Methods for provisioning universal integrated circuit cards
First Claim
1. A method, comprising:
- instructing, by a secure element issuer system including a processor, an over-the-air system to transmit a first package that comprises configuration data for modifying a universal integrated circuit card, wherein the instructing causes the over-the-air system to encrypt the first package with a transport key to generate a first encrypted package, and wherein the instructing causes the over-the-air system to transmit the first encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card;
providing, by the secure element issuer system, a first mobile network operator trusted service manager system of a first mobile network operator with first information relating to the configuration data to enable the first mobile network operator trusted service manager system to manage content and memory allocation for a plurality of security domain containers of the universal integrated circuit card of the communication device, wherein the providing the first information to the first mobile network operator trusted service manager system is based on monitoring for configuration changes at the universal integrated circuit card and occurs in response to and after a detection of a particular configuration change at the universal integrated circuit card, wherein the particular configuration change is based on the configuration data of the first package, wherein the communication device and the first mobile network operator trusted service manager system are separate devices, wherein the first mobile network operator trusted service manager system is remotely located from the communication device, and wherein management of the content and the memory allocation for the plurality of security domain containers includes changing an amount of memory resource allocated to a particular security domain container of the plurality of security domain containers, wherein the plurality of security domain containers comprises an issuer security domain, a supplementary security domain, and a controlling authority security domain, wherein the issuer security domain stores first content that includes card issuer content, wherein the supplementary security domain stores second content that includes application provider content, and wherein the controlling authority security domain stores third content that includes security policy content;
detecting, by the secure element issuer system, that the communication device is to be provided services by a second mobile network operator; and
delegating, by the secure element issuer system, security management of the universal integrated circuit card of the communication device by providing a second mobile network operator trusted service manager system of the second mobile network operator with the first information relating to the configuration data to enable the second mobile network operator trusted service manager system to manage the content and the memory allocation for the plurality of security domain containers of the universal integrated circuit card of the communication device.
2 Assignments
0 Petitions
Accused Products
Abstract
A system can receive a request to modify a universal integrated circuit card, generate a package comprising configuration data for modifying the universal integrated circuit card, instruct an over-the-air system to transmit the package encrypting the package with a transport key to generate an encrypted package, and transmit the encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card. The system can provide a mobile network operator trusted service manager system information relating to the configuration data to enable the mobile network operator trusted service manager system to manage content and memory allocation of the universal integrated circuit card.
179 Citations
20 Claims
-
1. A method, comprising:
-
instructing, by a secure element issuer system including a processor, an over-the-air system to transmit a first package that comprises configuration data for modifying a universal integrated circuit card, wherein the instructing causes the over-the-air system to encrypt the first package with a transport key to generate a first encrypted package, and wherein the instructing causes the over-the-air system to transmit the first encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card; providing, by the secure element issuer system, a first mobile network operator trusted service manager system of a first mobile network operator with first information relating to the configuration data to enable the first mobile network operator trusted service manager system to manage content and memory allocation for a plurality of security domain containers of the universal integrated circuit card of the communication device, wherein the providing the first information to the first mobile network operator trusted service manager system is based on monitoring for configuration changes at the universal integrated circuit card and occurs in response to and after a detection of a particular configuration change at the universal integrated circuit card, wherein the particular configuration change is based on the configuration data of the first package, wherein the communication device and the first mobile network operator trusted service manager system are separate devices, wherein the first mobile network operator trusted service manager system is remotely located from the communication device, and wherein management of the content and the memory allocation for the plurality of security domain containers includes changing an amount of memory resource allocated to a particular security domain container of the plurality of security domain containers, wherein the plurality of security domain containers comprises an issuer security domain, a supplementary security domain, and a controlling authority security domain, wherein the issuer security domain stores first content that includes card issuer content, wherein the supplementary security domain stores second content that includes application provider content, and wherein the controlling authority security domain stores third content that includes security policy content; detecting, by the secure element issuer system, that the communication device is to be provided services by a second mobile network operator; and delegating, by the secure element issuer system, security management of the universal integrated circuit card of the communication device by providing a second mobile network operator trusted service manager system of the second mobile network operator with the first information relating to the configuration data to enable the second mobile network operator trusted service manager system to manage the content and the memory allocation for the plurality of security domain containers of the universal integrated circuit card of the communication device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
receiving, by a first system including a processor, a request to modify content in a security domain container of a universal integrated circuit card; generating, by the first system, a script according to the request; encrypting, by the first system, the script according to an application key to generate an encrypted script; instructing, by the first system, a second system to transmit the encrypted script, wherein the instructing causes the second system to generate a package comprising the encrypted script and transport data, wherein the instructing causes the second system to encrypt the package with a transport key to generate an encrypted package, and wherein the instructing causes the second system to transmit the encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the content of the security domain container of the universal integrated circuit card; providing, by the first system, a third system associated with a first mobile network operator with information relating to the provisioning of the security domain container to manage content and memory allocation for a plurality of security domain containers of the universal integrated circuit card, wherein the provisioning includes updating the plurality of security domain containers based on the transport key and the encrypted script, wherein the communication device and the third system are separate systems, wherein the third system is remotely located from the communication device, wherein the providing the information to the third system is based on monitoring for configuration changes at the universal integrated circuit card and occurs in response to and after a detection of a particular configuration change at the universal integrated circuit card, and wherein the particular configuration change is based on the script, wherein the plurality of security domain containers comprises an issuer security domain, a supplementary security domain, and a controlling authority security domain, wherein the issuer security domain stores first content that includes card issuer content, wherein the supplementary security domain stores second content that includes application provider content, and wherein the controlling authority security domain stores third content that includes security policy content; detecting, by the first system, that the communication device is to be provided services by a second mobile network operator; and delegating, by the first system, security management of the universal integrated circuit card of the communication device by providing a fourth system associated with the second mobile network operator with the information relating to the provisioning of the security domain container to manage the content and the memory allocation for the plurality of security domain containers of the universal integrated circuit card. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method, comprising:
-
receiving, by a subscription management secure routing system of a first service provider, a first encrypted package, wherein the first encrypted package is encrypted by a subscription management data preparation system with an application key responsive to a subscription management data profile system receiving a request from a second service provider to modify a universal integrated circuit card with configuration data; sending, by the subscription management secure routing system to an over-the-air system of the first service provider, a second package comprising the first encrypted package and transport data, wherein the sending causes the over-the-air system to encrypt the second package with a transport key to generate a second encrypted package, and wherein the sending causes the over-the-air system to transmit the second encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card with the configuration data; providing, by the subscription management secure routing system, a first mobile network operator system of the first service provider with information relating to the configuration data to enable the first mobile network operator system to manage content and memory allocation for a plurality of security domain containers of the universal integrated circuit card responsive to receiving the second package to provision the configuration data for the universal integrated circuit card, wherein the communication device and the first mobile network operator system are separate devices, wherein the first mobile network operator system is remotely located from the communication device, wherein the providing the information to the first mobile network operator system is based on monitoring for configuration changes at the universal integrated circuit card and occurs in response to and after a detection of a particular configuration change at the universal integrated circuit card, and wherein the particular configuration change is based on the configuration data, wherein the plurality of security domain containers comprises an issuer security domain, a supplementary security domain, and a controlling authority security domain, wherein the issuer security domain stores first content that includes card issuer content, wherein the supplementary security domain stores second content that includes application provider content, and wherein the controlling authority security domain stores third content that includes security policy content; detecting, by the subscription management secure routing system, that the communication device is to be provided services by a second mobile network operator; and delegating, by the subscription management secure routing system, security management of the universal integrated circuit card of the communication device by providing a second mobile network operator system associated with the second mobile network operator with the information relating to the configuration data to enable the first mobile network operator system to manage the content and the memory allocation for the plurality of security domain containers of the universal integrated circuit card. - View Dependent Claims (18, 19, 20)
-
Specification