During the manufacturing of relatively complex, software-driven consumer products such as communications units, mobile phones, subscriber devices, or the like, data must be loaded into the product to control operation and provide, for example, an operating software baseline and other data required for operation. For instance, some data may be common to every phone produced by a manufacturer, such as the operating software, while other data, such as configuration data for a mobile service provider network, may be specific to one or a group of phones. Mobile service providers, for example, may require phones programmed with parameters associated with the service provider's particular network and thus groups of phones associated with the mobile service provider will have many of the same programming parameters.
In many mobile phone applications, features are already present in a phone and may be controlled, e.g. enabled and/or disabled, almost exclusively through software based on the services which an individual user or subscriber has paid for. In many service environments such as Global System for Mobile communications (GSM) environments, phone subsidies may be offered to customers by service providers to reduce or eliminate the cost of hardware in exchange for service subscriptions with the service provider offering the subsidy. Data is often stored with such subsidized phones to prevent activation or operation with a non-subsidy service provider.
A configuration programming device generally maintains the configuration information with which each consumer product is to be provisioned. The configuration information includes both the consumer product-specific information and the common consumer product information. The configuration programming device may be located in the factory that manufactures the consumer product or in a service center maintained by service provider. In this way the consumer products may be provisioned with the information by establishing a connection between each consumer product and the configuration programming device.
The configuration programming device thus contains a significant amount of information that needs to be maintained in a secure manner. If the configuration programming device were to be stolen or tampered with, it could be used to provide unauthorized users with access to secure configuration information that could allow them to configure and operate a relatively large number of illegal or otherwise unauthorized consumer products.
Many other scenarios exist when a server performing secure transactions needs to be protected and disabled after it has been stolen. For example, in a factory environment there is often a secure server that loads secret cryptographic information into each manufactured chip, component or a consumer electronics device. If such a server were stolen, it could enable the perpetrator to manufacture illegal devices with stolen device identities.