Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit
First Claim
1. A user equipment with a primary identifier and a secondary identifier, comprising:
- a memory;
a processor; and
a witness application stored in the memory, that when executed by the processor in a trusted security zone, wherein the trusted security zone provides hardware assisted trust,monitors communication service consumption of a plurality of different communication services associated with each of the primary identifier and the secondary identifier of the user equipment,stores a plurality of logs of communication service consumption differentiated by identifier in the trusted security zone, andtransmits a message comprising the logs of the communication service consumption to a server in a network of a service provider associated with the user equipment using a trusted end-to-end communication channel, wherein the logs are translated by the server to a format compatible with a billing data store supported by a billing server, wherein the translated logs are transmitted to the billing data store, wherein a bill is created for each of the primary identifier based on the monitored communication service consumption of the plurality of different communication services associated with the primary identifier and the secondary identifier based on the monitored communication service consumption of the plurality of different communication services associated with the secondary identifier by the billing server accessing the billing data store.
6 Assignments
0 Petitions
Accused Products
Abstract
A user equipment with a primary identifier and a secondary identifier. The user equipment comprises a witness application stored in the memory, that when executed by the processor in a trusted security zone, wherein the trusted security zone provides hardware assisted trust, transmits a message comprising the logs of the communication service consumption to a server in a network of a service provider associated with the user equipment using a trusted end-to-end communication channel, wherein the logs are translated by the server to a format compatible with a billing data store supported by a billing server, wherein the translated logs are transmitted to the billing data store, whereby a bill is created for each of the primary identifier and the secondary identifier by the billing server accessing the billing data store.
-
Citations
20 Claims
-
1. A user equipment with a primary identifier and a secondary identifier, comprising:
-
a memory; a processor; and a witness application stored in the memory, that when executed by the processor in a trusted security zone, wherein the trusted security zone provides hardware assisted trust, monitors communication service consumption of a plurality of different communication services associated with each of the primary identifier and the secondary identifier of the user equipment, stores a plurality of logs of communication service consumption differentiated by identifier in the trusted security zone, and transmits a message comprising the logs of the communication service consumption to a server in a network of a service provider associated with the user equipment using a trusted end-to-end communication channel, wherein the logs are translated by the server to a format compatible with a billing data store supported by a billing server, wherein the translated logs are transmitted to the billing data store, wherein a bill is created for each of the primary identifier based on the monitored communication service consumption of the plurality of different communication services associated with the primary identifier and the secondary identifier based on the monitored communication service consumption of the plurality of different communication services associated with the secondary identifier by the billing server accessing the billing data store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of collecting communication service consumption information associated with a primary identifier and a secondary identifier of a user equipment (UE), comprising:
-
monitoring, by a witness application that executes in a trusted security zone of the UE, communication service consumption of a plurality of different communication services associated with each of the primary identifier and the secondary identifier of the UE, wherein the trusted security zone provides hardware assisted trust; storing a plurality of logs of communication service consumption differentiated by identifier in the trusted security zone; and transmitting a message comprising the logs of the communication service consumption over a trusted end-to-end communication channel to a server in a network of a service provider associated with the UE, wherein the logs are translated by the server to a format compatible with a billing data store supported by a billing server, wherein the translated logs are transmitted to the billing data store, wherein a bill is created for each of the primary identifier based on the monitored communication service consumption of the plurality of different communication services associated with the primary identifier and the secondary identifier based on the monitored communication service consumption of the plurality of different communication services associated with the secondary identifier by the billing server accessing the billing data store. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of providing wireless communication service to a user equipment (UE) from a foreign wireless network supported by a foreign wireless communication service provider that is different from a home wireless network that is supported by a home service provider of the UE, comprising:
-
attempting by the UE to register to roam on the foreign wireless network; receiving a denial message by the UE, where the denial message denies roaming on the foreign wireless network by the UE and comprises a link to a broker application that mediates access to the foreign wireless network; downloading from the link in the denial message, by a trusted application on the UE, the broker application, wherein the trusted application executes in a trusted security zone of the UE, wherein the trusted security zone provides hardware assisted trust; installing, by the broker application, a network access key into the trusted security zone of the UE for the foreign wireless network, wherein the broker application executes in the trusted security zone; presenting, by the broker application, credentials to the foreign wireless network, wherein the credentials comprise the network access key; examining, by a foreign wireless communication service provider server, the network access key presented by the UE; and responsive to the network access key being validated based on the examining results, granting, by the foreign wireless communication service provider server, network access of the foreign wireless network to the UE. - View Dependent Claims (18, 19, 20)
-
Specification