WO2013008048A1

WO2013008048A1 - Method and apparatus for provisioning network access credentials

Info

Publication number: WO2013008048A1
Application number: PCT/IB2011/001628
Authority: WO
Inventors: Jan-Erik Ekberg; Rune Adolf Lindholm; Jukka Tapio Virtanen
Original assignee: Nokia Inc
Current assignee: Nokia Inc
Priority date: 2011-07-12
Filing date: 2011-07-12
Publication date: 2013-01-17
Anticipated expiration: 2014-01-12

Abstract

An apparatus for provisioning one or more secure elements may include a processor and memory storing executable computer code causing the apparatus to at least perform operations including receiving, via a secure element, information relating to an enforcement mechanism. The enforcement mechanism may include data indicating an expiry period associated with a time period in which the secure element communicates with a network entity on behalf of a network operator. The network operator may provide communications services to the apparatus. Corresponding methods and computer program products are also provided.

Description

METHOD AND APPARATUS FOR PROVISIONING

NETWORK ACCESS CREDENTIALS

TECHNOLOGICAL FIELD

Example embodiments of the present invention relate generally to mobile terminal technology and, more particularly, relate to a method and apparatus for enabling provision of one or more secure elements.

BACKGROUND

The modern communications era has brought about a tremendous expansion of wireline and wireless networks. Computer networks, television networks, and telephony networks are experiencing an unprecedented

technological expansion, fueled by consumer demand. Wireless and mobile networking technologies have addressed related consumer demands, while providing more flexibility and immediacy of information transfer.

Current and future networking technologies continue to facilitate ease of information transfer and convenience to users. Due to the now ubiquitous nature of electronic communication devices, people of all ages and education levels are utilizing electronic devices to communicate with other individuals or contacts, receive services and/or share information, media and other content. One area in which there is a demand to increase ease of information transfer relates to services enabled by secure elements (for example, smart cards, subscriber identity modules (SIMs), and universal integrated circuit card (UICCs).)

BRIEF SUMMARY

A method and apparatus may provide an efficient and reliable mechanism for enabling provision of one or more secure elements. At present, many network operators utilize subscriber identity module (SIM) Lock capabilities to restrict the use of the mobile phones used by subscribers. For example, many network operators may SIM Lock their mobile phones and may offer communications services to subscribers in exchange for a contract to pay for the use of a communications network for a specified period of time. Currently, a mobile phone that is SIM locked may be unlocked by entering a code typically provided by a network operator. Typically, network operators desire to protect the integrity of the SIM Lock so that the SIM Lock may not be broken, since the service provider typically utilizes the SIM Lock to obtain income through its service. If a SIM Lock is broken, a smart card (for example, a SIM card) may be replaced with a smart card from another network operator, which may enable the mobile phone to be utilized on networks operated by a different network operator, which may result in lost revenues for the original network provider providing the communications services.

Depending on hardware architecture of a mobile phone, the implementation of SIM Lock may be an elaborate technical effort to achieve. For example, in order to implement a SIM Lock typically the hardware architecture of a mobile phone is combined with a secure device bootup phase and secure or isolated channels may be arranged between modem stacks and a physical SIM installed in the mobile phone. At present, many mobile phones currently available have their SIM Lock broken. This problem exists even in high-end mobile phones where there are security mechanisms in place that attempt to mitigate the threat of attacks to break the SIM Lock.

Additionally, smart cards may be utilized by network operators to provide prepaid services. For example, money may be paid by a customer to a network operator in advance for usage of a predetermined amount of communications services. This money and the predetermined amount of services may be associated with an account that is linked to a smart card. An account (for example, a prepaid account) or subscription associated with a smart card is typically identified by a globally unique identifier, such as an International Mobile Subscriber Identity (IMSI), which is typically allocated in ranges to network operators. In some cases the IMSIs may serve to identify smart cards. Alternatively, some network operators may use an Integrated Circuit Card Identifier (ICCID) of an UICC as an identification of a smart card for card management purposes. The IMSI(s) may be stored in a network authentication center (AuC) related to authentication key material in which the smart card may be authenticated. Based on the IMSI, a network may bind communication of a specific device to a Mobile Subscriber Integrated Services Digital Network (ISDN) Number (MSISDN) (for example, a telephone number). The MSISDN may also be globally unique, but its range may be significantly larger than an IMSI. A topic of concern related to providing prepaid services is that some network operators may suffer from IMSI numbering exhaustion and/or ICCID numbering exhaustion, since an authentication center may store a large number of IMSIs associated with a large number of smart card accounts or subscriptions. For instance, a problem experienced by the network operators may be that prepaid smart cards are used and thrown away, but there is typically no indication to the network as to when such a smart card is discarded and the smart card may never be topped up (for example, paid) any more. As such, network operators may run out of IMSIs and ICCIDs, and as such authentication centers may be populated with network access credentials such as, for example, IMSI, and key tuples that may never be used. Maintaining these large numbers of IMSIs, and/or ICCIDs which may or may not be actively utilized by some of the subscribers may consume memory and processing resources of the network providers. Additionally, at present, if an IMSI, or an ICCID is reused (a new UICC is populated with an old IMSI or ICCID) there may be a risk of a previous customer assigned the IMSI or ICCID not obtaining communications services if the pre-paid account is eventually topped off for the previously used smart card.

In view of the problems described above in existing mobile phones where SIM Locks are typically broken even in instances in which there are security mechanisms in place to mitigate attacks to break the SIM Lock, it may be beneficial to provide a mechanism for a more secure SIM Lock. Additionally, in view of the foregoing drawbacks, associated with the large number of IMSIs and/or ICCIDs that are typically maintained by network providers, it may be beneficial to provide a more efficient and reliable mechanism of provisioning prepaid accounts to smart cards to minimize the number of IMSIs and ICCIDs and/or more efficiently utilize existing IMSIs as well as existing ICCIDs.

In this regard, some example embodiments may provide an efficient and reliable mechanism for providing a more secure provisioning lock for one or more secure elements (for example, smart cards, embedded SIMs (eSIMs) or software SIMs (soft SIMs)). Additionally, some example embodiments may facilitate efficient usage of identifiers (for example, IMSIs, MSISDNs, or ICCIDs) of secure elements based on the expiration of communications services associated with the secure elements and/or one or more prepaid subscriptions expiring for communications services that may be provided for communication devices that include secure elements (for example, smart cards, eSIMs, or soft SIMs).

Some example embodiments may implement a provisioning lock for secure elements. In this regard, some example embodiments may provide a permanent hardware or cryptographically secured communication channel between a modem (also referred to herein as a modem processor), a processor and a secure element(s) to secure communications with the secure elements and so that secret/private information may not be obtained from the secure element(s) using unauthorized devices. This may eliminate a mechanism for hacking/wiring a secure element(s) forcefully to the modem or processor. In this regard, the secure elements of the example embodiments may be secure devices.

Example embodiments of the invention may enable secure elements (for example smart cards, user identity modules (UIMs), UICCs, SIM cards, eSIMs, or soft SIMs) or a network entity (for example, a trusted service manager (TSM)) to store a signed certificate (for example, a digital certificate) or record that identifies the lifetime such as, for example, an expiry period that may define a time period that a particular network operator may be authorized for providing

communications services to a communication device having a secure element. In this regard, the secure elements of the example embodiments may locally enforce expiry data.

Prior to the expiration of this time period, the example embodiments may allow secure elements to communicate with authorized entities (such as, for example, a TSM) for exchange of data (for example, identifiers (for example, IMSIs, MSISDNs, or ICCIDs), security keys, or applications. However, prior to the expiration of the time period, the example embodiments may disallow or prohibit the secure elements from communicating with other devices (for example, unauthorized devices, such as network devices of other network operators).

Upon expiration of the time period, the example embodiments may enable the secure elements to communicate with other devices such as, for example, network devices maintained by network operators for provision of communications services from one or more of these network devices. In this regard, the example embodiments may enable identities (for example, IMSIs, MSISDNs, or ICCIDs) associated with the secure elements associated with the prior network operator providing communications services to be reallocated to other secure elements. As such, the example embodiments may efficiently utilize identities of secure elements and may conserve memory resources by minimizing the number of identities that may be need to be stored in a memory device of a network operator or in a memory device maintained on behalf of a network operator.

In some example embodiments, the non-existence of such a certificate may, but need not, denote that no new secure element secrets and identities should be provisioned by a network entity (for example, a TSM Issuer) to a corresponding secure element(s). In some alternative example embodiments, new secure element secrets and identifies may be provisioned by a network entity to a corresponding secure element(s) even in the absence of a certificate. Additionally, in some embodiments, the expiry period may be associated with prepaid services related to prepaid subscriptions corresponding to respective secure elements. In this regard, in an instance in which a prepaid service is not utilized upon expiration of the expiry period, the example embodiments may reallocate the secrets and identities of the secure elements to other smart elements.

In one example embodiment, a method for provisioning one or more secure elements is provided. The method may include receiving, via a secure element of an apparatus, information relating to an enforcement mechanism. The information of the enforcement mechanism may include data indicating an expiry period associated with a time period in which the secure element communicates with a network entity on behalf of a network operator providing communications services to the apparatus.

In another example embodiment, an apparatus for provisioning one or more secure elements is provided. The apparatus may include a processor and a memory including computer program code. The memory and the computer program code are configured to, with the processor, cause the apparatus to at least perform operations including receiving, via a secure element of the apparatus, information relating to an enforcement mechanism. The information of the enforcement mechanism may include data indicating an expiry period associated with a time period in which the secure element communicates with a network entity on behalf of a network operator providing communications services to the apparatus. In another example embodiment, a computer program product for provisioning one or more secure elements is provided. The computer program product includes at least one computer-readable storage medium having computer executable program code instructions stored therein. The computer executable program code instructions may include program code instructions configured to facilitate receipt, via a secure element of an apparatus, of information relating to an enforcement mechanism. The information of the enforcement mechanism may include data indicating an expiry period associated with a time period in which the secure element communicates with a network entity on behalf of a network operator providing communications services to the apparatus.

Some example embodiments may provide a more secure and reliable mechanism for provisioning data to secure elements (for example, smart cards, eSIMs or soft SIMs.) Additionally, some example embodiments may enable network operators to more efficiently manage identities issued to secure elements by reallocating the identities that are no longer being used by other secure elements. As such, network operators may enjoy improved capabilities with respect to provisioning secure elements.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

Having thus described the invention in general terms, reference will now be made to the accompanying drawings, which are not necessarily drawn to scale, and wherein:

FIG. 1 is a schematic block diagram of a system according to example embodiments of the invention;

FIG. 2 is a schematic block diagram of an apparatus according to example embodiments of the invention;

FIG. 3 is a schematic block diagram of a network device according to example embodiments of the invention;

FIG. 4 is a schematic block diagram of a network entity according to example embodiments of the invention;

FIG. 5 is a block diagram of a system according to example embodiments of the invention; and

FIG. 6 illustrates a flowchart for provisioning one or more secure elements according to example embodiments of the invention. DETAILED DESCRIPTION

Some example embodiments of the present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which some, but not all embodiments of the invention are shown. Indeed, various embodiments of the invention may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Like reference numerals refer to like elements throughout. As used herein, the terms "data," "content," "information" and similar terms may be used interchangeably to refer to data capable of being transmitted, received and/or stored in accordance with embodiments of the present invention. Thus, use of any such terms should not be taken to limit the spirit and scope of embodiments of the present invention.

Additionally, as used herein, the term 'circuitry' refers to (a) hardware-only circuit implementations (for example, implementations in analog circuitry and/or digital circuitry); (b) combinations of circuits and computer program product(s) comprising software and/or firmware instructions stored on one or more computer readable memories that work together to cause an apparatus to perform one or more functions described herein; and (c) circuits, such as, for example, a microprocessor(s) or a portion of a microprocessor(s), that require software or firmware for operation even if the software or firmware is not physically present. This definition of 'circuitry' applies to all uses of this term herein, including in any claims. As a further example, as used herein, the term 'circuitry' also includes an implementation comprising one or more processors and/or portion(s) thereof and accompanying software and/or firmware. As another example, the term 'circuitry' as used herein also includes, for example, a baseband integrated circuit or applications processor integrated circuit for a mobile phone or a similar integrated circuit in a server, a cellular network device, other network device, and/or other computing device.

As defined herein a "computer-readable storage medium," which refers to a non-transitory, physical or tangible storage medium (for example, volatile or non- volatile memory device), may be differentiated from a "computer-readable transmission medium," which refers to an electromagnetic signal. According to some example embodiments, a secure element may include a SIM, embedded SIM (eSIM), softSIM, universal subscriber identity module (USIM), embedded USIM (eUSIM), softUSIM, UICC, embedded UICC (eUICC), UIM, removable UIM (R-UIM), and/or the like. The secure element may be removable or non-removable.

According to some example embodiments, a provisioning lock may be used to protect the network access credentials stored in a secure element. In order to provision a secure element with network access credentials, the secure element may need to be unlocked using the appropriate provisioning credentials.

According to some example embodiments, a provisioning lock may refer to enforcement of a time period in which one or more network entities of a network operator/provider having an agreement (for example, a subscription) to provide communications services to a communication device(s) or one or more entities operating on behalf of the network operator/provider may communicate with a secure element(s) of communication device(s), but other devices may, but need not, be disallowed or prohibited from communicating with the secure element(s) prior to the expiration of the time period (also referred to herein as an expiry period).

FIG. 1 illustrates a generic system diagram in which a device such as a mobile terminal 10 is shown in a communication environment according to some example embodiments. As shown in FIG. 1 , a system in accordance with some example embodiments may include a first communication device (for example, mobile terminal 10) and a second communication device 20 capable of

communication with each other via a network 30. In some cases, embodiments of the present invention may further include one or more additional communication devices, one of which is depicted in FIG. 1 as a third communication device 25. In some embodiments, not all systems that employ an embodiment of the present invention may comprise all the devices illustrated and/or described herein. While example embodiments of the mobile terminal 10 and/or second and third communication devices 20 and 25 may be illustrated and hereinafter described for purposes of example, other types of terminals, such as portable digital assistants (PDAs), pagers, mobile televisions, mobile telephones, gaming devices, laptop computers, cameras, video recorders, audio/video players, radios, global positioning system (GPS) and/or Global Navigation Satellite System (GLONASS) devices, Bluetooth headsets, Universal Serial Bus (USB) devices or any

combination of the aforementioned, and other types of voice and text

communications systems, can readily employ embodiments of the present invention. Furthermore, devices that are not mobile, such as servers and personal computers may also readily employ embodiments of the present invention.

The network 30 may include a collection of various different nodes (of which the second and third communication devices 20 and 25 may be examples), devices or functions that may be in communication with each other via

corresponding wired and/or wireless interfaces. As such, the illustration of FIG. 1 should be understood to be an example of a broad view of certain elements of the system and not an all inclusive or detailed view of the system or the network 30. According to some example embodiments the network 30 may be capable of supporting communication in accordance with any one or more of a number of First-Generation (1G), Second-Generation (2G), 2.5G, Third-Generation (3G), 3.5G, 3.9G, Fourth-Generation (4G) mobile communication protocols, Long Term Evolution (LTE) or Evolved Universal Terrestrial Radio Access Network (E- UTRAN), Self Optimizing/Organizing Network (SON) intra-LTE, inter-Radio Access Technology (RAT) Network and/or the like. According to some example embodiments, the network 30 may be a peer-to-peer (P2P) network.

One or more communication terminals such as the mobile terminal 10 and the second and third communication devices 20 and 25 may be in communication with each other via the network 30 and each may include an antenna or antennas for transmitting signals to and for receiving signals from one or more base sites. The base sites could be, for example one or more base stations (BS) that is a part of one or more cellular or mobile networks or one or more access points (APs) that may be coupled to a data network, such as a Local Area Network (LAN), Wireless Local Area Network (WLAN), a Wi-Fi Network, a Metropolitan Area Network (MAN), and/or a Wide Area Network (WAN), such as the Internet. In turn, other devices such as processing elements (for example, personal computers, server computers or the like) may be coupled to the mobile terminal 10 and the second and third communication devices 20 and 25 via the network 30. By directly or indirectly connecting the mobile terminal 10 and the second and third

communication devices 20 and 25 (and/or other devices) to the network 30, the mobile terminal 10 and the second and third communication devices 20 and 25 may be enabled to communicate with the other devices or each other. For example, the mobile terminal 10 and the second and third communication devices 20 and 25 as well as other devices may communicate according to numerous communication protocols including Hypertext Transfer Protocol (HTTP) and/or the like, to thereby carry out various communication or other functions of the mobile terminal 10 and the second and third communication devices 20 and 25, respectively.

Furthermore the mobile terminal 10 and the second and third

communication devices 20 and 25 may communicate in accordance with, for example, Radio Frequency (RF), Cellular, Near Field Communication (NFC), Bluetooth (BT), Infrared (IR) or any of a number of different wireline or wireless communication techniques, including Local Area Network (LAN), Wireless LAN (WLAN), Worldwide Interoperability for Microwave Access (WiMAX), Wireless Fidelity (Wi-Fi), Ultra- Wide Band (UWB), Wibree techniques and/or the like. As such, the mobile terminal 10 and the second and third communication devices 20 and 25 may be enabled to communicate with the network 30 and each other by any of numerous different access mechanisms. For example, mobile access mechanisms such as Wideband Code Division Multiple Access (W-CDMA), CDMA2000, Global System for Mobile communications (GSM), General Packet Radio Service (GPRS) and/or the like may be supported as well as wireless access mechanisms such as WLAN, WiMAX, and/or the like and fixed access mechanisms such as Digital Subscriber Line (DSL), cable modems, Ethernet and/or the like.

According to some example embodiments, the first communication device (for example, the mobile terminal 10) may be a mobile communication device such as, for example, a wireless telephone or other devices such as a personal digital assistant (PDA), mobile computing device, camera, video recorder, audio/video player, positioning device, game device, television device, radio device, or various other like devices or combinations thereof. The second communication device 20 and the third communication device 25 may be mobile or fixed communication devices. However, in one example, the second communication device 20 and the third communication device 25 may be servers, remote computers or terminals such as personal computers (PCs) or laptop computers. According to some example embodiments, the network 30 may be an ad hoc or distributed network arranged to be a smart space. Thus, devices may enter and/or leave the network 30 and the devices of the network 30 may be capable of adjusting operations based on the entrance and/or exit of other devices to account for the addition or subtraction of respective devices or nodes and their

corresponding capabilities.

According to some example embodiments, the mobile terminal as well as the second and third communication devices 20 and 25 may employ an apparatus (for example, apparatus of FIG. 2) capable of functioning according to example embodiments of the invention. In some example embodiments, the second communication device 20 may be a network device and the third communication device 25 may be a network entity (for example, a trusted service manager (TSM)), as described more fully below.

FIG. 2 illustrates a schematic block diagram of an apparatus for

provisioning one or more secure elements according to some example

embodiments. Some example embodiments of the invention will now be described with reference to FIG. 2, in which certain elements of an apparatus 50 are displayed. The apparatus 50 of FIG. 2 may be employed, for example, on the mobile terminal 10 (and/or the second communication device 20 or the third communication device 25). Alternatively, the apparatus 50 may be embodied on a network device of the network 30. However, the apparatus 50 may alternatively be embodied at a variety of other devices, both mobile and fixed (such as, for example, any of the devices listed above). In some cases, an embodiment may be employed on a combination of devices. Accordingly, some embodiments of the invention may be embodied wholly at a single device (for example, the mobile terminal 10), by a plurality of devices in a distributed fashion (for example, on one or a plurality of devices in a P2P network) or by devices in a client/server relationship. Furthermore, it should be noted that the devices or elements described below may not be mandatory and thus some may be omitted in some embodiments. Referring now to FIG. 2, the apparatus 50 may include or otherwise be in communication with a processor 70, a user interface 67, a communication interface 74, a memory device 76, a display 85, a secure element 38 and a modem processor 36. According to some example embodiments, the display 85 may be a touch screen display. The memory device 76 may include, for example, volatile and/or non-volatile memory. For example, the memory device 76 may be an electronic storage device (for example, a computer readable storage medium) comprising gates configured to store data (for example, bits) that may be retrievable by a machine (for example, a computing device like processor 70). In some

embodiments, the memory device 76 may be a tangible memory device that is not transitory. The memory device 76 may be configured to store information, data, files, applications, instructions or the like for enabling the apparatus to carry out various functions in accordance with example embodiments of the invention. For example, the memory device 76 could be configured to buffer input data for processing by the processor 70. Additionally or alternatively, the memory device 76 could be configured to store instructions for execution by the processor 70. As yet another alternative, the memory device 76 may be one of a plurality of databases that store information and/or media content (for example, pictures and/or videos.)

The apparatus 50 may, according to some example embodiments, be a mobile terminal (for example, mobile terminal 10) or a fixed communication device or computing device configured to employ example embodiments of the invention. According to some example embodiments, the apparatus 50 may be embodied as a chip or chip set. In other words, the apparatus 50 may comprise one or more physical packages (for example, chips) including materials, components and/or wires on a structural assembly (for example, a baseboard). The structural assembly may provide physical strength, conservation of size, and/or limitation of electrical interaction for component circuitry included thereon. The apparatus 50 may therefore, in some cases, be configured to implement embodiments of the invention on a single chip or as a single "system on a chip." As such, in some cases, a chip or chipset may constitute means for performing one or more operations for providing the functionalities described herein. Additionally or alternatively, the chip or chipset may constitute means for enabling user interface navigation with respect to the functionalities and/or services described herein. The processor 70 may be embodied in a number of different ways. For example, the processor 70 may be embodied as one or more of various processing means such as a coprocessor, microprocessor, a controller, a digital signal processor (DSP), processing circuitry with or without an accompanying DSP, or various other processing devices including integrated circuits such as, for example, an ASIC (application specific integrated circuit), an FPGA (field programmable gate array), a microcontroller unit (MCU), a hardware accelerator, a special- purpose computer chip, or the like. In some example embodiments, the processor 70 may be configured to execute instructions stored in the memory device 76 or otherwise accessible to the processor 70. As such, whether configured by hardware or software methods, or by a combination thereof, the processor 70 may represent an entity (for example, physically embodied in circuitry) capable of performing operations according to embodiments of the invention while configured accordingly. Thus, for example, when the processor 70 is embodied as an ASIC, FPGA or the like, the processor 70 may be specifically configured hardware for conducting the operations described herein. Alternatively, as another example, when the processor 70 is embodied as an executor of software instructions, the instructions may specifically configure the processor 70 to perform the algorithms and operations described herein when the instructions are executed. However, in some cases, the processor 70 may be a processor of a specific device (for example, a mobile terminal or network device) adapted for employing embodiments of the invention by further configuration of the processor 70 by instructions for performing the algorithms and operations described herein. The processor 70 may include, among other things, a clock, an arithmetic logic unit (ALU) and logic gates configured to support operation of the processor 70.

In some example embodiments, the processor 70 may be configured to operate a connectivity program, such as a browser, Web browser or the like. In this regard, the connectivity program may enable the apparatus 50 to transmit and receive Web content, such as for example location-based content or any other suitable content, according to a Wireless Application Protocol (WAP), for example. The communication interface 74 may be any means such as a device or circuitry embodied in either hardware, a computer program product, or a combination of hardware and software that is configured to receive and/or transmit data from/to a network and/or any other device or module in communication with the apparatus 50. In this regard, the communication interface 74 may include, for example, an antenna (or multiple antennas) and supporting hardware and/or software for enabling communications with a wireless communication network (for example, network 30). In fixed environments, the communication interface 74 may alternatively or also support wired communication. As such, the

communication interface 74 may include a communication modem and/or other hardware/software for supporting communication via cable, digital subscriber line (DSL), universal serial bus (USB), Ethernet or other mechanisms.

The user interface 67 may be in communication with the processor 70 to receive an indication of a user input at the user interface 67 and/or to provide an audible, visual, mechanical or other output to the user. As such, the user interface 67 may include, for example, a keyboard, a mouse, a joystick, a display, a touch screen, a microphone, a speaker, or other input/output mechanisms. In some example embodiments in which the apparatus is embodied as a server or some other network devices, the user interface 67 may be limited, remotely located, or eliminated. The processor 70 may comprise user interface circuitry configured to control at least some functions of one or more elements of the user interface, such as, for example, a speaker, ringer, microphone, display, and/or the like. The processor 70 and/or user interface circuitry comprising the processor 70 may be configured to control one or more functions of one or more elements of the user interface through computer program instructions (for example, software and/or firmware) stored on a memory accessible to the processor 70 (for example, memory device 76, and/or the like).

As shown in FIG. 2, the apparatus 50 may also include one or more means for sharing and/or obtaining data. For example, the apparatus may comprise a short range radio frequency (RF) transceiver and/or interrogator 64 so data may be shared with and/or obtained from electronic devices (for example, a RF access point(s)) in accordance with RF techniques. The apparatus may comprise other short range transceivers, such as, for example an infrared (IR) transceiver 66, a Bluetooth™ (BT) transceiver 68 operating using Bluetooth™ brand wireless technology developed by the Bluetooth Special Interest Group, and/or the like. The Bluetooth transceiver 68 may be configured to operate according to Wibree™ radio standards. The apparatus 50 may also include a WLAN transceiver 69 configured to transmit and/or receive data from electronic devices (for example, a WLAN access point(s)) according to a WLAN technique such as, for example, IEEE 802.1 1 techniques. In some example embodiments, the WLAN transceiver 69 may also be configured to transmit and/or receive data from electronic devices according to various wireless networking techniques, including, but not limited to, Wi-Fi, LAN techniques, and/or the like. In this regard, the apparatus 50 and, in particular, the short range transceiver may be capable of transmitting data to and/or receiving data from electronic devices (for example, within a proximity of the apparatus, such as within 10 meters, for example).

The apparatus 50 may further include a secure element 38. The secure element 38 may be in communication with modem processor 36 and the processor 70. The secure element 38 may include a memory device (for example, secure element memory 52), a processor (for example, secure element processor 54) and an interface 51 configured to communicate via one or more communication channels 71 , 73. In some example embodiments, the communication channel 71 and the communication channel 73 may be secure channels (for example, cryptographically secure channels). The secure element 38 may be, for example, a smart card, SIM card, eSIM, softSIM, USIM, eUSIM, softUSIM, UICC, embedded UICC, UIM, R-UIM, and/or the like. The secure element 38 may be removable or non-removable. When the secure element 38 is removable (for example, a R-UIM), the secure element 38 may be removable from the apparatus 50. As described above, in other example embodiments, the secure element 38 may be non-removable from the apparatus 50. In some example embodiments in the context of GSM and UMTS applications, for example, when the secure module 38 is a UICC, the UICC may include a subscriber identity module (SIM) application, universal SIM (USIM) application, internet protocol multimedia services identity module (ISIM) application or the like for accessing corresponding public land mobile networks (PLMNs), although it should be understood that one or more of these applications may also be used to access one or more other networks. The memory 52 of the secure element 38 may store information elements related to identities or accounts (for example, of a subscriber) and any other suitable data. For instance, the memory of the secure element 38 may store information elements such as, for example (for example, one or more International Mobile Subscriber Identities (IMSIs), Mobile Subscriber Integrated Services

Digital Network (ISDN) Numbers (MSISDNs) and any other information elements related to and/or for validating identities or accounts to a network operator and/or to the apparatus 50 and/or identifying one or more secure elements 38. In some example embodiments, an MSISDN(s) and an IMSI(s) may correspond to numbers used for identifying identities or accounts (for example, of a subscriber). For example, an IMSI may identify the secure element 38, while an MSISDN may be a telephone number associated with the secure element 38. In this regard, content of the secure element 38 may not be accessible until the identities or accounts are validated. The secure element (SE) memory 52 may also store payment card information (for example, prepaid information) associated with the identities or accounts (for example, of a subscriber). According to some example

embodiments, payment card information may relate to one or more accounts that are backed and supported by one or financial institutions (for example, banks and/or credit card companies) holding funds belonging to the cardholder, or offering credit to the cardholder (for example, credit and/or debit card information associated with the identities or accounts). The prepaid information may relate to money paid, or credit applied to an account (for example, of a subscriber) in advance for a specified amount of communications services or a predetermined time period for receiving communications services.

The secure element memory 52 may also store data associated with one or more enforcement mechanisms. According to some example embodiments, an enforcement mechanism(s) may define an allowable time period in which a network operator may provide communications services to the apparatus 50 based on an account associated with the secure element 38. During the allowable time period, other network providers may, but need not, be unable to communicate with the apparatus 50 or may be unable to provide communications services to the apparatus 50. In this regard, these other network providers may be locked out from communicating and/or providing communications services to the apparatus 50 during the allowable time period. As such, the provisioning lock (for example, prohibiting other network operators from communicating with the secure element) of the secure element 38 may be enforced inside the secure element 38, for example, based in part on data of the secure element 38. For instance, the secure element memory 52 may store data indicating an expiration time period (also referred to herein as expiration period or expiry period) of communications services provided to identities or accounts by a network operator. Upon expiration of the expiration time period, communications services provided before the expiration of the expiration time period may no longer be provided by a network operator that previously provided the communications services. In an instance in which the expiration time period expires and the subscriber (for example, a mobile subscriber) does not renew a subscription, the network operator may reuse the network access credentials (for example, IMSI(s), ICCID(s), MSIDSS(s)) associated with an account corresponding to the secure element 38, as described more fully below. In some example embodiments, the data indicating the expiry period may be associated with or part of a digital certificate. As such, one or more security keys (for example, a public key, a private key) may be needed to access the expiry period information of the digital certificate.

Additionally, the secure element memory 52 may store applications and in some cases the processor 54 of the secure element 38 may execute the applications. Additionally, the secure element 38 (for example, via secure element processor 54) may exchange communications with a modem processor 36 and/or the processor 70. The secure element 38 may communicate with the modem processor 36 and/or the processor 70 via the secure communication channel 71.

The secure element 38 may communicate with the modem processor 36 and/or the processor 70 via communication channel 71 by accessing its interface 51. The communication channel 71 may, but need not, be a cryptographic secure channel. As such, the communication channel 71 may enable transfer of data across the channel 71 that may be resistant to interception and tampering. For example, secure element 38, the modem processor 36 and/or the processor 70 may each utilize a security key(s) (for example, a shared secret key, or public/private key) for communicating via communication channel 71. In this regard, when the modem processor 36, processor 70 and the secure element 38 communicate with each another, the sender (for example, modem processor 36) of the

communications may include the security key(s) (for example, shared secret key) in the data of the communications and the receiver (for example, secure element 38) of the communications may analyze the data in the received communications to determine whether the security key(s) is valid. In an example embodiment, the receiver may, but need not, determine whether the security key(s) is valid by examining a security key(s) which may be stored in memory (for example, secure element memory 52) to determine whether the security key(s) corresponds to a same key (for example, the same shared secret key). In an instance in which the security key(s) in the received communications is determined (for example, via secure element (SE) processor 54) to be different, the receiver (for example, secure element 38) may no longer communicate with the sender (for example, modem processor 36).

It should be pointed out that any other suitable mechanism for securing the communication channel 71 may be utilized without departing from the spirit and scope of the invention. By utilizing the secure communication channel 71, the example embodiments may provide a manner in which to securely transfer the data stored in the secure element 38. In this regard, network access credentials (for example, an IMSI(s), ICCID(s) and/or MSISDN(s)) stored in memory of the secure element 38 may be securely transferred. As such, the potential for breaking a subsidy lock and using the apparatus 50 on another network may be reduced.

In some example embodiments, the processor 70 may be embodied as, include or otherwise control the SE processor 54 of the 38. The SE processor 54 may be any means such as a device or circuitry operating in accordance with software or otherwise embodied in hardware or a combination of hardware and software (for example, processor 70 operating under software control, the processor 70 embodied as an ASIC or FPGA specifically configured to perform the operations described herein, or a combination thereof) thereby configuring the device or circuitry to perform the corresponding functions of the SE processor 54, as described herein. Thus, in an example in which software is employed, a device or circuitry (for example, the processor 70 in one example) executing the software forms the structure associated with such means. In some other example embodiments, the SE processor 54 may be a coprocessor, controller, microprocessor or other processing element including integrated circuits (for example, embodied as an ASIC or FPGA) or circuitry configured to execute instructions, which may be stored in SE memory 52, or perform other logical functions or corresponding operations described herein.

The SE processor 54 may be configured to communicate with a network entity, such as, for example, a trusted service manager (TSM) 90 (also referred to herein as trusted service manager (TSM) network entity 90) to receive expiry period information as well as secret/private information (for example, IMSIs, MSISDNs and/or applications) associated with a time period for usage of communications services provided by a corresponding network operator. The SE processor 54 and the TSM 90 (for example, TSM 90 of FIG. 4) may communicate via a secure (for example, a cryptographic channel) communication channel 73 (for example, over the air (OTA) and/or optionally via network 30 in some example embodiments).

The expiry period information may include information indicating a time period that the apparatus may utilize communications services provided by a corresponding network operator/provider, as described more fully below. In some example embodiments, prior to the expiration of the time period the secure element 38 may, but need not, prevent subscriptions from other network operators to be provisioned to the secure element 38. In this regard, the secure element 38 may be locked prior to the expiration of the time period. Upon the expiration of the time period, the secure element 38 may communicate with other network operators for provision of communications services, for example. Additionally, in an instance in which the time period expires and the subscriber does not renew a subscription, the network operator may reuse the IMSI(s), ICCID(s) and MSISDN(s) and may, but need not, reallocate the IMSIs ICCIDs, and/or MSISDNs to other secure elements 38. In this regard, one or more memory devices maintained by a network operator/provider may be efficiently utilized since the reuse/reallocation of IMSIs, ICCIDs and/or MSISDNs to other secure elements 38 may minimize the potential of overloading the memory devices of the network operator/provider. In some other example embodiments, the information associated with the expiry period may relate to expiration periods for prepaid services (for example, unused time or remaining monetary value) associated with an account

corresponding to the secure element 38. In this regard, upon expiration of a time period associated with the expiry period corresponding to the prepaid services, a corresponding network operator/provider may reuse/reallocate the IMSIs, ICCIDs, MSISDNs to other secure elements (for example, secure elements 38), as described more fully below.

The modem processor 36 may be any means such as a device or circuitry configured to implement a protocol engine that may run/execute the signaling to a communications network (for example, a GSM, WCDMA, or LTE

communications network.) In some example embodiments, the modem processor 36 may be configured to communicate with any communications network that utilizes secure elements (for example, smart cards, eSIMs, or soft SIMs) as a manner in which to identify one or more subscribers and also for charging the subscribers for usage of communications services provided by the communications network. The memory 45 may include, for example, volatile and/or non-volatile memory. The memory 45 may be configured to store protocol data as well as one or more keys for communicating with the secure element 38 and/or the processor 70 via the secure communication channel, in a manner analogous to that described above. The processor 44 may be any means such as a device (for example, coprocessor, microprocessor, or controller) or circuitry operating in accordance with software or otherwise embodied in hardware or a combination of hardware and software (for example, processor 70 operating under software control, the processor 70 embodied as an ASIC or FPGA specifically configured to perform the operations described herein, or a combination thereof) thereby configuring the device or circuitry to perform the corresponding functions of the modem processor 36. In this regard, the processor 44 may facilitate the execution of the signaling to a communications network and may facilitate one or more communications with the secure element 38 and/or processor 70 in a secure manner by including a key(s) in the communications and/or verifying that a received key(s) in received communications is valid. Referring now to FIG. 3, which illustrates a block diagram of an example embodiment of a network device is provided. In some example embodiments, the network device 100 may be a server. In alternative example embodiments, the network device 100 may be a personal computer, a laptop computer, a workstation, or a network infrastructure device. The network device may be maintained by a network operator/provider. The network operator/provider may provide communications services to one or more apparatuses (for example, apparatuses 50). As shown in FIG. 3, the network device 100 generally includes a processor 104 and an associated memory 106. The memory 106 may comprise volatile and/or non-volatile memory, and may store content, data and/or the like. The memory 106 may store client applications, instructions, and/or the like for the processor 104 to perform the various operations of the network device 100.

The processor 104 may also be connected to one or more communication interfaces 107 (also referred to herein as communication interface(s) 107) or other means for displaying, transmitting and/or receiving data, content, and/or the like. One or more of the interfaces of the communication interface(s) 107 may enable communications in accordance with one or more devices (for example, apparatus 50 or one or more network entities (for example, TSM 90).)

The user input interface 105 may comprise any of a number of devices allowing the network device 100 to receive data from a user, such as a keypad, a touch display, a joystick or other input device. In this regard, the processor 104 may comprise user interface circuitry configured to control at least some functions of one or more elements of the user input interface. The processor 104 and/or user interface circuitry of the processor may be configured to control one or more functions of one or more elements of the user interface through computer program instructions (for example, software and/or firmware) stored on a memory accessible to the processor (for example, volatile memory, non-volatile memory, and/or the like).

The processor 104 may be embodied as one or more of various processing means such as a coprocessor, microprocessor, a controller, a digital signal processor (DSP), processing circuitry with or without an accompanying DSP, or various other processing devices including integrated circuits such as, for example, an ASIC (application specific integrated circuit), an FPGA (field programmable gate array), a microcontroller unit (MCU), a hardware accelerator, a special- purpose computer chip, or the like. In some example embodiments, the processor 104 may be configured to execute instructions stored in the memory device 106.

In some embodiments, the network device 100 may provide information associated with one or more expiry periods and associated data to one more network entities such as, for example, one or more TSMs 90. In this regard, the processor 104 of the network device 100, maintained by the network

operator/provider, may instruct a TSM(s) 90 to provision code (for example, software code) and data to one or more secure elements 38 associated with identities or accounts (for example, of subscribers) associated with

communications services provided by the network operator/provider. In this regard, a TSM(s) 90 may manage and control the provisioning of data to the secure elements 38 on behalf of the network operator/provider.

Referring now to FIG. 4, a block diagram of one example of a network entity is provided. The network entity may be a TSM 90 which may receive information from one more network operators/providers for provisioning code and/or data to one or more secure elements (for example, secure elements 38). As shown in FIG. 4, the TSM 90 (for example, the third communication device 25)) generally includes a processor 94 and an associated memory 96. The memory 96 may comprise volatile and/or non-volatile memory, and may store content, data and/or the like. For example, the memory may store content, data, information, and/or the like transmitted from, and/or received by, the network entity. Also for example, the memory 96 may store client applications, instructions, and/or the like for the processor 94 to perform the various operations of the TSM 90 in accordance with some embodiments of the invention, as described herein.

In addition to the memory 96, the processor 94 may also be connected to at least one interface or other means for displaying, transmitting and/or receiving data, content, and/or the like. In this regard, the interface(s) may comprise at least one communication interface 98 or other means for transmitting and/or receiving data, content, and/or the like, as well as at least one user input interface 95. The user input interface 95, in turn, may comprise any of a number of devices allowing the network entity to receive data from a user, such as a keypad, a touch display, a joystick or other input device. In this regard, the processor 94 may comprise user interface circuitry configured to control at least some functions of one or more elements of the user input interface. The processor and/or user interface circuitry of the processor may be configured to control one or more functions of one or more elements of the user interface through computer program instructions (for example, software and/or firmware) stored on a memory accessible to the processor (for example, volatile memory, non-volatile memory, and/or the like).

In some example embodiments, the processor 94 may be embodied as, include or otherwise control the TSM issuer manager 97. The TSM issuer manager 97 may be any means such as a device or circuitry operating in accordance with software or otherwise embodied in hardware or a combination of hardware and software (for example, processor 94 operating under software control, the processor 94 embodied as an ASIC or FPGA specifically configured to perform the operations described herein, or a combination thereof) thereby configuring the device or circuitry to perform the corresponding functions of the TSM issuer manager 97, as described below. Thus, in an example in which software is employed, a device or circuitry (for example, the processor 94 in one example) executing the software forms the structure associated with such means.

The TSM issuer manager 97 may communicate expiry period information as well as other associated data to one or more secure elements 38 on behalf of a network operator/provider (for example, a network operator/provider of network device 100). The secure elements (for example, secure elements 38) may relate to apparatuses 50 of subscribers subscribing to the communications services provided by the network operator/provider. The expiry period information provided by the TSM issuer manager 97 to one or more secure elements may include information indicating/denoting that the secure elements may communicate with the TSM 90 prior to the expiration of the expiry time period, but should not communicate with network operators that are not currently providing communications services to the apparatuses 50 associated with the secure elements (for example, secure elements 38), as described more fully below. The information may include secrets, digital certificates, applications (algorithms) and/or identities (for example, IMSIs, ICCIDs, MSISDNs.)

Referring now to FIG. 5, a system according to an example embodiment is provided. The system 147 may include a communication device 101 (for example, apparatus 50), a network device 102 (for example, network device 100 (for example, second communication device 20)) and a network entity 108 (for example, TSM 90 (for example, third communication device 25)). Although the system 147 illustrates one communication device 101 , one network device 102 and one network entity 108, it should be pointed out that the system 147 may include any suitable number of communication devices 101 , network devices 102 and network entities 108 without departing from the spirit and scope of the invention.

In the system of FIG. 5, the network device 102 may be maintained by a network operator/provider having an account/subscription to provide

communications services to the communication device 101 for a specified time period. In some example embodiments, the account/subscription may relate to prepaid communications services. In this regard, the network device 102 may provide the network entity 108 with enforcement mechanism information indicating an expiry period along with associated data related to an

account/subscription of the subscriber (for example, a user) of communication device 101. The expiry period information may, but need not, be provided in a digital certificate, which may require one or more keys in order to access the information of the digital certificate. In some alternative embodiments, the enforcement mechanism information associated with the expiry period may be provided in software code. The expiry period may denote the time period in which the subscriber has agreed to allow the network operator/provider to provide communications services to the communication device 101 and may include data indicating that the network entity 108, and in some embodiments, the network device 102, are authorized to communicate with the secure element (for example, secure element 38) of communicate device 101 but may specify that other network providers may be prohibited (for example, locked out) from communicating with the secure element of the communication device 101 prior to the expiration of the time period. The associated data may include, but is not limited to, one or more items of secret information (for example, identities (for example, IMSIs, or MSISDNs), or applications associated with the account/subscription of the subscriber of the communication device 101.

The network entity 108 may provide the enforcement mechanism information (for example, expiry period information) and the associated data to the secure element of the communication device 107 via the secure communication channel 103 (for example, communication channel 73). In this regard, the secure element may verify that one or more keys (for example, a public key(s), or a private key(s)) corresponds to one or more keys (for example, a public key(s), or a private key(s)) in the enforcement mechanism information (for example, a digital certificate including the expiry data or software code associated with the expiry data) in order to authenticate the information sent to the secure element by the network entity 108. In an instance in which the SE processor 54 determines that the key(s) matches, the SE may communicate with the network entity 108. On the other hand, in an instance in which the SE processor 54 determines that the key(s) does not match, the secure element may not communicate further with the network entity 108.

The SE processor 54 of the secure element of the communication device 101 may analyze the expiry period information associated with the enforcement mechanism information and may determine that the secure element should only communicate with the network entity 108 prior to the expiration of the time period associated with the expiry period information. In this manner, the network entity 108 may provide information to the secure element of the communication device 101 in a secure manner prior to the expiration of the time period associated with the expiry period. The enforcement mechanism information may include data indicating the network operator/provider that assigned the expiry period to the secure element. In an example embodiment, the SE processor 54 may analyze the data associated with the expiry period and may send a message to the display 85 instructing the display 85 to notify the subscriber/user of the communication device 101 that the expiry period may expire in a certain time period (for example, a predetermined amount of time until the expiration of the expiry period) if the subscription is not renewed with the network operator/provider. Upon expiration of the time period associated with the expiry period, the network entity 108 may allow the SE (for example, SE 38) to communicate with other network

operators/providers for communications services (for example, subscription services). In this regard, the secure element may be unlocked. As such, the network entity 108 may reallocate the identities such as, for example, the IMSI(s), ICCIDs, the MSISDN(s) previously utilized by the secure element to one or more other secure elements of communications devices. As such, the memory of the TSM 90 may be more efficiently utilized since storage capacity may be conserved by not necessarily needing to create new identity information for each new subscription associated with other secure elements. In some alternative example embodiments, the secure element of communication device 101 may be able to continue to communicate with the network entity 108 as well as other network operators/providers even after the expiration of the expiry period for an additional time period (for example, 7 days or 8 days.) However, in an instance in which the subscription is not renewed prior to the expiration of this additional time period, the secure element of the communication device 101 may be unable to communicate further with the network entity 108.

In some other example embodiments, in instances in which a corresponding account/subscription is associated with prepaid services, the enforcement mechanism information provided to the secure element of a communication device (for example, communication device 101), by the network entity 108, may additionally or alternatively be associated with expiry period information corresponding to the prepaid services. In this regard, if the prepaid services are not utilized by the expiration of a time period associated with the expiry period, secret information such as, for example, IMSIs, MSISDNs, or secret keys may be deleted or removed from a corresponding secure element. As such, this secret information may be utilized by the network entity 108 and/or network device 102 for reallocation to one or more other secure elements, as described more fully below.

For purposes of illustration and not of limitation, the expiry period information associated with prepaid services may be based on examples such as unused time (for example, unused cellular minutes) associated with

communications services for a prepaid subscription at the expiration of the expiry period, remaining monetary value associated with a prepaid subscription that is not utilized by the expiration of the expiry period or any other relevant parameters associated with prepaid services, such as, for example, prepaid subscriptions associated with one or more locations. For example, a prepaid purchase of a subscription for usage of a secure element in a given location for a given time period corresponding to the expiry period.

In this example, in instances in which the SE processor 54 may determine that there is unused time associated with a prepaid subscription/account at the expiration of the expiry period, or remaining monetary value on a prepaid subscription/account at the expiration of the expiry period, or that the

subscriber/user leaves the location prior to the expiration of the expiry period, the SE processor 54 may delete or remove one or more items of secret information (for example, IMSI(s), or MSISDN(s)) from the SE memory 52. In this regard, the network entity 108 and/or network device 102 may reuse/reallocate the items of secret information (for example, IMSI(s), MSISDN(s), or secret keys) to one or more other secure elements. As such, the memory capacity of a memory (for example, memory 96) of the network entity 108 and/or a memory (for example, memory 106) of the network device 102 may be conserved by minimizing the quantity of items of secret information that may otherwise stored on behalf of other secure elements.

In an alternative example embodiment, the network entity 108 (for example, via processor 94 and/or TSM issuer manager 97) and/or the network device 102 (for example via processor 104) may remotely access the memory (for example, SE memory 54) of the secure element and remove or delete the items of secret information (for example, I SIs, MSISDNs, or secret keys) from the secure element (for example, secure element 38) of a communication device (for example, communication device 101). In some example embodiments in which the network entity 108 (for example, TSM 90) may facilitate the removal/deletion of the items of secret information from the secure element of the communication device, the TSM issuer manager 97 may send a message to the network device 102

(maintained by a network operator/provider) indicating that the items of secret information are deleted from the corresponding secure element and may denote that the items of secret information may be reallocated to one or more other secure elements.

In some example embodiments, the SE processor 54, the network entity 108 (for example, via processor 94, TSM issuer manager 97) and/or the network device 102 (for example, via processor 104) may delete an IMSI(s) or an ICCID(s) and corresponding keys (for example, secret keys) each time prepaid money runs out that may have been credited/applied to a prepaid subscription/account.

However, the subscriber may still be able to retain the phone number (for example, MSISDN) associated with the communication device (for example, communication device 101) by a top-up activity, such as, for example, applying more money to the prepaid subscription/account. Referring now to FIG. 6, a flowchart for provisioning one or more secure elements (for example, smart cards, eSIMs or soft SIMs) according to some example embodiments is provided. At operation 600, an apparatus (for example, SE processor 54) may receive, via a secure element (for example, secure element 38), information relating to an enforcement mechanism. The enforcement mechanism may include data indicating an expiry period associated with a time period in which the user identity module communicates with a network entity (for example, TSM 90) on behalf of a network operator providing communications services to the apparatus. In an example embodiment, the secure element may, but need not, be a non-removable secure element. Optionally, at operation 605, an apparatus (for example, SE processor 54) may prohibit or block communications from one or more other network devices prior to the expiration of the time period based in part on the information of the enforcement mechanism. Optionally, at operation 610, an apparatus (for example, SE processor 54) may enable the user identity module to receive communications from at least one of the network devices upon expiration of the time period.

It should be pointed out that FIG. 6 is a flowchart of a system, method and computer program product according to some example embodiments of the invention. It will be understood that each block of the flowchart, and combinations of blocks in the flowchart, can be implemented by various means, such as hardware, firmware, and/or a computer program product including one or more computer program instructions. For example, one or more of the procedures described above may be embodied by computer program instructions. In this regard, in some example embodiments, the computer program instructions which embody the procedures described above are stored by a memory device (for example, memory device 76, SE memory 52, memory 96, memory 106) and executed by a processor (for example, processor 70, processor 94, processor 104, SE processor 54, TSM issuer manager 97). As will be appreciated, any such computer program instructions may be loaded onto a computer or other

programmable apparatus (for example, hardware) to produce a machine, such that the instructions which execute on the computer or other programmable apparatus cause the functions specified in the flowchart blocks to be implemented. In some example embodiments, the computer program instructions are stored in a computer-readable memory that can direct a computer or other programmable apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instructions which implement the function(s) specified in the flowchart blocks. The computer program instructions may also be loaded onto a computer or other programmable apparatus to cause a series of operations to be performed on the computer or other programmable apparatus to produce a computer-implemented process such that the instructions which execute on the computer or other programmable apparatus implement the functions specified in the flowchart blocks.

Accordingly, blocks of the flowchart support combinations of means for performing the specified functions. It will also be understood that one or more blocks of the flowchart, and combinations of blocks in the flowchart, can be implemented by special purpose hardware-based computer systems which perform the specified functions, or combinations of special purpose hardware and computer instructions.

In some example embodiments, an apparatus for performing the method of FIG. 6 above may comprise a processor (for example, the processor 70, the processor 94, the processor 104, the SE processor 54, the TSM issuer manager 97) configured to perform some or each of the operations (600 - 610) described above. The processor may, for example, be configured to perform the operations (600 - 610) by performing hardware implemented logical functions, executing stored instructions, or executing algorithms for performing each of the operations.

Alternatively, the apparatus may comprise means for performing each of the operations described above. In this regard, according to some example

embodiments, examples of means for performing operations (600 - 610) may comprise, for example, the processor 70 (for example, as means for performing any of the operations described above), the processor 94, the processor 104, the SE processor 54, the TSM issuer manager 97 and/or a device or circuitry for executing instructions or executing an algorithm for processing information as described above. Many modifications and other embodiments of the inventions set forth herein will come to mind to one skilled in the art to which these inventions pertain having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the inventions are not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Moreover, although the foregoing descriptions and the associated drawings describe example embodiments in the context of certain example combinations of elements and/or functions, it should be appreciated that different combinations of elements and/or functions may be provided by alternative embodiments without departing from the scope of the appended claims. In this regard, for example, different combinations of elements and/or functions than those explicitly described above are also contemplated as may be set forth in some of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims

THAT WHICH IS CLAIMED:

1. A method comprising:

receiving, via a secure element of an apparatus, information relating to an enforcement mechanism comprising data indicating an expiry period associated with a time period or monetary value in which the secure element communicates with a network entity on behalf of a network operator providing communications services to the apparatus.

2. The method of claim 1, further comprising:

prohibiting installation of or communications using network access credentials from one or more other networks prior to the expiration of the time period based in part on the information of the enforcement mechanism; and

enabling the secure element to receive communications from at least one the networks upon expiration of the time period.

3. The method of claim 1, wherein the secure element comprises a non-removable secure element.

4. The method of claim 3, wherein the information comprises one or more identifiers identifying, in part, the secure element and one or more security keys for accessing the identifiers and the method further comprises:

enabling reallocation of at least one of the identifiers to at least one other secure element upon expiration of the time period.

5. The method of claim 4, wherein at least one of the identifiers comprises at least one of an international mobile subscriber identity, an integrated circuit card identifier, or a mobile subscriber integrated services digital network number.

6. The method of claim 2, wherein enabling further comprises enabling the secure element to receive the communications from the network upon expiration of the time period in an instance in which a subscription for the communications services is not renewed prior to the expiration of the time period.

7. The method of claim 2, wherein receiving further comprises receiving the information via a secure communications channel from the network entity, the secure communications channel configured, in part, to block the other networks from communicating with the secure element prior to expiration of the time period.

8. The method of claim 2, wherein the data indicating the expiry period is received in at least one of a digital certificate or one or more items of software code and the method further comprises:

validating an origin of the expiry period data as being produced by a first network entity or a second network entity; and

determining further provisioning decisions based on information of the validation.

9. The method of claim 2, further comprising:

facilitating one or more communications between the secure element and the network entity via a secure communication channel; and

prohibiting unauthorized devices from communicating via the secure communication channel to access data from the secure element.

10. The method of claim 1 , wherein the communications services relates to at least one prepaid subscription for providing the communications services and wherein the data indicating the expiry period associated with the time period relates to a period of time in which to utilize a quantity of one or more of the communications services or in which to utilize the monetary value associated with the prepaid subscription.

1 1. The method of claim 10, wherein the information comprises one or more identifiers identifying, in part, the secure element and one or more security keys for accessing the identifiers, the method further comprising:

removing the identifiers from the secure element in response to determining that the quantity of the communications services or the monetary value is not utilized upon expiration of the period of time.

12. The method of claim 1 1 , further comprising:

receiving an indication that the network entity removed the identifiers from the secure element.

13. The method of claim 1 1 , further comprising:

enabling reallocation of at least one of the identifiers to at least one other secure element, in response to the removing of the identifiers.

14. The method of claim 10, further comprising:

removing the identifiers from the secure element in response to determining that the monetary value is zero upon expiration of the period of time; and

enabling reallocation of at least one of the identifiers to at least one other secure element in response to determining that the monetary value is zero.

15. An apparatus comprising:

at least one processor; and

at least one memory including computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following:

receive, via a secure element of the apparatus, information relating to an enforcement mechanism comprising data indicating an expiry period associated with a time period in which the secure element communicates with a network entity on behalf of a network operator providing

communications services to the apparatus.

16. The apparatus of claim 15, wherein the memory and computer program code are configured to, with the processor, cause the apparatus to:

prohibit installation of or communications using network access credentials from one or more other networks prior to the expiration of the time period based in part on the information of the enforcement mechanism; and

enable the secure element to receive communications from at least one of the networks upon expiration of the time period.

17. The apparatus of claim 15, wherein the secure element comprises a non-removable secure element.

18. The apparatus of claim 17, wherein the information comprises one or more identifiers identifying, in part, the secure element and one or more security keys for accessing the identifiers and wherein the memory and computer program code are configured to, with the processor, cause the apparatus to:

enable reallocation of at least one of the identifiers to at least one other secure element upon expiration of the time period.

19. The apparatus of claim 18, wherein at least one of the identifiers comprises at least one of an international mobile subscriber identity, an integrated circuit card identifier, or a mobile subscriber integrated services digital network number.

20. The apparatus of claim 16, wherein the memory and computer program code are configured to, with the processor, cause the apparatus to:

enable by enabling the secure element to receive the communications from the network upon expiration of the time period in an instance in which a subscription for the communications services is not renewed prior to the expiration of the time period.

21. The apparatus of claim 16, wherein the memory and computer program code are configured to, with the processor, cause the apparatus to:

receive by receiving the information via a secure communications channel from the network entity, the secure communications channel configured to block the other networks from communicating with the secure element prior to expiration of the time period.

22. The apparatus of claim 15, wherein the data indicating the expiry period is received in at least one of a digital certificate or one or more items of software code and wherein the memory and computer program code are configured to, with the processor, cause the apparatus to:

validate an origin of the expiry period data as being produced by a first network entity or a second network entity; and

determine further provisioning decisions based on information of the validation.

23. The apparatus of claim 15, wherein the memory and computer program code are configured to, with the processor, cause the apparatus to:

facilitate one or more communications between the secure module and the network entity via a secure communication channel; and

prohibit unauthorized devices from communicating via the secure communication channel to access data from the secure element.

24. The apparatus of claim 15, wherein the communications services relates to at least one prepaid subscription for providing the communications services and wherein the data indicating the expiry period associated with the time period relates to a period of time in which to utilize a quantity of one or more of the communications services or in which to utilize monetary value associated with the prepaid subscription.

25. The apparatus of claim 24, wherein the information comprises one or more identifiers identifying, in part, the secure element and one or more security keys for accessing the identifiers, wherein the memory and computer program code are configured to, with the processor, cause the apparatus to:

remove the identifiers from the secure element in response to determining that the quantity of the communications services or the monetary value is not utilized upon expiration of the period of time.

26. The apparatus of claim 25, wherein the memory and computer program code are configured to, with the processor, cause the apparatus to:

receive an indication that the network entity removed the identifiers from the secure element.

27. The apparatus of claim 25, wherein the memory and computer program code are configured to, with the processor, cause the apparatus to:

enable reallocation of at least one of the identifiers to at least one other secure element, in response to the removing of the identifiers.

28. The apparatus of claim 24, wherein the memory and computer program code are configured to, with the processor, cause the apparatus to:

remove the identifiers from the secure element in response to determining that the monetary value is zero upon expiration of the period of time; and

enable reallocation of at least one of the identifiers to at least one other secure element in response to determining that the monetary value is zero.

29. A computer program product comprising at least one computer- readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:

program code instructions configured to facilitate receipt, via a secure element of an apparatus, of information relating to an enforcement mechanism comprising data indicating an expiry period associated with a time period in which the secure element communicates with a network entity on behalf of a network operator providing communications services to the apparatus.

30. The computer program product of claim 29, further comprising: program code instructions configured to prohibit installation of or communications using network access credentials from one or more other networks prior to the expiration of the time period based in part on the information of the enforcement mechanism; and

program code instructions configured to enable the secure element to receive communications from at least one of the networks upon expiration of the time period.

31. The computer program product of claim 29, wherein the secure element comprises a non-removable secure element.

32. The computer program product of claim 31 , wherein the

information comprises one or more identifiers identifying, in part, the secure element and one or more security keys for accessing the identifiers and the computer program product further comprises:

program code instructions configured to enable reallocation of at least one of the identifiers to at least one other secure element upon expiration of the time period.

33. The computer program product of claim 32, wherein at least one of the identifiers comprises at least one of an international mobile subscriber identity, an integrated circuit card identifier or a mobile subscriber integrated services digital network number.