Secure and convenient management of subscription credentials stands as an ongoing challenge in the field of wireless communications. In some markets, and for some types of devices, device provisioning is done at the point of sale and the device purchaser takes delivery of a fully provisioned device that is ready for network activation/use. Provisioning in this sense includes securely storing subscription credentials in the device, which link the device to a given network service provider (home operator) and allow it to authenticate itself to the operator's home network, and to any number of visited networks, subject to roaming agreements, etc.
With conventional 3G cellular telephones, provisioning is typically accomplished using a Universal Subscriber Identity Module (USIM), an application installed on a Universal Integrated Circuit Card (UICC) provided by the wireless network operator. The USIM/UICC may be inserted into a cellular handset to tie the handset to a particular subscription, thus allowing the handset user to access subscribed services through his home operator's network and, in many cases, through cooperating partner networks. Although reasonably convenient for individual consumers, this approach to provisioning may be impractical for an M2M application where a single entity may deploy hundreds of wireless devices across a large geographical area.
For instance, in some cases a wireless device may be factory installed in a larger piece of equipment (e.g., an automobile), making later insertion of a SIM card impractical or impossible. In other instances, M2M devices may be deployed over a wide geographical area, such that no single wireless operator can provide the needed coverage. In such cases, matching the proper operator-specific USIMs to the correct devices can be problematic. Finally, re-configuring the M2M device, e.g., to transfer the device to a subscription with a different operator, can be expensive, especially when the M2M device is in a remote location.
Other approaches to initial device provisioning are known. Rather than delivering a fully provisioned device to its purchaser, one approach to provisioning provides for the sale and/or distribution of preliminarily provisioned devices. A preliminarily provisioned device includes limited access credentials that are recognized by one or more network operators, and that permit the device to gain temporary network access. Such temporary access credentials may be loaded by the device manufacturer, for example.
Typically, in a separate transaction, the device purchaser will have selected a home operator for the device and activated a subscription for it. The device gains temporary network access using its temporary access credentials to obtain long-term subscription credentials from the selected home operator, or from an associated credentialing service. This arrangement allows devices to be sold in advance of tying them to specific network operators, or to specific subscription arrangements, and it relies on subsequent over-the-air (OTA) provisioning of the devices, based on their ability to gain temporary network access via their limited-used credentials.
The use of temporary credentials offers potentially significant advantages to device purchasers, particularly for some types of devices. For example, a company may purchase many thousands of M2M devices, each holding temporary access credentials. These devices may be held in inventory without incurring subscription charges, and deployed as needed. Moreover, the device owner can select and activate subscriptions for these devices en masse or individually, with one or more network operators, through separate transactions not relying on device connectivity. Once fielded or otherwise deployed, each such M2M device uses its temporary access credentials to gain initial network connectivity, which then allows it to contact a home operator or perhaps a generic registration service having knowledge of its home operator identity. With such access, the device downloads long-term subscription credentials for its home operator, and uses those long-term subscription credentials for any subsequent network access.
However, once devices are subscribed and are operating with long-term subscription credentials, device owners face potentially significant challenges in changing subscription plans, and particularly when changing home operator affiliations. For example, for reasons of cost, size, or both, M2M devices generally lack user interfaces, and they often have limited functionality software/firmware, tailored to their intended installations. Such minimalist implementations can make it difficult to interact with M2M devices, and, in particular, can make it difficult to manage subscription credentials in such devices. For example, it may be difficult for a company to conveniently replace subscription credentials in fielded M2M devices.