CROSS REFERENCE TO RELATED APPLICATIONS
This application claims benefit under 35 U.S.C. §119(e) of Provisional U.S. patent application No. 62/205,457, filed Aug. 14, 2015, the contents of which are incorporated herein by reference in its entirety.
- Top of Page
This disclosure relates generally to management of credentials for communications devices such as wireless-enabled tablets, PCs, smartphones, smart watches, and other stationary and portable connected devices.
- Top of Page
Service providers to communications devices generally require that the communications device have the proper credentials to access and enable use of services. The credentials securely and uniquely identify a subscription or account with the service provider and enable the communications device to access and use the services associated with the subscription. When the communications device is a mobile communications device, the service provider may be called a mobile network operator (MNO), and the services may include, for example, mobile voice calling, text messaging, or intern& data service.
The credentials may reside in a secure container called a Universal Integrated Circuit Card (UICC) or “SIM card.” The UICC may be embedded in the communications device, in which case it may be called an embedded UICC (eUICC). The credentials may be provisioned to the UICC or eUICC when manufactured or may be provisioned to the UICC or eUICC remotely while the UICC or eUICC resides in the communications device.
- Top of Page
Illustrative examples of the disclosure include, without limitation, methods, systems, and various devices. In one aspect, mobile communications devices are managed by an enterprise. The enterprise receives data indicative of identities of mobile communications devices. Identifiers indicative of subscription credentials that are operative to enable access to subscription services of the mobile network operator are received. Control of deployment of the subscription credentials is delegated from the mobile network operator to the enterprise. The enterprise selects which of the plurality of mobile communications devices are to be enabled to access the subscription services of the mobile network operator. A process to transmit the subscription credentials to the selected mobile devices is initiated.
Other features of the systems and methods are described below. The features, functions, and advantages can be achieved independently in various examples or may be combined in yet other examples, further details of which can be seen with reference to the following description and drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
- Top of Page
Embodiments of the present disclosure will be described more fully hereinafter with reference to the accompanying drawings, in which:
FIG. 1 depicts an example of an enterprise management lifecycle of an enterprise device.
FIG. 2 depicts an example subscription lifecycle.
FIG. 3 depicts an example environment for provisioning of profiles.
FIG. 4 depicts an example system for provisioning of profiles.
FIG. 5 depicts an example logical structure for a credential device.
FIG. 6 depicts an example system for enterprise servers.
FIG. 7 depicts an example system for delegated management of subscription credentials.
FIG. 8 depicts an example system for delegated profile management.
FIG. 9 depicts an example system for managing a subscription.
FIG. 10 depicts an example system for policy-based subscription credential selection.
FIG. 11 depicts an operational procedure for delegated management of subscription credentials.
FIG. 12 depicts an operational procedure for delegated management of subscription credentials.
FIG. 13 depicts an example general purpose computing environment in which in which the techniques described herein may be embodied.
- Top of Page
OF ILLUSTRATIVE EMBODIMENTS
An enterprise, such as a company or institution, may provide communications devices to its employees or other users. The communications devices as used herein may refer to devices including, but not limited to, smartphones, cellular-enabled tablets and laptops, companion devices (e.g., smart watches), and non-consumer devices (telematics device in an automobile, cellular-connected utility meters, any of which may include UICCs or eUICCs), and the like. A UICC or eUICC may be included in the communications device to ensure the integrity and security of personal data and enables communications with mobile communications providers or to access the enterprise\'s internal networks. The enterprise may also allow employees to use their own devices, in which case the enterprise may implement mechanisms to allow for secured access to their internal networks. Users of their own devices may also provide for access to their own personal mobile communications providers.
In one example, the enterprise can provide communication services to its employees or others by contracting with mobile network operators (MNOs) to obtain a fleet of UICC\'s (SIM cards) that the enterprise can distribute and reuse as needed. The enterprise can engage a MNO for a specified number of subscription service accounts, for which the MNO provides a corresponding number of SIM cards. These SIM cards can then be shared amongst any number of employees by inserting the SIM cards into the employee\'s communications devices, allowing the enterprise to provide or manage the communication services to the employees. In this way, the enterprise can control usage of its subscription service accounts. By later removing the SIM card, employees will no longer be able to access the enterprise\'s subscription service accounts, and the SIM cards can be assigned to other employees as needed by the enterprise without the need to change subscription contracts or otherwise engaging the service provider. The physical separation of service-enabling credentials from the communications device itself can provide flexibility and control to the enterprise.
In another example, the enterprise may also utilize the eUICC which, unlike a SIM card, is typically not easily accessible or removable, and may be soldered or otherwise installed in a communications device. A eUICC may enable the service subscription used by the communications device to be securely reconfigured without physically adding or removing the eUICC from the communications device. An eUICC may hold one or multiple eUICC profiles, with one being typically active at one time. An eUICC profile, as used herein, generally refers to the client information associated with a network subscription, and embodiments are not limited to any particular eUICC system. In some embodiments, a eUICC profile, as will be further described below in FIG. 5, may include a combination of file structure, data, and applications associated with the service credentials provisioned onto a credential device and which enable the communications device to use the subscription services associated with that profile.
FIG. 1 depicts an example of an enterprise management lifecycle of an enterprise device. An enterprise device may refer to any communications device that is managed by an enterprise. In FIG. 1, a communications device becomes available 110 to the enterprise when it is added to its inventory (for example, when the device is purchased or reactivated). When an enterprise device is assigned 120 to a member of the workforce, the enterprise device may be enrolled into a device management process. The enterprise device may either be an enterprise-owned device or may be a user\'s personal device. When the enterprise device is given to the employee or otherwise brought into service, the enterprise device may be activated. This activation may involve installation of physical assets (such as a UICC card) and/or installation of software, policies, and other configuration information. Examples of policies that may be installed may include device policies for the use of its subscriptions. For example, the enterprise may configure a particular access point network (APN) for enterprise data connectivity or restrict data roaming.