APPARATUS AND METHODS FOR DISTRIBUTING AND STORING ELECTRONIC ACCESS CLIENTS

US 20120260086A1
Filed: 04/27/2011
Published: 10/11/2012
Est. Priority Date: 04/05/2011
Status: Active Grant

First Claim

Patent Images

1. A method for distributing access control clients, comprising:

tracking one or more access control clients within a secure repository;

encrypting a first access control client uniquely for a target device, the target device configured to download only a single encrypted first access control client from only a single distribution location;

transmitting the encrypted first access control client to one or more distribution locations, wherein the one or more distribution locations do not modify the encrypted first access control client; and

removing the first access control client from the secure repository.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and methods for efficiently distributing and storing access control clients within a network. In one embodiment, the access clients include electronic Subscriber Identity Modules (eSIMs), and an eSIM distribution network infrastructure is described which enforces eSIM uniqueness and conservation, distributes network traffic to prevent “bottle necking” congestion, and provides reasonable disaster recovery capabilities. In one variant, eSIMs are securely stored at electronic Universal Integrated Circuit Card (eUICC) appliances which ensure eSIM uniqueness and conservation. Access to the eUICC appliances is made via multiple eSIM depots, which ensure that network load is distributed. Persistent storage is additionally described, for among other activities, archiving and backup.

Citations

25 Claims

1. A method for distributing access control clients, comprising:
- tracking one or more access control clients within a secure repository;
  
  encrypting a first access control client uniquely for a target device, the target device configured to download only a single encrypted first access control client from only a single distribution location;
  
  transmitting the encrypted first access control client to one or more distribution locations, wherein the one or more distribution locations do not modify the encrypted first access control client; and
  
  removing the first access control client from the secure repository.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, additionally comprising storing the one or more access control clients within the secure repository.
  - 3. The method of claim 1, wherein the tracking includes information indicative of the one or more access control client distribution.
  - 4. The method of claim 1, wherein the tracking includes information indicative of the one or more access control client transaction data.
  - 5. The method of claim 1, wherein the target device conforms to a standard trusted relationship.
  - 6. The method of claim 5, additionally comprising verifying the target device based at least in part on a challenge-response scheme.
  - 7. The method of claim 1, wherein one or more access control clients comprise electronic Subscriber Identity Modules (eSIMs).
  - 8. The method of claim 7, wherein the one or more distribution locations comprise eSIM depots.

9. A method for distributing access control clients, comprising:
- storing an encrypted access control client configured for a unique target device at one or more distribution locations, the one or more distribution locations not modifying the encrypted access control client;
  
  responsive to a request for the stored encrypted access control client, delivering the encrypted access control client; and
  
  responsive to the encrypted access control client being successfully delivered from any of the one or more distribution locations, deactivating the stored encrypted access control client.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the delivering of the encrypted access control client is performed without notifying a network centralized entity
  - 11. The method of claim 9, wherein each stored encrypted access control client is associated with metadata.
  - 12. The method of claim 11, wherein metadata comprises access control client identifying information.
  - 13. The method of claim 11, wherein metadata comprises access control client issuer information.
  - 14. The method of claim 11, wherein metadata comprises access control client account information.
  - 15. The method of claim 11, wherein metadata comprises access control client status information.
  - 16. The method of claim 11, wherein responsive to a request for metadata associated with a specific access control client, providing the requested metadata.

17. An appliance for distributing access control clients, the appliance comprising:
- a signing appliance, the signing appliance configured to track one or more access control clients;
  
  a security module, the security module configured to uniquely encrypt an eSIM for a target device, the target device being configured to download only a single encrypted access control client from only a single distribution location;
  
  a processor; and
  
  a storage device in data communication with the processor, the storage device comprising computer-executable instructions that are configured to, when executed by the processor;
  
  responsive to a request for a tracked access control client from the target device, uniquely encrypt the requested access control client;
  
  transmit the encrypted access control client to one or more distribution locations, the one or more distribution locations which will not modify the encrypted access control client; and
  
  update the signing appliance.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The appliance of claim 17, where the appliance additionally comprises secure storage for one or more locally stored encrypted access control clients.
  - 19. The appliance of claim 18, where the one or more locally stored access control clients are encrypted uniquely for the appliance.
  - 20. The appliance of claim 18, where the security module is additionally configured to decrypt eSIMs that are uniquely encrypted for the appliance.
  - 21. The appliance of claim 17, wherein one or more of the access control clients comprise electronic Subscriber Identity Modules (eSIMs).
  - 22. The appliance of claim 21, wherein the one or more distribution locations comprise eSIM depots.

23. A depot for distributing access control clients, the depot comprising:
- a network interface for communication with a network;
  
  a processor; and
  
  a storage device in data communication with the processor, the storage device comprising computer-executable instructions that are configured to, when executed by the processor;
  
  store an access control client that has been encrypted for a target device;
  
  responsive to a request for the stored encrypted access control client received from a requester device, deliver the encrypted access control client to the requester device; and
  
  responsive to the encrypted access control client being successfully delivered to the target device, delete the stored encrypted access control client.
- View Dependent Claims (24, 25)
- - 24. The depot of claim 23, wherein the storage device is configured to store metadata associated with each access control client.
  - 25. The depot of claim 24, additionally comprising computer-executable instructions that are configured to:
    - responsive to a request for metadata associated with a specific access control client, provide the requested metadata.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Haggerty, David T., Hauck, Jerrold Von, McLaughlin, Kevin

Granted Patent

US 8,707,022 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 9/30   Public key, i.e. encryption...

H04W 12/02   Protecting privacy or anony...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 12/48   using secure binding, e.g. ...

H04W 4/02   Services making use of loca...

H04W 4/60   Subscription-based services...

H04W 8/265   for initial activation of n...

APPARATUS AND METHODS FOR DISTRIBUTING AND STORING ELECTRONIC ACCESS CLIENTS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS AND METHODS FOR DISTRIBUTING AND STORING ELECTRONIC ACCESS CLIENTS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links