Secure environment for subscriber device

摘要

A secure operating environment for a telecommunication device is disclosed, where a trusted execution environment (TEE) can establish both first secure communication (SC) channel between the TEE and a security-enabled SIM card, and a second SC between a service provider entity and Trustlet application, which is a component of the TEE of the telecommunication device. The telecommunication device may include a processor(s), an identification module, and a memory including the TEE and a normal operating environment (NOE). The TEE can be operated by the one or more processors to establish the first SC channel, authenticate a service identifier of the identification module, and establish the second SC channel, prior to an execution of the NOE.

主权项

1. A telecommunication device comprising:
one or more processors; an identification module storing a service identifier; and a memory coupled to the one or more processors, and having at least a trusted execution environment (TEE) and a normal operating environment (NOE), wherein the TEE is configured to be operated by the one or more processors to:
establish a first secure communication channel between the TEE and the identification module;authenticate the service identifier of the identification module after the first secure communication channel has been established; andestablish a second secure communication channel between the telecommunication device and a provisioning server of a service provider,wherein the first secure communication channel or the second secure communication channel is established prior to an execution of the NOE.