APPARATUS AND METHODS FOR CONTROLLING DISTRIBUTION OF ELECTRONIC ACCESS CLIENTS
First Claim
1. A wireless apparatus, comprising:
- a wireless interface;
one or more processors; and
a secure element comprising a secure processor and secure storage in data communication with the secure processor, the secure storage comprising computer-executable instructions that are configured to, when executed by the secure processor;
receive an activation ticket, the activation ticket comprising one or more unbreak records associated with the one or more processors;
verify the received activation ticket; and
upon successful verification, enable at least one processor of the one or more processors based at least in part on the one or more unbreak records.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatus and methods for controlling the distribution of electronic access clients to a device. In one embodiment, a virtualized Universal Integrated Circuit Card (UICC) can only load an access client such as an electronic Subscriber Identity Module (eSIM) according to an activation ticket. The activation ticket ensures that the virtualized UICC can only receive eSIMs from specific carriers (“carrier locking”). Unlike prior art methods which enforce carrier locking on a software application launched from a software chain of trust (which can be compromised), the present invention advantageously enforces carrier locking with the secure UICC hardware which has, for example, a secure code base.
-
Citations
33 Claims
-
1. A wireless apparatus, comprising:
-
a wireless interface; one or more processors; and a secure element comprising a secure processor and secure storage in data communication with the secure processor, the secure storage comprising computer-executable instructions that are configured to, when executed by the secure processor; receive an activation ticket, the activation ticket comprising one or more unbreak records associated with the one or more processors; verify the received activation ticket; and upon successful verification, enable at least one processor of the one or more processors based at least in part on the one or more unbreak records. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A secure element comprising:
-
an interface to one or more processing elements; a secure processor in sole communication with first and second secure storage elements; wherein the first secure storage element is configured to store at least one access control client, the access control client comprising a first computer-executable instructions configured to, when executed by the secure processor, authenticate the at least one access control client to at least one cellular network; and wherein the second secure storage element comprises a second computer-executable instructions that are configured for sole execution by the secure processor, and are further configured to, when executed by the secure processor; verify an activation ticket; and upon successful verification of the activation ticket, enable the first secure storage element. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for enforcing security for a wireless device, comprising:
-
receiving an activation ticket, the activation ticket comprising one or more activation records, each activation record specific to one or more processing elements of the wireless device; verifying the received activation ticket; and upon the activation ticket being successfully verified, enabling the one or more processing elements; wherein the verification of the activation ticket is performed by a secure element of the wireless device. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification