Method and apparatus for implementing subscriber identity module (SIM) capabilities in an open platform
First Claim
Patent Images
1. A computing system comprising:
- a processor and chipset to provide for protected execution of code;
a hardware token including a credential data store; and
a storage device storing code to implement Subscriber Identity Module (SIM) algorithms, the SIM algorithms to be executed by the processor in a protected partition.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach for providing Subscriber Identity Module (SIM) capabilities in an open platform without the need for a discrete, physical SIM device. For one aspect, a computing system provides for secure provisioning of SIM data and algorithms, for example, protected storage of SIM secret data objects, and protected execution of SIM algorithms that provide for Authentication, Authorization and Accounting (AAA) capabilities currently associated with discrete hardware SIM devices.
145 Citations
49 Claims
-
1. A computing system comprising:
-
a processor and chipset to provide for protected execution of code;
a hardware token including a credential data store; and
a storage device storing code to implement Subscriber Identity Module (SIM) algorithms, the SIM algorithms to be executed by the processor in a protected partition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computing system comprising:
-
a battery connector to receive a battery to provide an alternate power source for the computing system;
a wireless module to provide for wireless communications;
a processor to provide for protected execution of code; and
a data store storing SIM code to be executed by the processor in a protected manner to provide SIM capabilities without a discrete hardware SIM device, the SIM capabilities to be used to enable the wireless communications. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
providing for wireless communications over a wireless network; and
providing AAA capabilities for the wireless communications without the use of a discrete SIM hardware device. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method comprising:
without the use of a discrete hardware SIM device, establishing a first protected channel of communication with a provisioning server, encrypting data to be sent from a computing system to the provisioning server, and decrypting SIM secret data received by the computing system from the provisioning server. - View Dependent Claims (32, 33, 34, 35)
-
36. A method comprising:
-
receiving SIM secret data objects;
encrypting the SIM secret data objects in a protected execution environment provided by a computing system that does not include a discrete hardware SIM device using a bulk encryption key;
encrypting the bulk encryption key using a second key provided by a hardware token; and
storing the encrypted SIM secret data objects on a storage device in the computing system. - View Dependent Claims (37, 38)
-
-
39. A method comprising:
-
establishing a secure operating environment on a computing system that does not include a discrete hardware SIM device;
loading an encrypted SIM data object and associated encrypted first bulk encryption key into a protected memory;
receiving a second key from a hardware token in response to providing authorization data; and
decrypting the first bulk encryption key and the SIM data object. - View Dependent Claims (40, 41, 42)
-
-
43. A computer-accessible medium storing information that, when accessed by the computer system causes the computer system to:
provide an application programming interface to access at least one SIM capability from a set of SIM capabilities including generation of an authentication key, generation of an encryption key, access to user secret data, access to a security policy, access to protected storage provided under a SIM file structure hierarchy, access to SIM utilities, access to provisioning capabilities and access to SIM algorithms. - View Dependent Claims (44, 45)
-
46. A computer-accessible storage medium storing information that, when accessed by a computer system causes the computer system to:
-
execute an application program; and
access SIM capabilities provided by a computing system without a discrete hardware SIM device, the application program to access the SIM capabilities to provide one or more of authentication, authorization and accounting capabilities. - View Dependent Claims (47, 48, 49)
-
Specification