Methods and apparatus for delivering electronic identification components over a wireless network

US 10,206,106 B2
Filed: 01/17/2018
Issued: 02/12/2019
Est. Priority Date: 10/28/2010
Status: Active Grant

First Claim

Patent Images

1. A method for enabling a mobile device to access wireless services, the method comprising, at the mobile device:

accessing first identification data associated with a secure element included in the mobile device, wherein;

a core operating system (OS) is pre-loaded onto the secure element and is configured to execute at least one electronic Subscriber Identity Module (eSIM), andthe core OS is missing at least one component;

authenticating with a server using the first identification data to allow the mobile device to access a package that includes the missing at least one component;

receiving the package from the server; and

combining the missing at least one component with the core OS to enable a common OS and the at least one eSIM to be executed to enable the mobile device to access the wireless services.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

Citations

20 Claims

1. A method for enabling a mobile device to access wireless services, the method comprising, at the mobile device:
- accessing first identification data associated with a secure element included in the mobile device, wherein;
  
  a core operating system (OS) is pre-loaded onto the secure element and is configured to execute at least one electronic Subscriber Identity Module (eSIM), andthe core OS is missing at least one component;
  
  authenticating with a server using the first identification data to allow the mobile device to access a package that includes the missing at least one component;
  
  receiving the package from the server; and
  
  combining the missing at least one component with the core OS to enable a common OS and the at least one eSIM to be executed to enable the mobile device to access the wireless services.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - receiving second identification data from the server; and
      
      verifying the second identification data prior to receiving the package.
  - 3. The method of claim 2, wherein the first identification data and the second identification data are based on a cryptographic key protocol.
  - 4. The method of claim 1, wherein the eSIM includes credentials that are associated with a subscriber of a Mobile Network Operator (MNO).

5. An apparatus configurable to operate in a mobile device to enable the mobile device to access wireless services, the apparatus comprising:
- a secure element;
  
  at least one hardware processor; and
  
  at least one memory storing instructions that, when executed by the at least one hardware processor, cause the mobile device to;
  
  access first identification data associated with the secure element, wherein;
  
  a core operating system (OS) is pre-loaded onto the secure element and is configured to execute at least one electronic Subscriber Identity Module (eSIM), andthe core OS is missing at least one component;
  
  authenticate with a server using the first identification data to allow the mobile device to access a package that includes the missing at least one component;
  
  receive the package from the server; and
  
  combining the missing at least one component with the core OS to enable a common OS and the at least one eSIM to be executed to enable the mobile device to access the wireless services.
- View Dependent Claims (6, 7, 8)
- - 6. The apparatus of claim 5, wherein the at least one hardware processor further causes the mobile device to:
    - receive second identification data from the server; and
      
      verify the second identification data prior to receiving the package.
  - 7. The apparatus of claim 6, wherein the first identification data and the second identification data are based on a cryptographic key protocol.
  - 8. The apparatus of claim 5, wherein the eSIM includes credentials that are associated with a subscriber of a Mobile Network Operator (MNO).

9. A method for enabling a mobile device to access wireless services, the method comprising:
- accessing first identification data associated with a secure element included in the mobile device, wherein;
  
  a bootstrap operating system (OS) is pre-loaded onto the secure element and (i) is configured to load a common OS, and (ii) is missing at least one component, andthe common OS is configured to execute at least one electronic Subscriber Identity Module (eSIM);
  
  authenticating with a server using the first identification data to allow the mobile device to access a package that includes the missing at least one component;
  
  receiving the package from the server; and
  
  combining the missing at least one component with the bootstrap OS to enable the common OS and at least one eSIM to be executed to enable the mobile device to access the wireless services.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, further comprising:
    - receiving second identification data from the server; and
      
      verifying the second identification data prior to receiving the package.
  - 11. The method of claim 10, wherein the first identification data and the second identification data are based on a cryptographic key protocol.
  - 12. The method of claim 9, wherein authenticating with the server comprises establishing an authorized data session between the mobile device and the server and performing a mutual verification.
  - 13. The method of claim 12, wherein the mutual verification comprises a cryptographic key protocol.
  - 14. The method of claim 9, wherein the first identification data is an encryption key that is specific to the secure element.

15. An apparatus configurable to operate in a mobile device to enable the mobile device to access wireless services, the apparatus comprising:
- a secure element;
  
  at least one hardware processor; and
  
  at least one memory storing instructions that, when executed by the at least one hardware processor, cause the mobile device to;
  
  access first identification data associated with the secure element, wherein;
  
  a bootstrap operating system (OS) is pre-loaded onto the secure element and (i) is configured to load a common OS, and (ii) is missing at least one component, andthe common OS is configured to execute at least one electronic Subscriber Identity Module (eSIM);
  
  authenticate with a server using the first identification data to allow the mobile device to access a package that includes the missing at least one component;
  
  receive the package from the server; and
  
  combine the missing at least one component with the bootstrap OS to enable the common OS and at least one eSIM to be executed to enable the mobile device to access the wireless services.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, wherein the at least one hardware processor further causes the mobile device to:
    - receive second identification data from the server; and
      
      verify the second identification data prior to receiving the package.
  - 17. The apparatus of claim 16, wherein the first identification data and the second identification data are based on a cryptographic key protocol.
  - 18. The apparatus of claim 15, wherein authenticating with the server comprises establishing an authorized data session between the mobile device and the server and performing a mutual verification.
  - 19. The apparatus of claim 18, wherein the mutual verification comprises a cryptographic key protocol.
  - 20. The apparatus of claim 15, wherein the first identification data is an encryption key that is specific to the secure element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Schell, Stephan V., Mathias, Arun G., Von Hauck, Jerrold, Haggerty, David T., McLaughlin, Kevin, Juang, Ben-Heng, Li, Li
Primary Examiner(s)
Chai, Longbit

Application Number

US15/873,856
Publication Number

US 20180249332A1
Time in Patent Office

391 Days
Field of Search

713169
US Class Current
CPC Class Codes

G06F 21/45   Structures or tools for the...

G06F 21/57   Certifying or maintaining t...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/123   received data contents, e.g...

H04L 63/20   for managing network securi...

H04L 67/34   involving the movement of s...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

H04W 8/205   Transfer to or from user eq...

Methods and apparatus for delivering electronic identification components over a wireless network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for delivering electronic identification components over a wireless network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links