EP2839687A1 - Remote unlocking of telecommunication device functionality - Google Patents

Remote unlocking of telecommunication device functionality

Info

Publication number
EP2839687A1
EP2839687A1 EP13778691.9A EP13778691A EP2839687A1 EP 2839687 A1 EP2839687 A1 EP 2839687A1 EP 13778691 A EP13778691 A EP 13778691A EP 2839687 A1 EP2839687 A1 EP 2839687A1
Authority
EP
European Patent Office
Prior art keywords
unlock
functionality
telecommunication device
request
telecommunication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP13778691.9A
Other languages
German (de)
French (fr)
Other versions
EP2839687A4 (en
Inventor
Ahmad Arash Obaidi
Alexandru Catalin Ionescu
Adrian Buzescu
Raymond Froelich
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
T Mobile USA Inc
Original Assignee
T Mobile USA Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/660,350 external-priority patent/US9055443B2/en
Priority claimed from US13/842,116 external-priority patent/US9172538B2/en
Application filed by T Mobile USA Inc filed Critical T Mobile USA Inc
Publication of EP2839687A1 publication Critical patent/EP2839687A1/en
Publication of EP2839687A4 publication Critical patent/EP2839687A4/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/48Security arrangements using identity modules using secure binding, e.g. securely binding identity modules to devices, services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier

Definitions

  • Modern telecommunication service providers generate much of their revenue by selling propriety wireless communication services and devices to their customers, under the good-faith assumption that these services and devices will be utilized in accordance with their intended purposes.
  • a particular telecommunication service provider may allow access to its wireless communication services by selling customers a prepaid or a postpaid, i.e., subscription-based, rate plan, which is generally associated with a respective customer's service level agreement.
  • a telecommunication service provider can also require its customers to purchase corresponding, provider-specific communication devices, including cellular phones, personal digital assistants, tablet computers, and the like, in order to access its proprietary communication services.
  • OS operating system
  • a carrier-locked communication device is sometimes referred to in the industry as "jail-breaking" a device, and it can allow an unlocked, jail-broken device to gain access to unauthorized services of multiple telecommunication service providers.
  • SIM-shim is a thin circuit board that is designed to fit between a service provider's Subscriber Identity Module (SIM) card and a telecommunication device's SIM socket.
  • SIM Subscriber Identity Module
  • the SIM-shim device can be employed to allow a user to unlock his or her carrier-locked device, by simply inserting this add-on component into his or her device, thereby effectuating an override of device security features intended to keep the device restricted to services of a specific telecommunication service provider.
  • SIM cards enable a telecommunication service subscriber to be identified on a corresponding service provider's network by storing a unique International Mobile Subscriber Identity (IMSI) that can be retrieved and subsequently authenticated over-the-air by a corresponding service provider, each time a user device engages in communications with its telecommunication service provider.
  • IMSI International Mobile Subscriber Identity
  • a SIM IMSI generally includes the following information: a Mobile Country Code (MCC), a Mobile Network Code (MNC), and a Mobile Subscriber Identification Number (MSIN). This information allows a user's provider-issued SIM card to be identified, registered, and authenticated with an issuing telecommunication service provider.
  • MCC Mobile Country Code
  • MNC Mobile Network Code
  • MSIN Mobile Subscriber Identification Number
  • SIM cards are sold "as is,” meaning they are both static and rate plan specific, as their IMSI data cannot be modified after issuance. For this reason, each time a customer purchases a new telecommunication device or a new service plan offering from its service provider, the customer may be issued a different SIM card that must be added to the customer's existing user account at the service provider. Additionally, most SIM cards typically comprise only enough on-device memory to store static IMSI data along with minimal user contact information, such as a small number of important subscriber contact phone numbers. BRIEF DESCRIPTION OF THE DRAWINGS
  • Figure 1 illustrates an example environment in which a provider services entity remotely unlocks telecommunication devices based on policies and in response to user requests, in accordance with embodiments of the disclosure.
  • Figure 2 is a component level view of a computing device associated with a provider services entity, in accordance with embodiments of the disclosure.
  • Figure 3 is a flow chart of an example process for deciding, by a provider services entity, whether to unlock functionality of a telecommunication device based on policies and in response to a user request, in accordance with embodiments of the disclosure.
  • This disclosure describes techniques for deciding, by a remote provider services entity, whether to unlock functionality of a telecommunication device.
  • the functionality of the telecommunication device may be locked for any of a number of reasons. For example, the rate plan associated with the SIM card may not match a rate plan associated with the telecommunication device, and the telecommunication device may have locked functionality upon detecting this mismatch. Such rate locking is described in detail in U.S.
  • the functionality of the telecommunication device may instead be locked for other reasons.
  • the telecommunication service provider may have locked the functionality of the telecommunication device in response to the telecommunication device having been reported lost or stolen, in response delinquency in payment for an account associated with the telecommunication device, or in response to expiration of a service plan associated with the telecommunication device.
  • a user associated with the locked device may contact a telecommunication service provider to unlock the device in any of a number of ways.
  • a provider services entity of the telecommunication service provider may be associated with a website which enables the user to select a device unlock option.
  • the provider services entity may interface with customer care or interactive voice response systems, and the user may call the customer care or interactive voice response systems to request the unlock.
  • the unlock requested by the user may be a permanent or temporary unlock. If a temporary unlock, the user may select or specify a time period for the unlock. A temporary unlock may be sought, for instance, when the user will be traveling in another country and will need to use a SIM card of a different service provider to access telecommunication services in that country.
  • the user may be asked for a device identifier, such as an International Mobile Station Equipment Identity (IMEI), which the provider services entity may validate against a register of device identifiers, such as an equipment identification register (EIR). If the request validates, the request is provided to a policy engine of the provider services entity.
  • IMEI International Mobile Station Equipment Identity
  • EIR equipment identification register
  • the policy engine may apply one or more policies received from a policy and subscription manager (hereinafter, "policy manager") of the provider services entity.
  • policy manager may enable adding, deleting, and editing of the one or more policies.
  • the policy manager may communicate with policy manager tools of a business user responsible for setting or entering policies on behalf of the telecommunication services provider.
  • the policies may reflect business priorities, plans, and decisions of the telecommunication services provider.
  • the business user may also enter policy overrides on a case-by-case basis, which are provided through the policy manager tools to the policy manager and from the policy manager to the policy engine.
  • the policy engine decides, based at least on the one or more policies, whether to unlock the functionality of the telecommunication device.
  • the policy engine may also take into account a rate plan or account status associated with the telecommunication device. If the request seeks a permanent unlock, and if the policy engine decides based on policies not to unlock the functionality, the policy engine may do one of two things. First, the policy engine may cause a message, such as a short message service (SMS) message, to be sent to the telecommunication device informing the user of the telecommunication device that the request has been denied. Second, the policy engine may decide whether to provide a temporary unlock of the functionality (even though a permanent unlock was sought).
  • SMS short message service
  • the policy engine decides, based at least in part on the one or more policies, whether to temporarily unlock the functionality. If the policy engine decides against temporarily unlocking the functionality, the policy engine may cause a message, such as a SMS message, to be sent to the telecommunication device informing the user of the telecommunication device that the request has been denied.
  • a message such as a SMS message
  • the policy engine may cause a message, such as a SMS message, to be sent to the telecommunication device informing the user of the telecommunication device that the unlock has been granted.
  • a message such as a SMS message
  • Such a notification may include the time period for the unlock if the unlock is a temporary unlock.
  • the policy engine also notifies an unlock manager of the provider services entity that the functionality of the telecommunication device is to be permanent or temporarily unlocked and, if temporarily unlocked, of the time period for the temporary unlock.
  • the unlock manager has a secured communication session with the telecommunication device.
  • the secure communication may even be extended to an identity module of the telecommunication device, such as a SIM card, through secure agents on a trusted execution environment of the telecommunication device and on the identity module.
  • identity module such as a SIM card
  • secure agents on a trusted execution environment of the telecommunication device and on the identity module.
  • Such securing is described in greater detail in U.S. patent application serial number 13/nnn,mmm, entitled “SIM Lock ⁇ " and filed on March 15, 2013.
  • the unlock manager Upon receiving notification of the unlock from the policy engine, the unlock manager transmits unlock instructions over the secure communication session to the telecommunication device, the instructions including a time period when the unlock is a temporary unlock. The telecommunication device may then accomplish the unlock based on the instructions.
  • FIG. 1 depicts a telecommunication system/network 100, in accordance with various implementations of the disclosure.
  • the telecommunication system 100 includes, but is not limited to, a provider services entity 108 in communication with multiple affiliated network servers, 104 and 106, and one or more network base stations 1 18, via portions of a network backhaul 1 16 and/or via other distributed portions of the network (not shown), respectively having connectivity to the world-wide web 102.
  • system 100 includes an over-the-air (OTA) interface that facilitates radio communications, e.g., wireless Internet Protocol (IP) data and SMS communications 120a-c, and the like, between the provider services entity 108 and one or more user telecommunication devices 122a-c, via a network base station 1 18.
  • OTA over-the-air
  • telecommunication system 100 of Figure 1 is intended to depict a simplified representation of a telecommunication network that can employ any mixture of 2G, 3G, and 4G access technologies, which are commonly utilized in a real-world, heterogeneous telecommunication network deployments. These diverse communication technologies and alternative network topologies are neither depicted nor described within the context of the telecommunication system 100 of Figure 1, for the sake of brevity.
  • the telecommunication devices 122 may be representative of any number common wireless communication devices, including cellular phones, tablet computers, electronic book devices, handheld gaming units, personal media players, etc., which can be connected to the telecommunication network 100 utilizing one or more wireless base stations 1 18, or any other common wireless or wireline network access technology. Further, the user communication devices 122 may be configured to run any known operating system, including but not limited to, Microsoft Windows Mobile®, Google Android®, Apple iOS®, Linux Mobile®, or any other common mobile device operating system.
  • each of the telecommunication devices 122 may have an operating system 124 and a trusted execution environment (TEE) 126 connected by a trusted layer connector (TLC) 128.
  • the operating system 124 may include an unlock application 130, which may receive notifications and instructions/triggers 120 from the provider services entity 108.
  • the unlock application 130 may provide the instructions/triggers 120 to a trustlet 132 through the TLC 128, and the trustlet 132 may effect the unlocking of the telecommunication device 122.
  • the trustlet 132 or another component of the TEE 126 may also provide a secure connection to an identification module, such as a SIM card, of the telecommunication device 122.
  • the unlock application 130 may cause display or some other sort of rendering of the notifications.
  • the telecommunication system 100 could be configured to employ any combination of common wireless broadband communication technologies, including, but not limited to, Long Term Evolution (LTE), LTE Advanced, High-Speed Data Packet Access (HSDPA), Evolved High-Speed Packet Access (HSPA+), Universal Mobile Telecommunication System (UMTS), Code-Division Multiple Access (CDMA), Global System for Mobile Communications (GSM), WiMax, and WiFi.
  • LTE Long Term Evolution
  • HSDPA High-Speed Data Packet Access
  • HSPA+ High-Speed Packet Access
  • UMTS Universal Mobile Telecommunication System
  • CDMA Code-Division Multiple Access
  • GSM Global System for Mobile Communications
  • WiMax Wireless Fidelity
  • WiFi Wireless Fidelity
  • the backhaul portion 1 16 of the telecommunication network 100 may be configured to employ any common wireline communication technology, including but not limited to, optical fiber, coaxial cable, twisted pair cable, Ethernet cable, and power-line cable, along with any common wireless communication technology, such as those described above.
  • the provider services entity 108 may include, but is not limited to, the following elements: a policy engine 1 10, a user interface (UI) component 1 12, an unlock manager 1 14, such as a mobile device management/trusted service manager (MDM/TSM) component, and a policy manager 134.
  • a user can be proactive in remedying this problem by contacting its telecommunication service provider and interacting with its provider services entity 108 via UI tools of its UI component 1 12.
  • One of these UI tools of the UI component 1 12 can be a traditional customer care center that allows a user of a locked telecommunication device 122 to call in and speak directly with a customer service representative of its telecommunication service provider.
  • Another UI tool of the UI component 1 12 may be a customer web interface that allows a user of a locked telecommunication device 122 to utilize a dedicated customer account webpage (not shown) of a corresponding service provider website, to perform various user-driven account management functions.
  • a user-driven account management function of a customer's account webpage can facilitate a user unlocking their telecommunication device 122 over the Internet/Web 102.
  • this particular scenario may occur when a subscriber decides to pay a past due monthly service fee online, i.e., by credit card, using a secure online payment system of the service provider's website to initiate an unlock action 120 for their telecommunication device 122.
  • the telecommunication device 122 may have been locked based on the provider services entity 108 previously consulting a local or networked equipment identity payment (EIP) server 104, to identify a telecommunication device 122 associated with the delinquent customer account, and then lock the device 122c.
  • EIP networked equipment identity payment
  • An additional UI tool of the UI component 1 12 may be an Interactive Voice Response (IVR) system, which allows a user to call a phone number associated with the IVR system and then follow pre-recorded voice instructions/prompts to attempt to unlock their communication device, in a similar manner to the other UI tool routines described above.
  • IVR Interactive Voice Response
  • the user may provide a request for a permanent or temporary unlock of the telecommunication device 122. If a temporary unlock, the user may select or specify a time period for the unlock. A temporary unlock may be sought, for instance, when the user will be traveling in another country and will need to use a SIM card of a different service provider to access telecommunication services in that country.
  • the user may be asked for a device identifier, such as a IMEI, which the provider services entity may validate against a register of device identifiers, such as the EIR 106. If the request validates, the request is provided to a policy engine 1 10 of the provider services entity 108.
  • a device identifier such as a IMEI
  • the provider services entity may validate against a register of device identifiers, such as the EIR 106. If the request validates, the request is provided to a policy engine 1 10 of the provider services entity 108.
  • the policy engine 1 10 of the provider services entity 108 can advantageously maintain user account information, as well as service provider policies within a resident or distributed service provider data store, to enable customer accounts and affiliated telecommunication devices 122 to be managed by a corresponding telecommunication service provider using the provider services entity 108.
  • a particular service provider may also elect to enforce preferred service policies via its policy engine 1 10, in such a manner as to facilitate any of the above unlocking schemes with its UI component 1 12.
  • one or more policies may be received by the policy engine 1 10 from a policy and subscription manager 134 (hereinafter, "policy manager 134") of the provider services entity 108.
  • the policy manager 134 may enable adding, deleting, and editing of the one or more policies.
  • the policy manager 134 may communicate with policy manager tools of a business user responsible for setting or entering policies on behalf of the telecommunication services provider.
  • the policies may reflect business priorities, plans, and decisions of the telecommunication services provider.
  • the business user may also enter policy overrides on a case-by-case basis, which are provided through the policy manager tools to the policy manager 134 and from the policy manager 134 to the policy engine 1 10.
  • the policy engine 1 10 decides, based at least on the one or more policies, whether to unlock the functionality of a telecommunication device 122.
  • the policy engine 1 10 may also take into account a rate plan or account status associated with the telecommunication device 122, such as an account status retrieved from EIP 104. If the request seeks a permanent unlock, and if the policy engine 1 10 decides based on policies not to unlock the functionality, the policy engine 1 10 may do one of two things. First, the policy engine 110 may cause a message, such as a SMS message, to be sent to the telecommunication device 122 informing the user of the telecommunication device 122 that the request has been denied. Second, the policy engine 1 10 may decide whether to provide a temporary unlock of the functionality (even though a permanent unlock was sought).
  • the policy engine 1 10 decides, based at least in part on the one or more policies, whether to temporarily unlock the functionality. If the policy engine 1 10 decides against temporarily unlocking the functionality, the policy engine 1 10 may cause a message, such as a SMS message, to be sent to the telecommunication device 122 informing the user of the telecommunication device 122 that the request has been denied.
  • a message such as a SMS message
  • the policy engine 1 10 may cause a message, such as a SMS message, to be sent to the telecommunication device 122 informing the user of the telecommunication device 122 that the unlock has been granted. Such a notification may include the time period for the unlock if the unlock is a temporary unlock.
  • the policy engine 1 10 also notifies an unlock manager 1 14 of the provider services entity 108 that the functionality of the telecommunication device 122 is to be permanent or temporarily unlocked and, if temporarily unlocked, of the time period for the temporary unlock.
  • the unlock manager 1 14 of the provider services entity 108 may communicate device unlocking triggers 120a-b, also referred to as unlocking instructions, or service blocking triggers 120c to the telecommunication devices 122a-c using SMS messages, i.e., via a short messaging service center (SMSC), IP messages, i.e., via gateway GPRS and/or serving GPRS support nodes (GGSNs or SGSNs), or by any other common messaging protocol.
  • the unlock manager 1 14 may communicate the unlocking triggers 120a-b responsive to the telecommunication devices 122a-b responsive to receiving notifications from the policy engine 110 that the telecommunication devices 122a-b are to be unlocked.
  • the unlock manager 1 14 may communicate the unlocking triggers 120a-b using secure communication sessions with the telecommunication devices 122a-b, as discussed above.
  • FIG. 2 is a component level view of a computing device associated with a provider services entity, in accordance with embodiments of the disclosure.
  • the computing device 200 comprises a system memory 202 storing one or more provider service component(s) 204 and other modules and data 206.
  • the computing device 200 includes processor(s) 208, a removable storage 210, a non-removable storage 212, transceivers 214, output device(s) 216, and input device(s) 218.
  • system memory 202 is volatile (such as
  • the provider service component(s) 204 may be any one or more of the policy engine 1 10, the user interface 1 12, the unlock manager 1 14, or the policy manager 134 described above in detail with regard to FIG. 1.
  • the other modules or data 206 stored in the system memory 202 may comprise any sort of applications or platform components of the computing device 200, as well as data associated with such applications or platform components.
  • the processor(s) 208 is a central processing unit (CPU), a graphics processing unit (GPU), or both CPU and GPU, or any other sort of processing unit.
  • CPU central processing unit
  • GPU graphics processing unit
  • any other sort of processing unit any other sort of processing unit.
  • the computing device 200 also includes additional data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape. Such additional storage is illustrated in FIG. 2 by removable storage 210 and non-removable storage 212.
  • Tangible computer- readable media may include volatile and nonvolatile, removable and nonremovable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data.
  • System memory 202, removable storage 210 and nonremovable storage 212 are all examples of computer-readable storage media.
  • Computer-readable storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the computing device 200. Any such tangible computer-readable media may be part of the computing device 200.
  • the transceivers 214 include any sort of transceivers known in the art.
  • transceivers 214 may include a radio transceiver that performs the function of transmitting and receiving radio frequency communications via an antenna.
  • the transceivers 214 may include wired communication components, such as an Ethernet port, that connect the computing device 200 in a wired fashion to the backhaul 1 16 or to one or more other devices of the provider service entity 108.
  • the transceivers 214 may facilitate wireless connectivity between the computing device 200 and the backhaul 1 16 or one or more other devices of the provider service entity 108.
  • the output devices 216 include any sort of output devices known in the art, such as a display (e.g., a liquid crystal display), speakers, a vibrating mechanism, or a tactile feedback mechanism.
  • Output devices 216 also include ports for one or more peripheral devices, such as headphones, peripheral speakers, or a peripheral display.
  • input devices 218 include any sort of input devices known in the art.
  • input devices 218 may include a camera, a microphone, a keyboard/keypad, or a touch-sensitive display.
  • a keyboard/keypad may be a push button numeric dialing pad (such as on a typical telecommunication device), a multi-key keyboard (such as a
  • FIG. 3 illustrates an example process 300.
  • This process 300 is illustrated as a logical flow graph, each operation of which represents a sequence of operations that can be implemented in hardware, software, or a combination thereof.
  • the operations represent computer-executable instructions stored on one or more computer-readable storage media that, when executed by one or more processors, perform the recited operations.
  • computer-executable instructions include routines, programs, objects, components, data structures, and the like that perform particular functions or implement particular abstract data types.
  • the order in which the operations are described is not intended to be construed as a limitation, and any number of the described operations can be combined in any order and/or in parallel to implement the processes.
  • Figure 3 is a flow chart of an example process for deciding, by a provider services entity, whether to unlock functionality of a
  • the process 300 includes, at 302, receiving a request to unlock functionality of a telecommunication device.
  • the request may be received through at least one of a website, a customer care system, or an IVR system.
  • the telecommunication device may locked because the telecommunication device includes an identification module that is associated with a different service plan than the telecommunication device, because an account associated with the telecommunication device indicates that a subscriber is delinquent in payment or that a subscription associated with the account is expired, or because the telecommunication device has been reported lost or stolen.
  • a user associated with the request may be asked to enter a device identifier for the telecommunication device.
  • the device identifier may be validated against a device entity register.
  • a policy engine of the provider services entity determines whether the request is a request for a permanent unlock or a temporary unlock based on whether the request indicates that a permanent unlock or temporary unlock is sought.
  • the request may specify a time period associated with the temporary unlock being sought.
  • the policy engine may decide, based at least in part on one or more policies, whether to unlock the functionality. In some embodiments, the deciding may further be based on a rate plan and account status associated with the telecommunication device.
  • the policy engine decides to permanently unlock the functionality, instructions are transmitted to the telecommunication device to unlock the functionality. This transmission may be performed by an unlock manager responsive to the unlock manager receiving a notification from the policy engine that the policy engine has decided to unlock the functionality.
  • the policy engine may also cause transmission of a notification to a user associated with the telecommunication device indicating that the functionality will not be unlocked.
  • the policy engine can decide, based on one or more policies whether to temporarily unlock the functionality. In some embodiments, the deciding may further be based on a rate plan and account status associated with the telecommunication device. Alternatively, at 316, if the policy engine decides not to permanently unlock the functionality, the policy engine may simply notify a user associated with the telecommunication device that the request is denied. [0053] The deciding at 314 may also be performed responsive to determining, at 306, that the request seeks a temporary unlock of the
  • the policy engine may, at 316, notify a user associated with the telecommunication device that the request is denied.
  • the policy engine decides, based at least in part on one or more policies, to temporarily unlock the functionality, instructions are transmitted to the telecommunication device to temporarily unlock the functionality. Such instructions may include the time period for the unlock. This transmission may be performed by an unlock manager responsive to the unlock manager receiving a notification from the policy engine that the policy engine has decided to temporarily unlock the functionality.
  • the policy engine may also cause transmission of a notification to a user associated with the telecommunication device indicating that the functionality will not be temporarily unlocked

Abstract

Techniques are described herein for deciding whether to unlock functionality of a telecommunication device based on one or more policies. A policy engine remote from the telecommunication device may receive, via a user interface associated with the policy engine, a request to unlock the functionality. The policy engine may then decide whether to unlock the functionality and, in response to deciding to unlock the functionality, may cause transmission of instructions to the telecommunication device to unlock the functionality.

Description

REMOTE UNLOCKING OF TELECOMMUNICATION
DEVICE FUNCTIONALITY
CROSS REFERENCE TO RELATED PATENT APPLICATIONS [0001] This patent application claims priority filing benefit from U.S.
Utility patent application entitled "Remote Unlocking of Telecommunication Device Functionality" with Serial No. 13/840,045 filed March 15, 2013, and to its parent U.S. Provisional Patent Application No. 61/636,499, filed April 20, 2012, U.S. Provisional Patent Application No. 61/645,546, filed May 10, 2012, and U.S. Provisional Patent Application No. 61/684,683, filed August 17, 2012, which are hereby incorporated by reference, in their entirety. This patent application is also a continuation-in-part of U.S. Patent Application No. 13/660,350, filed on October 25, 2012, which claims priority to U.S. Provisional Patent Application No. 61/552,353, filed October 27, 201 1, both of which are hereby incorporated by reference, in their entirety.
BACKGROUND
[0002] Modern telecommunication service providers generate much of their revenue by selling propriety wireless communication services and devices to their customers, under the good-faith assumption that these services and devices will be utilized in accordance with their intended purposes. For example, a particular telecommunication service provider may allow access to its wireless communication services by selling customers a prepaid or a postpaid, i.e., subscription-based, rate plan, which is generally associated with a respective customer's service level agreement. A telecommunication service provider can also require its customers to purchase corresponding, provider-specific communication devices, including cellular phones, personal digital assistants, tablet computers, and the like, in order to access its proprietary communication services.
[0003] Further, telecommunication service providers and mobile device manufacturers enter into lucrative business agreements that contractually bind select manufacturers' products to a particular service provider. In practice, these agreements are based on many important real-world considerations, including a service provider's customer-base, existing market share, forecast device sales, amongst many other factors. However, these mutually beneficial business relationships can be negatively impacted by customer deviations from both expected service usage and retail device purchases. Accordingly, it is important for service providers and affiliated device manufactures to collaborate with each other, in order to ensure that both contracting parties are able to achieve their independent and collective business objectives, in view of these types of consumer anomalies.
[0004] Adding to the problem of unanticipated customer deviations, many tech-sawy consumers have contrived new ways to frustrate the business and marketing objectives of both telecommunication service providers and device manufacturers, by employing both software and hardware work-arounds or hacks, which enable them to gain unauthorized access to telecommunication services and devices. This subset of consumers has been able to bypass security measures employed in proprietary communication devices of an affiliated telecommunication service provider, as well as to acquire unaffiliated, generic/unlocked devices, to avoid purchasing services and products from their respective telecommunication service provider.
[0005] For example, some telecommunication device users execute unauthorized software to breach certain security features of their respective device, in order to gain root-level access to their device's operating system (OS). Achieving this OS-level access allows a user to download additional applications, extensions, and themes that are not approved by the device's authorized service provider and/or media content provider(s). This misuse of a carrier-locked communication device is sometimes referred to in the industry as "jail-breaking" a device, and it can allow an unlocked, jail-broken device to gain access to unauthorized services of multiple telecommunication service providers.
[0006] Another example of a common hardware hack that has been employed by some telecommunication device users is to purchase an after-market product known as a "SIM-shim," which is a thin circuit board that is designed to fit between a service provider's Subscriber Identity Module (SIM) card and a telecommunication device's SIM socket. The SIM-shim device can be employed to allow a user to unlock his or her carrier-locked device, by simply inserting this add-on component into his or her device, thereby effectuating an override of device security features intended to keep the device restricted to services of a specific telecommunication service provider.
[0007] As would be understood by those skilled in the art, SIM cards enable a telecommunication service subscriber to be identified on a corresponding service provider's network by storing a unique International Mobile Subscriber Identity (IMSI) that can be retrieved and subsequently authenticated over-the-air by a corresponding service provider, each time a user device engages in communications with its telecommunication service provider. A SIM IMSI generally includes the following information: a Mobile Country Code (MCC), a Mobile Network Code (MNC), and a Mobile Subscriber Identification Number (MSIN). This information allows a user's provider-issued SIM card to be identified, registered, and authenticated with an issuing telecommunication service provider.
[0008] Modern SIM cards are sold "as is," meaning they are both static and rate plan specific, as their IMSI data cannot be modified after issuance. For this reason, each time a customer purchases a new telecommunication device or a new service plan offering from its service provider, the customer may be issued a different SIM card that must be added to the customer's existing user account at the service provider. Additionally, most SIM cards typically comprise only enough on-device memory to store static IMSI data along with minimal user contact information, such as a small number of important subscriber contact phone numbers. BRIEF DESCRIPTION OF THE DRAWINGS
[0009] The Detailed Description is set forth with reference to the accompanying figures.
[0010] Figure 1 illustrates an example environment in which a provider services entity remotely unlocks telecommunication devices based on policies and in response to user requests, in accordance with embodiments of the disclosure.
[0011] Figure 2 is a component level view of a computing device associated with a provider services entity, in accordance with embodiments of the disclosure.
[0012] Figure 3 is a flow chart of an example process for deciding, by a provider services entity, whether to unlock functionality of a telecommunication device based on policies and in response to a user request, in accordance with embodiments of the disclosure.
DETAILED DESCRIPTION
[0013] It should be understood that although the disclosure describes several examples and related embodiments, the disclosure is not intended to be all-inclusive nor exhaustive in its descriptions. As such, it should be appreciated that the related subject matter of the disclosure can be reasonably modified, rearranged, or otherwise altered, to achieve similar results, without departing from the spirit and scope of the invention, as claimed. [0014] This disclosure describes techniques for deciding, by a remote provider services entity, whether to unlock functionality of a telecommunication device. The functionality of the telecommunication device may be locked for any of a number of reasons. For example, the rate plan associated with the SIM card may not match a rate plan associated with the telecommunication device, and the telecommunication device may have locked functionality upon detecting this mismatch. Such rate locking is described in detail in U.S. patent application number 13/660,350, entitled "Mobile Device- Type Locking" and filed on October 25, 2012. The functionality of the telecommunication device may instead be locked for other reasons. For instance, the telecommunication service provider may have locked the functionality of the telecommunication device in response to the telecommunication device having been reported lost or stolen, in response delinquency in payment for an account associated with the telecommunication device, or in response to expiration of a service plan associated with the telecommunication device.
[0015] A user associated with the locked device may contact a telecommunication service provider to unlock the device in any of a number of ways. For example, a provider services entity of the telecommunication service provider may be associated with a website which enables the user to select a device unlock option. Alternatively, the provider services entity may interface with customer care or interactive voice response systems, and the user may call the customer care or interactive voice response systems to request the unlock.
[0016] The unlock requested by the user may be a permanent or temporary unlock. If a temporary unlock, the user may select or specify a time period for the unlock. A temporary unlock may be sought, for instance, when the user will be traveling in another country and will need to use a SIM card of a different service provider to access telecommunication services in that country.
[0017] When initiating the request, the user may be asked for a device identifier, such as an International Mobile Station Equipment Identity (IMEI), which the provider services entity may validate against a register of device identifiers, such as an equipment identification register (EIR). If the request validates, the request is provided to a policy engine of the provider services entity.
[0018] In various embodiments, the policy engine may apply one or more policies received from a policy and subscription manager (hereinafter, "policy manager") of the provider services entity. The policy manager may enable adding, deleting, and editing of the one or more policies. Also, the policy manager may communicate with policy manager tools of a business user responsible for setting or entering policies on behalf of the telecommunication services provider. The policies may reflect business priorities, plans, and decisions of the telecommunication services provider. The business user may also enter policy overrides on a case-by-case basis, which are provided through the policy manager tools to the policy manager and from the policy manager to the policy engine.
[0019] The policy engine decides, based at least on the one or more policies, whether to unlock the functionality of the telecommunication device. The policy engine may also take into account a rate plan or account status associated with the telecommunication device. If the request seeks a permanent unlock, and if the policy engine decides based on policies not to unlock the functionality, the policy engine may do one of two things. First, the policy engine may cause a message, such as a short message service (SMS) message, to be sent to the telecommunication device informing the user of the telecommunication device that the request has been denied. Second, the policy engine may decide whether to provide a temporary unlock of the functionality (even though a permanent unlock was sought).
[0020] In some embodiments, if the request seeks a temporary unlock, or if the policy engine decides not to provide a permanent unlock, the policy engine decides, based at least in part on the one or more policies, whether to temporarily unlock the functionality. If the policy engine decides against temporarily unlocking the functionality, the policy engine may cause a message, such as a SMS message, to be sent to the telecommunication device informing the user of the telecommunication device that the request has been denied.
[0021] If the policy engine decides, based at least in part on the one or more policies, to permanently or temporarily unlock the telecommunication device, the policy engine may cause a message, such as a SMS message, to be sent to the telecommunication device informing the user of the telecommunication device that the unlock has been granted. Such a notification may include the time period for the unlock if the unlock is a temporary unlock. The policy engine also notifies an unlock manager of the provider services entity that the functionality of the telecommunication device is to be permanent or temporarily unlocked and, if temporarily unlocked, of the time period for the temporary unlock.
[0022] In some embodiments, the unlock manager has a secured communication session with the telecommunication device. The secure communication may even be extended to an identity module of the telecommunication device, such as a SIM card, through secure agents on a trusted execution environment of the telecommunication device and on the identity module. Such securing is described in greater detail in U.S. patent application serial number 13/nnn,mmm, entitled "SIM Lock Π" and filed on March 15, 2013. Upon receiving notification of the unlock from the policy engine, the unlock manager transmits unlock instructions over the secure communication session to the telecommunication device, the instructions including a time period when the unlock is a temporary unlock. The telecommunication device may then accomplish the unlock based on the instructions.
[0023] Figure 1 depicts a telecommunication system/network 100, in accordance with various implementations of the disclosure. The telecommunication system 100 includes, but is not limited to, a provider services entity 108 in communication with multiple affiliated network servers, 104 and 106, and one or more network base stations 1 18, via portions of a network backhaul 1 16 and/or via other distributed portions of the network (not shown), respectively having connectivity to the world-wide web 102. Further, system 100 includes an over-the-air (OTA) interface that facilitates radio communications, e.g., wireless Internet Protocol (IP) data and SMS communications 120a-c, and the like, between the provider services entity 108 and one or more user telecommunication devices 122a-c, via a network base station 1 18.
[0024] It should be appreciated that telecommunication system 100 of Figure 1 is intended to depict a simplified representation of a telecommunication network that can employ any mixture of 2G, 3G, and 4G access technologies, which are commonly utilized in a real-world, heterogeneous telecommunication network deployments. These diverse communication technologies and alternative network topologies are neither depicted nor described within the context of the telecommunication system 100 of Figure 1, for the sake of brevity.
[0025] The telecommunication devices 122 may be representative of any number common wireless communication devices, including cellular phones, tablet computers, electronic book devices, handheld gaming units, personal media players, etc., which can be connected to the telecommunication network 100 utilizing one or more wireless base stations 1 18, or any other common wireless or wireline network access technology. Further, the user communication devices 122 may be configured to run any known operating system, including but not limited to, Microsoft Windows Mobile®, Google Android®, Apple iOS®, Linux Mobile®, or any other common mobile device operating system.
[0026] In various embodiments, each of the telecommunication devices 122 may have an operating system 124 and a trusted execution environment (TEE) 126 connected by a trusted layer connector (TLC) 128. The operating system 124 may include an unlock application 130, which may receive notifications and instructions/triggers 120 from the provider services entity 108. The unlock application 130 may provide the instructions/triggers 120 to a trustlet 132 through the TLC 128, and the trustlet 132 may effect the unlocking of the telecommunication device 122. The trustlet 132 or another component of the TEE 126 may also provide a secure connection to an identification module, such as a SIM card, of the telecommunication device 122. The unlock application 130 may cause display or some other sort of rendering of the notifications. These components 124-132 of the telecommunication device 122 are described in greater detail in U.S. patent application serial number 13/nnn,mmm, entitled "SIM Lock Π" and filed on March 15, 2013.
[0027] It should also be appreciated that the telecommunication system 100 could be configured to employ any combination of common wireless broadband communication technologies, including, but not limited to, Long Term Evolution (LTE), LTE Advanced, High-Speed Data Packet Access (HSDPA), Evolved High-Speed Packet Access (HSPA+), Universal Mobile Telecommunication System (UMTS), Code-Division Multiple Access (CDMA), Global System for Mobile Communications (GSM), WiMax, and WiFi. Further, the backhaul portion 1 16 of the telecommunication network 100 may be configured to employ any common wireline communication technology, including but not limited to, optical fiber, coaxial cable, twisted pair cable, Ethernet cable, and power-line cable, along with any common wireless communication technology, such as those described above.
[0028] In some embodiments, the provider services entity 108 may include, but is not limited to, the following elements: a policy engine 1 10, a user interface (UI) component 1 12, an unlock manager 1 14, such as a mobile device management/trusted service manager (MDM/TSM) component, and a policy manager 134. In a scenario where a particular telecommunication device 122 has been locked, a user can be proactive in remedying this problem by contacting its telecommunication service provider and interacting with its provider services entity 108 via UI tools of its UI component 1 12. One of these UI tools of the UI component 1 12 can be a traditional customer care center that allows a user of a locked telecommunication device 122 to call in and speak directly with a customer service representative of its telecommunication service provider.
[0029] Another UI tool of the UI component 1 12 may be a customer web interface that allows a user of a locked telecommunication device 122 to utilize a dedicated customer account webpage (not shown) of a corresponding service provider website, to perform various user-driven account management functions. In one implementation, a user-driven account management function of a customer's account webpage can facilitate a user unlocking their telecommunication device 122 over the Internet/Web 102. By way of example, this particular scenario may occur when a subscriber decides to pay a past due monthly service fee online, i.e., by credit card, using a secure online payment system of the service provider's website to initiate an unlock action 120 for their telecommunication device 122. The telecommunication device 122 may have been locked based on the provider services entity 108 previously consulting a local or networked equipment identity payment (EIP) server 104, to identify a telecommunication device 122 associated with the delinquent customer account, and then lock the device 122c.
[0030] An additional UI tool of the UI component 1 12 may be an Interactive Voice Response (IVR) system, which allows a user to call a phone number associated with the IVR system and then follow pre-recorded voice instructions/prompts to attempt to unlock their communication device, in a similar manner to the other UI tool routines described above.
[0031] Regardless of which UI tool of the UI component 1 12 is used, the user may provide a request for a permanent or temporary unlock of the telecommunication device 122. If a temporary unlock, the user may select or specify a time period for the unlock. A temporary unlock may be sought, for instance, when the user will be traveling in another country and will need to use a SIM card of a different service provider to access telecommunication services in that country.
[0032] When initiating the request, the user may be asked for a device identifier, such as a IMEI, which the provider services entity may validate against a register of device identifiers, such as the EIR 106. If the request validates, the request is provided to a policy engine 1 10 of the provider services entity 108.
[0033] The policy engine 1 10 of the provider services entity 108 can advantageously maintain user account information, as well as service provider policies within a resident or distributed service provider data store, to enable customer accounts and affiliated telecommunication devices 122 to be managed by a corresponding telecommunication service provider using the provider services entity 108. In various scenarios, a particular service provider may also elect to enforce preferred service policies via its policy engine 1 10, in such a manner as to facilitate any of the above unlocking schemes with its UI component 1 12.
[0034] In various embodiments, one or more policies may be received by the policy engine 1 10 from a policy and subscription manager 134 (hereinafter, "policy manager 134") of the provider services entity 108. The policy manager 134 may enable adding, deleting, and editing of the one or more policies. Also, the policy manager 134 may communicate with policy manager tools of a business user responsible for setting or entering policies on behalf of the telecommunication services provider. The policies may reflect business priorities, plans, and decisions of the telecommunication services provider. The business user may also enter policy overrides on a case-by-case basis, which are provided through the policy manager tools to the policy manager 134 and from the policy manager 134 to the policy engine 1 10.
[0035] In various embodiments, the policy engine 1 10 decides, based at least on the one or more policies, whether to unlock the functionality of a telecommunication device 122. The policy engine 1 10 may also take into account a rate plan or account status associated with the telecommunication device 122, such as an account status retrieved from EIP 104. If the request seeks a permanent unlock, and if the policy engine 1 10 decides based on policies not to unlock the functionality, the policy engine 1 10 may do one of two things. First, the policy engine 110 may cause a message, such as a SMS message, to be sent to the telecommunication device 122 informing the user of the telecommunication device 122 that the request has been denied. Second, the policy engine 1 10 may decide whether to provide a temporary unlock of the functionality (even though a permanent unlock was sought).
[0036] In some embodiments, if the request seeks a temporary unlock, or if the policy engine 1 10 decides not to provide a permanent unlock, the policy engine 1 10 decides, based at least in part on the one or more policies, whether to temporarily unlock the functionality. If the policy engine 1 10 decides against temporarily unlocking the functionality, the policy engine 1 10 may cause a message, such as a SMS message, to be sent to the telecommunication device 122 informing the user of the telecommunication device 122 that the request has been denied.
[0037] If the policy engine 1 10 decides, based at least in part on the one or more policies, to permanently or temporarily unlock the telecommunication device 122, the policy engine 1 10 may cause a message, such as a SMS message, to be sent to the telecommunication device 122 informing the user of the telecommunication device 122 that the unlock has been granted. Such a notification may include the time period for the unlock if the unlock is a temporary unlock. The policy engine 1 10 also notifies an unlock manager 1 14 of the provider services entity 108 that the functionality of the telecommunication device 122 is to be permanent or temporarily unlocked and, if temporarily unlocked, of the time period for the temporary unlock.
[0038] In some embodiments, the unlock manager 1 14 of the provider services entity 108 may communicate device unlocking triggers 120a-b, also referred to as unlocking instructions, or service blocking triggers 120c to the telecommunication devices 122a-c using SMS messages, i.e., via a short messaging service center (SMSC), IP messages, i.e., via gateway GPRS and/or serving GPRS support nodes (GGSNs or SGSNs), or by any other common messaging protocol. The unlock manager 1 14 may communicate the unlocking triggers 120a-b responsive to the telecommunication devices 122a-b responsive to receiving notifications from the policy engine 110 that the telecommunication devices 122a-b are to be unlocked. The unlock manager 1 14 may communicate the unlocking triggers 120a-b using secure communication sessions with the telecommunication devices 122a-b, as discussed above.
[0039] Figure 2 is a component level view of a computing device associated with a provider services entity, in accordance with embodiments of the disclosure. As illustrated, the computing device 200 comprises a system memory 202 storing one or more provider service component(s) 204 and other modules and data 206. Also, the computing device 200 includes processor(s) 208, a removable storage 210, a non-removable storage 212, transceivers 214, output device(s) 216, and input device(s) 218.
[0040] In various embodiments, system memory 202 is volatile (such as
RAM), non-volatile (such as ROM, flash memory, etc.) or some combination of the two. The provider service component(s) 204 may be any one or more of the policy engine 1 10, the user interface 1 12, the unlock manager 1 14, or the policy manager 134 described above in detail with regard to FIG. 1. The other modules or data 206 stored in the system memory 202 may comprise any sort of applications or platform components of the computing device 200, as well as data associated with such applications or platform components.
[0041] In some embodiments, the processor(s) 208 is a central processing unit (CPU), a graphics processing unit (GPU), or both CPU and GPU, or any other sort of processing unit.
[0042] The computing device 200 also includes additional data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape. Such additional storage is illustrated in FIG. 2 by removable storage 210 and non-removable storage 212. Tangible computer- readable media may include volatile and nonvolatile, removable and nonremovable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data. System memory 202, removable storage 210 and nonremovable storage 212 are all examples of computer-readable storage media. Computer-readable storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the computing device 200. Any such tangible computer-readable media may be part of the computing device 200.
[0043] In some embodiments, the transceivers 214 include any sort of transceivers known in the art. For example, transceivers 214 may include a radio transceiver that performs the function of transmitting and receiving radio frequency communications via an antenna. The transceivers 214 may include wired communication components, such as an Ethernet port, that connect the computing device 200 in a wired fashion to the backhaul 1 16 or to one or more other devices of the provider service entity 108. In addition, the transceivers 214 may facilitate wireless connectivity between the computing device 200 and the backhaul 1 16 or one or more other devices of the provider service entity 108. [0044] In some embodiments, the output devices 216 include any sort of output devices known in the art, such as a display (e.g., a liquid crystal display), speakers, a vibrating mechanism, or a tactile feedback mechanism. Output devices 216 also include ports for one or more peripheral devices, such as headphones, peripheral speakers, or a peripheral display.
[0045] In various embodiments, input devices 218 include any sort of input devices known in the art. For example, input devices 218 may include a camera, a microphone, a keyboard/keypad, or a touch-sensitive display. A keyboard/keypad may be a push button numeric dialing pad (such as on a typical telecommunication device), a multi-key keyboard (such as a
conventional QWERTY keyboard), or one or more other types of keys or buttons, and may also include a joystick-like controller and/or designated navigation buttons, or the like.
[0046] Figure 3 illustrates an example process 300. This process 300 is illustrated as a logical flow graph, each operation of which represents a sequence of operations that can be implemented in hardware, software, or a combination thereof. In the context of software, the operations represent computer-executable instructions stored on one or more computer-readable storage media that, when executed by one or more processors, perform the recited operations. Generally, computer-executable instructions include routines, programs, objects, components, data structures, and the like that perform particular functions or implement particular abstract data types. The order in which the operations are described is not intended to be construed as a limitation, and any number of the described operations can be combined in any order and/or in parallel to implement the processes.
[0047] Figure 3 is a flow chart of an example process for deciding, by a provider services entity, whether to unlock functionality of a
telecommunication device based on policies and in response to a user request, in accordance with embodiments of the disclosure. The process 300 includes, at 302, receiving a request to unlock functionality of a telecommunication device. The request may be received through at least one of a website, a customer care system, or an IVR system. The telecommunication device may locked because the telecommunication device includes an identification module that is associated with a different service plan than the telecommunication device, because an account associated with the telecommunication device indicates that a subscriber is delinquent in payment or that a subscription associated with the account is expired, or because the telecommunication device has been reported lost or stolen.
[0048] At 304, a user associated with the request may be asked to enter a device identifier for the telecommunication device. At 304a, the device identifier may be validated against a device entity register.
[0049] At 306, a policy engine of the provider services entity determines whether the request is a request for a permanent unlock or a temporary unlock based on whether the request indicates that a permanent unlock or temporary unlock is sought. When the request is a request for a temporary unlock, the request may specify a time period associated with the temporary unlock being sought.
[0050] At 308, when the request is determined to be a request for a permanent unlock, the policy engine may decide, based at least in part on one or more policies, whether to unlock the functionality. In some embodiments, the deciding may further be based on a rate plan and account status associated with the telecommunication device.
[0051] At 310, if the policy engine decides to permanently unlock the functionality, instructions are transmitted to the telecommunication device to unlock the functionality. This transmission may be performed by an unlock manager responsive to the unlock manager receiving a notification from the policy engine that the policy engine has decided to unlock the functionality. At 312, the policy engine may also cause transmission of a notification to a user associated with the telecommunication device indicating that the functionality will not be unlocked.
[0052] At 314, if the policy engine decides not to permanently unlock the functionality, the policy engine can decide, based on one or more policies whether to temporarily unlock the functionality. In some embodiments, the deciding may further be based on a rate plan and account status associated with the telecommunication device. Alternatively, at 316, if the policy engine decides not to permanently unlock the functionality, the policy engine may simply notify a user associated with the telecommunication device that the request is denied. [0053] The deciding at 314 may also be performed responsive to determining, at 306, that the request seeks a temporary unlock of the
functionality. If the policy engine decides, based at least in part on one or more policies, against temporarily unlocking the functionality, the policy engine may, at 316, notify a user associated with the telecommunication device that the request is denied.
[0054] At 318, if the policy engine decides, based at least in part on one or more policies, to temporarily unlock the functionality, instructions are transmitted to the telecommunication device to temporarily unlock the functionality. Such instructions may include the time period for the unlock. This transmission may be performed by an unlock manager responsive to the unlock manager receiving a notification from the policy engine that the policy engine has decided to temporarily unlock the functionality. At 312, the policy engine may also cause transmission of a notification to a user associated with the telecommunication device indicating that the functionality will not be temporarily unlocked
[0055] Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described. Rather, the specific features and acts are disclosed as exemplary forms of implementing the claims.

Claims

WHAT IS CLAIMED IS:
1. A computer-implemented method comprising:
receiving a request to unlock functionality of a telecommunication device;
deciding, based at least in part on one or more policies, whether to unlock the functionality; and
transmitting unlock instructions to the telecommunication device in response to deciding to unlock the functionality.
2. The method of claim 1, wherein the request is received through at least one of a website, a customer care system, or an interactive voice response system.
3. The method of claim 1, further comprising, in response to receiving the request, asking a user associated with the request to enter a device identifier for the telecommunication device.
4. The method of claim 3, further comprising validating the device identifier with a device identifier register.
5. The method of claim 1, wherein the request includes an indication of whether a permanent unlock or a temporary unlock is sought.
6. The method of claim 5, wherein the request is for a permanent unlock, the deciding comprises deciding, based at least in part on the one or more policies, not to permanently unlock the functionality but to, instead,
temporarily unlock the functionality, and the transmitting comprises
transmitting instructions to temporarily unlock the functionality, the
instructions specifying a time period.
7. The method of claim 5, wherein a temporary unlock is sought and the transmitting comprises transmitting instructions to temporarily unlock the functionality, the instructions specifying a time period.
8. The method of claim 5, wherein the indication specifies a time period associated with the temporary unlock being sought.
9. The method of claim 1, further comprising, in response to deciding not to unlock the functionality, transmitting a notification message to the telecommunication device indicating that the functionality will not be unlocked.
10. The method of claim 1, further comprising notifying a user associated with the telecommunication device of the decision to unlock of the functionality.
1 1. The method of claim 1 , wherein the transmitting comprises notifying an unlock manager of the decision to unlock the functionality, the unlock manager transmitting the instructions to the telecommunication device to unlock the functionality.
12. The method of claim 1 1, further comprising securing a
communication session between the unlock manager and the
telecommunication device.
13. The method of claim 1, wherein the deciding is further based on a rate plan and account status associated with the telecommunication device.
14. The method of claim 1, wherein the telecommunication device is locked because the telecommunication device includes an identification module that is associated with a different service plan than the telecommunication device, because an account associated with the telecommunication device indicates that a subscriber is delinquent in payment or that a subscription associated with the account is expired, or because the telecommunication device has been reported lost or stolen.
15. A system comprising:
a processor; a user interface configured to be operated by the processor to enable a user to request unlocking of functionality of a telecommunication device;
a policy engine configured to be operated by the processor to receive the request from the user interface and to decide, based at least in part on one or more policies, whether to unlock the functionality; and
an unlock manager configured to be operated by the processor to, in response to the telecommunication device in response to deciding to unlock the functionality, receive notification from the policy engine of the decision to unlock the functionality and to transmit unlock instructions to the
telecommunication device.
16. The system of claim 15, further comprising a policy manager to enable adding, deleting, and editing of the one or more policies.
17. The system of claim 16, wherein the policy manager is further to enable case-by-case unlocking of functionality of a telecommunication device which contravenes at least one policy of the policy engine.
18. The system of claim 15, wherein the unlock manager has a secure connection to an identity module of the telecommunication device.
19. One or more computer storage devices having stored thereon a plurality of executable instructions configure to program a computing device to perform operations comprising:
receiving a request to unlock functionality of a telecommunication device, the request including an indication of whether a permanent unlock or a temporary unlock is sought;
deciding, based at least in part on one or more policies, whether to provide a permanent unlock or temporary unlock for the functionality; and transmitting unlock instructions in response to the telecommunication device in response to deciding to provide the permanent or temporary unlock for the functionality.
20. The one or more computer storage devices of claim 19, wherein a temporary unlock is provided and the transmitting comprises transmitting instructions to temporarily unlock the functionality, the instructions specifying a time period.
EP13778691.9A 2012-04-20 2013-04-19 Remote unlocking of telecommunication device functionality Withdrawn EP2839687A4 (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US201261636499P 2012-04-20 2012-04-20
US201261645546P 2012-05-10 2012-05-10
US201261684683P 2012-08-17 2012-08-17
US13/660,350 US9055443B2 (en) 2011-10-27 2012-10-25 Mobile device-type locking
US13/842,116 US9172538B2 (en) 2012-04-20 2013-03-15 Secure lock for mobile device
PCT/US2013/037332 WO2013158971A1 (en) 2012-04-20 2013-04-19 Remote unlocking of telecommunication device functionality

Publications (2)

Publication Number Publication Date
EP2839687A1 true EP2839687A1 (en) 2015-02-25
EP2839687A4 EP2839687A4 (en) 2015-12-30

Family

ID=49384096

Family Applications (1)

Application Number Title Priority Date Filing Date
EP13778691.9A Withdrawn EP2839687A4 (en) 2012-04-20 2013-04-19 Remote unlocking of telecommunication device functionality

Country Status (2)

Country Link
EP (1) EP2839687A4 (en)
WO (1) WO2013158971A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9807607B2 (en) 2014-10-03 2017-10-31 T-Mobile Usa, Inc. Secure remote user device unlock
US9813399B2 (en) 2015-09-17 2017-11-07 T-Mobile Usa, Inc. Secure remote user device unlock for carrier locked user devices
US10769315B2 (en) 2014-12-01 2020-09-08 T-Mobile Usa, Inc. Anti-theft recovery tool

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102015001107A1 (en) * 2015-01-29 2016-08-04 Giesecke & Devrient Gmbh Method for unlocking a mobile terminal

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2335568B (en) * 1998-03-18 2003-04-09 Nec Technologies Network operator controlled locking and unlocking mechanism for mobile phones
EP1359733A1 (en) * 2002-04-29 2003-11-05 Alcatel Telecommunication device with a conditional locking mechanism. Method for locking and unlocking such a device
FR2853194B1 (en) * 2003-03-26 2005-08-19 Cit Alcatel METHOD FOR UNLOCKING A PORTABLE PHONE TELEPHONE TYPE WIRELESS TELECOMMUNICATION TERMINAL
EP1550931A1 (en) * 2003-12-31 2005-07-06 Neopost S.A. Unlocking of a locked functionality of a computer-controlled apparatus
US8050705B2 (en) * 2006-10-12 2011-11-01 Dell Products L.P. Subscriber identity module unlocking service portal
US8737318B2 (en) * 2009-12-01 2014-05-27 At&T Intellectual Property I, L.P. Service models for roaming mobile device
TWI396996B (en) * 2010-09-02 2013-05-21 Wistron Corp Method for legally unlocking a sim card lock, unlocking server, and unlocking system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9807607B2 (en) 2014-10-03 2017-10-31 T-Mobile Usa, Inc. Secure remote user device unlock
US10769315B2 (en) 2014-12-01 2020-09-08 T-Mobile Usa, Inc. Anti-theft recovery tool
US10936761B2 (en) 2014-12-01 2021-03-02 T-Mobile Usa, Inc. Anti-theft recovery tool
US11593532B2 (en) 2014-12-01 2023-02-28 T-Mobile Usa, Inc. Anti-theft recovery tool
US9813399B2 (en) 2015-09-17 2017-11-07 T-Mobile Usa, Inc. Secure remote user device unlock for carrier locked user devices

Also Published As

Publication number Publication date
EP2839687A4 (en) 2015-12-30
WO2013158971A1 (en) 2013-10-24

Similar Documents

Publication Publication Date Title
US9319884B2 (en) Remote unlocking of telecommunication device functionality
US9055443B2 (en) Mobile device-type locking
US9591484B2 (en) Secure environment for subscriber device
US11743717B2 (en) Automated credential porting for mobile devices
KR101625183B1 (en) Methods and apparatus for correcting error events associated with identity provisioning
US9166950B2 (en) System and method for responding to aggressive behavior associated with wireless devices
CN103959857B (en) Manage the mobile device application in wireless network
US9392457B2 (en) Method and apparatus for self-activating a mobile device
US10687205B1 (en) Remote operational management of E-SIM
WO2009100969A1 (en) Identification and access control of mobile devices in a disconnected mode environment
EP2939458B1 (en) A system and method for responding to aggressive behavior associated with wireless devices
US20140372286A1 (en) Platform for enabling sponsored functions of a computing device
EP2839687A1 (en) Remote unlocking of telecommunication device functionality
CN104335619B (en) The remote de-locking of telecommunication apparatus function
CN115720388A (en) Method and device for realizing information sharing of user identification card and electronic equipment

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20141020

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

RIN1 Information on inventor provided before grant (corrected)

Inventor name: FROELICH, RAYMOND

Inventor name: OBAIDI, AHMAD, ARASH

Inventor name: IONESCU, ALEXANDRU CATALIN

Inventor name: BUZESCU, ADRIAN

DAX Request for extension of the european patent (deleted)
RA4 Supplementary search report drawn up and despatched (corrected)

Effective date: 20151127

RIC1 Information provided on ipc code assigned before grant

Ipc: H04W 8/18 20090101ALN20151123BHEP

Ipc: H04W 12/08 20090101ALI20151123BHEP

Ipc: H04W 8/24 20090101AFI20151123BHEP

17Q First examination report despatched

Effective date: 20171130

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20180410