FORM 2
THE PATENTS ACT, 1970
(39 OF 1970)
AND
THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See section 10 and rule 13)
“A SYSTEM AND A METHOD FOR MANAGING A LOCK OF A USER
DEVICE”
We, RELIANCE JIO INFOCOMM LIMITED, an Indian National, of, 3rd Floor, Maker Chamber-IV, 222, Nariman Point, Mumbai- 400021, Maharashtra, India.
The following specification particularly describes the invention and the manner in which it is to be performed.

TECHNICAL FIELD
Embodiments of the present disclosure generally relate to wireless communications. More particularly, the embodiments of the present disclosure relate to a system and a method for managing a lock of a dual SIM user device in a secured manner.
BACKGROUND
In the current scenario, wireless communication networks are widely deployed to provide voice and data services. Moreover, said wireless networks may be capable of supporting multiple users by sharing the available network resources, and may comprise multiple access networks (such as Universal Terrestrial Radio Access Network (UTRAN), Evolved UTRAN (E-UTRAN), Code Division Multiple Access (CDMA) Networks, Time Division Multiple Access (TDMA) Networks, Frequency Division Multiple Access (FDMA) Networks, Orthogonal FDMA (OFDMA) Networks, and Single-Carrier FDMA (SC-FDMA) networks)). Further, with the advent of Long-Term Evolution (LTE), a standard for high-speed wireless communication for mobile phones and data terminals have undergone immense proliferation such that said wireless communication is based on GSM/EDGE and UMTS/HSPA technologies and provide various services like security and locking features.
A basic handheld device, also known as a basic mobile phone or a dumbphone is capable of only voice calling and text messaging. Said phones having a small display screen with low storage memory lack capabilities of smartphones. Further, an enhanced feature phone provides basic multimedia and internet capabilities along with other services offered by the user's wireless service provider. In comparison to the basic handheld devices, the feature phones comprise a backlit LCD screen with a physical keyboard providing more buttons/keys/ports/facilities such as USB port, microSD card slot, a front and rear-facing camera to record video and capture pictures with video calling, a GPS

and NFC. Additionally, the feature phones having 4G capabilities have been further enhanced to make/receive video calls and encompass a rudimentary app store, including basic software such as a calculator program or simple video game.
Going further, a smart mobility wireless cellular connectivity device such as smartphone provides end users with a plurality of 2G, 3G or 4G services with an advanced mobile operating system having combined features of a personal computer operating system and mobile use. Said smartphones have internet access, a touchscreen user interface, third-party apps, music players, cameras possessing high-speed mobile broadband 4G LTE internet with video calling, hotspot functionality, motion sensors, mobile payment mechanisms and enhanced security features with alarm and alert in emergency situations. Further, mobility devices may include smartphones, wearable devices, smart-watches, smart bands, wearable augmented devices. Also, the mobility devices may refer to the feature phones, smartphones or any such device as may be obvious to a person skilled in the art.
The devices have further evolved from a single SIM solution to a multi-SIM solution. Thus, recent development in the technology has provided the users with an option to switch between multi-SIMs by deploying solutions to make dual-SIM devices configured for Dual SIM Dual Standby (DSDS) operation or Dual SIM Dual Active (DSDA). In particular, the dual SIM devices can be DSDS or DSDA. The multi-SIM wireless devices effectively provide users with two phones without the need to carry two separate devices. In recent years, the multi-SIM wireless devices ecosystem have been adapted to provide voice and data services, particularly in countries having various service providers. Among various benefits, one of the benefits using multi-SIM smartphones is that said smartphones allow users to implement different plans/service providers on a single, smartphone, each with separate mobile numbers. Another advantage is that said multi-SIM device allows users to get a new SIM while travelling outside

the operating zones, thereby enabling the users to obtain local SIM cards and pay local call rates in said zones. Also, multiple SIMs allow users to take advantage of different pricing plans for data and voice and save on voice and data usage.
Further, the multi-SIM devices are capable of operating on a variety of service provider networks. In order to personalize a device to a specific service provider and customer, the SIM/SIM card is inserted into the device, wherein the SIM cards comprises data parameters such as home public land mobile network (HPLMN) information, international mobile subscriber identifier (IMSI), and group identifiers (GID1/GID2) are coded with values that bind the handset to the issuing service provider and the customer. Thus, when a service provider sells a bundled service with a device, the user/customer is provided a device with a pre-installed, personalized SIM card, wherein the device is sold to the customers at a loss, called a subsidy (i.e. a substantial investment that the service provider hopes to recover from the customer in the form of service fees).
The subsidy lock ensures that a device, sold to the customer/user, is activated only on subscribing to the service provider's network and not to the competitor's network. To ensure this, a secure carrier code, specific to and known by the subsidizing carrier, is programmed into the device by the device manufacturer before shipping the device in a locked condition. This prevents programming of NAM (Number Assignment Module) of the device without first entering either a valid unlock code or a remove lock code. Subsequently, at the time of device activation and programming of the NAM, the device's ESN (Electronic Serial Number) or International Mobile Equipment Identity (IMEI) is entered into the service provider system which generates a service provider carrier code mapped to ESN or IMEI for executing the subsidy lock module. In an event, the code is given to the user at the service provider's choice, the device executes the same subsidy lock module using the service provider code programmed at the time of manufacturing along with the ESN or IMEI, to calculate the unlock code and the

remove lock code. If the code entered by the user matches the unlock code, NAM programming is allowed to proceed only once, and alternatively, if the entered number matches the remove lock code, the device removes the subsidy lock completely. A device sold without a subsidy lock is called an unlocked device, and the device owner may insert any service operator’s SIM card. The subsidy lock mechanism is controlled by a server entity which triggers the locking or the unlocking mechanism.
There exist several known subsidy lock techniques for locking/unlocking the devices. In one such technique, the capability to manage the subsidy lock is built into the single SIM devices themselves at the time of manufacturing. The network service providers then use such capability to restrict said device’s usage to specific countries/network service providers. However, such a conventional technique is workable only for the single SIM devices and not for the multi-SIM devices. Also, said conventional technique fails to provide the network service provider with a choice of locking the device with a subsidized plan for the multi SIMs devices, since the devices are programmed and shipped by the manufacturer in a locked condition, which prevents programming of the NAM (Number Assignment Module) of the device by the network service provider on multiple SIMs. In addition, said conventional technique fails to provide solutions for dynamically unlocking/locking the devices at a later stage based on a subsidy plan chosen by the customer.
Accordingly, in order to overcome the aforementioned problems inherent in the existing/outgoing solutions, there exists a need of a seamless and efficient mechanism for providing a subsidy lock mechanism for multi-SIM devices based on the subsidy service operator plan selected by the user. Also, there exists a need to provide a secured PIN to the device from the network to protect the device from tampering the subsidy lock.

SUMMARY
This section is provided to introduce certain objects and aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.
Embodiments of the present disclosure may relate to a method for managing a lock of a user device, wherein the user device comprises at least two SIMs, the method being performed by the user device. The method comprising: initialising a subsidy lock unit of the user device in an event at least one of the at least two SIMs of the user device is a valid SIM having a SIM information, wherein the user device is in a locked mode, and the user device is pre-configured with a public key; generating one of a positive response and a negative response based on a comparison of the SIM information with a pre-defined SIM information, wherein the positive response is generated in an event the SIM information matches with the pre-defined SIM information, and the negative response is generated in an event the SIM information does not match with the pre-defined SIM information; transmitting an unlock request to a network entity in an event the negative response is generated, wherein the unlock request comprises the SIM information and the public key; receiving a blob in response to the unlock request of the user device, wherein the blob is received from the network entity, and the blob comprises of at least a payload and a signature; processing the blob based on the public key and a IMEI list pre-stored in the user device and requesting the network entity to manage the lock of the user device, wherein said managing the lock comprises one of locking and unlocking the user device based on said processing.
Further, the embodiments of the present disclosure may relate to a method for managing a lock of a user device, wherein the user device comprises at least two SIMs, the method being performed by a network entity. The method comprising: receiving, from the user device, an unlock request in an event a SIM information

of at least one of the at two least two SIMs matches with a pre-defined SIM information, wherein the unlock request comprises a SIM information and a public key, generating a blob in response to the unlock request of the user device and transmitting the blob to the user device, wherein the blob comprises of at least a payload and a signature ; and managing the lock of the user device, wherein said managing the lock comprises one of locking and unlocking the user device based on processing, of the blob, wherein said processing is based on the public key and an IMEI list pre-stored in the user device .
Furthermore, the embodiments of the present disclosure may encompass a system for managing a lock of a user device, wherein the user device comprises at least two SIMs. The system comprising: the user device comprising: a subsidy lock unit being initialised in an event at least one of the at least two SIMs of the user device is a valid SIM having a SIM information, wherein the user device is in a locked mode, and the user device is pre-configured with a public key; a modem configured to: generate one of a positive response and a negative response based on a comparison of the SIM information with a pre-defined SIM information, wherein the positive response is generated in an event the SIM information matches with the pre-defined SIM information, and the negative response is generated in an event the SIM information does not match with the pre-defined SIM information; and a network entity comprising: a key generating unit configured to: generate a blob in response to an unlock request of the user device, and transmit the blob to the modem, wherein the blob comprises a payload and a signature , and a subsidy lock server configured to manage the lock of the user device, wherein said managing the lock comprises one of locking and unlocking the user device based on processing of the blob, by the modem, said processing based on the public key and an IMEI list pre-stored on the user device wherein the subsidy lock unit is further configured to transmit the unlock request to the subsidy lock server of a network entity in an event the negative

response is generated, wherein the unlock request comprises the SIM information and the public key.
BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components or circuitry commonly used to implement such components.
FIG.1 illustrates a system architecture [100] for managing a lock of a user device [110], wherein the user device [110] comprises at least two SIMs [102A, 102B] in accordance with an embodiment of the present disclosure.
FIG.2 (FIG.2(i), FIG.2(ii), FIG.2(iii)) illustrates an exemplary method flow diagram comprising the method [200] for managing a lock of a user device [110], wherein the user device [110] comprises at least two SIMs [102A, 102B] in accordance with an embodiment of the present disclosure.
FIG.3 (FIG.3(i) and FIG.3(ii)) illustrates an exemplary method flow diagram [300] for generating a private key and transmitting the encrypted private key to the user device [110], in accordance with an exemplary embodiment of the present disclosure.
FIG.4 illustrates an exemplary PKBDF2 Hash algorithm implementation at both server and user device to determine whether the device needs to be unlocked or not in accordance with an exemplary embodiment of the present disclosure.

FIG.5 illustrates an exemplary signalling flow diagram [500] for securing the hashed PIN and the salt value, and storing the public key in the user device [110], in accordance with an exemplary embodiment of the present disclosure.
FIG.6 illustrates an exemplary data format of a blob, in accordance with exemplary embodiments of the present invention.
DETAILED DESCRIPTION
In the following description, for the purposes of explanation, various specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter can each be used independently of one another or with any combination of other features. An individual feature may not address any of the problems discussed above or might address only one of the problems discussed above. Some of the problems discussed above might not be fully addressed by any of the features described herein. Example embodiments of the present disclosure are described below, as illustrated in various drawings in which like reference numerals refer to the same parts throughout the different drawings.
Embodiments of the present disclosure may relate to a system and a method for managing a lock of a user device (locked) being pre-configured with a public key. The system comprises a network entity and a user device (comprising at least two subscriber identity modules (SIMs) configured inside the user device) for providing functionalities in accordance with the present disclosure. In an event the user device is in the locked mode, the user device may check whether any of the at least two SIMs is valid, i.e. a whitelisted SIM, wherein said SIM comprises a SIM information. In an event there is more than one valid SIM, the user device may select one of said valid SIMs as a primary SIM based on a default data service selected by the user. Thereafter, on detecting the valid SIM, the user

device may compare the SIM information of the valid SIM with a pre-defined SIM information stored at the user device. In an event the SIM information does not match with the pre-defined SIM information, the user device may transmit an unlock request to the network entity. Thereafter, on receiving the unlock request from the user device, the network entity may generate a blob comprising a payload and a signature, wherein the signature is generated by hashing the payload and subsequently encrypting the same with a private key. The network entity then transmits the blob to the user device. On receiving the blob, the user device processes the blob based on a public key and an IMEI list pre-stored on the user device. The user device may then transmit the result of such processing to the network entity basis to which the network entity locks or unlocks the user device.
The user device as used herein may refer to any computing device operable with one or more subscriber identity module (SIM), wherein the subscriber identity module comprises a SIM information. The user device is pre-configured with a public key that may be shared with a network operator. In addition, the user device may be in a locked mode. Further, the user device includes, but not limited to, a smartphone, a mobile phone, a tablet, a phablet and any such device as obvious to a person skilled in the art. Furthermore, the user device may comprise an input means such as a processor, an operating system, a memory unit, a display interface, etc. which functions/communicates with network entities such as base station or any such network entity as may be obvious to a person skilled in the art.
The public key, as used herein, may refer to a unique key configured in the user device. The public key may be pre-configured at the user device at the time of device manufacturing. Further, the public key must be shared with the ODM/OEM to facilitate verification of the signature (blob) by the user device. Thus, the public key may only be used for data integrity check i.e. for checking

whether the data/information received from the network/network entity is authorised.
The public key may refer to an authentic information relating to the subsidy lock server as an authentic source as it processes the corresponding private key. In an embodiment, the public key may be pre-configured at a storage unit of the user device. In another embodiment, said public key may be generated by the network entity before pre-configuring the key at the user device.
The locked mode of the user device as used herein may be defined with four states based on the inputs of the network operator in accordance with the 3GPP specification. Accordingly, said four states/modes of the locked mode may be as follows, wherein in one embodiment, the user device may be in one of the subsidy lock mode, subsidy lock single sim mode and open market mode by default:
1. Locked Devices (Subsidy lock)
In this mode, if one of the at least two SIMs is the valid SIM, then the other SIM (non-valid SIM) of any other carrier may be allowed only for audio/voice services such as call and SMS. Alternatively, if no SIM is valid, then no other SIM may be allowed to latch/connect on the network. In another instance, if the user device having no SIM is in the locked state, then the user device may be connected to the network only through a Wi-Fi pairing and may not be used for any other service.
2. Open Market (Unlocked)
In this mode, both SIMs of the user device may belong to any carrier without any restrictions. Further, in a few instances, the mode/state of the user device may be changed to subsidy lock mode during the sale process or any subscriber plan activation. However, in case the user device is sold with a subsidy term, a Point of Sales (POS) may be triggered

to enable the subsidy lock mode, wherein the POS may be used in retail shops for billing purposes.
3. Subsidy lock Single SIM
In this mode, only one of the at least two SIMS may be allowed to latch to the network in an event said SIM is the valid SIM.
4. Locked state
In this mode, the user device may be locked, and the services of the non-valid SIM may be disabled. Said non-valid SIM might not be allowed to latch to the network, since the network plan/subscriber plan of the valid SIM is expired, thereby resulting in need of SIM recharge.
In another embodiment where the user device is not locked by the Original Design Manufacturer (ODM)/ Original Equipment Manufacturing (OEM) during manufacturing such that a similar unlocked inventory can be used for unlocking, the user device may contact the network entity at a later stage and get itself subsidy lock unlocked. However, in such instance, if the service parameters of the user device are not valid/authentic, then the user device may not be unlocked using the same inventory.
The service parameters, as used herein, may refer to network settings. In particular, the service parameters may comprise at least one of a subscriber plan, a subsidy service operator plan and recharge plan.
The valid SIM as used herein may refer to a SIM being approved and registered by the network. Also, the valid SIM may refer to a SIM whose MCC/MNC is present in the whitelisted MCC/MNC of the user device as a result of which the user device with said valid SIM is allowed to initiate latching/camping process to the respective network. In an embodiment, the valid SIM may comprise an IMS software module. Further, the terms valid SIM and whitelisted SIM are interchangeably used throughout the specification.

The unlock request as used herein may refer to a request for unlocking the user device and may further include, but not limited to, the SIM information and the public key.
The network entity, as used herein, may comprise one or more components of an IMS network. Further, the network entity may refer to one of an eNodeB, a Base Transceiver Station (BTS), Base Station Controller (BSC) and a Radio Network Controller (RNC). Furthermore, the network entity may communicate with the user device through a wireless LAN network. In a preferred embodiment, the user device and the network entity may be synced periodically.
The private key, as used herein, may refer to a key generated by the network entity. The service parameters as used herein may include, but not limited to, a subscriber plan and a subsidy service operator plan. Further, said key may be in encrypted form and may include, but not limited to, a signature, a timestamp and a subsidy lock configuration. The signature as used herein may refer to authenticity of the subsidy lock server. The timestamp, as used herein, may be used to validate the blob generation time. The subsidy lock configuration as used herein may refer to - states/modes of the locked mode such as subsidy lock, subsidy lock Single SIM, locked state and open market.
The SIM information, as used herein, may refer to information related to the valid SIM of the user device. Said SIM information may include, but not limited, an international mobile subscriber identifier (IMSI), an IP Multimedia Private Identity (IMPI), an international mobile equipment identity (IMEI), an electronic serial number (ESN), a home public land mobile network (HPLMN) and a group identifier (GID1/GID2).
FIG.1 illustrates a system architecture [100] for managing the lock of the user device [110] in accordance with an embodiment of the present disclosure. As illustrated, the system [100] may comprise the user device [110] and the network entity [120] connected to each other through the wireless LAN network.

In a preferred embodiment, the user device [110] and the network entity [120] may be synced periodically. The user device [110] may comprise the at least two SIMs [102A, 102B], a subsidy lock unit [104], a modem [106] and a storage unit [108], wherein the user device [110] may be pre-configured with the public key generated by the network entity [120]. The network entity [120] may comprise a key generating unit [112] and a subsidy lock server [114]. The user device [110], the network entity [120] and the sub-components therein may be configured to work in conjunction and provide respective functionalities in order to achieve the objective of the present disclosure. Also, the subcomponents/terms of the user device [110] and the network entity [120] may be structural terms. Further, in an embodiment, the system [100] may be located at the user device [110] or at the network entity [120].
Further, in an event, at least one of the at least two SIMs [102A, 102B] of the user device [110] is the valid SIM [for e.g. 102A] having the SIM information, the user device [110] being in the locked mode may be configured to initialise the subsidy lock unit [104] of the user device [110]. In an event each of the at least two SIMs [102A, 102B] is valid, the subsidy lock unit [104], pursuant to initialisation, may be configured to select one of the at least two valid SIMs [102A, 102B] as a primary SIM [for e.g. 102A] for achieving the objective of the present disclosure. In such event of both the SIMs [102A, 102B] being whitelisted/valid, the second SIM [for e.g. 102B] from the at least two SIMs [102A, 102B] is configured to performed functions in accordance with the present disclosure only in the event the first SIM [for e.g. 12A] is valid/whitelisted. In an embodiment, the primary SIM [for e.g. 102A] may be selected from the at least two SIMs [102A, 102B] based on the default data service selected by the users. Further, on getting initialised, the subsidy lock unit [104] may be configured to internally communicate with the modem [106] to share the SIM information of the valid SIM [for e.g. 102A] or the primary SIM [for e.g. 102A].

On receiving said SIM information, the modem [106] may be configured to compare the SIM information of the valid SIM [for e.g. 102A] with the pre-defined SIM information, wherein the pre-defined SIM information is defined by one of the network operator and the user of the user device [110] based on the decision relating to which MCC/MNC values, network ID, network group ID are needed to be whitelisted., Further, said information may be stored at the memory unit [108] of the user device [110]. Based on said comparison, the modem [106] may be configured to generate one of a positive response and a negative response, wherein the positive response may be generated in an event the SIM information of the valid SIM [for e.g. 102A] matches with said pre¬defined SIM information, and the negative response may be generated in an event the SIM information of the valid SIM [for e.g. 102A] does not match with said pre-defined SIM information. In an event the negative response is generated, the subsidy lock unit [104] may be configured to transmit the unlock request to the key generating unit [112] of the network entity [120] for unlocking the lock of the user device [110], wherein the unlock request comprises the SIM information of the valid SIM [for e.g. 102A] and the public key.
On receiving the unlock request from the subsidy lock unit [104], the key generating unit [112] of the network entity [120] may be configured to create a blob and transmit the blob to the user device [110] over an OMA-DM mechanism or any such mechanism as may be obvious to a person skilled in the art, wherein the blob may further comprise the payload (in text format), the signature, the timestamp and the subsidy lock configuration. In an embodiment, the signature is generated by hashing the payload and subsequently encrypting said hashed payload with the private key being already generated by the network entity [120]. Thereafter, the key generating unit [112] may be configured to transmit the blob to the user device [110].
On receiving the blob from the key generating unit [112], the modem [106] may be configured to process the blob based on the public key and a pre-stored IMEI

list of the user device [110]. In an embodiment, processing of the blob includes parsing the blob to derive a hash and verify the signature and the hash based on a public key. Upon successful verification, the modem [106] is also configured to extract a unique ID from the payload of the blob and check if such extracted unique ID belongs to the user device [110]. The modem [106] is further configured to extract a Hash PIN and Salt value from the payload of the blob, in case it is determined that the extracted unique ID belongs to the user device [110]. The modem [106] is further configured to compare the extracted Hash PIN and Salt value with the pre-stored Hash PIN and Salt value in the IMEI list of the user device [110]. The subsidy lock unit [104] is configured to transmit the result of such comparison to the subsidy lock server [114] of the network entity [120]. On receiving the comparison result from the subsidy lock unit [104], the subsidy lock server [114] may be configured to manage the lock of the user device [110]. In an embodiment, the subsidy lock server [114] may be configured to manage the lock of the user device [110] based on said service parameters including, but not limiting to, user SIM recharge plan of the network operator.
Once the user device [110] is unlocked, the subsidy lock unit [104] may be configured to initiate a bootstrapping process with the subsidy lock server [114]. In an embodiment, the user device [110], in order to initiate the bootstrapping process, may ping to the subsidy lock server [114] on a regular interval (for e.g. 30 days) to make sure the user device [110] is part of the ecosystem and can be locked whenever required.
However, in an event the positive response is generated by the modem [106], the modem [106] may be configured to transmit an attach request to the subsidy lock server [114] of the network entity [120] for establishing a connection with the network entity [120], wherein the attach request comprises the SIM information of the valid SIM [for e.g. 102A]. On receiving the attach request, the subsidy lock server [114] may be configured to transmit one of an attach accept and an attach reject to the modem [106]. The attach accept is transmitted to the

modem [106] in an event the network entity [110] accepts said attach request of the modem [106], while the attach reject is transmitted in an event the network entity [110] rejects said attach request of the modem [106]. On receiving the attach accept, the modem [106] may be configured to store the updated SIM information at the storage unit [108] of the user device [110].
In an embodiment, if the user wishes to enter into a subsidy period, the user may inform the network operator and subsequently indulge a subsidy contract for the user device [110] based on a particular subscriber plan.
Further, the present disclosure encompasses preventing frequent locking of the user device [110] having a valid combination of the at least two SIMs [102A, 102B] in an event the user device [110] is in mobility and frequently travels out of service/coverage in the valid/whitelisted network. Thus, if the user device [110] with the valid SIM [for e.g. 102A] travels to the no-coverage area, the user device [110] may be still configured to function normally with the other SIM [for e.g. 102B] which may or may not be valid. However, if any one of the at least two SIMs [102A, 102B] is changed, the user device [110] may not be able to function properly without again latching to the network.
Furthermore, the present disclosure encompasses managing the lock of the user device [110] in an event of international roaming. Thus, in an event when the user device [110] having the at least one valid SIM [for e.g. 102A] travels from a home network to a foreign/international network and the home IMSI may be switched to a broker IMSI, the modem [106] of the user device [110] may be configured to check whether or not the broker IMSI is valid/whitelisted. In an exemplary embodiment, the modem [106] may be configured to verify whether or not Mobile Network Code (MNC) and Mobile Country Code (MCC) of the valid SIM [for e.g. 102A] are valid/whitelisted. In an event the MCC and MNC are valid/whitelisted, the modem [106] may be configured to retrieve first four digits of an Elementary File- Integrated Circuit Card Identifier (EF-ICCID) of the valid SIM [for e.g. 102A] and subsequently retrieve three digits from the ICCID, and

compare retrieved details with the MNC of the valid SIM [for e.g. 102A]. The ICCID may not change if the IMSI is switched to the broker IMSI. In another embodiment, the MNC of the valid SIM [for e.g. 102A] and MNC of the broker SIM are different, the modem [106] may be configured to whitelist the IMPI, MNC and MCC of the broker SIM. In an event the broker IMSI is valid, the user device [110] may be configured to be locked and latch onto the foreign/international network, while in another event if the broker IMSI is not valid, the user device [110] may not be able to get unlocked and may not be able to attach to the foreign/international network.
FIG.2 illustrates an exemplary method flow diagram comprising the method [200] for managing the lock of a user device [110] in accordance with an embodiment of the present disclosure, wherein the user device [110] may comprise at least two SIMs [102A, 102B]. The method [200] may initiate at step 202 where one of the at least two SIMs [for e.g. 102A] is valid, and the user device [110] may be in the locked mode.
At step 204, the user device [110] may initialise the subsidy lock unit [104] of the user device [110] in the event at least one of the at least two SIMs [102A, 102B] of the user device [110] is the valid SIM [for e.g. 102A]. The subsidy lock unit [104], pursuant to the initialisation, may check if there is more than one valid SIM. In an event each of the at least two SIMs [102A, 102B] is valid, the method [200] may lead to step 206. Alternatively, in the event of one SIM being the valid SIM [for e.g. 102A], the method [200] may lead to step 208. Further, the subsidy lock unit [104] may share the SIM information of the valid SIM [for e.g. 102A] with the modem [106].
At step 206, the subsidy lock unit [104] may select one of the at least two valid SIMs [102A, 102B] as a primary SIM [for e.g. 102A] for achieving the objective of the present disclosure. In an embodiment, the primary SIM [for e.g. 102A] may be selected from said at least two SIMs [102A, 102B] based on the default data service selected by the users. Further, the subsidy lock unit [104] may share the

SIM information of the primary SIM [for e.g. 102A] with the modem [106] which is the valid SIM.
At step 208 and pursuant to the accomplishment of one of the step 204 and the step 206, the modem [106] may compare the SIM information of the valid SIM [for e.g. 102A] with the pre-defined SIM information. In an event the SIM information of the valid SIM [for e.g. 102A] matches with the pre-defined SIM information, the modem [106] may generate the positive response and the method [200] may lead to step 228. Alternatively, in the event where the SIM information of the valid SIM [for e.g. 102A] does not match with the pre-defined SIM information, the modem [106] may generate the negative response and the method [200] may lead to step 220. Further, the result of said comparison may be shared with the subsidy lock unit [104].
At step 220, an unlock request is sent from the subsidy lock unit [104] to the subsidy lock server [114]. If the user device [110] is eligible for unlocking, the method proceeds to step 222, wherein the subsidy lock server [114] creates a message with unlock command in the payload. On the other hand, if the user device [110] is not eligible for unlocking, the subsidy lock server [114] may create a message with lock command in the payload at step 224.
At step 228, when the positive response is generated by the whitelisted SIM, the user device [110] may transmit the attach request to the subsidy lock server [114] of the network entity [120] for establishing a connection with the network entity [120], wherein the attach request comprises the SIM information of the valid SIM [for e.g. 102A].
At step 230, in response to the attach request from the whitelisted SIM, an attach accept or attach reject is received at the user device [110]. In an event the attach accept is received, the method [200] may lead to step 232. Alternatively, in the event the attach reject is transmitted, the method [200] may lock the device and terminate at step 234.

At step 232, on receiving the attach accept from the subsidy lock server [114], the modem [106] may establish a connection with network entity [120] and may store the updated SIM information at the storage unit [108] of the user device [110]. The attach accept may be transmitted in an event the network entity [120] accepts the attach request of the modem [106] of the user device [110].
Further, FIG.3 (FIG.3(i) and FIG.3(ii)) illustrates an exemplary method flow diagram [300] for processing the unlock request sent to the network entity [120], in accordance with an exemplary embodiment of the present disclosure. Referring to Figure 3(i), the method [300] may initiate at step 302 and proceed to step 304 where the key generating unit [112] of the network entity [120] may be configured to generate a hash (H) from the message generated by the network entity in step 234, wherein the message includes one of a lock and unlock command in the payload of the message. In an embodiment, the key generating unit [112] may generate a hash (H) using a Secure Hash Algorithm (SHA).
At step 306, the key generating unit [112] may encrypt the generated hash (H) with the private key to generate a signature (S), wherein the hash (H) may be encrypted using the RSA technique.
At step 308, the key generating unit [112] may append the generated signature (S) to the private key to create the blob (B). Thus, the blob (B) = hash (H) + signature (S).
At step 310, the key generating unit [112] may transmit the generated blob (B) to the modem [106] of the user device [110]. The blob may comprise the payload, the signature, the timestamp and a subsidy lock configuration. In an embodiment, the signature is generated by hashing the payload and subsequently hashing the payload and encrypting said hashed payload with the private key being already generated by the network entity [120].
At step 312, the modem [106] of the user device may parse the payload from the blob (B) and derive the hash (H) using the SHA 256 technique.

At step 314, the modem [106] may verify said derived hash (H) payload, and the signature (S) using the public key, wherein said public key is already generated beforehand by the key generating unit [112] of the network entity [120]. In an event of unsuccessful verification, the method [300] may lead to step 316 where the modem [106] may reject said blob (B) and transmit an error to the network entity [110]. Alternatively, in an event of successful verification, the method [300] may lead to step 318 where the modem [106] may further check the payload of the blob and the method [300] may lead to step 320.
At step 320, the modem [106] may be configured to check unique ID in the payload. In an event the unique ID corresponds to the ID of the user device [110], the method [300] may lead to step 322 or else the method [300] may lead to step 326.
At step 322, the modem [106] may be configured to compare the hashed pin and the salt with the pre-stored hashed pin and salt. The pre-stored Hash PIN and Salt are stored in the IMEI list of the user device [110]. In an event, the comparison is successful; the method [300] may lead to step 324 or else the method [300] may go to step 326.
At step 324, modem [106] may transmit the result of the comparison to the subsidy lock server [114], which may unlock the user device [110].
At step 326, the modem [106] may transmit an error to the network entity [110]. The method [300] may then terminate at step 328.
Further, the present disclosure encompasses generation of the private key by the modem [106]. Said private key may be generated based on the public key configured at the user device [110] and the SIM information of the valid SIM [for e.g. 102A]. In particular, FIG.4 illustrates PKBDF2 Hash algorithm implementation at both network entity [120] and user device [110]. A PBKDF2 module [410] may be configured to receive a random PIN and a ‘c’ iteration count, wherein the PIN is one of a 16 digit random numeric number and an 8 digit alpha-numeric random

number. In an embodiment, the ‘c’ iteration count may refer to a number of time the hashing process will be repeated. In an embodiment, the PBKDF2 module [410] may be one of a software, a hardware or a combination thereof. Additionally, as shown in Fig. 4, the PBKDF2 module [410] may be implemented at one of the network entity [120] and user device [110] for locking/unlocking. Further, based on said PIN and the hash value, the PBKDF2 module [410] may be configured to produce/output a 128-bit random number (i.e. salt value which is an additional input for hashing data/PIN) and a hashed PIN. In an embodiment, the PBKDF2 module [410] may be configured to apply a pseudorandom function (such as hash-based message authentication code (HMAC)) to the PIN and the salt value and repeat said process of applying the pseudorandom function for ‘c’ iterations in order to produce a derived output key which may be used as a cryptographic key in subsequent operations. In an embodiment, the PIN may be encrypted based on one of the RSA technique, the SHA technique and the PBKDF2 technique. Pursuant to the encryption of the private key, the modem [106] may be configured to transmit the outputs, i.e. the PIN and the hash value to the network entity [110] and the ODM/OEM. In an exemplary embodiment, the output keys may be transmitted to the network entity [120] through an HTTP connection in the form of a blob. In an embodiment, the ‘c’ iteration count may be updated/modified by the ODM/OEM.
Further, the generated keys are sent to the ODM/OEM to inject into the device during the factory process. In a local unlock mechanism, if the user enters a PIN manually to unlock the device, the PIN and the iteration count (injected during factory process) is inputted to the PBKDF2 module, which will generate its own hashed PIN and salt. This new generated hashed PIN and salt are compared with the injected hashed PIN and salt and if matched will unlock the device and inform subsidy lock server. On receipt of the success indication, the server generates a new PIN and input it with iteration count to generate new hashed

PIN and salt and transmit it to the user device. This process is done to invalidate the old success PIN.
FIG.5 illustrates an exemplary embodiment of the present disclosure that encompasses a signalling flow diagram [500] for securing the hashed PIN and the salt value and storing the public key in the user device [110] by the OEM, in accordance with the embodiments of the present disclosure. The following steps describe the details of securing the hashed PIN and the salt value, and storing the public key in the user device [110]:
At step 502, the OEM may generate an IMEI list for the user device [110]. In an embodiment, the IMEI list comprises IMEIs of the user device [110], hashed PIN, iteration count, salt and the public key mapped to IMEI number of the user device [110].
At step 504 and pursuant to the accomplishment of step 502, the OEM may transmit a request to the network operator for transmitting the keys, i.e. hashed PIN and the salt value, wherein the request comprises said IMEI list.
At step 506, the network operator may verify the IMEI list received from the OEM, and may store the IMEI list.
At step 508, the network operator may transmit the IMEI list, pursuant to the verification, to the subsidy lock server [114] of the network entity [120].
At step 510, the subsidy lock server [114] may assign the hashed PIN and the salt value to the IMEI list. In an embodiment, the assigning of the hashed PIN and the salt value may be generated as an output of the PBKDF2 technique.
At step 512, the subsidy lock server [114] may generate at least one of the private key and the blob based on the hashed PIN and the salt value.
At step 514, the subsidy lock server [114] may transmit at least one of the private key and the blob to the OEM.

At step 516, the OEM may store at least one of the private key and the blob at the user device [110] during the device manufacturing.
FIG.6 illustrates the data format of the blob in accordance with an exemplary embodiment of the present disclosure. The Blob comprises at least a Payload and a signature. The signature is generated by hashing the Payload and then encrypting it with the Private Key using the RSA algorithm with a private key (already generated beforehand by the network entity). The blob further comprises of the unique identifier of the user device, the lock/unlock status, output data of PKBDF2 Hash algorithm and network service parameters. The unique identifier of the user device further comprises of IMEI/Serial No. etc. and the output data of PKBDF2 Hash algorithm comprises of PIN, Hashed PIN, salt and Iteration count. The network service parameters comprise of MCC & MNC of network and network group ID.
It will be appreciated by those skilled in the art that the data format of data blob is only exemplary, and the blob may be in another format, and all such formats are encompassed by the present disclosure.
Therefore, the present disclosure encompasses a mechanism for managing the lock of the user device [110] by communicating the private key and other information between the user device [110] and the network entity [120], thereby requesting the network entity [120] to manage the lock of the user device [110] by one of locking and unlocking the user device [110], wherein the user device [110] comprises at least two SIMs [102A, 102B]. Also, the present disclosure encompasses dynamically locking of the user device [110] during device manufacturing and unlocking the user device [110] at a later stage based on the setting parameters.
Though a limited number of the user device [110], the subsidy lock unit [104], the modem [106], the storage unit [108], the PBKDF2 Module [410], the network entity [120], the key generating unit [112], the subsidy lock server [114] and the

subcomponents/modules/circuits, if any, therein have been shown in the figures; however, it will be appreciated by those skilled in the art that the system [100] of the present disclosure encompasses any number and varied types of the components/modules/circuits and other components/sub-systems as may be obvious to person skilled in the art.
While considerable emphasis has been placed herein on the disclosed embodiments, it will be appreciated that many embodiments can be made and that many changes can be made to the embodiments without departing from the principles of the present disclosure. These and other changes in the embodiments of the present disclosure will be apparent to those skilled in the art, whereby it is to be understood that the foregoing descriptive matter to be implemented is illustrative and non-limiting.

We Claim:
1. A method for managing a lock of a user device [110], wherein the user device [110] comprises at least two SIMs [102A, 102B], the method being performed by the user device [110], the method comprising:
- initialising a subsidy lock unit [104] of the user device [110] in an event at
least one of the at least two SIMs [102A, 102B] of the user device [110] is a
valid SIM [for e.g. 102A] having a SIM information, wherein
the user device [110] is in a locked mode, and
the user device [110] is pre-configured with a public key;
- generating one of a positive response and a negative response based on a
comparison of the SIM information with a pre-defined SIM information,
wherein
the positive response is generated in an event the SIM information matches with the pre-defined SIM information, and
the negative response is generated in an event the SIM information does not match with the pre-defined SIM information;
- transmitting an unlock request to a network entity [120] in an event the negative response is generated, wherein the unlock request comprises the SIM information and the public key;
- receiving a blob in response to the unlock request of the user device [110] from the network entity [120], wherein
the blob comprises of at least a payload and a signature; and
- processing the blob based on the public key and an IMEI list pre-stored on the user device [110]; and
- enabling the network entity [120] to manage the lock of the user device [110], wherein said managing the lock comprises one of locking and unlocking the user device [110] based on said processing.

2. The method as claimed in claim 1, further comprising selecting one of the valid SIM [for e.g. 102A] from the at least two SIMs [102A, 102B] of the user device [110] if each of the at least two SIMs [102A, 102B] is valid.
3. The method as claimed in claim 1, further comprising:

- transmitting an attach request to a network entity [120] for establishing a connection with the network entity [120], wherein the attach request is transmitted in an event the positive response is generated,
- receiving one of an attach accept and an attach reject from the network entity [120], and
- storing the SIM information at the user device [110] in an event the attach accept is received from the network entity [120].

4. The method as claimed in claim 1, wherein the locked mode of the user device [110] may refer to one of a locked device mode, open market mode, a subsidy lock Single SIM mode and a locked state mode.
5. The method as claimed in claim 1, wherein the SIM information comprises at least one of an international mobile subscriber identifier (IMSI), an IP Multimedia Private Identity (IMPI), an international mobile equipment identity (IMEI), an electronic serial number (ESN), a home public land mobile network (HPLMN) and a group identifier (GID1/GID2).
6. The method as claimed in claim 1, wherein the encrypted private key
comprises at least one of a signature, a timestamp and a subsidy lock
configuration.
7. The method as claimed in claim 1, wherein the service parameters of the user
device [110] comprises at least one of a subscriber plan, a subsidy service
operator plan.

8. A method for managing a lock of a user device [110], wherein the user device
[110] comprises at least two SIMs [102A, 102B], the method being performed by
a network entity [120], the method comprising:
- receiving, from the user device [110], an unlock request in an event a SIM information of at least one of the at two least two SIMs [102A, 102B] does not match with a pre-defined SIM information, wherein the unlock request comprises a SIM information and a public key,
- generating and transmitting a blob in response to the unlock request of the user device [110] wherein the blob comprises of at least a payload and a signature; and
- managing the lock of the user device [110], wherein said managing the lock comprises one of locking and unlocking the user device based on processing, of the blob, by the user device [110], based on the public key and an IMEI list pre-stored on the user device [110].
9. The method as claimed in claim 10, further comprising:
- receiving an attach request from the user device [110] for establishing a connection with the network entity [120], wherein the attach request is received in an event the positive response is generated, and
- transmitting one of an attach accept and an attach reject to the user device [110].
10. A system [100] for managing a lock of a user device [110], wherein the user
device [110] comprises at least two SIMs [102A, 102B], the system [100]
comprising:
- the user device [110] comprising:
a subsidy lock unit [104] being initialised in an event at least one of the at least two SIMs [102A, 102B] of the user device [110] is a valid SIM [for e.g. 102A] having a SIM information, wherein

the user device [110] is in a locked mode, and
the user device [110] is pre-configured with a public key;
a modem [106] configured to:
generate one of a positive response and a negative response based on a comparison of the SIM information with a pre-defined SIM information, wherein
the positive response is generated in an event the SIM information
matches with the pre-defined SIM information, and
the negative response is generated in an event the SIM information
does not match with the pre-defined SIM information; and
- a network entity [120] comprising:
a key generating unit [112] configured to:
generate and transmit a blob in response to the unlock request of the user device [110] wherein the blob comprises of at least a payload and a signature
a subsidy lock server [114] configured to manage the lock of the user device [110], wherein said managing the lock comprises one of locking and unlocking the user device [110] based on processing of the blob, by the modem [106], said processing based on the public key and an IMEI list pre-stored on the user device [110], wherein
the subsidy lock unit [104] is further configured to transmit the unlock request to the subsidy lock server [114] of a network entity [120] in an event the negative response is generated, wherein the unlock request comprises the SIM information and the public key.

11. The system [100] as claimed in claim 12, wherein the subsidy lock unit [104] is further configured to select one of the valid SIM [for e.g. 102A] from the at least two SIMs [102A, 102B] of the user device [110] if each of the at least two SIMs [102A, 102B] is valid.
12. The system [100] as claimed in claim 12, wherein the subsidy lock server [114] is further configured to transmit one of an attach accept and an attach reject.
13. The system [100] as claimed in claim 12, wherein the modem [106] is further configured to:

- transmit an attach request to the subsidy lock server [114] of the network entity [120] for establishing a connection with the network entity [120], wherein the attach request is transmitted in an event the positive response is generated by the user device [110],
- receive one of the attach accept and the attach reject from the subsidy lock server [114], and
- store the SIM information at the user device [110] in an event the attach accept is received from the subsidy lock server [114].

14. The system [100] as claimed in claim 12, wherein the user device [110] and the network entity [120] are synced periodically.
15. The system [100] as claimed in claim 12, wherein the network entity [120] is one of an eNodeB, a network server, a base transceiver station (BTS), base station controller (BSC) and a radio network controller (RNC).