Methods for provisioning universal integrated circuit cards
First Claim
1. A method, comprising:
- receiving, by a secure element issuer system, a request to modify a universal integrated circuit card;
generating, by the secure element issuer system, a first package comprising configuration data for modifying the universal integrated circuit card;
instructing, by the secure element issuer system, an over-the-air system to transmit the first package;
encrypting, by the over-the-air system, the first package with a transport key to generate a first encrypted package;
transmitting, by the over-the-air system, the first encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card; and
providing, by the secure element issuer system, a mobile network operator trusted service manager system first information relating to the configuration data to enable the mobile network operator trusted service manager system to manage content and memory allocation for a plurality of security domain containers of the universal integrated circuit card of the communication device, wherein the communication device and the mobile network operator trusted service manager system are separate devices, wherein the mobile network operator trusted service manager system is remotely located from the communication device, wherein a first security domain container of the plurality of security domain containers is limited to use by a card issuer entity, wherein a second security domain container of the plurality of security domain containers is limited to use by an application provider entity, wherein a third security domain container of the plurality of security domain containers is limited to use by a controlling authority entity, and wherein management of the content and the memory allocation for the plurality of security domain containers includes changing an amount of memory resource allocated to a particular security domain container of the plurality of security domain containers.
3 Assignments
0 Petitions
Accused Products
Abstract
A system is described that can perform a method for receiving a request to modify a universal integrated circuit card, generating a package comprising configuration data for modifying the universal integrated circuit card, instructing an over-the-air system to transmit the package encrypting the package with a transport key to generate an encrypted package, and transmitting the encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card. The system can also perform a method of providing a mobile network operator trusted service manager system information relating to the configuration data to enable the mobile network operator trusted service manager system to manage content and memory allocation of the universal integrated circuit card.
64 Citations
20 Claims
-
1. A method, comprising:
-
receiving, by a secure element issuer system, a request to modify a universal integrated circuit card; generating, by the secure element issuer system, a first package comprising configuration data for modifying the universal integrated circuit card; instructing, by the secure element issuer system, an over-the-air system to transmit the first package; encrypting, by the over-the-air system, the first package with a transport key to generate a first encrypted package; transmitting, by the over-the-air system, the first encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card; and providing, by the secure element issuer system, a mobile network operator trusted service manager system first information relating to the configuration data to enable the mobile network operator trusted service manager system to manage content and memory allocation for a plurality of security domain containers of the universal integrated circuit card of the communication device, wherein the communication device and the mobile network operator trusted service manager system are separate devices, wherein the mobile network operator trusted service manager system is remotely located from the communication device, wherein a first security domain container of the plurality of security domain containers is limited to use by a card issuer entity, wherein a second security domain container of the plurality of security domain containers is limited to use by an application provider entity, wherein a third security domain container of the plurality of security domain containers is limited to use by a controlling authority entity, and wherein management of the content and the memory allocation for the plurality of security domain containers includes changing an amount of memory resource allocated to a particular security domain container of the plurality of security domain containers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
receiving, by a mobile wallet trusted service manager system, a request to modify content in a mobile wallet security domain container of a universal integrated circuit card; verifying, by the mobile wallet trusted service manager system, that resources of the universal integrated circuit card and a communication device communicatively coupled to the universal integrated circuit card are capable of satisfying the request; generating, by the mobile wallet trusted service manager system, a script according to the request; encrypting, by the mobile wallet trusted service manager system, the script according to an application key to generate an encrypted script; instructing, by the mobile wallet trusted service manager system, an over-the-air system to transmit the encrypted script; generating, by the over-the-air system, a package comprising the encrypted script and transport data; encrypting, by the over-the-air system, the package with a transport key to generate an encrypted package; transmitting, by the over-the-air system, the encrypted package to the communication device communicatively coupled to the universal integrated circuit card to provision the content of the mobile wallet security domain container of the universal integrated circuit card; and providing, by the mobile wallet trusted service manager system, a mobile network operator trusted service manager system information relating to the provisioning of the mobile wallet security domain to manage content and memory allocation for a plurality of security domain containers of the universal integrated circuit card, wherein the communication device and the mobile network operator trusted service manager system are separate devices, wherein the mobile network operator trusted service manager system is remotely located from the communication device, wherein a first security domain container of the plurality of security domain containers is limited to use by a card issuer entity, wherein a second security domain container of the plurality of security domain containers is limited to use by an application provider entity, and wherein a third security domain container of the plurality of security domain containers is limited to use by a controlling authority entity. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method, comprising:
-
receiving, by a subscription management secure routing system of a first service provider, a first encrypted package, wherein the first encrypted package is encrypted by a subscription management data preparation system with an application key responsive to a subscription management data profile system receiving a request from a second service provider to modify a universal integrated circuit card with configuration data; sending, by the subscription management secure routing system of the first service provider, to an over-the-air system of the first service provider a second package comprising the first encrypted package and transport data; encrypting, by the over-the-air system of the first service provider, the second package with a transport key to generate a second encrypted package; transmitting, by the over-the-air system of the first service provider, the second encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card with the configuration data; and providing, by the subscription management secure routing system of the first service provider, a mobile network operator system of the first service provider information relating to the configuration data to enable the mobile network operator system of the first operator to manage content and memory allocation for a plurality of security domain containers of the universal integrated circuit card, wherein the communication device and the mobile network operator system are separate devices, wherein the mobile network operator system is remotely located from the communication device, wherein a first security domain container of the plurality of security domain containers is limited to use by a card issuer entity, wherein a second security domain container of the plurality of security domain containers is limited to use by an application provider entity, and wherein a third security domain container of the plurality of security domain containers is limited to use by a controlling authority entity. - View Dependent Claims (19, 20)
-
Specification