APPARATUS AND METHODS FOR DISTRIBUTING AND STORING ELECTRONIC ACCESS CLIENTS
First Claim
1. A method for distributing access control clients, comprising:
- tracking one or more access control clients within a secure repository;
encrypting a first access control client uniquely for a target device, the target device configured to download only a single encrypted first access control client from only a single distribution location;
transmitting the encrypted first access control client to one or more distribution locations, wherein the one or more distribution locations do not modify the encrypted first access control client; and
removing the first access control client from the secure repository.
2 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods for efficiently distributing and storing access control clients within a network. In one embodiment, the access clients include electronic Subscriber Identity Modules (eSIMs), and an eSIM distribution network infrastructure is described which enforces eSIM uniqueness and conservation, distributes network traffic to prevent “bottle necking” congestion, and provides reasonable disaster recovery capabilities. In one variant, eSIMs are securely stored at electronic Universal Integrated Circuit Card (eUICC) appliances which ensure eSIM uniqueness and conservation. Access to the eUICC appliances is made via multiple eSIM depots, which ensure that network load is distributed. Persistent storage is additionally described, for among other activities, archiving and backup.
-
Citations
25 Claims
-
1. A method for distributing access control clients, comprising:
-
tracking one or more access control clients within a secure repository; encrypting a first access control client uniquely for a target device, the target device configured to download only a single encrypted first access control client from only a single distribution location; transmitting the encrypted first access control client to one or more distribution locations, wherein the one or more distribution locations do not modify the encrypted first access control client; and removing the first access control client from the secure repository. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for distributing access control clients, comprising:
-
storing an encrypted access control client configured for a unique target device at one or more distribution locations, the one or more distribution locations not modifying the encrypted access control client; responsive to a request for the stored encrypted access control client, delivering the encrypted access control client; and responsive to the encrypted access control client being successfully delivered from any of the one or more distribution locations, deactivating the stored encrypted access control client. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An appliance for distributing access control clients, the appliance comprising:
-
a signing appliance, the signing appliance configured to track one or more access control clients; a security module, the security module configured to uniquely encrypt an eSIM for a target device, the target device being configured to download only a single encrypted access control client from only a single distribution location; a processor; and a storage device in data communication with the processor, the storage device comprising computer-executable instructions that are configured to, when executed by the processor; responsive to a request for a tracked access control client from the target device, uniquely encrypt the requested access control client; transmit the encrypted access control client to one or more distribution locations, the one or more distribution locations which will not modify the encrypted access control client; and update the signing appliance. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A depot for distributing access control clients, the depot comprising:
-
a network interface for communication with a network; a processor; and a storage device in data communication with the processor, the storage device comprising computer-executable instructions that are configured to, when executed by the processor; store an access control client that has been encrypted for a target device; responsive to a request for the stored encrypted access control client received from a requester device, deliver the encrypted access control client to the requester device; and responsive to the encrypted access control client being successfully delivered to the target device, delete the stored encrypted access control client. - View Dependent Claims (24, 25)
-
Specification