MANAGEMENT SYSTEMS FOR MULTIPLE ACCESS CONTROL ENTITIES

US 20120108204A1
Filed: 04/04/2011
Published: 05/03/2012
Est. Priority Date: 10/28/2010
Status: Active Grant

First Claim

Patent Images

1. A method for providing a plurality of user access control clients to a plurality of user devices, the method comprising:

storing the plurality of user access control clients within a secure storage associated with a server;

generating a plurality of database records for respective ones of the plurality of user access control clients;

receiving a request to access one of the individual ones of the plurality of user access control clients from a requesting device; and

if it is determined that the request may be serviced;

retrieving the requested access control client from the secure storage;

transmitting the requested access control client to the requesting device; and

updating a database record for the requested access control client to reflect use thereof at the requesting device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for managing multiple user access control entities or clients. For example, in one embodiment, a “wallet” of electronic subscriber identity modules (eSIMs) may be stored and used at a user device and/or distributed to other devices for use thereon. In another embodiment, a networked server may store and distribute eSIM to a plurality of user devices in communication therewith. A database of available eSIM is maintained at the wallet entity and/or at the network which enables request for a particular eSIM to be processed and various rules for the distribution thereof to be implemented. Security precautions are implemented to protect both user and network carrier specific data as the data is transmitted between networked entities. Solutions for eSIM backup and restoration are also described.

Citations

20 Claims

1. A method for providing a plurality of user access control clients to a plurality of user devices, the method comprising:
- storing the plurality of user access control clients within a secure storage associated with a server;
  
  generating a plurality of database records for respective ones of the plurality of user access control clients;
  
  receiving a request to access one of the individual ones of the plurality of user access control clients from a requesting device; and
  
  if it is determined that the request may be serviced;
  
  retrieving the requested access control client from the secure storage;
  
  transmitting the requested access control client to the requesting device; and
  
  updating a database record for the requested access control client to reflect use thereof at the requesting device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the plurality of database records indicate at least a current status of the user access control clients, and an identity of one or more of the plurality of user devices authorized to receive the respective ones of the plurality of user access control clients.
  - 3. The method of claim 2, wherein the act of determining whether the request may be serviced is based at least in part on the current status of the requested user access control client and the identified one or more of the plurality of user devices authorized to receive the requested access control client.
  - 4. The method of claim 1, wherein if it is determined that the request may not be serviced, transmitting a message to the requesting device indicating that the request may not be serviced.
  - 5. The method of claim 1, wherein the act of transmitting the requested access control client to the requesting device comprises transmitting an encrypted version thereof, which is configured to only be decrypted by the requesting device.
  - 6. The method of claim 1, further comprising:
    - receiving a request to return the requested access control client;
      
      updating the database record for the requested access control client to reflect discontinued use thereof at the requesting device; and
      
      removing the requested access control client from the requesting device.

7. A method for providing access to a plurality of electronic subscriber identity modules (eSIM) to a mobile device, the method comprising:
- utilizing a plurality of database records for respective ones of the plurality of eSIM to generate a list of one or more of the plurality of eSIM accessible to the mobile device;
  
  receiving a request to access one of the one or more of eSIM from the mobile device; and
  
  transmitting the requested eSIM to the requesting device; and
  
  updating a status identifier in a database record associated with the requested eSIM.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, wherein the method is performed substantially on a server entity of a communications network with which the mobile device is in communication.
  - 9. The method of claim 7, wherein the method is performed substantially at a user device in communication with the mobile device.
  - 10. The method of claim 7, further comprising upon the occurrence of an event, removing the eSIM from the requesting device and updating the status identifier in the database record associated with the requested eSIM.
  - 11. The method of claim 7, further comprising:
    - receiving a second request to access the requested eSIM from a second mobile device;
      
      using the status identifier in the database record to determine whether the requested eSIM may be provided to the second mobile device.

12. A server apparatus for securely providing a plurality of access control clients in a network, the apparatus comprising:
- a plurality of interfaces;
  
  a storage apparatus configured to store a plurality of access control clients thereon;
  
  a processor configured to run at least one computer program thereon, the computer program configured to;
  
  generate a plurality of records, each of the records associated with an individual one of the plurality of access control clients;
  
  receive a request to access one of the plurality of access control clients from a requesting device; and
  
  determine, based at least in part on the current status of the requested one of the plurality of access control clients and the requesting device, whether the request may be serviced.
- View Dependent Claims (13, 14)
- - 13. The apparatus of claim 12, wherein the computer program is further configured to, if it is determined that the request may be serviced:
    - transmit the requested one of the plurality of access control clients to the requesting device; and
      
      update the current status of the requested one of the plurality of access control clients to reflect use thereof at the requesting device.
  - 14. The apparatus of claim 12, wherein the computer program is further configured to, if it is determined that the request may not be serviced, provide an error message to the requesting device.

15. A user device capable of communication with a mobile device, the mobile device providing at least one of telephony and data services to a user thereof, the user device comprising:
- at least one interface;
  
  a storage apparatus;
  
  a processor to run at least one computer program thereon, the computer program configured to;
  
  compile information relating to an access control client usable on the mobile device; and
  
  transmit the access control client to the mobile device; and
  
  update the information relating to the access control client to indicate a current use thereof, the updated information comprising information indicating that the access control client is not available.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The user device of claim 15, wherein the computer program is further configured to receive a request from the mobile device for the access control client.
  - 17. The user device of claim 15, wherein the computer program is further configured to initiate transfer of the access control client to the mobile device.
  - 18. The user device of claim 15, wherein the computer program is further configured to:
    - receive a request from the mobile device to return the access control client; and
      
      responsive thereto, update the information relating to the access control client to indicate the availability thereof.
  - 19. The user device of claim 15, wherein the computer program is further configured to:
    - command the mobile device to return the access control client; and
      
      responsive thereto, update the information relating to the access control client to indicate the availability thereof.
  - 20. The user device of claim 19, wherein the computer program is further configured to:
    - verify that the mobile device has disabled operation of the access control client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Schell, Stephan V., Haggerty, David T.

Granted Patent

US 9,100,810 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04W 12/35   Protecting application or s...

H04W 12/43   using shared identity modul...

H04W 8/205   Transfer to or from user eq...

MANAGEMENT SYSTEMS FOR MULTIPLE ACCESS CONTROL ENTITIES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MANAGEMENT SYSTEMS FOR MULTIPLE ACCESS CONTROL ENTITIES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links