Advanced communication systems provide a plurality of services that can be enabled, disabled and adjusted to individual users by appropriate provisioning. Accordingly, provisioning configures any required devices, and provides users with access to data and technology resources. The steps of provisioning also include creation, maintenance and deactivation of user objects and user attributes, as they exist in the device.
The most obvious mechanism to provision a user agent operating on the device is to use the graphical user interface of the device. This, however, is a very laborous task and vulnerable to errors. Client provisioning is an automated mechanism that allows device settings to be configured with a minimum user interaction. In client provisioning, a message containing configuration information for a particular service is sent to a device and after user confirmation that the configuration is allowable is used to configure the device. Nowadays, the most commonly used way of client provisioning is to deliver the configuration information in Wireless Application Protocol (WAP) binary encoded provisioning XML documents (WBXML) via a primary telecommunicaitons channel of the device. In the field of mobile telecommunications, client provisioning is typically carried out over the air for example using a GPRS network, a 3G network or inshort messages.
However, there exist communication situations where client provisioning operations are necessary, but the communication media between the source of the provisioning information and the device is not available. Such a situation occurs, for example, with mobile telecommunication stations in areas of poor network coverage. In a challenging radio environment, the message comprising the provisioning information cannot be delivered to the mobile station and initialition of a new service or reconfiguring an existing one fails. Such communication situations are not that unusual, and a clear need for an alternative solution exists. One such solution could be local provisioning but this also has some limitations as described below.
A mobile station could provide a local application programming interface (API) to the configuration information database. For several reasons, especially for security, such application programming interface does not exist in the current mobile stations, or is available only to a part of the configuration information.
According to the state of the art, local provisioning could also be implemented by feeding the information through different, locally available delivery media, for example in a secure card that is read though the subscriber identity module (SIM) input/output interface, or through a Bluetooth, an Infrared (IR) or a Wireless Local Area Network (WLAN) interface, or through a cable. However, the configuration information is in practice manipulated in a proprietary way in the device and the knowledge on format and content of the final configuration request is available only to a very limited group of parties. As the number of services and service providers increases considerably, more and more parties need to access a particular configuration information without the need for or even possibility of contribution by the device manufacturers.
There has been a proliferation of users of communications systems and devices for use in such systems. Access to subscriber services provided by such systems require users to identify themselves and to authenticate in some way their identity. There are several ways in which this is achieved in the prior art. For example, the user can simply have user credentials (such as a user name and password) which enable him or her to identify themselves to the subscriber. However, this manner of registering and authenticating the user to the subscriber is prone to fraud as usernames and passwords can be fraudulently obtained and used on another communications device.
Alternatively the user's equipment can be used as part of the subscriber's unique identity. For example, a mobile telecommunications device can have a Subscriber Identification Module (SIM) which has a unique network identity—an International Mobile Subscriber Identity (IMSI). Here, the user's network identity can be used to uniquely identify the user to the subscriber service. However, this is also not an ideal solution as is still possible for an unregistered user to modify the IMSI sent from their communications device to the subscriber service to match a registered subscriber's IMSI.
Furthermore, the network identifier does not provide an ideal global solution for international use of the subscriber service. This is because different network identifiers are required for different countries if roaming charges are to be avoided or local access numbers are to be made available.
Registration procedures for subscriber services which exist today to try to mitigate fraud opportunities, are lengthy, complex and require a significant amount of user interaction. Furthermore, these is disadvantaeously a high chance of duplicate account creation when a service is used in a different country.