Verification of mobile device integrity during activation
First Claim
1. A mobile communication device, comprising:
- a processor; and
a memory, comprising;
a permissive portion, comprising;
an open mobile alliance (OMA) device management (DM) client application to provision the mobile communication device based on a state of a toggle key, anda trusted security zone portion, comprising;
the toggle key, wherein the toggle key controls whether or not the profile of the mobile communication device is allowed to be provisioned into the mobile communication device, and wherein configurations of a network or an operating system associated with the network are provisioned during the profile provisioning, anda verification application, when executed by a trusted security zone portion of the processor;
examines an integrity of a preloaded OMA DM payload, wherein a security key in the OMA DM payload is compared with a security key stored in the trusted security zone to determine the integrity of the OMA DM payload and to determine a state of a preloaded first operating system from a first network,verifies an identification of the mobile communication device,transmits information comprising the security key in the trusted security zone to a server to verify network provisioning of the mobile communication device, andchanges the toggle key based on the verification results;
whereby asset migration between network carriers is achieved and unauthorized activities are avoided while security keys are kept confidential to individual carriers.
6 Assignments
0 Petitions
Accused Products
Abstract
A mobile communication device. The mobile communication device comprises a verification application, when executed by a trusted security zone portion of the processor, examines an integrity of a preloaded open mobile alliance (OMA) device management (DM) payload, wherein a security key in the OMA DM payload is compared with a security key stored in the trusted security zone to determine the integrity of the OMA DM payload and to determine the state of a preloaded first operating system from a first network. The verification application further verifies the identification of the mobile communication device, transmits information comprising the security key in the trusted security zone to a server to verify network provisioning of the mobile communication device, and changes the toggle key based on the verification results, whereby asset migration between network carriers is achieved and unauthorized activities are avoided while security keys are kept confidential to individual carriers.
423 Citations
20 Claims
-
1. A mobile communication device, comprising:
-
a processor; and a memory, comprising; a permissive portion, comprising; an open mobile alliance (OMA) device management (DM) client application to provision the mobile communication device based on a state of a toggle key, and a trusted security zone portion, comprising; the toggle key, wherein the toggle key controls whether or not the profile of the mobile communication device is allowed to be provisioned into the mobile communication device, and wherein configurations of a network or an operating system associated with the network are provisioned during the profile provisioning, and a verification application, when executed by a trusted security zone portion of the processor; examines an integrity of a preloaded OMA DM payload, wherein a security key in the OMA DM payload is compared with a security key stored in the trusted security zone to determine the integrity of the OMA DM payload and to determine a state of a preloaded first operating system from a first network, verifies an identification of the mobile communication device, transmits information comprising the security key in the trusted security zone to a server to verify network provisioning of the mobile communication device, and changes the toggle key based on the verification results; whereby asset migration between network carriers is achieved and unauthorized activities are avoided while security keys are kept confidential to individual carriers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of provisioning a mobile communication device during initial activation, comprising:
-
verifying an identification of the mobile communication device by the mobile communication device; transmitting information comprising a security key copied from a trusted security zone of a memory of the mobile communication device and an equipment serial number of the mobile communication device to a server with a server trusted security zone to verify network provisioning and identification of the mobile communication device; when the mobile communication device is determined by the server to be free from unauthorized provisioning, provisioning the mobile communication device by an open mobile alliance (OMA) device management (DM) client application on the mobile communication device; and when the mobile communication device is determined by the server to have been provisioned by an unauthorized source, preventing the mobile communication device from being activated; whereby unauthorized devices are prevented from utilizing a network. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method of provisioning a mobile communication device triggered by initial activation with a mobile device activation server with a server trusted security zone, comprising:
-
verifying an identification of the mobile communication device by the mobile communication device; transmitting information comprising a security key stored in a trusted security zone of a memory of the mobile communication device and an equipment serial number to the mobile device activation server; forwarding, by the mobile device activation server, the security key and the equipment serial number to a server at a communications service provider to verify network provisioning and identification of the mobile communication device respectively; when the mobile communication device is determined to be eligible for provisioning by the mobile device activation server, transmitting, by the mobile device activation server, provisioning information to the mobile communication device; and when the mobile communication device is determined to be ineligible for provisioning by the mobile device activation server, provisioning, by the mobile device activation server, limited network access to the mobile communication device compared to network access privilege provisioned to mobile communication devices that are eligible for provisioning by the mobile device activation server; whereby secure and efficient access to a network of the mobile device activation server is promoted. - View Dependent Claims (17, 18, 19, 20)
-
Specification