Apparatus and method for managing security domains for a universal integrated circuit card

US 9,967,247 B2
Filed: 06/22/2017
Issued: 05/08/2018
Est. Priority Date: 05/01/2014
Status: Active Grant

First Claim

Patent Images

1. A device comprising:

a universal integrated circuit card;

a processor; and

a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising;

generating a third-party security domain root structure for the universal integrated circuit card, wherein the third-party security domain root structure includes a hierarchy of a link provider operator security domain above a mobile network operator trusted security domain, and wherein the mobile network operator trusted security domain enables card content management and subscription eligibility verification by equipment of a mobile network operator trusted service manager;

adjusting the third-party security domain root structure to include a service provider trusted security domain in the hierarchy below the mobile network operator trusted security domain, wherein the service provider trusted security domain enables equipment of a third-party trusted service manager to perform card content management actions subject to authorization from the equipment of the mobile network operator trusted service manager; and

adjusting the third-party security domain root structure to include another service provider trusted security domain in the hierarchy below the link provider operator security domain, wherein the another service provider trusted security domain enables equipment of another third-party trusted service manager to perform card content management actions without obtaining authorization from the equipment of the mobile network operator trusted service manager.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device that incorporates the subject disclosure may perform, for example, generating a security domain root structure for a universal integrated circuit card of an end user device, where the security domain root structure includes a hierarchy of a link provider operator security domain above a mobile network operator trusted security domain, where the link provider operator security domain enables transport management by a link provider operator, and where the mobile network operator trusted security domain enables card content management and subscription eligibility verification by a mobile network operator trusted service manager. Other embodiments are disclosed.

Citations

20 Claims

1. A device comprising:
- a universal integrated circuit card;
  
  a processor; and
  
  a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising;
  
  generating a third-party security domain root structure for the universal integrated circuit card, wherein the third-party security domain root structure includes a hierarchy of a link provider operator security domain above a mobile network operator trusted security domain, and wherein the mobile network operator trusted security domain enables card content management and subscription eligibility verification by equipment of a mobile network operator trusted service manager;
  
  adjusting the third-party security domain root structure to include a service provider trusted security domain in the hierarchy below the mobile network operator trusted security domain, wherein the service provider trusted security domain enables equipment of a third-party trusted service manager to perform card content management actions subject to authorization from the equipment of the mobile network operator trusted service manager; and
  
  adjusting the third-party security domain root structure to include another service provider trusted security domain in the hierarchy below the link provider operator security domain, wherein the another service provider trusted security domain enables equipment of another third-party trusted service manager to perform card content management actions without obtaining authorization from the equipment of the mobile network operator trusted service manager.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The device of claim 1, wherein the generating the third-party security domain root structure is responsive to receiving an over-the-air message.
  - 3. The device of claim 1, wherein the operations further comprise:
    - generating a second third-party security domain root structure that includes a second hierarchy of a service provider link provider operator security domain above a second service provider trusted security domain.
  - 4. The device of claim 1, wherein the operations further comprise:
    - responsive to a determination to allow the third-party trusted service manager to utilize a third-party over-the-air platform, adjusting the third-party security domain root structure to include a service provider link provider operator security domain in the hierarchy below the mobile network operator trusted security domain and to include a second service provider trusted security domain in the hierarchy below the service provider link provider operator security domain.
  - 5. The device of claim 1, wherein the operations further comprise:
    - determining to operate in an authorized management dual mode, wherein the adjusting the third-party security domain root structure to include the another service provider trusted security domain in the hierarchy below the link provider operator security domain is responsive to the determining to operate in the authorized management dual mode.
  - 6. The device of claim 1, wherein the universal integrated circuit card comprises an issuer security domain, a controlling authority security domain, and a telephony security domain when the third-party security domain root structure is generated.
  - 7. The device of claim 1, wherein the link provider operator security domain utilizes a first keyset for first secure transmissions, and wherein the mobile network operator trusted security domain utilizes a second keyset for second secure transmissions.
  - 8. The device of claim 1, wherein the universal integrated circuit card comprises a controlling authority security domain and a service provider trusted security domain, wherein the service provider trusted security domain utilizes a keyset to securely communicate with equipment of a third-party trusted service manager, and wherein the keyset is generated by the controlling authority security domain.

9. A universal integrated circuit card comprising:
- a memory that stores executable instructions that, when executed by a processor, facilitate performance of operations, comprising;
  
  generating a third-party security domain root structure for the universal integrated circuit card, wherein the third-party security domain root structure includes a hierarchy of a link provider operator security domain above a mobile network operator trusted security domain, and wherein the mobile network operator trusted security domain enables card content management and subscription eligibility verification by equipment of a mobile network operator trusted service manager;
  
  responsive to an instruction received from the equipment of the mobile network operator trusted service manager, adjusting the third-party security domain root structure to include a service provider trusted security domain in the hierarchy below the mobile network operator trusted security domain, wherein the service provider trusted security domain enables equipment of a third-party trusted service manager to perform card content management actions subject to authorization from the equipment of the mobile network operator trusted service manager; and
  
  adjusting the third-party security domain root structure to include a second service provider trusted security domain in the hierarchy below the link provider operator security domain, wherein the second service provider trusted security domain enables equipment of another third-party trusted service manager to perform card content management actions without obtaining authorization from the equipment of the mobile network operator trusted service manager.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The universal integrated circuit card of claim 9, wherein the generating the third-party security domain root structure is responsive to receiving an over-the-air message.
  - 11. The universal integrated circuit card of claim 9, wherein the operations further comprise:
    - responsive to a determination to allow another third-party trusted service manager to utilize a third-party over-the-air platform, adjusting the third-party security domain root structure to include a service provider link provider operator security domain in the hierarchy below the mobile network operator trusted security domain and to include a third service provider trusted security domain in the hierarchy below the service provider link provider operator security domain.
  - 12. The universal integrated circuit card of claim 9, wherein the processor comprises a plurality of processors operating in a distributed processing environment of an end user device.
  - 13. The universal integrated circuit card of claim 9, comprising an issuer security domain, a controlling authority security domain, and a telephony security domain when the third-party security domain root structure is generated.
  - 14. The universal integrated circuit card of claim 9, wherein the link provider operator security domain utilizes a first keyset for first secure transmissions, and wherein the mobile network operator trusted security domain utilizes a second keyset for second secure transmissions.
  - 15. The universal integrated circuit card of claim 9, comprising a controlling authority security domain, wherein the service provider trusted security domain utilizes a keyset to securely communicate with the equipment of the third-party trusted service manager, and wherein the keyset is generated by the controlling authority security domain.

16. A method, comprising:
- determining, by a server including a processing system, to operate a universal integrated circuit card of an end user device in a delegated mode, wherein the universal integrated circuit card has a third-party security domain root structure with a hierarchy including a link provider operator security domain in the hierarchy above a mobile network operator trusted security domain;
  
  responsive to the determining to operate in the delegated mode, causing, by the server, the third-party security domain root structure of the universal integrated circuit card to add a service provider trusted security domain in the hierarchy below the mobile network operator trusted security domain; and
  
  receiving, by the server, a request from a third-party trusted service manager to perform a card content management action, wherein the service provider trusted security domain enables the third-party trusted service manager to perform the card content management action via the service provider trusted security domain,wherein the third-party security domain root structure is selectively adjustable to include the service provider trusted security domain in the hierarchy below the link provider operator security domain, wherein the service provider trusted security domain enables a third-party trusted service manager to perform card content management actions without obtaining authorization from the mobile network operator trusted service manager.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the third-party security domain root structure is selectively adjustable to include a service provider link provider operator security domain in the hierarchy below the mobile network operator trusted security domain and to include a second service provider trusted security domain in the hierarchy below the service provider link provider operator security domain.
  - 18. The method of claim 16, wherein the third-party security domain root structure is selectively adjustable to include the service provider trusted security domain in the hierarchy below the link provider operator security domain responsive to a determination to operate in an authorized management dual mode.
  - 19. The method of claim 16, wherein the universal integrated circuit card comprises an issuer security domain, a controlling authority security domain, and a telephony security domain when the third-party security domain root structure is generated.
  - 20. The method of claim 16, wherein the universal integrated circuit card comprises a controlling authority security domain, wherein the service provider trusted security domain utilizes a keyset to securely communicate with the third-party trusted service manager, and wherein the keyset is generated by the controlling authority security domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Chastain, Walter Cooper
Primary Examiner(s)
LE, KHOI V

Application Number

US15/630,181
Publication Number

US 20170295158A1
Time in Patent Office

320 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/77   in smart cards

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04W 12/04   Key management, e.g. using ...

H04W 12/08   Access security

H04W 12/086   using security domains

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

Apparatus and method for managing security domains for a universal integrated circuit card

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for managing security domains for a universal integrated circuit card

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links