Secure subscriber identity module service
First Claim
1. A computer-implemented method performed in a secure partition of a system, the method comprising:
- in response to receiving a request to activate communication service for the system, creating a permit requesting to activate the communication service;
sending the permit to a service provider for the communication service, wherein the service provider communicates with a permit service to obtain a digital signature for the permit to activate the communication service;
receiving a signed permit from the service provider;
retrieving a key for the permit service from storage accessible only by the secure partition;
using the key to confirm that the signed permit contains the digital signature by the permit service; and
activating the communication service for the system in response to confirming that the signed permit contains the digital signature by the permit service.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus, system, and computer program product for a secure subscriber identity module service. Communication via a mobile network is activated in response to receiving a request to activate communication service for the system by a secure partition of the system. In response to receiving the request, a key is retrieved for a permit service from storage accessible only by the secure partition. The key is included in a permit requesting to activate the communication service, and the permit is sent to a service provider for the communication service. The service provider communicates with the permit service to obtain a digital signature for the permit. The secure partition receives a signed permit from the service provider, confirms that the signed permit contains the digital signature by the permit service, and activates the communication service for the system in response to confirming that the signed permit contains the digital signature.
83 Citations
22 Claims
-
1. A computer-implemented method performed in a secure partition of a system, the method comprising:
-
in response to receiving a request to activate communication service for the system, creating a permit requesting to activate the communication service; sending the permit to a service provider for the communication service, wherein the service provider communicates with a permit service to obtain a digital signature for the permit to activate the communication service; receiving a signed permit from the service provider; retrieving a key for the permit service from storage accessible only by the secure partition; using the key to confirm that the signed permit contains the digital signature by the permit service; and activating the communication service for the system in response to confirming that the signed permit contains the digital signature by the permit service. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus comprising:
-
at least one processor; a secure partition isolated from a host operating system for the processor; storage accessible only by the secure partition; and a memory comprising instructions for at least one service executing in the secure partition to perform the following; in response to receiving a request to activate communication service for the system, creating a permit requesting to activate the communication service; sending the permit to a service provider for the communication service, wherein the service provider communicates with a permit service to obtain a digital signature for the permit to activate the communication service; receiving a signed permit from the service provider; retrieving a key for the permit service from the storage accessible only by the secure partition; using the key to confirm that the signed permit contains the digital signature by the permit service; and activating the communication service for the system in response to confirming that the signed permit contains the digital signature by the permit service. - View Dependent Claims (7)
-
-
8. A computer program product comprising:
-
a computer-readable storage medium; and instructions in the computer-readable storage medium, wherein the instructions, when executed in a secure partition of a processing system, cause a service executing in the secure partition to perform operations comprising; in response to receiving a request to activate communication service for the system, creating a permit requesting to activate the communication service; sending the permit to a service provider for the communication service, wherein the service provider communicates with a permit service to obtain a digital signature for the permit to activate the communication service; receiving a signed permit from the service provider; retrieving a key for the permit service from storage accessible only by the secure partition; using the key to confirm that the signed permit contains the digital signature by the permit service; and activating the communication service for the system in response to confirming that the signed permit contains the digital signature by the permit service.
-
-
9. A computer-implemented method comprising:
-
receiving a permit requesting to activate communication service from a requesting system; adding a key to the permit; obtaining a signed permit from a permit service, wherein the permit service adds a digital signature to the permit to create the signed permit; sending the signed permit to the requesting system, wherein the requesting system verifies that the signed permit contains the digital signature by the permit service prior to activating the communication service for the system; and sending a subsequent communication to the requesting system, wherein the subsequent communication contains a command to modify a parameter of the communication service, and the requesting system verifies that the subsequent communication is associated with the key prior to modifying the communication service. - View Dependent Claims (10)
-
-
11. A computer-implemented method comprising:
-
selecting a selected mobile network from at least one mobile network available at a location of a system; identifying a plurality of provisioned SIM services for the system; selecting a selected provisioned SIM service of the plurality of provisioned SIM services; and using a credential of the selected provisioned SIM service to attempt communication with the selected mobile network. - View Dependent Claims (12, 13, 14)
-
-
15. An apparatus comprising:
-
at least one processor; a secure partition isolated from a host operating system for the processor; and a memory comprising instructions for at least one service executing in the secure partition to perform the following; selecting a selected mobile network from at least one mobile network available at a location of the system; identifying a plurality of provisioned SIM services for the system; selecting a selected provisioned SIM service from the plurality of provisioned SIM services; and using a credential of the selected provisioned SIM service to attempt communication with the selected mobile network. - View Dependent Claims (16, 17, 18)
-
-
19. A computer program product comprising:
-
a computer-readable storage medium; and instructions in the computer-readable storage medium, wherein the instructions, when executed in a secure partition of a processing system, cause a service executing in the secure partition to perform operations comprising; selecting a selected mobile network from at least one mobile network available at a location of the processing system; identifying a plurality of provisioned SIM services for the processing system; selecting a selected provisioned SIM service from the plurality of provisioned SIM services; and using a credential of the selected provisioned SIM service to attempt communication with the selected mobile network. - View Dependent Claims (20, 21, 22)
-
Specification