Apple Inc.
Secure control of profile policy rules

Abstract:

A secure element (SE) in a device processes profile policy rule (PPR) update information received in a message. The SE uses a rule authorization table (RAT), when processing the message, to control whether a PPR ON/OFF state will be adjusted. The PPR information identifies a profile. For example, a mobile network operator (MNO) in control of the profile may specify a policy indicating that the profile is to be deleted when the profile is disabled. The SE consults the RAT to determine verification rules for the identified policy. In some embodiments, public key infrastructure techniques authenticating a signature are used to verify that the MNO has signed the message. If the signature fails the verification, no change is made to the PPR ON/OFF state.