Secure remote user device unlock

US 9,807,607 B2
Filed: 12/12/2014
Issued: 10/31/2017
Est. Priority Date: 10/03/2014
Status: Active Grant

First Claim

Patent Images

1. One or more non-transitory computer-readable media storing computer-executable instructions that upon execution cause one or more processors to perform acts comprising:

receiving a carrier unlock request for a user device;

determining one or more verifications to be performed based at least on an unlock scenario requested by the carrier unlock request for the user device;

performing the one or more verifications to determine whether the user device is eligible for a carrier unlock; and

sending an unlock command to the user device in response to determining that the user device is eligible for the carrier unlock, the unlock command to disable a comparison of a device carrier code stored in a memory of the user device to a subscriber identity module (SIM) carrier code stored in a SIM card of the user device, wherein the comparison of the device carrier code stored in the memory of the user device to the SIM carrier code stored in the SIM card is for determining whether the user device is able to initiate a normal boot up to use a wireless network of a wireless communication carrier identified by the SIM carrier code or boot into a limited functionality mode.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device unlock application on a user device may interact with a server to automatically carrier unlock the user device. The server may receive a carrier unlock request for a user device. The server may determine one or more verifications to be performed based at least on a unlock scenario requested by the carrier unlock request. The server may perform the one or more verifications to determine whether the user device is eligible for a carrier unlock. The server may send a unlock command to the user device in response to determining that the user device is eligible for the carrier unlock. The unlock command may disable a comparison of a device carrier code of the user device to a subscriber identity module (SIM) carrier code stored in a SIM card of the user device.

Citations

20 Claims

1. One or more non-transitory computer-readable media storing computer-executable instructions that upon execution cause one or more processors to perform acts comprising:
- receiving a carrier unlock request for a user device;
  
  determining one or more verifications to be performed based at least on an unlock scenario requested by the carrier unlock request for the user device;
  
  performing the one or more verifications to determine whether the user device is eligible for a carrier unlock; and
  
  sending an unlock command to the user device in response to determining that the user device is eligible for the carrier unlock, the unlock command to disable a comparison of a device carrier code stored in a memory of the user device to a subscriber identity module (SIM) carrier code stored in a SIM card of the user device, wherein the comparison of the device carrier code stored in the memory of the user device to the SIM carrier code stored in the SIM card is for determining whether the user device is able to initiate a normal boot up to use a wireless network of a wireless communication carrier identified by the SIM carrier code or boot into a limited functionality mode.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The one or more non-transitory computer-readable media of claim 1, further comprising sending an unlock error message to the user device in response to determine that the user device is ineligible for the carrier unlock.
  - 3. The one or more non-transitory computer-readable media of claim 1, further comprising:
    - receiving a carrier unlock registration request from a device unlock application on the user device, the unlock request including an encrypted device key of the user device and an encrypted modem key of a modem in the user device that are integrity protected by a trusted key of a trusted environment of the user device; and
      
      decrypting the encrypted device key into a decrypted device key and the encrypted modem key into a decrypted modem key in response to a validation of the trusted key by a trusted third-party authority as belonging to the user device.
  - 4. The one or more non-transitory computer-readable media claim 3, wherein the receiving includes receiving the carrier unlock request that is integrity protected by the device key, further comprising using the decrypted device key to validate the carrier unlock request that is integrity protected by the device key.
  - 5. The one or more non-transitory computer-readable media of claim 3, further comprising providing integrity protection to the unlock command via the decrypted device key and integrity protection to a modem data packet in the unlock command via the decrypted modem key prior to the sending of the unlock command, the integrity protection of the unlock command to be validated by the device unlock application on the user device using the device key, and integrity protection of the modem data packet to be validated by an application in a modem on the user device using the modem key.
  - 6. The one or more non-transitory computer-readable media of claim 5, wherein the modem data packet includes information that permanently disables the comparison of the device carrier code to the SIM carrier code when the unlock scenario includes a permanent carrier unlock of the user device, or temporarily disables the comparison of the device carrier code to the SIM carrier code for a predetermined period of time when the unlock scenario includes a temporary carrier unlock of the user device.
  - 7. The one or more non-transitory computer-readable media of claim 1, wherein the determining includes determining the one or more of a plurality of verifications to be performed based on a particular scenario of the carrier unlock, the verifications including verifying at least one of whether the user device is fully paid for, whether a user of the user device has any outstanding service bills, or whether the user is more than a predetermined number of months behind on paying service bills.
  - 8. The one or more non-transitory computer-readable media of claim 1, wherein the unlock scenario is based on factors that include at least one of whether the carrier unlock is a permanent carrier unlock of the user device or a temporary carrier unlock of the user device, a geographical region specified by the carrier unlock, or an unlock time duration when the carrier unlock is the temporary carrier unlock.
  - 9. The one or more non-transitory computer-readable media of claim 8, wherein the performing includes performing at least one verification for the permanent carrier unlock that is not performed for the temporary carrier unlock of the user device.

10. A computer-implemented method, comprising:
- receiving a carrier unlock registration request from a device unlock application on a user device at a server that registers the user device with the server for receiving remote carrier unlock from the server, the carrier unlock registration request including at least an encrypted device key of the user device that is integrity protected by a trusted key assigned to a trusted environment of the user device that is an isolated execution space on the user device, the trusted key being inaccessible to applications stored on the user device that are outside of the isolated execution space and lack privilege to access the isolated execution space via a secure communication channel; and
  
  decrypting, at the server, the encrypted device key into a decrypted device key in response to a validation of the trusted key by a trusted third-party authority as belonging to the user device;
  
  receiving, at the server, a carrier unlock request for the user device that is integrity protected by the device key;
  
  validating, at the server, the carrier unlock request that is integrity protected by the device key using the decrypted device key; and
  
  determining, at the server, whether to fulfill the carrier unlock request following a validation of the carrier unlock request via the decrypted device key.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer-implemented method of claim 10, wherein the determining includes:
    - ascertaining one or more verifications to be performed by a policy engine based at least on an unlock scenario requested by the carrier unlock request for the user device;
      
      performing the one or more verifications to determine whether the user device is eligible for a carrier unlock; and
      
      initiating an unlock command for transmission to the user device in response to determining that the user device is eligible for the carrier unlock, the unlock command to disable a comparison of a device carrier code of the user device to a subscriber identity module (SIM) carrier code stored in a SIM card of the user device.
  - 12. The computer-implemented method of claim 11, wherein the unlock request further includes an encrypted modem key of a modem in the user device that is integrity protected by the trusted key, and the decrypting further includes decrypting the encrypted modem key into a decrypted modem key in response to a validation of the trusted key by the trusted third-party authority as belonging to the user device, further comprising:
    - providing, at the server, integrity protection to the unlock command via the decrypted device key and integrity protection to a modem data packet in the unlock command via the decrypted modem key, the integrity protection of the unlock command to be validated by the device unlock application on the user device using the device key, and the integrity protection modem data packet to be validated by an application in a modem on the user device using the modem key; and
      
      sending, from the server, the unlock command to the user device.
  - 13. The computer-implemented method of claim 11, further comprising initiating an unlock error message for transmission to the user device in response to determine that the user device is ineligible for the carrier unlock.
  - 14. The computer-implemented method of claim 11, wherein the unlock scenario includes a permanent carrier unlock of the user device or a temporary carrier unlock of the user device.
  - 15. The computer-implemented method of claim 14, wherein the initiating includes initiating an unlock command that temporarily disables the comparison of the device carrier code to the SIM carrier code for a predetermined period of time when the unlock scenario includes the temporary carrier unlock of the user device.
  - 16. The computer-implemented method of claim 11, wherein the performing includes performing at least one of verifying that payments for a mobile communication service used by the user device are paid up-to-date or verifying that the user device is paid-in-full.

17. A server, comprising:
- one or more processors; and
  
  memory having instructions stored therein, the instructions, when executed by the one or more processors, cause the one or more processors to perform acts comprising;
  
  receiving a carrier unlock request for a user device that is initiated by a device unlock application on the user device;
  
  determining one or more verifications to be performed based at least on whether a permanent carrier unlock or a temporary carrier unlock is requested by the carrier unlock request for the user device;
  
  performing the one or more verifications to determine whether the user device is eligible for a carrier unlock; and
  
  sending an unlock command to the user device in response to determining that the user device is eligible for the carrier unlock, the unlock command to disable a comparison of a device carrier code stored in the user device to a subscriber identity module (SIM) carrier code stored in a SIM card of the user device,wherein disabling the comparison of the device carrier code stored in the memory of the user device and the SIM carrier code stored in the SIM in response to the unlock command allows the user device to use a wireless network of a wireless communication carrier regardless of a carrier code of the wireless communication carrier.
- View Dependent Claims (18, 19, 20)
- - 18. The server of claim 17, wherein the sending includes sending an unlock command that temporarily disables the comparison of the device carrier code to the SIM carrier code for a predetermined period of time when the carrier unlock request is for a temporary carrier unlock of the user device.
  - 19. The server of claim 17, wherein the performing includes performing at least one of verifying that payments for a mobile communication service used by the user device are paid up-to-date or verifying that the user device is paid-in-full.
  - 20. The server of claim 17, wherein the performing includes performing at least one verification for the permanent carrier unlock that is not performed for the temporary carrier unlock of the user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Original Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Inventors
Velusamy, Senthil Kumar Mulluppadi
Primary Examiner(s)
AVERY, JEREMIAH L

Application Number

US14/569,531
Publication Number

US 20160100309A1
Time in Patent Office

1,054 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2463/062   applying encryption of the ...

H04L 63/0853   using an additional device,...

H04L 9/0816   Key establishment, i.e. cry...

H04M 15/47   Fraud detection or preventi...

H04W 12/04   Key management, e.g. using ...

H04W 12/08   Access security

H04W 12/122   Counter-measures against at...

H04W 4/50   Service provisioning or rec...

Secure remote user device unlock

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure remote user device unlock

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links