Apparatus and method for secure provisioning of a communication device
First Claim
1. A method comprising:
- obtaining, by a secure processing device of a communication device, an over-the-air programming message that includes programming data, wherein the programming data is for use by the communication device, wherein the secure processing device includes a processor, and wherein the over-the-air programming message is obtained from an over-the-air programming server;
decrypting, by the secure processing device, the over-the-air programming message utilizing a first keyset obtained by the secure processing device to generate a first-keyset decrypted over-the-air programming message, wherein the first keyset is obtained from a remote management server via transmission by the over-the-air programming server; and
providing, by the secure processing device, the first-keyset decrypted over-the-air programming message to a secure element, wherein the providing of the first-keyset decrypted over-the-air programming message to the secure element enables the secure element to further decrypt the first-keyset decrypted over-the-air programming message utilizing a second keyset, and wherein the secure processing device does not have access to the second keyset.
1 Assignment
0 Petitions
Accused Products
Abstract
A system that incorporates the subject disclosure may perform, for example, obtaining programming data via an over-the-air programming message for use by a communication device, wherein the over-the-air programming message is obtained from, and encrypted by an over-the-air programming server. The over-the-air programming message is decrypted utilizing a first keyset obtained by a secure device processor processing the first keyset obtained from a remote management server via transmission by the over-the-air programming server, to generate a first-key decrypted over-the-air programming message. The decrypted over-the-air programming message is provided to a secure element to enable the secure element to further decrypt the first-key decrypted over-the-air programming message utilizing a second keyset, wherein the secure device processor does not have access to the second keyset. Other embodiments are disclosed.
246 Citations
20 Claims
-
1. A method comprising:
-
obtaining, by a secure processing device of a communication device, an over-the-air programming message that includes programming data, wherein the programming data is for use by the communication device, wherein the secure processing device includes a processor, and wherein the over-the-air programming message is obtained from an over-the-air programming server; decrypting, by the secure processing device, the over-the-air programming message utilizing a first keyset obtained by the secure processing device to generate a first-keyset decrypted over-the-air programming message, wherein the first keyset is obtained from a remote management server via transmission by the over-the-air programming server; and providing, by the secure processing device, the first-keyset decrypted over-the-air programming message to a secure element, wherein the providing of the first-keyset decrypted over-the-air programming message to the secure element enables the secure element to further decrypt the first-keyset decrypted over-the-air programming message utilizing a second keyset, and wherein the secure processing device does not have access to the second keyset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
generating, by a processing system of a server, a first keyset from a static key obtained from a remote management server via a secure element of a communication device, wherein the processing system includes a processor, and wherein the secure element generates a first keyset from the static key to enable the secure element to provide the first keyset to a secure device processor of the communication device; encrypting, by the processing system of the server, an over-the-air programming message utilizing the first keyset to generate an encrypted over-the-air programming message, wherein the over-the-air programming message includes programming data for use by the communication device; and providing, by the processing system of the server, the encrypted over-the-air programming message to the secure device processor of the communication device to enable the secure device processor to decrypt the encrypted over-the-air programming message utilizing the first keyset, wherein the providing of the encrypted over-the-air programming message further enables the secure device processor to provide the programming data to the secure element of the communication device for provisioning of the communication device, wherein the secure device processor is separate from the secure element and in communication with the secure element, wherein the providing of the programming data to the secure element enables the secure element to further decrypt the programming data utilizing a second keyset, and wherein the secure device processor does not have access to the second keyset. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A communication device comprising:
-
a secure element having a secure element memory with first executable instructions, wherein the secure element, responsive to executing the first executable instructions, facilitate performance of first operations, the first operations comprising; providing a first keyset to a secure device processor; and performing an additional decryption of a first-keyset decrypted over-the-air programming message obtained from the secure device processor, utilizing a second keyset, wherein the secure device processor does not have access to the second keyset; and the secure device processor having a secure device processor memory with second executable instructions, wherein the secure device processor, responsive to executing the second executable instructions, performs second operations comprising; decrypting an over-the-air programming message utilizing the first keyset to generate the first-keyset decrypted over-the-air programming message, wherein the over-the-air programming message includes programming data for provisioning the communication device, wherein the secure device processor is separate from the secure element and in communication with the secure element; and a device processor that facilitates wireless communications of the communication device, wherein the device processor is separate from the secure device processor and the secure element. - View Dependent Claims (18, 19, 20)
-
Specification