Apparatus and method for secure provisioning of a communication device

摘要

A system that incorporates the subject disclosure may perform, for example, receiving an over-the-air programming message that includes programming data for use by the mobile communication device, decrypting the over-the-air programming message utilizing a first keyset to generate a decrypted over-the-air programming message, determining a schedule for providing messages from a secure device processor to a secure element of the mobile communication device where the secure device processor is separate from the secure element and in communication with the secure element, and providing the decrypted over-the-air programming message to the secure element according to the schedule. Other embodiments are disclosed.

主权项

1. A method comprising:
registering, by an administrative agent function operating in a secure device processor of a mobile communication device, an internet protocol address with an over-the-air programming server, wherein the internet protocol address is associated with the administrative agent function; receiving, from the over-the-air programming server by the administrative agent function, an over-the-air programming message that includes programming data for use by the mobile communication device, wherein the over-the-air programming message is encrypted by the over-the-air programming server, and wherein the over-the-air programming message utilizes a hypertext transfer protocol; decrypting, by the administrative agent function, the over-the-air programming message utilizing a first keyset to generate a decrypted over-the-air programming message; determining, by the administrative agent function, a schedule for providing messages to a secure element of the mobile communication device, wherein the secure device processor is separate from the secure element and in communication with the secure element; and providing, by the administrative agent function, the decrypted over-the-air programming message to the secure element according to the schedule, wherein the providing of the decrypted over-the-air programming message to the secure element enables the secure element to further decrypt the decrypted over-the-air programming message utilizing a second keyset, wherein the administrative agent function does not have access to the second keyset.