SECURE BOOTSTRAP PROVISIONING OF ELECTRONIC DEVICES IN CARRIER NETWORKS

US 20120115455A1
Filed: 01/13/2012
Published: 05/10/2012
Est. Priority Date: 07/26/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of bootstrap provisioning an electronic device in a carrier network, the method comprising:

using an initialization-provisioning table, having source IDs and associated keys, stored in the electronic device to determine whether a received provisioning notification and a received initial set of provisioning data originated from a known and/or authorized source;

discarding the initial set of provisioning data if it is determined that the provisioning notification originated from an unknown and/or unauthorized source;

if it is determined that the provisioning notification originated from a known and/or authorized source, using an associated key from the initialization-provisioning table to receive, process and save the initial set of provisioning data to the electronic device; and

using the received, processed and saved initial set of provisioning data on the electronic device to access and retrieve complete provisioning data from the source.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein is a secure initial provisioning system for communicating data between an electronic device and a management server in a carrier network. The management server may be adapted to facilitate secure initialization provisioning or bootstrap provisioning. An initialization-provisioning table may be made available in the electronic device during manufacturing, or may also be provided in a SIM card. The initialization-provisioning table provides security information, such as keys, for example, and enables secure and spoof-proof push-based initial/bootstrap provisioning or bootstrap of electronic devices.

Citations

16 Claims

1. A method of bootstrap provisioning an electronic device in a carrier network, the method comprising:
- using an initialization-provisioning table, having source IDs and associated keys, stored in the electronic device to determine whether a received provisioning notification and a received initial set of provisioning data originated from a known and/or authorized source;
  
  discarding the initial set of provisioning data if it is determined that the provisioning notification originated from an unknown and/or unauthorized source;
  
  if it is determined that the provisioning notification originated from a known and/or authorized source, using an associated key from the initialization-provisioning table to receive, process and save the initial set of provisioning data to the electronic device; and
  
  using the received, processed and saved initial set of provisioning data on the electronic device to access and retrieve complete provisioning data from the source.
- View Dependent Claims (2, 3, 4)
- - 2. The method according to claim 1, wherein the method includes receiving source server identification information from the initial set of provisioning data and, the source server identification information being encrypted in the initial set of provisioning data.
  - 3. The method according to claim 1, further comprising determining that an electronic device is present in the carrier network.
  - 4. The method according to claim 1, further comprising inserting an encryption key associated with source server identification information into the initial set of provisioning data.

5. A method of bootstrap provisioning an electronic device in a carrier network, the method comprising:
- using an initialization-provisioning table, having source IDs and associated keys, stored in the electronic device to determine whether a received provisioning notification and a received initial set of provisioning data originated from a known and/or authorized source, the received initial set of provisioning data comprising at least a server ID portion and an encrypted portion, the encrypted portion comprising an encrypted copy of the server ID portion;
  
  accessing a key from the initialization-provisioning table, using the server ID portion, and decrypting the encrypted portion using the key;
  
  determining whether the received server ID portion matches the server ID portion from the decrypted encrypted portion.
- View Dependent Claims (6, 7, 8, 9, 10)
- - 6. The method according to claim 5, wherein, if it is determined that the received server ID portion matches the server ID portion from the decrypted encrypted portion, the method further comprising:
    - receiving, processing and saving the initial set of provisioning data to the electronic device; and
      
      using the received, processed and saved initial set of provisioning data on the electronic device to access and retrieve complete provisioning data from the source.
  - 7. The method according to claim 6, the method further comprising discarding the initial set of provisioning data if it is determined that the received server ID portion does not match the server ID portion from the decrypted encrypted portion;
  - 8. The method according to claim 6, further comprising deleting provisioning information contained in a initialization-provisioning table after provisioning has been completed.
  - 9. The method according to claim 6, wherein, if it is determined that the received server ID portion matches the server ID portion from the decrypted encrypted portion, the method further comprising accessing secondary provisioning information from one of a same and a different server from where the initial set of provisioning data originated.
  - 10. The method according to claim 9, wherein accessing secondary provisioning information comprises employing an address of a secondary server to facilitate further provisioning activities.

11. A system for communicating provisioning information to electronic devices, the system comprising:
- a plurality of electronic devices associated with a carrier network, wherein the plurality of electronic devices have access to an initialization-provisioning table having source IDs and associated keys, wherein the plurality of electronic devices include at least one of software and firmware to;
  
  determine whether a received provisioning notification and a received initial set of provisioning data originated from a known and/or authorized source;
  
  discard the initial set of provisioning data if it is determined that the provisioning notification originated from an unknown and/or unauthorized source;
  
  if it is determined that the provisioning notification originated from a known and/or authorized source, use an associated key from the initialization-provisioning table to receive, process and save the initial set of provisioning data to the electronic device; and
  
  use the received, processed and saved initial set of provisioning data on the electronic device to access and retrieve complete provisioning data from the source.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The system according to claim 11, wherein the carrier network comprises at least one server adapted to conduct provisioning activities and provide the initial set of provisioning data to the plurality of electronic devices.
  - 13. The system according to claim 11, wherein the initial set of provisioning data comprises information providing references to servers adapted to deploy complete provisioning data to the plurality of electronic devices.
  - 14. The system according to claim 11, wherein the plurality of electronic devices further comprises an identification submission mechanism and an identification reading mechanism wherein the identification submission mechanism and the identification reading mechanism comprise one of a subscriber identity module (SIM) card and a SIM card reader, respectively.
  - 15. The system according to claim 14, wherein the SIM card comprises the initialization-provisioning table, the initialization-provisioning table at least comprising a server ID and a key associated with the server ID.
  - 16. The system according to claim 15, wherein:
    - the received provisioning notification includes at least a server ID portion and an encrypted portion, the encrypted portion comprising an encrypted copy of the server ID portion; and
      
      wherein the plurality of electronic devices are adapted to;
      
      use the server ID portion to access the key from the initialization-provisioning table;
      
      use the key to decrypt the encrypted portion using the key; and
      
      determine whether the received server ID portion matches the server ID portion from the decrypted encrypted portion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Rao, Bindu Rama

Application Number

US13/350,355
Publication Number

US 20120115455A1
Time in Patent Office

Days
Field of Search
US Class Current

455/418
CPC Class Codes

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

SECURE BOOTSTRAP PROVISIONING OF ELECTRONIC DEVICES IN CARRIER NETWORKS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE BOOTSTRAP PROVISIONING OF ELECTRONIC DEVICES IN CARRIER NETWORKS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links