ELECTRONIC ACCESS CLIENT DISTRIBUTION APPARATUS AND METHODS
First Claim
1. Apparatus for distributing access control clients, comprising:
- one or more electronic access client appliances,one or more secure electronic access client storages configured to store one or more electronic access client and associated electronic access client metadata, the one or more secure electronic access client storages in communication with the one or more electronic access client appliances;
one or more electronic access client management entities configured to perform at least one of tracking, verification, and/or authorization for the one or more electronic access client; and
one or more secure element appliances configured to protect one or more cryptographic materials transmitted to one or more device secure elements.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatus and methods for distributing access control clients. In one exemplary embodiment, a network infrastructure is disclosed that enables delivery of electronic subscriber identity modules (eSIMs) to secure elements (e.g., electronic Universal Integrated Circuit Cards (eUICCs), etc.) The network architecture includes one or more of: (i) eSIM appliances, (ii) secure eSIM storages, (iii) eSIM managers, (iv) eUICC appliances, (v) eUICC managers, (vi) service provider consoles, (vii) account managers, (viii) Mobile Network Operator (MNO) systems, (ix) eUICCs that are local to one or more devices, and (x) depots. Moreover, each depot may include: (xi) eSIM inventory managers, (xii) system directory services, (xiii) communications managers, and/or (xiv) pending eSIM storages. Functions of the disclosed infrastructure can be flexibly partitioned and/or adapted such that individual parties can host portions of the infrastructure. Exemplary embodiments of the present invention can provide redundancy, thus ensuring maximal uptime for the overall network (or the portion thereof).
-
Citations
12 Claims
-
1. Apparatus for distributing access control clients, comprising:
-
one or more electronic access client appliances, one or more secure electronic access client storages configured to store one or more electronic access client and associated electronic access client metadata, the one or more secure electronic access client storages in communication with the one or more electronic access client appliances; one or more electronic access client management entities configured to perform at least one of tracking, verification, and/or authorization for the one or more electronic access client; and one or more secure element appliances configured to protect one or more cryptographic materials transmitted to one or more device secure elements. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for distributing access control clients, comprising:
-
one or more eSIM appliances, one or more secure eSIM storages configured to store the one or more eSIMs and associated eSIM metadata, the one or more secure eSIM storages coupled to the one or more eSIM appliances; one or more eSIM managers, wherein each of the eSIM managers is configured to track, verify, and authorize the one or more eSIMs; one or more eUICC appliances, wherein each of the eUICC appliances is configured to protect one or more cryptographic materials transmitted to one or more device eUICCs; one or more eUICC managers, wherein each of the eUICC managers is configured to track, verify, and authorize the one or more device eUICCs; and one or more depots, each depot comprising; an eSIM inventory manager configured to distribute network traffic among the one or more eSIM managers; a system directory service configured to distribute address information for at one or more eSIM managers; and a pending eSIM storage configured to store eSIMs for delivery to the one or more device eUICCs.
-
-
7. A method for transmitting cryptographic materials to a destination device from a source device according to a first standard trusted relationship, the method comprising:
-
encrypting one or more cryptographic materials based on at least a unique device key and an endorsement certificate, the unique device key being unique to the destination device, and the endorsement certificate uniquely identifying the source device as a trusted device; and responsive to receiving the encrypted one or more cryptographic materials, the destination device verifying the endorsement certificate of the source device and decrypting the one or more cryptographic materials; wherein the first standard trusted relationship between the source device and the destination device ensures that the one or more cryptographic materials cannot be modified by unfrosted entities.
-
-
8. A method for preventing cloning of one or more cryptographic materials transmitted to a destination device from a source device according to a standard trusted relationship, comprising:
-
encrypting one or more cryptographic materials based on a unique device key and an endorsement certificate, the unique device key being unique to the destination device, and the endorsement certificate uniquely identifying the source device; and responsive to transmitting the encrypted one or more cryptographic materials;
deleting the one or more cryptographic materials from the source device;wherein the standard trusted relationship between the source device and the destination device ensures that the one or more cryptographic materials are not duplicated.
-
-
9. A method for ensuring secure delivery of one or more cryptographic materials to a subscriber according to a standard trusted relationship, comprising:
-
encrypting one or more cryptographic materials based on a unique device key and an endorsement certificate, the unique device key being unique to the destination device and the destination device being associated with the subscriber; and causing delivery of the encrypted one or more cryptographic materials to a user device of the subscriber, the user device configured to decrypt at least a portion of the encrypted one or more cryptographic materials; wherein said delivery can be accomplished from any of a plurality of network entities which maintain identical versions of the encrypted one or more cryptographic materials. - View Dependent Claims (10, 11, 12)
-
Specification