Enabling secure application distribution on a (E)UICC using short distance communication techniques

US 9,848,325 B2
Filed: 11/03/2014
Issued: 12/19/2017
Est. Priority Date: 07/14/2014
Status: Active Grant

First Claim

Patent Images

1. A method performed in a system comprising a first wireless device including a first security application, a second wireless device and a network node, for enabling distribution of the first security application to the second wireless device, the method comprising:

receiving, in the first wireless device, using a short distance communication technology, a hardware identifier of the second wireless device;

sending, from the first wireless device, the hardware identifier of the second wireless device and information identifying the first security application to the network node;

receiving, in the network node, from the first wireless device, the hardware identifier of the second wireless device and the information identifying the first security application;

sending, from the network node to the first wireless device, a first confirmation that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;

receiving, in the first wireless device, a first confirmation from the network node that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;

authorising, in the network node, the second wireless device to receive and/or activate a second security application associated with the first security application of the first wireless device;

sending, from the network node, a second confirmation to the first wireless device that the second security application associated with the first security application is authorized in the second wireless device;

receiving, in the first wireless device, a second confirmation that the second security application associated with the first security application is authorized in the second wireless device; and

sending the second security application associated with the first security application of the first wireless device from the network node to the second wireless device;

wherein the first security application and the second security application are both software applications executed by a processor in a secured environment such that, when executed, the first security application and the second security application restrict access to sensitive data;

receiving, in the first wireless device, user input to cancel the authorization to access the second security application, associated with the first security application, in the second wireless device;

sending, from the first wireless device, instructions to the network node to cancel the authorization to the second wireless device;

receiving, in the network node, instructions from the first wireless device to cancel the authorization to the second wireless device to access the second security application associated with the first security application; and

cancelling, in the network node, the authorization to the second wireless device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure provides for methods and devices for enabling distribution of a first security application comprised in the first wireless device to the second wireless device. One method comprises the steps of receiving, in the first wireless device, using a short distance communication technology, a hardware identifier of the second wireless device, sending, from the first wireless device, the hardware identifier and information identifying the first security application to the network node, receiving, in the network node, from the first wireless device, the hardware identifier of the second wireless device and the information identifying the security application and authorizing, in the network node, the second wireless device to receive and/or activate a second security application associated with the first security application of the first wireless device.

43 Citations

View as Search Results

33 Claims

1. A method performed in a system comprising a first wireless device including a first security application, a second wireless device and a network node, for enabling distribution of the first security application to the second wireless device, the method comprising:
- receiving, in the first wireless device, using a short distance communication technology, a hardware identifier of the second wireless device;
  
  sending, from the first wireless device, the hardware identifier of the second wireless device and information identifying the first security application to the network node;
  
  receiving, in the network node, from the first wireless device, the hardware identifier of the second wireless device and the information identifying the first security application;
  
  sending, from the network node to the first wireless device, a first confirmation that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;
  
  receiving, in the first wireless device, a first confirmation from the network node that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;
  
  authorising, in the network node, the second wireless device to receive and/or activate a second security application associated with the first security application of the first wireless device;
  
  sending, from the network node, a second confirmation to the first wireless device that the second security application associated with the first security application is authorized in the second wireless device;
  
  receiving, in the first wireless device, a second confirmation that the second security application associated with the first security application is authorized in the second wireless device; and
  
  sending the second security application associated with the first security application of the first wireless device from the network node to the second wireless device;
  
  wherein the first security application and the second security application are both software applications executed by a processor in a secured environment such that, when executed, the first security application and the second security application restrict access to sensitive data;
  
  receiving, in the first wireless device, user input to cancel the authorization to access the second security application, associated with the first security application, in the second wireless device;
  
  sending, from the first wireless device, instructions to the network node to cancel the authorization to the second wireless device;
  
  receiving, in the network node, instructions from the first wireless device to cancel the authorization to the second wireless device to access the second security application associated with the first security application; and
  
  cancelling, in the network node, the authorization to the second wireless device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, comprising:
    - displaying, in the first wireless device, security applications available for distribution in the first wireless device; and
      
      receiving, in the first wireless device, user input on which security application to distribute to the second wireless device, wherein the selected security application is the first security application.
  - 3. The method according to claim 1, wherein authorizing, in the network node, comprises requesting authorizing information from a Service provider.
  - 4. The method according to claim 3, wherein authorizing, in the network node, comprises that the network node communicates with an external server wherein the external server is a service provider server.
  - 5. The method according to claim 1, wherein the first security application is associated with a particular subscription and activating the second security application associates the second security application with the particular subscription.

6. A method, performed in a first wireless device, of enabling distribution of a first security application comprised in the first wireless device to a second wireless device, the method comprising:
- receiving, using a short distance communication technology, a hardware identifier of the second wireless device; and
  
  sending the hardware identifier and information identifying the first security application to a network node, thereby enabling the network node to;
  
  send to the first wireless device a first confirmation that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;
  
  authorise the second wireless device to receive and/or activate a second security application associated with the first security application of the first wireless device; and
  
  send a second confirmation to the first wireless device that the second security application associated with the first security application is authorized in the second wireless device;
  
  send the second security application associated with the first security application of the first wireless device from the network node to the second wireless device;
  
  receiving a first confirmation from the network node that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;
  
  receiving a second confirmation that the second security application associated with the first security application is authorized in the second wireless device;
  
  wherein the first security application and the second security application are both software applications executed by a processor in a secured environment such that, when executed, the first security application and the second security application restrict access to sensitive data;
  
  receiving user input to cancel the authorization to access the second security application, associated with the first security application, in the second wireless device; and
  
  sending instructions to the network node to cancel the authorization to the second wireless device, thereby enabling the network node to cancel the authorization to the second wireless device.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method according to claim 6, comprising:
    - displaying security applications available for distribution in the first wireless device;
      
      receiving user input on which security application to distribute to the second wireless device, the selected security application is the first security application.
  - 8. The method according to claim 6, wherein the first and second security applications comprises an application for enabling access to external services.
  - 9. The method according to claim 6, wherein the first and second security application comprises a Subscriber Identity Module, SIM.
  - 10. The method according to claim 6, wherein the short distance communication technology is short distance radio technology.
  - 11. The method according to claim 6, wherein the short distance communication technology is Body Coupled Communication, BCC, technology.

12. A method performed in a network node of enabling distribution of a first security application comprised in a first wireless device to a second wireless device, the method comprising:
- receiving, from the first wireless device, a hardware identifier of the second wireless device and information identifying the security application;
  
  sending to the first wireless device a first confirmation that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;
  
  authorising the second wireless device to receive and/or activate a second security application associated with a security application of the first wireless device;
  
  sending a second confirmation to the first wireless device that the second security application associated with the first security application is authorized in the second wireless device;
  
  sending the second security application associated with the first security application of the first wireless device to the second wireless device;
  
  wherein the first security application and the second security application are both software applications executed by a processor in a secured environment such that, when executed, the first security application and the second security application restrict access to sensitive data;
  
  receiving instructions from the first wireless device to cancel the authorization to the second wireless device to access the second security application associated with the first security application; and
  
  cancelling the authorization to the second wireless device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method according to claim 12, wherein authorizing comprises requesting authorizing information from a subscription distributing center.
  - 14. The method according to claim 13, wherein authorizing comprises that the network node communicates with an external server.
  - 15. The method according to claim 14, wherein the external server is a service provider server such as a Mobile Network Operator, MNO, server, a server provided by a bank, a server provided by a car manufacturer or a server from an application software company.
  - 16. The method according to claim 12 comprising:
    - sending the second security application associated with the first security application of the first wireless device, to the second wireless device.
  - 17. The method according to claim 12, wherein the first and second security application comprises an application for enabling access to external services.
  - 18. The method according to claim 12, wherein the first and second security application comprises a Subscriber Identity Module, SIM received from a SIM server.
  - 19. The method according to claim 18, wherein the sending comprises pushing SIM to the second wireless device using SMS or another connectivity protocol.

20. A method, performed in a second wireless device, of enabling distribution of a first security application comprised in a first wireless device to the second wireless device, the method comprising:
- receiving, using a short distance communication technology, information identifying the first security application of the first wireless device; and
  
  sending a hardware identifier of the second wireless device and information identifying the first security application to a network node, thereby enabling the network node to;
  
  send to the first wireless device a first confirmation that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;
  
  authorise the second wireless device to receive and/or activate a second security application associated with the first security application of the first wireless devicesend a second confirmation to the first wireless device that the second security application associated with the first security application is authorized in the second wireless device;
  
  send the second security application associated with the first security application of the first wireless device from the network node to the second wireless devicewherein the first security application and the second security application are both software applications executed by a processor in a secured environment such that, when executed, the first security application and the second security application restrict access to sensitive data.

21. A system, comprising a first wireless device, a second wireless device and a network node, for enabling distribution of a first security application comprised in the first wireless device to the second wireless device, comprising:
- the first wireless device, comprising;
  
  communication circuitry for short distance communication;
  
  processing circuitry configured to;
  
  i. receive, using the communication circuitry, a hardware identifier of the second wireless device;
  
  ii. send, using the communication circuitry, the hardware identifier and information identifying the security application to a network node, thereby enabling the network node to authorise the second wireless device to get access to a second security application associated with the security application of the first wireless device;
  
  iii. receive a first confirmation from the network node that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;
  
  iv. receive a second confirmation that the second security application associated with the first security application is authorized in the second wireless device;
  
  v. receive user input to cancel the authorization to access the second security application, associated with the first security application, in the second wireless device; and
  
  vi. send, using the communication circuitry, instructions to the network node to cancel the authorization to the second wireless device; and
  
  the network node, comprising;
  
  communication circuitry for short distance communication;
  
  processing circuitry configured to;
  
  i. receive, using the communication circuitry, from the first wireless device, a hardware identifier of the second wireless device and information identifying the security application;
  
  ii. send to the first wireless device a first confirmation that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;
  
  iii. authorise the second wireless device to access a security application associated with a second security application of the first wireless device;
  
  iv. send a second confirmation to the first wireless device that the second security application associated with the first security application is authorized in the second wireless device; and
  
  v. send the second security application associated with the first security application of the first wireless device from the network node to the second wireless device;
  
  vi. receive instructions from the first wireless device to cancel the authorization to the second wireless device to access the second security application associated with the first security application;
  
  vii. cancel the authorization to the second wireless device;
  
  the second wireless device;
  
  wherein the first security application and the second security application are both software applications executed by a processor in a secured environment such that, when executed, the first security application and the second security application restrict access to sensitive data.
- View Dependent Claims (22)
- - 22. The system according to claim 21, wherein the first security application is associated with a particular subscription and activating the second security application associates the second security application with the particular subscription.

23. A first wireless device, for enabling distribution of a first security application comprised in the first wireless device to a second wireless device, comprising:
- communication circuitry for short distance communication;
  
  processing circuitry configured to;
  
  receive, using the communication circuitry, a hardware identifier of the second wireless device;
  
  send, using the communication circuitry, the hardware identifier and information identifying the security application to a network node, thereby enabling the network node to;
  
  send to the first wireless device a first confirmation that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;
  
  authorise the second wireless device to get access to a second security application associated with the security application of the first wireless device; and
  
  send a second confirmation to the first wireless device that the second security application associated with the first security application is authorized in the second wireless device;
  
  send the second security application associated with the first security application of the first wireless device from the network node to the second wireless device;
  
  receive a first confirmation from the network node that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;
  
  receive a second confirmation that the second security application associated with the first security application is authorized in the second wireless device;
  
  receive user input to cancel the authorization to access the second security application, associated with the first security application, in the second wireless device; and
  
  send, using the communication circuitry, instructions to the network node to cancel the authorization to the second wireless device;
  
  wherein the first security application and the second security application are both software applications executed by a processor in a secured environment such that, when executed, the first security application and the second security application restrict access to sensitive data.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The first wireless device according to claim 23, wherein the first and second security application comprises an application for enabling access to external services.
  - 25. The first wireless device according to claim 23, wherein the first and second security application comprises a Subscriber Identity Module, SIM.
  - 26. The first wireless device according to claim 23, wherein the short distance communication technology is short distance radio technology.
  - 27. The first wireless device according to claim 23, wherein the short distance communication technology is Body Coupled Communication, BCC, technology.

28. A network node, for enabling distribution of a first security application comprised in a first wireless device to a second wireless device, comprising:
- communication circuitry for short distance communication;
  
  processing circuitry configured to;
  
  receive, using the communication circuitry, from the first wireless device, a hardware identifier of the second wireless device and information identifying the security application;
  
  send to the first wireless device a first confirmation that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;
  
  authorise the second wireless device to access a security application associated with a second security application of the first wireless device;
  
  send a second confirmation to the first wireless device that the second security application associated with the first security application is authorized in the second wireless device;
  
  send the second security application associated with the first security application of the first wireless device from the network node to the second wireless device;
  
  receive instructions from the first wireless device to cancel the authorization to the second wireless device to access the second security application associated with the first security application;
  
  cancel the authorization to the second wireless device;
  
  wherein the first security application and the second security application are both software applications executed by a processor in a secured environment such that, when executed, the first security application and the second security application restrict access to sensitive data.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The network node according to claim 28, wherein the first and second security application comprises an application for enabling access to external services.
  - 30. The network node according to claim 28, wherein the first and second security application comprises a Subscriber Identity Module, SIM received from a SIM server.
  - 31. The network node according to claim 30, wherein the sending comprises pushing SIM to the second wireless device using SMS or another connectivity protocol.
  - 32. The network node according to claim 28, wherein the first security application is associated with a particular subscription and activating the second security application associates the second security application with the particular subscription.

33. A second wireless device, for enabling distribution of a first security application comprised in a first wireless device to the second wireless device, comprising:
- communication circuitry for short distance communication;
  
  processing circuitry configured to;
  
  receive, using a short distance communication technology, information identifying the first security application of the first wireless device; and
  
  send a hardware identifier of the second wireless device and information identifying the first security application to a network node, thereby enabling the network node tosend to the first wireless device a first confirmation that the hardware identifier is received in the network node and/or that it is a correct hardware identifier;
  
  authorise the second wireless device to receive and/or activate a second security application associated with the first security application of the first wireless device; and
  
  send a second confirmation to the first wireless device that the second security application associated with the first security application is authorized in the second wireless device;
  
  send the second security application associated with the first security application of the first wireless device from the network node to the second wireless devicewherein the first security application and the second security application are both software applications executed by a processor in a secured environment such that, when executed, the first security application and the second security application restrict access to sensitive data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.), Sony Mobile Communications Incorporated (Sony Group Corp.)
Inventors
Mellqvist, Anders, Berthet, David
Primary Examiner(s)
Fang, Keith
Assistant Examiner(s)
HANNAN, B M M

Application Number

US14/531,399
Publication Number

US 20160014601A1
Time in Patent Office

1,142 Days
Field of Search

235375, 726 4
US Class Current
CPC Class Codes

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 12/71   Hardware identity

H04W 4/80   Services using short range ...

H04W 8/205   Transfer to or from user eq...

Enabling secure application distribution on a (E)UICC using short distance communication techniques

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Enabling secure application distribution on a (E)UICC using short distance communication techniques

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others