APPARATUS AND METHOD FOR SECURE PROVISIONING OF A COMMUNICATION DEVICE

US 20150127945A1
Filed: 11/01/2013
Published: 05/07/2015
Est. Priority Date: 11/01/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

registering, by an administrative agent function operating in a secure device processor of a mobile communication device, an internet protocol address with an over-the-air programming server, wherein the internet protocol address is associated with the administrative agent function;

receiving, from the over-the-air programming server by the administrative agent function, an over-the-air programming message that includes programming data for use by the mobile communication device, wherein the over-the-air programming message is encrypted by the over-the-air programming server, and wherein the over-the-air programming message utilizes a hypertext transfer protocol;

decrypting, by the administrative agent function, the over-the-air programming message utilizing a first keyset to generate a decrypted over-the-air programming message;

determining, by the administrative agent function, a schedule for providing messages to a secure element of the mobile communication device, wherein the secure device processor is separate from the secure element and in communication with the secure element; and

providing, by the administrative agent function, the decrypted over-the-air programming message to the secure element according to the schedule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that incorporates the subject disclosure may perform, for example, receiving an over-the-air programming message that includes programming data for use by the mobile communication device, decrypting the over-the-air programming message utilizing a first keyset to generate a decrypted over-the-air programming message, determining a schedule for providing messages from a secure device processor to a secure element of the mobile communication device where the secure device processor is separate from the secure element and in communication with the secure element, and providing the decrypted over-the-air programming message to the secure element according to the schedule. Other embodiments are disclosed.

9 Citations

View as Search Results

20 Claims

1. A method comprising:
- registering, by an administrative agent function operating in a secure device processor of a mobile communication device, an internet protocol address with an over-the-air programming server, wherein the internet protocol address is associated with the administrative agent function;
  
  receiving, from the over-the-air programming server by the administrative agent function, an over-the-air programming message that includes programming data for use by the mobile communication device, wherein the over-the-air programming message is encrypted by the over-the-air programming server, and wherein the over-the-air programming message utilizes a hypertext transfer protocol;
  
  decrypting, by the administrative agent function, the over-the-air programming message utilizing a first keyset to generate a decrypted over-the-air programming message;
  
  determining, by the administrative agent function, a schedule for providing messages to a secure element of the mobile communication device, wherein the secure device processor is separate from the secure element and in communication with the secure element; and
  
  providing, by the administrative agent function, the decrypted over-the-air programming message to the secure element according to the schedule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the secure element comprises a universal integrated circuit card, and further comprising:
    - monitoring, by the administrative agent function, for a response provided by the secure element;
      
      determining, by the administrative agent function, that the response is associated with the over-the-air programming message;
      
      encrypting, by the administrative agent function, the response utilizing the first keyset to generate an encrypted response; and
      
      providing, by the administrative agent function, the encrypted response to the over-the-air programming server to enable the over-the-air programming server to decrypt the encrypted response for transmission to a service provisioning system,wherein the providing of the decrypted over-the-air programming message to the secure element enables the secure element to further decrypt the decrypted over-the-air programming message utilizing a second keyset, wherein the administrative agent function does not have access to the second keyset.
  - 3. The method of claim 2, comprising:
    - authenticating, by the administrative agent function, with the secure element utilizing a third keyset; and
      
      receiving, by the administrative agent function, the first keyset from the secure element,wherein the first keyset is generated by the secure element from a static key that is provided by a remote management server to the secure element and to the over-the-air programming server, andwherein the providing of the static key to the secure element by the remote management server is based on another over-the-air programming message that utilizes short message service transport protocol.
  - 4. The method of claim 1, comprising receiving, by the administrative agent function, the first keyset from a remote management server, wherein the remote management server provides the first keyset to the over-the-air programming server, and wherein the receiving of the first keyset by the administrative agent function is performed utilizing a remote management keyset.
  - 5. The method of claim 4, wherein the administrative agent function is downloaded to the secure device processor utilizing the remote management keyset.
  - 6. The method of claim 1, wherein the over-the-air programming message originates from a service provisioning system, wherein the providing of the decrypted over-the-air programming message to the secure element enables the secure element to further decrypt the decrypted over-the-air programming message utilizing a second keyset, wherein the administrative agent function and the over-the-air programming server do not have access to the second keyset, and wherein the service provisioning system has access to the second keyset.
  - 7. The method of claim 6, comprising:
    - determining, by the administrative agent function, that a response has been generated by the secure element and is associated with the over-the-air programming message; and
      
      providing, by the administrative agent function, the response to the over-the-air programming server for transmission to the service provisioning system, wherein the response is encrypted by the secure element utilizing the second keyset, and wherein the response is configured for decryption by the service provisioning system utilizing the second keyset.
  - 8. The method of claim 1, comprising:
    - providing, by the administrative agent function, a request to the secure element for the first keyset responsive to a determination that the over-the-air programming message has been encrypted; and
      
      receiving, by the administrative agent function, the first keyset from the secure element.
  - 9. The method of claim 1, comprising retransmitting, by the administrative agent function, the decrypted over-the-air programming message to the secure element.

10. A method comprising:
- receiving, by a server including a processor, a registration request including an internet protocol address, the registration request being received from a secure device processor of a mobile communication device;
  
  encrypting, by the server, an over-the-air programming message utilizing a first keyset to generate an encrypted over-the-air programming message, wherein the over-the-air programming message includes programming data for use by the mobile communication device; and
  
  providing, by the server, the encrypted over-the-air programming message to the secure device processor to enable the secure device processor to decrypt the encrypted over-the-air programming message utilizing the first keyset, wherein the providing of the encrypted over-the-air programming message further enables the secure device processor to provide the programming data to a secure element of the mobile communication device for provisioning of the mobile communication device, and wherein the secure device processor is separate from the secure element and in communication with the secure element.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, comprising receiving, by the server, the over-the-air programming message from a service provisioning system, wherein the over-the-air programming message is encrypted by the service provisioning system utilizing a second keyset, wherein the second keyset is accessible to the secure element and the service provisioning system, and wherein the second keyset is not accessible to the server and the secure device processor.
  - 12. The method of claim 10, wherein the providing of the encrypted over-the-air programming message to the secure device processor utilizes a hypertext transfer protocol.
  - 13. The method of claim 10, comprising:
    - receiving, by the server, a static key from a remote management server, wherein the remote management server provides the static key to the secure element to enable the secure element to generate the first keyset from the static key and to enable the secure element to provide the first keyset to the secure device processor; and
      
      generating the first keyset from the static key.
  - 14. The method of claim 10, wherein the first keyset is provided to the server and to the mobile communication device by a remote management server.
  - 15. The method of claim 10, comprising:
    - receiving, by the server, the over-the-air programming message from a service provisioning system;
      
      receiving, by the server, a request from the service provisioning system to provide the over-the-air programming message to another mobile communication device;
      
      determining, by the server, that the other mobile communication device is not registered with the server; and
      
      providing, by the server, a notice to the service provisioning system indicating that the other secure device processor is not registered with the server.
  - 16. The method of claim 10, comprising:
    - receiving, by the server, a response to the over-the-air programming message;
      
      decrypting, by the server, the response utilizing the first keyset to generate a decrypted response; and
      
      providing, by the server, the decrypted response to a service provisioning system that originated the over-the-air programming message.

17. A method comprising:
- receiving, by a secure element of a mobile communication device, a request for a first keyset, wherein the request is received from a secure device processor of the mobile communication device, wherein the secure element is separate from the secure device processor and in communication with the secure device processor;
  
  providing, by the secure element, the first keyset to the secure device processor to enable the secure device processor to decrypt an over-the-air programming message to generate a decrypted over-the-air programming message, wherein the over-the-air programming message includes programming data for provisioning the mobile communication device;
  
  receiving, by the secure element from the secure device processor, the decrypted over-the-air programming message; and
  
  performing, by the secure element, an additional decryption of the decrypted over-the-air message utilizing a second keyset, wherein the secure device processor does not have access to the second keyset.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, comprising:
    - receiving, by the secure element, a static key from a remote management server, wherein the remote management server provides the static key to an over-the-air programming server that transmitted the over-the-air programming message to the secure device processor; and
      
      generating, by the secure element, the first keyset from the static key.
  - 19. The method of claim 17, wherein the secure element comprises a universal integrated circuit card, wherein the over-the-air programming message utilizes a hypertext transfer protocol, and wherein the receiving of the decrypted over-the-air programming message is according to a schedule generated by the secure device processor.
  - 20. The method of claim 17, comprising:
    - generating, by the secure element, a secure message for transmission;
      
      encrypting, by the secure element, the secure message utilizing the second keyset to generate an encrypted secure message; and
      
      providing, by the secure element, the encrypted secure message to the secure device processor for transmission to a destination device via an intermediate server to enable the destination device to decrypt the encrypted secure message utilizing the second keyset, wherein the encrypted secure message is further encrypted by the secure device processor utilizing the first keyset, and wherein the encrypted secure message is further decrypted by the intermediate server utilizing the first keyset prior to delivery to the intermediate server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Chastain, Walter Cooper, Chin, Stephen Emille

Granted Patent

US 9,313,660 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0876   based on the identity of th...

H04L 63/123   received data contents, e.g...

H04W 12/02   Protecting privacy or anony...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

H04W 8/20   Transfer of user or subscri...

APPARATUS AND METHOD FOR SECURE PROVISIONING OF A COMMUNICATION DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS AND METHOD FOR SECURE PROVISIONING OF A COMMUNICATION DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links