System and method for secure USIM wireless network access

US 9,817,992 B1
Filed: 11/20/2015
Issued: 11/14/2017
Est. Priority Date: 11/20/2015
Status: Active Grant

First Claim

Patent Images

1. A user equipment (UE), comprising:

a radio transceiver;

a first non-transitory memory;

a first processor;

a first operating system;

a first clock component; and

a memory module that is independent of and isolated from the UE by receiving a power input through a dedicated power line and receiving clock signals as an input from a second clock component that is isolated from the first clock component and the first processor, wherein the memory module is on as long as the dedicated power line is active regardless of whether the rest of the UE is on, and wherein the memory module is one of a subscriber identity module (SIM), a universal integrated circuit card (UICC), a universal subscriber identity module (USIM), or a removable user identity module (R-UIM), the memory module comprising;

a second non-transitory memory,a second processor,a second operating system, andan application stored in a trusted security zone in the second non-transitory memory that, when executed by the second processor in the trusted security zone, wherein the application executes in the context of the second operating system, wherein the trusted security zone provides hardware assisted trust,compares a first mobile equipment identifier (MEID) stored in the first non-transitory memory with a second MEID stored in the memory module,responsive to the first MEID not matching the second MEID, blocks access of applications outside the memory module to the radio transceiver,periodically examines whether a ping message is received associated with the second MEID from a server in a network of a service provider associated with the UE, andresponsive to no such ping messages being received from the server in the network within a predefined period of time based on clock signals from the second clock component, blocks access of applications outside the memory module to the radio transceiver.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user equipment (UE). The UE comprises a memory module, wherein the memory module is one of a subscriber identity module (SIM), a universal integrated circuit card (UICC), a universal subscriber identity module (USIM), or a removable user identity module (R-UIM), wherein clock signals from a second clock component are input to the memory module. The memory module comprises an application stored in a trusted security zone in the second non-transitory memory, that when executed by the second processor in the trusted security zone, wherein the second operating system accesses the second processor to implement instructions for applications in the second operating system, wherein the trusted security zone provides hardware assisted trust, compares a first mobile equipment identifier (MEID) stored in the first non-transitory memory with a second MEID stored in the memory module.

546 Citations

17 Claims

1. A user equipment (UE), comprising:
- a radio transceiver;
  
  a first non-transitory memory;
  
  a first processor;
  
  a first operating system;
  
  a first clock component; and
  
  a memory module that is independent of and isolated from the UE by receiving a power input through a dedicated power line and receiving clock signals as an input from a second clock component that is isolated from the first clock component and the first processor, wherein the memory module is on as long as the dedicated power line is active regardless of whether the rest of the UE is on, and wherein the memory module is one of a subscriber identity module (SIM), a universal integrated circuit card (UICC), a universal subscriber identity module (USIM), or a removable user identity module (R-UIM), the memory module comprising;
  
  a second non-transitory memory,a second processor,a second operating system, andan application stored in a trusted security zone in the second non-transitory memory that, when executed by the second processor in the trusted security zone, wherein the application executes in the context of the second operating system, wherein the trusted security zone provides hardware assisted trust,compares a first mobile equipment identifier (MEID) stored in the first non-transitory memory with a second MEID stored in the memory module,responsive to the first MEID not matching the second MEID, blocks access of applications outside the memory module to the radio transceiver,periodically examines whether a ping message is received associated with the second MEID from a server in a network of a service provider associated with the UE, andresponsive to no such ping messages being received from the server in the network within a predefined period of time based on clock signals from the second clock component, blocks access of applications outside the memory module to the radio transceiver.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The user equipment of claim 1, wherein the memory module is removable.
  - 3. The user equipment of claim 1, wherein the memory module is integrated in a motherboard of the UE.
  - 4. The user equipment of claim 1, wherein the memory module is a virtual memory module.
  - 5. The user equipment of claim 1, wherein the user equipment is one of a mobile phone, a laptop computer, a notebook computer, a tablet computer, a personal digital assistant (PDA), a media player, a headset computer, a wearable computer, a game console, an Internet digital media streaming device, a portable storage device, a hotspot, a 2.5 Wi-Fi translator, an Internet of Things (IoT) device, or another portable network/communications capable device.
  - 6. The user equipment of claim 1, wherein the application further:
    - periodically transmits a message to a lost-and-stolen server associated with a lost-and-stolen database to inquire whether the UE is stolen,responsive to a reply from the lost-and-stolen server indicating that the UE is lost, changes a network access key of the UE, wherein the network access key grants network access to the UE, andresponsive to no reply from the lost-and-stolen server within a predefined period of time based on clock signals from the second clock component, changes the network access key of the UE.
  - 7. The user equipment of claim 6, wherein the application transmits the message to the lost-and-stolen server periodically using a dedicated secure communication channel via a radio transceiver of the UE.
  - 8. The user equipment of claim 7, wherein access of applications stored outside the trusted security zone to the radio transceiver is blocked while transmitting the message.
  - 9. The user equipment of claim 7, wherein the UE establishes a wireless communication with a radio access network according to a code division multiple access (CDMA) wireless communication protocol, a global system for mobile communication (GSM) wireless communication protocol, a long-term evolution (LTE) wireless communication protocol, or a world-wide interoperability for microwave access (WiMAX) wireless communication protocol.
  - 10. The user equipment of claim 7, wherein the dedicated secure communication channel utilizes a dedicated communication protocol stack.
  - 11. The user equipment of claim 6, wherein the memory module is a physical SIM or a virtual SIM.
  - 12. The user equipment of claim 11, wherein in the case of a physical SIM, the SIM is removable or integrated in a motherboard of the UE.
  - 13. The user equipment of claim 1, wherein the application further:
    - monitors activities of applications outside the memory module on the UE, andresponsive to an input to the UE via an application outside the memory module to connect to a website that is on a blacklist stored on the UE, blocks link of the application to a radio transceiver of the UE to access the blacklisted website.
  - 14. The user equipment of claim 13, wherein parental control policies are stored in the memory module.
  - 15. The user equipment of claim 14, wherein one parental control policy prevents texting in restricted time periods.
  - 16. The user equipment of claim 13, wherein the UE establishes a wireless communication with a radio access network according to a code division multiple access (CDMA) wireless communication protocol, a global system for mobile communication (GSM) wireless communication protocol, a long-term evolution (LTE) wireless communication protocol, or a world-wide interoperability for microwave access (WiMAX) wireless communication protocol.
  - 17. The user equipment of claim 13, wherein the memory module is a physical SIM or a virtual SIM.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Paczkowski, Lyle W., Spanel, Robert L., Urbanek, Robert E.
Primary Examiner(s)
Turchen, James

Application Number

US14/947,257
Time in Patent Office

725 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1416   by checking the object acce...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

G06F 21/88   Detecting or preventing the...

G06F 2212/1052   Security improvement

G06F 2212/154   Networked environment

G06F 2221/2105   Dual mode as a secondary as...

H04L 43/10   Active monitoring, e.g. hea...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

H04W 12/04   Key management, e.g. using ...

H04W 12/086   using security domains

H04W 12/10   Integrity

H04W 12/12   Detection or prevention of ...

H04W 12/126   Anti-theft arrangements, e....

H04W 12/71   Hardware identity

H04W 88/02   Terminal devices

System and method for secure USIM wireless network access

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

546 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

System and method for secure USIM wireless network access

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

546 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others