POLICY-BASED TECHNIQUES FOR MANAGING ACCESS CONTROL
First Claim
1. An electronic device, comprising a secure element, wherein the secure element includes:
- an access-control element configured to identify a user of a service and to facilitate secure communication, wherein the access-control element is associated with a set of operations;
a processor; and
memory, coupled to the processor, which stores a program module configured to be executed by the processor and a credential-management module that specifies a profile with a set of privileges for logical entities associated with operations in the set of operations; and
wherein, for some of the operations, there are different privileges for some of the logical entities.
1 Assignment
0 Petitions
Accused Products
Abstract
A policy-based framework is described. This policy-based framework may be used to specify the privileges for logical entities to perform operations associated with an access-control element (such as an electronic Subscriber Identity Module) located within a secure element in an electronic device. Note that different logical entities may have different privileges for different operations associated with the same or different access-control elements. Moreover, the policy-based framework may specify types of credentials that are used by the logical entities during authentication, so that different types of credentials may be used for different operations and/or by different logical entities. Furthermore, the policy-based framework may specify the security protocols and security levels that are used by the logical entities during authentication, so that different security protocols and security levels may be used for different operations and/or by different logical entities.
-
Citations
20 Claims
-
1. An electronic device, comprising a secure element, wherein the secure element includes:
-
an access-control element configured to identify a user of a service and to facilitate secure communication, wherein the access-control element is associated with a set of operations; a processor; and memory, coupled to the processor, which stores a program module configured to be executed by the processor and a credential-management module that specifies a profile with a set of privileges for logical entities associated with operations in the set of operations; and wherein, for some of the operations, there are different privileges for some of the logical entities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A processor-implemented method for specifying a set of privileges for logical entities, wherein the method comprises:
-
receiving credentials from a first logical entity and a second logical entity; using the processor, determining a set of privileges associated with a set of operations for the first logical entity and the second logical entity based on the credentials and a credential-management module; and providing information specifying the set of privileges of the first logical entity and the second logical entity to an access-control element in a secure element in an electronic device, wherein the access-control element identifies a user of a service and facilitates secure communication; wherein the access-control element is associated with a set of operations; and wherein, for some of the operations, there are different privileges for the first logical entity and the second logical entity. - View Dependent Claims (11, 12, 13)
-
-
14. An electronic device, comprising a secure element, wherein the secure element includes:
-
an access-control element configured to identify a user of a service and to facilitate secure communication, wherein the access-control element is associated with a set of operations; a processor; and memory, coupled to the processor, which stores a program module configured to be executed by the processor and a credential-management module that specifies a profile with a set of privileges for logical entities associated with operations in the set of operations; wherein, for some of the operations, there are different privileges for some of the logical entities; wherein the credential-management module includes cryptographic keys associated with the set of operations; and wherein a given cryptographic key facilitates the privileges associated with at least a given operation in the set of operations. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification