Methods and apparatus for providing management capabilities for access control clients

US 10,271,213 B2
Filed: 05/04/2012
Issued: 04/23/2019
Est. Priority Date: 05/06/2011
Status: Active Grant

First Claim

Patent Images

1. A wireless apparatus, comprising:

a wireless interface; and

a secure element comprising;

a secure processor, anda software platform comprising a plurality of credentials, wherein;

i) an access control client (ACC) is present on the secure element,ii) the plurality of credentials are each associated with corresponding functional capabilities, andiii) the plurality of credentials comprises a profile policy credential for the ACC and enabling alteration of a profile policy for the ACC related to a network carrier lock for the ACC,wherein the secure processor is configured to;

evaluate, based on the plurality of credentials, a first credential received by the wireless apparatus in a request, andwhen the evaluation indicates that an activity is authorized;

perform the activity with respect to the ACC on the secure element.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for managing access control clients (e.g., electronic Subscriber Identity Modules (eSIMs)). In one embodiment, secure elements (e.g., electronic Universal Integrated Circuit Cards (eUICCs)) and management entities of secure elements are associated with credentials. Post-deployment managerial operations can be executed, by transmitting the requested operation with the appropriate credentials. For example, a device can receive secure software updates to electronic Subscriber Identity Modules (eSIMs), with properly credentialed network entities.

Citations

20 Claims

1. A wireless apparatus, comprising:
- a wireless interface; and
  
  a secure element comprising;
  
  a secure processor, anda software platform comprising a plurality of credentials, wherein;
  
  i) an access control client (ACC) is present on the secure element,ii) the plurality of credentials are each associated with corresponding functional capabilities, andiii) the plurality of credentials comprises a profile policy credential for the ACC and enabling alteration of a profile policy for the ACC related to a network carrier lock for the ACC,wherein the secure processor is configured to;
  
  evaluate, based on the plurality of credentials, a first credential received by the wireless apparatus in a request, andwhen the evaluation indicates that an activity is authorized;
  
  perform the activity with respect to the ACC on the secure element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The wireless apparatus of claim 1, wherein the ACC is an electronic Subscriber Identity Module (eSIM).
  - 3. The wireless apparatus of claim 1, wherein the plurality of credentials comprises a software platform credential enabling acceptance of a software component.
  - 4. The wireless apparatus of claim 3, wherein the secure processor is configured to perform the activity by installing, in the ACC on the secure element, the software component.
  - 5. The wireless apparatus of claim 4, wherein the software component comprises executable software.
  - 6. The wireless apparatus of claim 1, wherein the plurality of credentials comprises a device manufacturer credential.
  - 7. The wireless apparatus of claim 6, wherein the secure processor is configured to perform the activity by adding or deleting secure element firmware that is non-specific to any particular ACC that is present on the secure element.
  - 8. The wireless apparatus of claim 1, wherein the plurality of credentials comprises an electronic subscriber identity module (eSIM) profile manager credential.
  - 9. The wireless apparatus of claim 8, wherein the secure processor is configured to perform the activity by deleting the ACC from the secure element.
  - 10. The wireless apparatus of claim 1, wherein the plurality of credentials comprises an electronic subscriber identity module (eSIM) profile manufacturer credential.
  - 11. The wireless apparatus of claim 10, wherein the secure processor is configured to perform the activity by modifying the ACC on the secure element.

12. A secure element, comprising:
- a secure processor; and
  
  a software platform comprising a plurality of credentials, wherein;
  
  i) an access control client (ACC) is present on the secure element,ii) the plurality of credentials are each associated with corresponding functional capabilities, andiii) the plurality of credentials comprises a profile policy credential for the ACC and enabling alteration of a profile policy for the ACC related to a network carrier lock for the ACC,wherein the secure processor is configured to;
  
  evaluate, based on the plurality of credentials, a first credential received by a wireless apparatus in a request, wherein the secure element is housed in the wireless apparatus, andwhen the evaluation indicates that an activity is authorized;
  
  perform the activity with respect to the ACC on the secure element.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The secure element of claim 12, wherein the plurality of credentials comprises an electronic subscriber identity module (eSIM) profile manager credential.
  - 14. The secure element of claim 12, wherein the secure processor is configured to alter the network carrier lock for the ACC by locking the ACC on the secure element to a specific network carrier.
  - 15. The secure element of claim 12, wherein the plurality of credentials comprises a software platform credential enabling acceptance of a software component.
  - 16. The secure element of claim 12, wherein the secure processor is configured to alter the network carrier lock for the ACC by unlocking the ACC on the secure element from a network carrier.
  - 17. The secure element of claim 12, wherein the secure processor is configured to perform the activity by changing the ACC on the secure element to a different user account.

18. A method, comprising:
- by a secure element comprising a software platform;
  
  when evaluating a first credential indicates that an activity is authorized, wherein the evaluating is based on a plurality of credentials, and wherein;
  
  i) the first credential is received by a wireless apparatus hosting the secure element,ii) the plurality of credentials are each associated with corresponding functional capabilities,iii) the software platform comprises the plurality of credentials, andiv) the plurality of credentials comprises a profile policy credential for an access control client (ACC) that is present on the secure element and enabling alteration of the profile policy for the ACC related to a network carrier lock for the ACC;
  
  performing the activity with respect to the ACC on the secure element.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the plurality of credentials comprises a software platform credential enabling acceptance of a software component.
  - 20. The method of claim 19, wherein:
    - i) the performing the activity comprises installing, in the ACC on the secure element, the software component, and ii) the software component comprises executable software.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Haggerty, David T., Von Hauck, Jerrold, McLaughlin, Kevin, Liu, Audra
Primary Examiner(s)
Miah, Liton

Application Number

US13/464,677
Publication Number

US 20130122864A1
Time in Patent Office

2,545 Days
Field of Search

455410, 455411
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/77   in smart cards

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/0823   using certificates cryptogr...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 88/02   Terminal devices

Methods and apparatus for providing management capabilities for access control clients

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for providing management capabilities for access control clients

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links