Secure remote user device unlock

What is claimed is: 1. One or more non-transitory computer-readable media storing computer-executable instructions that upon execution cause one or more processors to perform acts comprising: receiving a carrier unlock request for a user device; determining one or more verifications to be performed based at least on an unlock scenario requested by the carrier unlock request for the user device; performing the one or more verifications to determine whether the user device is eligible for a carrier unlock; and sending an unlock command to the user device in response to determining that the user device is eligible for the carrier unlock, the unlock command to disable a comparison of a device carrier code stored in a memory of the user device to a subscriber identity module (SIM) carrier code stored in a SIM card of the user device, wherein the comparison of the device carrier code stored in the memory of the user device to the SIM carrier code stored in the SIM card is for determining whether the user device is able to initiate a normal boot up to use a wireless network of a wireless communication carrier identified by the SIM carrier code or boot into a limited functionality mode. 2. The one or more non-transitory computer-readable media of claim 1 , further comprising sending an unlock error message to the user device in response to determine that the user device is ineligible for the carrier unlock. 3. The one or more non-transitory computer-readable media of claim 1 , further comprising: receiving a carrier unlock registration request from a device unlock application on the user device, the unlock request including an encrypted device key of the user device and an encrypted modem key of a modem in the user device that are integrity protected by a trusted key of a trusted environment of the user device; and decrypting the encrypted device key into a decrypted device key and the encrypted modem key into a decrypted modem key in response to a validation of the trusted key by a trusted third-party authority as belonging to the user device. 4. The one or more non-transitory computer-readable media claim 3 , wherein the receiving includes receiving the carrier unlock request that is integrity protected by the device key, further comprising using the decrypted device key to validate the carrier unlock request that is integrity protected by the device key. 5. The one or more non-transitory computer-readable media of claim 3 , further comprising providing integrity protection to the unlock command via the decrypted device key and integrity protection to a modem data packet in the unlock command via the decrypted modem key prior to the sending of the unlock command, the integrity protection of the unlock command to be validated by the device unlock application on the user device using the device key, and integrity protection of the modem data packet to be validated by an application in a modem on the user device using the modem key. 6. The one or more non-transitory computer-readable media of claim 5 , wherein the modem data packet includes information that permanently disables the comparison of the device carrier code to the SIM carrier code when the unlock scenario includes a permanent carrier unlock of the user device, or temporarily disables the comparison of the device carrier code to the SIM carrier code for a predetermined period of time when the unlock scenario includes a temporary carrier unlock of the user device. 7. The one or more non-transitory computer-readable media of claim 1 , wherein the determining includes determining the one or more of a plurality of verifications to be performed based on a particular scenario of the carrier unlock, the verifications including verifying at least one of whether the user device is fully paid for, whether a user of the user device has any outstanding service bills, or whether the user is more than a predetermined number of months behind on paying service bills. 8. The one or more non-transitory computer-readable media of claim 1 , wherein the unlock scenario is based on factors that include at least one of whether the carrier unlock is a permanent carrier unlock of the user device or a temporary carrier unlock of the user device, a geographical region specified by the carrier unlock, or an unlock time duration when the carrier unlock is the temporary carrier unlock. 9. The one or more non-transitory computer-readable media of claim 8 , wherein the performing includes performing at least one verification for the permanent carrier unlock that is not performed for the temporary carrier unlock of the user device. 10. A computer-implemented method, comprising: receiving a carrier unlock registration request from a device unlock application on a user device at a server that registers the user device with the server for receiving remote carrier unlock from the server, the carrier unlock registration request including at least an encrypted device key of the user device that is integrity protected by a trusted key assigned to a trusted environment of the user device that is an isolated execution space on the user device, the trusted key being inaccessible to applications stored on the user device that are outside of the isolated execution space and lack privilege to access the isolated execution space via a secure communication channel; and decrypting, at the server, the encrypted device key into a decrypted device key in response to a validation of the trusted key by a trusted third-party authority as belonging to the user device; receiving, at the server, a carrier unlock request for the user device that is integrity protected by the device key; validating, at the server, the carrier unlock request that is integrity protected by the device key using the decrypted device key; and determining, at the server, whether to fulfill the carrier unlock request following a validation of the carrier unlock request via the decrypted device key. 11. The computer-implemented method of claim 10 , wherein the determining includes: ascertaining one or more verifications to be performed by a policy engine based at least on an unlock scenario requested by the carrier unlock request for the user device; performing the one or more verifications to determine whether the user device is eligible for a carrier unlock; and initiating an unlock command for transmission to the user device in response to determining that the user device is eligible for the carrier unlock, the unlock command to disable a comparison of a device carrier code of the user device to a subscriber identity module (SIM) carrier code stored in a SIM card of the user device. 12. The computer-implemented method of claim 11 , wherein the unlock request further includes an encrypted modem key of a modem in the user device that is integrity protected by the trusted key, and the decrypting further includes decrypting the encrypted modem key into a decrypted modem key in response to a validation of the trusted key by the trusted third-party authority as belonging to the user device, further comprising: providing, at the server, integrity protection to the unlock command via the decrypted device key and integrity protection to a modem data packet in the unlock command via the decrypted modem key, the integrity protection of the unlock command to be validated by the device unlock application on the user device using the device key, and the integrity protection modem data packet to be validated by an application in a modem on the user device using the modem key; and sending, from the server, the unlock command to the user device. 13. The computer-implemented method of claim 11 , fu