Providing subscriber consent in an operator exchange

摘要

A method and system for providing a record of consent in scenarios in which the user and a device may have to perform a function that involves two entities that don't trust each other or are not necessary interested in cooperating. In one such example, a user wants to switch services from an “old” operator to a “new” operator. An operator switch without explicit user consent may have legal or business ramifications for both the “old” and “new” operators. The ramifications are even more severe if the switch is the result of actions of, for example, a hacker maliciously causing this switches in order to cause monetary or other damage to either operators or denial of service to the users. In such cases it is useful for both operators to be on record and have an archive of proof of user consent should future disputes arise.

主权项

1. A method of confirming a request to change a provider of a service for an electronic device, the method comprising, by a third party manager device:
receiving from a requesting entity a request for a record of a subscriber's consent to switch receipt of a service from a first operator to a second operator; in response to the request, sending an electronic device of the subscriber a challenge to provide an authentication credential, wherein the challenge comprises an identifier of the subscriber, an identifier of the first operator, an identifier of the second operator, or identifiers of both the first and second operator; receiving a challenge response from the subscriber's electronic device, wherein the challenge response comprises the identifier of the subscriber, the requested authentication credential, the identifier of the first operator, the identifier of the second operator, and an identifier of the subscriber's electronic device; verifying the authentication credential; creating a user consent token that comprises the identifier of the subscriber, the identifier of the first operator, the identifier of the second operator, the identifier of the subscriber's electronic device, and a certificate for receivers of the token to verify validity of the token; and sending the user consent token to the requesting entity.