Security Protocols for Mobile Operator Networks

1. A method implemented by a computer device at a media content provider, the method comprising: establishing a mobile communication link with a mobile device via a communication service provider with which the mobile device is registered for mobile communications, and via at least one roaming node network with which the communication service provider has a roaming service agreement; receiving a security policy request from the mobile device to establish a security policy for end-to-end security of the mobile communication link between the media content provider and the mobile device for data communication security; communicating a security policy response to the mobile device to establish the security policy for the end-to-end security of the mobile communication link; communicating a challenge to the mobile device via the mobile communication link that is secure based on the security policy, the mobile communication link including the roaming node network and a mobile operator network that is managed by the communication service provider; and receiving the challenge back from the mobile device via the mobile operator network and the communication service provider, the challenge including data added by the communication service provider, the added data comprising a billing identifier that is associated with the mobile device, the billing identifier being securely received from the communication service provider via the mobile communication link.

2. A method as recited in claim 1 , wherein the security policy request that is received from the mobile device includes a region code corresponding to the roaming node network.

3. A method as recited in claim 2 , further comprising determining the encryption policy for the roaming node network based on the region code.

4. A method as recited in claim 1 , wherein the security policy request that is received from the mobile device is included with authentication data messages that are communicated between the mobile device and the media content provider.

5. A method as recited in claim 4 , wherein the security policy request includes a region code corresponding to the roaming node network, the region code being included with the authentication data messages.

6. A method as recited in claim 1 , further comprising: receiving an indication that the roaming node network is changing to a different roaming node network to maintain the mobile communication link; and adapting the security policy for the end-to-end security of the mobile communication link for alternative security restrictions of the different roaming node network.

7. A method implemented by a mobile device, the method comprising: establishing a mobile communication link with a media content provider via a communication service provider with which the mobile device is registered for mobile communications, and via at least one roaming node network with which the communication service provider has a roaming service agreement; communicating a security policy request to the media content provider to establish a security policy for end-to-end security of the mobile communication link between the media content provider and the mobile device for data communication security, the security policy request including an encryption policy for the roaming node network that is obtained from a cache stored locally on the mobile device; and receiving a security policy response from the media content provider to establish the security policy for the end-to-end security of the mobile communication link that is adaptable to security restrictions of the roaming node network; receive a challenge from the media content provider via the mobile communication link that is secure based on the security policy, the mobile communication link including the roaming node network and a mobile operator network that is managed by the communication service provider, and communicate the challenge back to the media content prover via the mobile operator network and the communication service provider, the challenge including data added by the communication service provider, the data comprising a billing identifier that is associated with the mobile device.

8. A method as recited in claim 7 , wherein the security policy request further includes a region code that corresponds to the roaming node network.

9. A method as recited in claim 7 , wherein the security policy request and the security policy response are included with authentication data messages that are communicated between the mobile device and the media content provider.

10. A mobile communication system, comprising: a media content provider configured to establish a mobile communication link with a mobile device via a communication service provider with which the mobile device is registered for mobile communications, and via at least one roaming node network with which the communication service provider has a roaming agreement; a security protocol service implemented by a computer device at the media content provider, the security protocol service configured to: receive a security policy request from the mobile device to establish a security policy for end-to-end security of the mobile communication link between the media content provider and the mobile device for data communication security; determine an encryption policy for the roaming node network based on a region code that corresponds to the roaming node network; and initiate communication of a security policy response to the mobile device, the security policy response including the encryption policy that is utilized to establish the security policy for the end-to-end security of the mobile communication link that is adaptable to security restrictions of the roaming node network; communicate a challenge to the mobile device via the mobile communication link that is secure based on the security policy, the mobile communication link including the roaming node network and a mobile operator network that is managed by the communication service provider; and receive the challenge back from the mobile device via the mobile operator network and the communication service provider, the challenge including data added by the communication service provider, the data comprising a billing identifier that is associated with the mobile device, the billing identifier being securely received from the communication service provider via the mobile communication link.

11. A mobile communication system as recited in claim 10 , wherein the security policy request and the security policy response are included with authentication data messages that are communicated between the mobile device and the media content provider.

12. A mobile communication system as recited in claim 10 , wherein the security protocol service is further configured to receive the encryption policy for the roaming node network from the mobile device that maintains a cache of encryption policies stored locally on the mobile device.

13. A mobile communication system as recited in claim 10 , wherein the security protocol service is further configured to receive the region code that corresponds to the roaming node network from the communication service provider.

14. A mobile communication system as recited in claim 10 , wherein the security protocol service is further configured to: receive an indication that the roaming node network is changing to a different roaming node network to maintain the mobile communication link; and adapt the security policy for the end-to-end security of the mobile communication link for alternative security restrictions of the different roaming node network.

15. A mobile communication system as recited in claim 10 , wherein the media content provider is further configured to: communicate a challenge to the mobile device via the mobile communication link that is secure based on the security policy, the mobile communication link including the roaming node network and a mobile operator network that is managed by the communication service provider; and receive the challenge back from the mobile device via the mobile operator network and the communication service provider, the challenge including data added by the communication service provider.