Method and apparatus for authorizing management for embedded universal integrated circuit card

US 10,623,952 B2
Filed: 07/07/2014
Issued: 04/14/2020
Est. Priority Date: 07/07/2014
Status: Active Grant

First Claim

Patent Images

1. A method for authorizing management for an embedded universal integrated circuit card (eUICC) and implemented by an eUICC manager, the method comprising:

generating authorization information, wherein the authorization information comprises an authorization table, wherein the authorization table comprises a relational database, wherein the authorization table comprises granted profile management functions and indications of first devices corresponding to each of the granted profile management functions, wherein the granted profile management functions comprise a profile activation function, a profile deactivation function, and a profile deletion function, and wherein the indications of the first devices comprise at least one first device corresponding to each one of the granted profile management functions;

encrypting the authorization information using an eUICC management credential to create encrypted authorization information;

sending the encrypted authorization information to the eUICC; and

receiving an authorization complete response in response to the encrypted authorization information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authorizing management for an embedded universal integrated circuit card includes: generating, by an eUICC manager, authorization information (S101); encrypting the authorization information by using eUICC management credential (S102); and sending the encrypted authorization information to an eUICC (S103), where the authorization information includes an identifier of at least one first device; or the authorization information includes at least one authorization credential. The authorization information is configured in the eUICC, and therefore, when a subsequently authorized first device manages a profile in the eUICC, the eUICC may directly accept or reject, according to a stored correspondence between a profile management function and an authorized first device, to be managed, without obtaining authorization information each time.

57 Citations

23 Claims

1. A method for authorizing management for an embedded universal integrated circuit card (eUICC) and implemented by an eUICC manager, the method comprising:
- generating authorization information, wherein the authorization information comprises an authorization table, wherein the authorization table comprises a relational database, wherein the authorization table comprises granted profile management functions and indications of first devices corresponding to each of the granted profile management functions, wherein the granted profile management functions comprise a profile activation function, a profile deactivation function, and a profile deletion function, and wherein the indications of the first devices comprise at least one first device corresponding to each one of the granted profile management functions;
  
  encrypting the authorization information using an eUICC management credential to create encrypted authorization information;
  
  sending the encrypted authorization information to the eUICC; and
  
  receiving an authorization complete response in response to the encrypted authorization information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising sending the authorization credentials to the first devices.
  - 3. The method of claim 2, further comprising sending, to the first devices, the granted profile management functions.
  - 4. The method of claim 1, wherein sending the encrypted authorization information to the eUICC comprises sending the encrypted authorization information to the first devices for the first devices to send the encrypted authorization information to the eUICC.
  - 5. The method of claim 1, wherein sending the encrypted authorization information to the eUICC comprises sending the encrypted authorization information to the first devices for the first devices to send the encrypted authorization information to a second device and for the second device to send the encrypted authorization information to the eUICC.
  - 6. The method of claim 1, further comprising further generating the authorization information in response to a request message from an initiator, wherein the request message requests the eUICC manager to grant the granted profile management functions.
  - 7. The method of claim 1, wherein the eUICC management credential is a pre-stored symmetric key or a temporarily generated symmetric key.
  - 8. The method of claim 1, wherein the granted profile management functions comprise a first granted profile management function and a second granted profile management function, wherein the indications of the first devices comprise a first identifier of a first device a and a second identifier of a first device b, wherein the first identifier corresponds to the first granted profile management function, and wherein the first identifier and the second identifier correspond to the second granted profile management function.
  - 9. The method of claim 8, wherein the granted profile management functions further comprise a third granted profile management function, wherein the indications of the first devices further comprise a third identifier of a first device c, and wherein the first identifier, the second identifier, and the third identifier correspond to the third granted profile management function.
  - 10. The method of claim 1, wherein the indications of the first devices comprise authorization credentials, and wherein the authorization credentials comprise a numerical identifier.
  - 11. The method of claim 1, wherein a first column of the relational database comprises the granted profile management functions, and wherein a second column of the relational database comprises the indications of the first devices.

12. A method for authorizing management for an embedded universal integrated circuit card (eUICC) and implemented by the eUICC, the method comprising:
- receiving encrypted authorization information from an eUICC manager or a first device;
  
  decrypting the encrypted authorization information to obtain authorization information, wherein the authorization information comprises an authorization table, wherein the authorization table comprises a relational database, wherein the authorization table comprises granted profile management functions and indications of first devices corresponding to each of the granted profile management functions, wherein the granted profile management functions comprise a profile activation function, a profile deactivation function, and a profile deletion function, and wherein the indications of the first devices comprise at least one first device corresponding to each one of the granted profile management functions;
  
  updating, in the eUICC and according to the authorization information, the indications;
  
  generating an authorization complete response in response to the updating; and
  
  sending the authorization complete response.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, wherein the granted profile management functions comprise a first granted profile management function and a second granted profile management function, wherein the indications of the first devices comprise a first identifier of a first device a and a second identifier of a first device b, wherein the first identifier corresponds to the first granted profile management function, and wherein the first identifier and the second identifier correspond to the second granted profile management function.
  - 14. The method of claim 13, wherein the granted profile management functions further comprise a third granted profile management function, wherein the indications of the first devices further comprise a third identifier of a first device c, and wherein the first identifier, the second identifier, and the third identifier correspond to the third granted profile management function.
  - 15. The method of claim 12, further comprising further sending the authorization complete response to the eUICC manager.
  - 16. The method of claim 12, further comprising further sending the authorization complete response to the first device.
  - 17. The method of claim 12, further comprising storing the authorization table in a memory of the eUICC.

18. An apparatus for authorizing management for an embedded universal integrated circuit card (eUICC), the apparatus comprising:
- a receiver configured to receive encrypted authorization information from an eUICC manager or a first device; and
  
  a processor coupled to the receiver and configured to;
  
  decrypt the encrypted authorization information to obtain authorization information, wherein the authorization information comprises an authorization table, wherein the authorization table comprises a relational database, wherein the authorization table comprises granted profile management functions and indications of first devices corresponding to each of the granted profile management functions, wherein the granted profile management functions comprise a profile activation function, a profile deactivation function, and a profile deletion function, and wherein the indications of the first devices comprise at least one first device corresponding to each one of the granted profile management functions;
  
  update, in the eUICC and according to the authorization information, the indications when the authorization information comprises the indications;
  
  update, in the eUICC and according to the authorization information, the indications of the first devices when the authorization information comprises the indications of the first devices; and
  
  generate an authorization complete response in response to the updating.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The apparatus of claim 18, wherein the first device is a profile manager (PM) or a profile provisioner (PP).
  - 20. The apparatus of claim 18, wherein the granted profile management functions comprise a first granted profile management function and a second granted profile management function, wherein the indications of the first devices comprise a first identifier of a first device a and a second identifier of a first device b, wherein the first identifier corresponds to the first granted profile management function, and wherein the first identifier and the second identifier correspond to the second granted profile management function.
  - 21. The apparatus of claim 20, wherein the granted profile management functions further comprise a third granted profile management function, wherein the indications of the first identifiers further comprise a third identifier of a first device c, and wherein the first identifier, the second identifier, and the third identifier correspond to the third granted profile management function.
  - 22. The apparatus of claim 18, further comprising a transmitter coupled to the processor and configured to send the authorization complete response to the eUICC manager.
  - 23. The apparatus of claim 18, further comprising a transmitter coupled to the processor and configured to send the authorization complete response to the first device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Gao, Linyi
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Chao, Michael W

Application Number

US15/322,242
Publication Number

US 20170134948A1
Time in Patent Office

2,108 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0853   using an additional device,...

H04L 9/32   including means for verifyi...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 4/70   Services for machine-to-mac...

H04W 8/183   Processing at user equipmen...

Method and apparatus for authorizing management for embedded universal integrated circuit card

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for authorizing management for embedded universal integrated circuit card

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links