire un ou plusieurs éléments sécurisés identifiants d'accès au réseau. Ledit appareil peut comprendre un processeur et une mémoire qui stocke un code informatique exécutable amenant l'appareil à au moins effectuer des opérations comprenant la réception, par l'intermédiaire d'un élément sécurisé, d'informations qui se rapportent à un mécanisme de mise en œuvre. Le mécanisme de mise en œuvre peut comprendre des données qui indiquent une période d'expiration associée à une période de temps pendant laquelle l'élément sécurisé communique avec une entité de réseau pour le compte d'un opérateur de réseau. L'opérateur de réseau peut offrir des services de communication à l'appareil. La présente invention se rapporte également à des procédés et à des produits-programmes d'ordinateur correspondants.
PCT/IB2011/001628 2011-07-12 2011-07-12 Procédé et appareil permettant de produire des identifiants d'accès au réseau WO2013008048A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2011/001628 WO2013008048A1 (fr) 2011-07-12 2011-07-12 Procédé et appareil permettant de produire des identifiants d'accès au réseau

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2011/001628 WO2013008048A1 (fr) 2011-07-12 2011-07-12 Procédé et appareil permettant de produire des identifiants d'accès au réseau

Publications (1)

Publication Number Publication Date
WO2013008048A1 true WO2013008048A1 (fr) 2013-01-17

Family

ID=47505561

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2011/001628 WO2013008048A1 (fr) 2011-07-12 2011-07-12 Procédé et appareil permettant de produire des identifiants d'accès au réseau

Country Status (1)

Country Link
WO (1) WO2013008048A1 (fr)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9507329B2 (en) 2012-09-21 2016-11-29 Apple Inc. Apparatus and methods for controlled switching of electronic access clients without requiring network access
CN106507333A (zh) * 2015-09-07 2017-03-15 中兴通讯股份有限公司 一种机卡互锁方法及装置
US9794905B1 (en) 2016-09-14 2017-10-17 At&T Mobility Ii Llc Method and apparatus for assigning mobile subscriber identification information to multiple devices according to location
WO2017185647A1 (fr) * 2016-04-29 2017-11-02 宇龙计算机通信科技(深圳)有限公司 Procédés de gestion et d'appel de numéro d'identification internationale d'abonné mobile (imsi) basé sur softsim, serveur et dispositif côté réseau
US9814010B1 (en) 2016-09-14 2017-11-07 At&T Intellectual Property I, L.P. Method and apparatus for utilizing mobile subscriber identification information with multiple devices based on registration requests
US9838991B1 (en) 2016-08-15 2017-12-05 At&T Intellectual Property I, L.P. Method and apparatus for managing mobile subscriber identification information according to registration requests
US9843922B1 (en) 2016-09-14 2017-12-12 At&T Intellectual Property I, L.P. Method and apparatus for utilizing mobile subscriber identification information with multiple devices based on registration errors
US9882594B2 (en) 2012-09-21 2018-01-30 Apple Inc. Apparatus and methods for controlled switching of electronic access clients without requiring network access
US9906943B1 (en) 2016-09-29 2018-02-27 At&T Intellectual Property I, L.P. Method and apparatus for provisioning mobile subscriber identification information to multiple devices and provisioning network elements
US9918220B1 (en) 2016-10-17 2018-03-13 At&T Intellectual Property I, L.P. Method and apparatus for managing and reusing mobile subscriber identification information to multiple devices
US9924347B1 (en) 2016-09-14 2018-03-20 At&T Intellectual Property I, L.P. Method and apparatus for reassigning mobile subscriber identification information
WO2018072852A1 (fr) * 2016-10-21 2018-04-26 Telefonaktiebolaget Lm Ericsson (Publ) Abonnements au réseau limités dans le temps
US9967732B2 (en) 2016-08-15 2018-05-08 At&T Intellectual Property I, L.P. Method and apparatus for managing mobile subscriber identification information according to registration errors
US10009764B2 (en) 2012-09-21 2018-06-26 Apple Inc. Apparatus and methods for controlled switching of electronic access clients without requiring network access
US10015764B2 (en) 2016-09-14 2018-07-03 At&T Intellectual Property I, L.P. Method and apparatus for assigning mobile subscriber identification information to multiple devices
US10070407B2 (en) 2016-12-01 2018-09-04 At&T Intellectual Property I, L.P. Method and apparatus for using active and inactive mobile subscriber identification information in a device to provide services for a limited time period
US10070303B2 (en) 2016-11-11 2018-09-04 At&T Intellectual Property I, L.P. Method and apparatus for provisioning of multiple devices with mobile subscriber identification information
US10136305B2 (en) 2016-12-01 2018-11-20 At&T Intellectual Property I, L.P. Method and apparatus for using mobile subscriber identification information for multiple device profiles for a device
US10231204B2 (en) 2016-12-05 2019-03-12 At&T Intellectual Property I, L.P. Methods, systems, and devices for registering a communication device utilizing a virtual network
US10341842B2 (en) 2016-12-01 2019-07-02 At&T Intellectual Property I, L.P. Method and apparatus for using temporary mobile subscriber identification information in a device to provide services for a limited time period
US10993107B2 (en) 2019-03-01 2021-04-27 At&T Intellectual Property I, L.P. Multi-factor autonomous SIM lock

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000065820A1 (fr) * 1999-04-26 2000-11-02 Nokia Corporation Procede de gestion d'une information d'abonnement prepayee
WO2010073265A2 (fr) * 2008-12-24 2010-07-01 St-Ericsson India Pvt.Ltd. Verrouillage d'un dispositif de communication
US20100210306A1 (en) * 2009-02-13 2010-08-19 Smarttrust Ab Method for deactivating and possibly reactivating sim cards

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000065820A1 (fr) * 1999-04-26 2000-11-02 Nokia Corporation Procede de gestion d'une information d'abonnement prepayee
WO2010073265A2 (fr) * 2008-12-24 2010-07-01 St-Ericsson India Pvt.Ltd. Verrouillage d'un dispositif de communication
US20100210306A1 (en) * 2009-02-13 2010-08-19 Smarttrust Ab Method for deactivating and possibly reactivating sim cards

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Feasibility study on the security aspects of remote provisioning and change of subscription for Machine to Machine (M2M) equipment", 3GPP TR 33.812, V9.2.0, June 2010 (2010-06-01) *
WALKER M: "Embedded SIMs and M2M Communications", ETSI SECURITY WORKSHOP, 20 January 2011 (2011-01-20), pages 4 - 5, Retrieved from the Internet <URL:http://docbox.etsi.org/workshop/2011/201101securityworkshop/s4mobiile_wirelesssecurity/walkerembeddedsims.pdf> *

Cited By (55)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10009764B2 (en) 2012-09-21 2018-06-26 Apple Inc. Apparatus and methods for controlled switching of electronic access clients without requiring network access
US9507329B2 (en) 2012-09-21 2016-11-29 Apple Inc. Apparatus and methods for controlled switching of electronic access clients without requiring network access
US9882594B2 (en) 2012-09-21 2018-01-30 Apple Inc. Apparatus and methods for controlled switching of electronic access clients without requiring network access
CN106507333A (zh) * 2015-09-07 2017-03-15 中兴通讯股份有限公司 一种机卡互锁方法及装置
WO2017041503A1 (fr) * 2015-09-07 2017-03-16 中兴通讯股份有限公司 Procédé et appareil d'authentification mutuelle destinés à un dispositif et à une carte, et support de stockage lisible par ordinateur
WO2017185647A1 (fr) * 2016-04-29 2017-11-02 宇龙计算机通信科技(深圳)有限公司 Procédés de gestion et d'appel de numéro d'identification internationale d'abonné mobile (imsi) basé sur softsim, serveur et dispositif côté réseau
US9838991B1 (en) 2016-08-15 2017-12-05 At&T Intellectual Property I, L.P. Method and apparatus for managing mobile subscriber identification information according to registration requests
US10609668B2 (en) 2016-08-15 2020-03-31 At&T Intellectual Property I, L.P. Method and apparatus for managing mobile subscriber identification information according to registration requests
US11096139B2 (en) 2016-08-15 2021-08-17 At&T Intellectual Property I, L.P. Method and apparatus for managing mobile subscriber identification information according to registration requests
US10470030B2 (en) 2016-08-15 2019-11-05 At&T Intellectual Property I, L.P. Method and apparatus for managing mobile subscriber identification information according to registration errors
US10299238B2 (en) 2016-08-15 2019-05-21 At&T Intellectual Property I, L.P. Method and apparatus for managing mobile subscriber identification information according to registration requests
US11700591B2 (en) 2016-08-15 2023-07-11 At&T Intellectual Property I, L.P. Method and apparatus for managing mobile subscriber identification information according to registration requests
US10237719B2 (en) 2016-08-15 2019-03-19 At&T Intellectual Property I, L.P. Method and apparatus for managing mobile subscriber identification information according to registration errors
US9967732B2 (en) 2016-08-15 2018-05-08 At&T Intellectual Property I, L.P. Method and apparatus for managing mobile subscriber identification information according to registration errors
US10257691B2 (en) 2016-09-14 2019-04-09 At&T Intellectual Property I, L.P. Method and apparatus for reassigning mobile subscriber identification information
US10433273B2 (en) 2016-09-14 2019-10-01 At&T Mobility Ii Llc Method and apparatus for utilizing mobile subscriber identification information with multiple devices based on registration requests
US9794905B1 (en) 2016-09-14 2017-10-17 At&T Mobility Ii Llc Method and apparatus for assigning mobile subscriber identification information to multiple devices according to location
US9814010B1 (en) 2016-09-14 2017-11-07 At&T Intellectual Property I, L.P. Method and apparatus for utilizing mobile subscriber identification information with multiple devices based on registration requests
US10743277B2 (en) 2016-09-14 2020-08-11 At&T Intellectual Property I, L.P. Method and apparatus for utilizing mobile subscriber identification information with multiple devices based on registration requests
US9843922B1 (en) 2016-09-14 2017-12-12 At&T Intellectual Property I, L.P. Method and apparatus for utilizing mobile subscriber identification information with multiple devices based on registration errors
US10149265B2 (en) 2016-09-14 2018-12-04 At&T Intellectual Property I, L.P. Method and apparatus for assigning mobile subscriber identification information to multiple devices according to location
US10187865B2 (en) 2016-09-14 2019-01-22 At&T Intellectual Property I, L.P. Method and apparatus for utilizing mobile subscriber identification information with multiple devices based on registration requests
US10187783B2 (en) 2016-09-14 2019-01-22 At&T Intellectual Property I, L.P. Method and apparatus for utilizing mobile subscriber identification information with multiple devices based on registration errors
US10582373B2 (en) 2016-09-14 2020-03-03 At&T Intellectual Property I, L.P. Method and apparatus for reassigning mobile subscriber identification information
US10542417B2 (en) 2016-09-14 2020-01-21 At&T Intellectual Property I, L.P. Method and apparatus for utilizing mobile subscriber identification information with multiple devices based on registration errors
US9924347B1 (en) 2016-09-14 2018-03-20 At&T Intellectual Property I, L.P. Method and apparatus for reassigning mobile subscriber identification information
US10512055B2 (en) 2016-09-14 2019-12-17 At&T Intellectual Property I, L.P. Method and apparatus for assigning mobile subscriber identification information to multiple devices according to location
US10015764B2 (en) 2016-09-14 2018-07-03 At&T Intellectual Property I, L.P. Method and apparatus for assigning mobile subscriber identification information to multiple devices
US10462657B2 (en) 2016-09-14 2019-10-29 At&T Intellectual Property I, L.P. Method and apparatus for assigning mobile subscriber identification information to multiple devices
US9906943B1 (en) 2016-09-29 2018-02-27 At&T Intellectual Property I, L.P. Method and apparatus for provisioning mobile subscriber identification information to multiple devices and provisioning network elements
US10375569B2 (en) 2016-09-29 2019-08-06 At&T Intellectual Property I, L.P. Method and apparatus for provisioning mobile subscriber identification information to multiple devices and provisioning network elements
US10602345B2 (en) 2016-09-29 2020-03-24 At&T Intellectual Property I, L.P. Method and apparatus for provisioning mobile subscriber identification information to multiple devices and provisioning network elements
US10555164B2 (en) 2016-10-17 2020-02-04 At&T Intellectual Property I, L.P. Method and apparatus for managing and reusing mobile subscriber identification information to multiple devices
US10149146B2 (en) 2016-10-17 2018-12-04 At&T Intellectual Property I, L.P. Method and apparatus for managing and reusing mobile subscriber identification information to multiple devices
US10356605B2 (en) 2016-10-17 2019-07-16 At&T Intellectual Property I, L.P. Method and apparatus for managing and reusing mobile subscriber identification information to multiple devices
US9918220B1 (en) 2016-10-17 2018-03-13 At&T Intellectual Property I, L.P. Method and apparatus for managing and reusing mobile subscriber identification information to multiple devices
US20190253563A1 (en) * 2016-10-21 2019-08-15 Telefonaktiebolaget Lm Ericsson (Publ) Time-Bounded Network Subscriptions
WO2018072852A1 (fr) * 2016-10-21 2018-04-26 Telefonaktiebolaget Lm Ericsson (Publ) Abonnements au réseau limités dans le temps
US10798561B2 (en) 2016-11-11 2020-10-06 At&T Intellectual Property I, L.P. Method and apparatus for provisioning of multiple devices with mobile subscriber identification information
US10440560B2 (en) 2016-11-11 2019-10-08 At&T Mobility Ii Llc Method and apparatus for provisioning of multiple devices with mobile subscriber identification information
US10070303B2 (en) 2016-11-11 2018-09-04 At&T Intellectual Property I, L.P. Method and apparatus for provisioning of multiple devices with mobile subscriber identification information
US11032697B2 (en) 2016-11-11 2021-06-08 At&T Intellectual Property I, L.P. Method and apparatus for provisioning of multiple devices with mobile subscriber identification information
US10070407B2 (en) 2016-12-01 2018-09-04 At&T Intellectual Property I, L.P. Method and apparatus for using active and inactive mobile subscriber identification information in a device to provide services for a limited time period
US10341842B2 (en) 2016-12-01 2019-07-02 At&T Intellectual Property I, L.P. Method and apparatus for using temporary mobile subscriber identification information in a device to provide services for a limited time period
US10375663B2 (en) 2016-12-01 2019-08-06 AT&T Intellectural Property I, L.P. Method and apparatus for using active and inactive mobile subscriber identification information in a device to provide services for a limited time period
US10136305B2 (en) 2016-12-01 2018-11-20 At&T Intellectual Property I, L.P. Method and apparatus for using mobile subscriber identification information for multiple device profiles for a device
US10785638B2 (en) 2016-12-01 2020-09-22 At&T Intellectual Property I, L.P. Method and apparatus for using mobile subscriber identification information for multiple device profiles for a device
US10939403B2 (en) 2016-12-01 2021-03-02 At&T Intellectual Property I, L.P. Method and apparatus for using active and inactive mobile subscriber identification information in a device to provide services for a limited time period
US10986484B2 (en) 2016-12-01 2021-04-20 At&T Intellectual Property I, L.P. Method and apparatus for using temporary mobile subscriber identification information in a device to provide services for a limited time period
US11272354B2 (en) 2016-12-01 2022-03-08 At&T Intellectual Property I, L.P. Method and apparatus for using mobile subscriber identification information for multiple device profiles for a device
US10701658B2 (en) 2016-12-05 2020-06-30 At&T Mobility Ii Llc Methods, systems, and devices for registering a communication device utilizing a virtual network
US11330548B2 (en) 2016-12-05 2022-05-10 At&T Intellectual Property I, L.P. Methods, systems, and devices for registering a communication device utilizing a virtual network
US10231204B2 (en) 2016-12-05 2019-03-12 At&T Intellectual Property I, L.P. Methods, systems, and devices for registering a communication device utilizing a virtual network
US10993107B2 (en) 2019-03-01 2021-04-27 At&T Intellectual Property I, L.P. Multi-factor autonomous SIM lock
US11558751B2 (en) 2019-03-01 2023-01-17 At&T Intellectual Property I, L.P. Multi-factor autonomous sim lock

Similar Documents

Publication Publication Date Title
WO2013008048A1 (fr) Procédé et appareil permettant de produire des identifiants d&#39;accès au réseau
US20180091978A1 (en) Universal Integrated Circuit Card Having A Virtual Subscriber Identity Module Functionality
US9843585B2 (en) Methods and apparatus for large scale distribution of electronic access clients
US10492045B2 (en) Dynamic provisioning of device configuration files for electronic subscriber identity modules
US10462647B2 (en) Communication control method and apparatus, terminal, and network platform
US9647984B2 (en) System and method for securely using multiple subscriber profiles with a security component and a mobile telecommunications device
KR101500825B1 (ko) 무선 네트워크 인증 장치 및 방법
EP2861002B1 (fr) Procédé de distribution et procédé d&#39;obtention de données d&#39;identification d&#39;utilisateur virtuel, et dispositifs
CA2744358C (fr) Procede, appareil, et produit de programme informatique destines a gerer des versions logicielles
US9198026B2 (en) SIM lock for multi-SIM environment
US9270700B2 (en) Security protocols for mobile operator networks
CN105338515B (zh) 数据业务传输方法和移动通信设备
US20070154014A1 (en) Using a trusted-platform-based shared-secret derivation and WWAN infrastructure-based enrollment to establish a secure local channel
US11662990B2 (en) Techniques for dynamically provisioning electronic subscriber identity modules to mobile devices
CN104168557A (zh) 操作系统的升级方法和操作系统的升级装置
EP2815553B1 (fr) Appareil mobile comportant une pluralité de clients d&#39;accès, et méthodes correspondantes
EP3759955A1 (fr) Procédés, dispositifs et programmes d&#39;ordinateur pour fournir ou commander des profils d&#39;opérateur dans des terminaux
CN112740637A (zh) 用于对安装在智能安全平台中的捆绑包的同时启用进行管理的装置和方法
CN102279741A (zh) 智能卡的业务处理方法及智能卡
US20120190340A1 (en) Method for binding secure device to a wireless phone
WO2005051018A1 (fr) Verrou de carte à puce pour la communication mobile
JP7383693B2 (ja) プロファイル遠隔管理権限設定方法、その装置及びそのシステム
US11647017B2 (en) Subscriber identity management
US20230057543A1 (en) Method and server for pushing data to mno
CN117440335A (zh) 蜂窝通信网络中的增强型计费

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11869409

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11869409

Country of ref document: EP

Kind code of ref document: A1