APPARATUS AND METHODS FOR STORING ELECTRONIC ACCESS CLIENTS

US 20120260090A1
Filed: 04/25/2011
Published: 10/11/2012
Est. Priority Date: 04/05/2011
Status: Active Grant

First Claim

Patent Images

1. Apparatus for storing one or more access data elements, comprising:

a secure element adapted to store a plurality of user access data elements, each user access data element encrypted for the secure element;

a processor; and

a storage device in data communication with the processor, the storage device comprising computer-executable instructions that are configured to, when executed by the processor;

process a request for one or more access data elements from a peer device in order to verify the peer device;

decrypt the one or more requested access data elements;

re-encrypt the decrypted one or more access data elements for the peer device; and

transfer the re-encrypted one or more data elements to the verified peer device, the transfer causing removal of the one or more access data elements from the secure element.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and methods for storing and controlling access control clients. In one embodiment, transmitting and receiving devices ensure that only one copy of an eSIM is active at any time. Specifically, each transferred eSIM is encrypted for the destination device; the eSIM from the source device is deleted, deactivated, or otherwise rendered unusable. Various aspects of network infrastructure are also described, including electronic Universal Integrated Circuit Card (eUICC) appliances, and mobile devices. Various scenarios for transfer of eSIMs are also disclosed.

132 Citations

26 Claims

1. Apparatus for storing one or more access data elements, comprising:
- a secure element adapted to store a plurality of user access data elements, each user access data element encrypted for the secure element;
  
  a processor; and
  
  a storage device in data communication with the processor, the storage device comprising computer-executable instructions that are configured to, when executed by the processor;
  
  process a request for one or more access data elements from a peer device in order to verify the peer device;
  
  decrypt the one or more requested access data elements;
  
  re-encrypt the decrypted one or more access data elements for the peer device; and
  
  transfer the re-encrypted one or more data elements to the verified peer device, the transfer causing removal of the one or more access data elements from the secure element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The apparatus of claim 1, wherein each of the plurality of user access data elements is associated with a corresponding different network.
  - 3. The apparatus of claim 1, wherein each of the plurality of user access data elements is associated with a corresponding different user.
  - 4. The apparatus of claim 1, wherein each of the plurality of user access data elements is associated with a corresponding different use case for a same user.
  - 5. The apparatus of claim 1, wherein the user access data element comprises an electronic Subscriber Identity Module (eSIM).
  - 6. The apparatus of claim 1, wherein the verification comprises checking a certificate associated with the peer device, and generating a challenge response.
  - 7. The apparatus of claim 1, wherein the computer-executable instructions additionally comprise instructions that are configured to, when executed by the processor, negotiate a transfer protocol.
  - 8. The apparatus of claim 7, wherein the re-encryption of the decrypted one or more access data elements is based at least in part on the transfer protocol.
  - 9. The apparatus of claim 7, wherein the transfer protocol comprises one or more elements of handshaking.
  - 10. The apparatus of claim 7, wherein the negotiated transfer protocol comprises identification of a transfer protocol supported by the apparatus and the peer device.
  - 11. The apparatus of claim 1, wherein the apparatus comprises a Hardware Security Module (HSM).
  - 12. The apparatus of claim 1, wherein the apparatus is embodied within a mobile phone.
  - 13. The apparatus of claim 1, wherein the apparatus is embodied within a physical card form factor.

14. Apparatus for storing one or more access data elements, comprising:
- a secure element adapted to store a plurality of user access data elements, each user access data element encrypted for the secure element;
  
  a processor; and
  
  a storage device in data communication with the processor, the storage device comprising computer-executable instructions that are configured to, when executed by the processor;
  
  request one or more access data elements from a verified peer device;
  
  receive the one or more requested access data elements from the verified peer device;
  
  verify the one or more requested access data elements are encrypted for the secure element;
  
  store the one or more encrypted access data elements within the secure element; and
  
  decrypt the one or more encrypted access data elements during an authentication protocol.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The apparatus of claim 14, wherein the user access data element comprises an electronic Subscriber Identity Module (eSIM).
  - 16. The apparatus of claim 14, wherein the apparatus is embodied within a mobile phone.
  - 17. The apparatus of claim 16, wherein the apparatus comprises a physical card form factor configured for use within the mobile phone.
  - 18. The apparatus of claim 14, wherein the verification comprises checking a digital certificate issued by a trusted certification authority.
  - 19. The apparatus of claim 14, wherein the verification comprises completion of a challenge and response cryptographic exchange.
  - 20. The apparatus of claim 14, wherein the peer device comprises one of (i) a SIM Provisioning Service (SPS), (ii) a eUICC appliance, or (iii) a mobile device.
  - 21. The apparatus of claim 14, wherein the peer device comprises desktop computer in operative communication with a mobile applications store.

22. A method for transferring one or more access data elements, the one or more access data elements having a unique identifier associated therewith, comprising:
- agreeing to a transfer protocol between a device and a peer device;
  
  receiving the one or more access data elements from the secure peer device;
  
  verifying the transferred one or more access data elements, the one or more access data elements and unique identifier being encrypted for the device; and
  
  storing the transferred one or more access data elements.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The method of claim 22, wherein the user access data element comprises an electronic Subscriber Identity Module (eSIM).
  - 24. The method of claim 22, wherein the unique identifier of the transferred one or more access data elements is determined by the device.
  - 25. The method of claim 22, wherein the unique identifier of the transferred one or more access data elements is provided to the peer device.
  - 26. The method of claim 22, additionally comprising notifying the peer device of successful receipt of the one or more access data elements.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Hauck, Jerrold Von, Haggerty, David T., McLaughlin, Kevin

Granted Patent

US 9,009,475 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/0853   using an additional device,...

H04L 9/08   Key distribution or managem...

H04L 9/12   Transmitting and receiving ...

H04L 9/30   Public key, i.e. encryption...

H04L 9/32   including means for verifyi...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 12/43   using shared identity modul...

APPARATUS AND METHODS FOR STORING ELECTRONIC ACCESS CLIENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

132 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS AND METHODS FOR STORING ELECTRONIC ACCESS CLIENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

132 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links