Secure remote subscription management

US 8,812,836 B2
Filed: 03/05/2010
Issued: 08/19/2014
Est. Priority Date: 03/05/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method for use in wireless communication by a wireless transmit/receive unit (WTRU), the method comprising:

the WTRU receiving a first keyset, a second keyset, and an initial connectivity operator identifier from a trustworthy physical unit manufacturer, wherein the first keyset and the second keyset are not a same keyset;

the WTRU establishing a connection with an initial connectivity operator using the first keyset and the initial connectivity operator identifier;

the WTRU receiving a first subscriber identifier from the initial connectivity operator, wherein the first subscriber identifier is associated with a first selected home operator, and wherein the first subscriber identifier is newly identified by the first selected home operator after the WTRU is registered with the first selected home operator;

the WTRU creating an association within the WTRU, after receiving the first keyset, the second keyset, the initial connectivity operator identifier, and the first subscriber identifier, between the first subscriber identifier and the second keyset; and

the WTRU establishing, after receiving the first keyset, the second keyset, and the initial connectivity operator identifier, an operational network attachment with the first selected home operator using the first subscriber identifier and the second keyset.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are disclosed for performing secure remote subscription management. Secure remote subscription management may include providing the Wireless Transmit/Receive Unit (WTRU) with a connectivity identifier, such as a Provisional Connectivity Identifier (PCID), which may be used to establish an initial network connection to an Initial Connectivity Operator (ICO) for initial secure remote registration, provisioning, and activation. A connection to the ICO may be used to remotely provision the WTRU with credentials associated with the Selected Home Operator (SHO). A credential, such as a cryptographic keyset, which may be included in the Trusted Physical Unit (TPU), may be allocated to the SHO and may be activated. The WTRU may establish a network connection to the SHO and may receive services using the remotely managed credentials. Secure remote subscription management may be repeated to associate the WTRU with another SHO.

26 Citations

View as Search Results

19 Claims

1. A method for use in wireless communication by a wireless transmit/receive unit (WTRU), the method comprising:
- the WTRU receiving a first keyset, a second keyset, and an initial connectivity operator identifier from a trustworthy physical unit manufacturer, wherein the first keyset and the second keyset are not a same keyset;
  
  the WTRU establishing a connection with an initial connectivity operator using the first keyset and the initial connectivity operator identifier;
  
  the WTRU receiving a first subscriber identifier from the initial connectivity operator, wherein the first subscriber identifier is associated with a first selected home operator, and wherein the first subscriber identifier is newly identified by the first selected home operator after the WTRU is registered with the first selected home operator;
  
  the WTRU creating an association within the WTRU, after receiving the first keyset, the second keyset, the initial connectivity operator identifier, and the first subscriber identifier, between the first subscriber identifier and the second keyset; and
  
  the WTRU establishing, after receiving the first keyset, the second keyset, and the initial connectivity operator identifier, an operational network attachment with the first selected home operator using the first subscriber identifier and the second keyset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the first keyset and the second keyset are included in a trustworthy physical unit associated with the wireless transmit/receive unit.
  - 3. The method of claim 2, wherein the trustworthy physical unit is installed in the wireless transmit/receive unit at a time of manufacture or distribution.
  - 4. The method of claim 1, further comprising:
    - receiving a provisional connectivity identifier; and
      
      establishing the connection with the initial connectivity operator using the provisional connectivity identifier.
  - 5. The method of claim 1, wherein the first keyset and the second keyset are not unique to the WTRU.
  - 6. The method of claim 5, wherein the WTRU is distinguished from another WTRU using one of the first keyset and the second keyset by at least one of:
    - a time or a location.
  - 7. The method of claim 1, further comprising:
    - the WTRU receiving a third keyset from the trustworthy physical unit manufacturer, wherein the first keyset, the second keyset, and the third keyset are not the same keyset;
      
      the WTRU receiving a second subscriber identifier from the first selected home operator, wherein the second subscriber identifier is associated with a second selected home operator, wherein the second subscriber identifier is newly identified by the second selected home operator after WTRU is registered with the second selected home operator;
      
      the WTRU creating an association within the WTRU, after receiving the third keyset and the second subscriber identifier, between the second subscriber identifier and the third keyset; and
      
      the WTRU establishing, after receiving the third keyset, an operational network attachment with the second selected home operator using the second subscriber identifier and the third keyset.
  - 8. The method of claim 7, wherein the first selected home operator received the second subscriber identifier from the second selected home operator.
  - 9. The method of claim 1, further comprising determining a successful operational network attachment, wherein the successful operational network attachment indicates that a trustworthy physical unit validation authority has validated a trust state of a trustworthy physical unit.
  - 10. The method of claim 1, wherein the first selected home operator is registered with the WTRU by a registration operator.

11. A wireless transmit/receive unit (WTRU) comprising:
- a trustworthy physical unit configured to receive a first keyset, a second keyset, and an initial connectivity operator identifier from a trustworthy physical unit manufacturer;
  
  a receiver configured to receive a first subscriber identifier from an initial connectivity operator, wherein the first subscriber identifier is associated with a first selected home operator, and wherein the first subscriber identifier is newly identified by the first selected home operator after WTRU is registered with the first selected home operator; and
  
  a processor configured to;
  
  establish a connection with the initial connectivity operator using the first keyset and the initial connectivity operator identifier;
  
  associate within the WTRU, after receiving first keyset, the second keyset, the initial connectivity operator identifier, and the first subscriber identifier, the first subscriber identifier with one of the at least two keysets; and
  
  establish, after receiving the first keyset, the second keyset, and the initial connectivity operator identifier, an operational network attachment with the first selected home operator using the first subscriber identifier and the second keyset.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The WTRU of claim 11, wherein the trustworthy physical unit is received from a trustworthy physical unit manufacturer.
  - 13. The WTRU of claim 12, wherein the trustworthy physical unit is installed in the wireless transmit/receive unit at a time of manufacture or distribution.
  - 14. The WTRU of claim 11, wherein:
    - the trustworthy physical unit includes a provisional connectivity identifier; and
      
      the processor is further configured to establish the connection with the initial connectivity operator using the provisional connectivity identifier.
  - 15. The WTRU of claim 11, wherein the first keyset and the second keyset are not unique to the WTRU.
  - 16. The WTRU of claim 15, wherein the WTRU is distinguished from another WTRU using one of the first keyset or the second keyset by at least one of:
    - a time or a location.
  - 17. The WTRU of claim 11, wherein:
    - the receiver is further configured to;
      
      receive a third keyset from the trustworthy physical unit manufacturer, wherein the first keyset, the second keyset, and the third keyset are not the same keyset, andreceive a second subscriber identifier from the first selected home operator, wherein the second subscriber identifier is associated with a second selected home operator, wherein the second subscriber identifier is newly identified by the second selected home operator after WTRU is registered with the second selected home operator; and
      
      the processor is further configured to;
      
      associate within the WTRU, after receiving the third keyset and the second subscriber identifier, the second subscriber identifier and the third keyset; and
      
      establish, after receiving the third keyset, an operational network attachment with the second selected home operator using the second subscriber identifier and the second keyset.
  - 18. The WTRU of claim 17, wherein the first selected home operator received the second subscriber identifier from the second selected home operator.
  - 19. The WTRU of claim 11, wherein the processor is further configured to determine a successful operational network attachment, wherein the successful operational network attachment indicates that a trustworthy physical unit validation authority has validated a trust state of a trustworthy physical unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Inventors
Meyerstein, Michael V., Shah, Yogendra C., Cha, Inhyok, Leicher, Andreas, Schmidt, Andreas U.
Primary Examiner(s)
Le, Chau
Assistant Examiner(s)
ZHAO, DON GORDON

Application Number

US12/718,853
Publication Number

US 20110035584A1
Time in Patent Office

1,628 Days
Field of Search

713155-163, 713/168
US Class Current

713/155
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0869   for achieving mutual authen...

H04W 12/043   using a trusted network nod...

H04W 12/06   Authentication

H04W 4/70   Services for machine-to-mac...

H04W 8/265   for initial activation of n...

H04W 88/18   Service support devices; Ne...

Secure remote subscription management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Secure remote subscription management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others