Wireless network authentication apparatus and methods

US 8,666,368 B2
Filed: 11/22/2010
Issued: 03/04/2014
Est. Priority Date: 05/03/2010
Status: Active Grant

First Claim

Patent Images

1. A method for enabling a user equipment to access wireless services, comprising:

distributing access client data to a first entity, wherein the first entity comprises a vendor of virtualized Universal Subscriber Identity Modules (USIMs), and the access client data comprises a virtualized USIM;

conveying the access client data from the first entity to a second entity over a first communications link, wherein the second entity comprises a trusted services manager;

at the trusted services manager, using user credentials to authenticate the user equipment, wherein the user equipment does not include a physical subscriber identity module (SIM) card bay and instead includes a secure element for storing the access client data;

after authenticating the user equipment, transferring, over a second communications link, the access client data from the second entity to the user equipment, wherein the user equipment stores the access client data within the secure element;

presenting, to a user at the user equipment, an option to select from;

accessing a first one of the wireless services via the access client data stored in the secure element, andaccessing a second one of the wireless services via a physical SIM card inserted into a SIM card bay of an accessory device that is in communication with the user equipment; and

accessing either the first or the second wireless service based on a selection provided by the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and methods for authenticating and granting a client device (e.g., cellular telephone) access to a network. In one embodiment, a network service provider such as a cellular telephone company may distribute user access (e.g., Universal Subscriber Identity Module or “USIM”) credentials to a services manager via a USIM vendor. The services manager may maintain a list of authorized users. A user at a client may authenticate to the services manager. Once authenticated, the services manager may provide the user with a set of USIM credentials. When the user desires to use wireless network services, the user equipment may establish a wireless link between the user equipment and the network service provider. During authentication operations, the user equipment may use the USIM credentials to authenticate to the network service provider. Following successful authentication, the network service provider may provide the user equipment with wireless services.

Citations

20 Claims

1. A method for enabling a user equipment to access wireless services, comprising:
- distributing access client data to a first entity, wherein the first entity comprises a vendor of virtualized Universal Subscriber Identity Modules (USIMs), and the access client data comprises a virtualized USIM;
  
  conveying the access client data from the first entity to a second entity over a first communications link, wherein the second entity comprises a trusted services manager;
  
  at the trusted services manager, using user credentials to authenticate the user equipment, wherein the user equipment does not include a physical subscriber identity module (SIM) card bay and instead includes a secure element for storing the access client data;
  
  after authenticating the user equipment, transferring, over a second communications link, the access client data from the second entity to the user equipment, wherein the user equipment stores the access client data within the secure element;
  
  presenting, to a user at the user equipment, an option to select from;
  
  accessing a first one of the wireless services via the access client data stored in the secure element, andaccessing a second one of the wireless services via a physical SIM card inserted into a SIM card bay of an accessory device that is in communication with the user equipment; and
  
  accessing either the first or the second wireless service based on a selection provided by the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the second communications link comprises a secure wireless connection.
  - 3. The method of claim 1, wherein the accessory device is in wireless communication with the user equipment.
  - 4. The method of claim 3, wherein the user equipment accesses the accessory device via Near Field Communications (NFC) circuitry.
  - 5. The method of claim 1, where the user credentials comprise account information that is specific to the user.
  - 6. The method claim 1, wherein the secure element comprises a tamper-proof integrated circuit that is permanently built into the user equipment.
  - 7. The method of claim 1, wherein the user equipment includes long-range wireless communications circuitry.
  - 8. The method of claim 1, wherein the user equipment includes short-range wireless communications circuitry.

9. A wireless apparatus, comprising:
- one or more communication interfaces adapted to communicate with wireless service providers;
  
  a secure element configured to store an access client, wherein the access client comprises a virtualized Universal Subscriber Identity Module (USIM);
  
  a processor; and
  
  a storage device in data communication with the processor, wherein the storage device stores computer-executable instructions configured to, when executed by the processor, cause the wireless apparatus to;
  
  authenticate to a trusted services manager using account information established during a purchase of the wireless apparatus, wherein successful authentication results in provision by the trusted services manager of the access client;
  
  responsive to receiving the access client, store the access client within the secure element; and
  
  present, to a user of the wireless apparatus an option to select from;
  
  accessing a first one of the wireless service providers via the access client stored in the secure element, andaccessing a second one of the wireless service providers via a physical subscriber identity module (SIM) card inserted into a SIM card bay of an accessory device that is in communication with the wireless apparatus; and
  
  accessing either the first or second wireless service provider based on a selection provided by the user.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The wireless apparatus of claim 9, wherein at least one of the one or more communication interfaces comprises long-range wireless communications circuitry.
  - 11. The wireless apparatus of claim 9, wherein at least one of the one or more communication interfaces comprises short-range wireless communications circuitry.
  - 12. The wireless apparatus of claim 9, wherein the wireless apparatus communicates with the accessory device via Near Field Communications (NFC) circuitry.
  - 13. The wireless apparatus of claim 9, wherein the secure element comprises a tamper-proof integrated circuit that is permanently built into the wireless apparatus.

14. A method for securely storing access client data at a user equipment, comprising:
- transmitting user credentials established during the purchase of the user equipment to a trusted services manager to cause the trusted services manager to authenticate the user equipment based at least in part on the user credentials, wherein the user equipment does not include a subscriber identity module (SIM) card bay;
  
  upon successful authentication of the user equipment with the trusted services manager, receiving the access client data over a communication interface, wherein the access client comprises a virtualized Universal Subscriber Identity Module (USIM);
  
  storing the access client data within a secure element;
  
  presenting, to a user at the user equipment, an option to select from;
  
  accessing a first wireless service via the access client data stored in the secure element, andaccessing a second wireless service via a physical SIM card inserted into a SIM card bay of an accessory device that is in communication with the user equipment; and
  
  accessing either the first wireless service or the second wireless service based on a selection provided by the user.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein the communication interface comprises short-range wireless communications circuitry.
  - 16. The method of claim 14, wherein the communication interface communicates with the accessory device via Near Field Communications (NFC) circuitry.
  - 17. The method of claim 14, wherein the secure element comprises a tamper-proof integrated circuit that is permanently built into the user equipment.

18. A services management apparatus, comprising:
- a network interface configured to transmit a plurality of access clients to one or more wireless devices, wherein each access client of the plurality of access clients comprises a virtualized Universal Subscriber Identity Module (USIM);
  
  a storage device configured to store the plurality of access clients;
  
  processing logic in data communication with the network interface and the storage device, wherein the processing logic is configured to;
  
  receive a request for access from an individual one of the one or more wireless devices;
  
  responsive to the request for access, authorize the individual one of the one or more wireless devices and transmit at least one access client of the plurality of access clients, wherein the individual one of the one or more wireless devices enables a user of the individual one of the one or more wireless devices to select from;
  
  accessing a first wireless service via the at least one access client, andaccessing a second wireless service via a physical SIM card inserted into a SIM card bay of an accessory device that is in communication with the individual one of the one or more wireless devices.
- View Dependent Claims (19, 20)
- - 19. The services management apparatus of claim 18, wherein the transmission of the at least one access client causes the individual one of the one or more wireless devices to store the at least one access client to a secure element included in the individual one of the one or more wireless devices.
  - 20. The services management apparatus of claim 18, wherein the network interface is configured to transmit the at least one access client to the individual one of the one or more wireless devices over a secure wireless connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Schell, Stephan V., Narang, Mohit, Caballero, Ruben
Primary Examiner(s)
Edouard, Patrick
Assistant Examiner(s)
CASCA, FRED A

Application Number

US12/952,082
Publication Number

US 20110269423A1
Time in Patent Office

1,198 Days
Field of Search

455/411, 455/558, 455/425, 455/410, 455/422.1, 455/435.1, 455/420, 455/419, 455/406, 455/417, 455/433, 455/445, 455/550.1, 713/168, 713/169, 713/155, 370/221, 370/342, 370/328, 370/338, 370/331, 370/329, 370/352
US Class Current

455/411
CPC Class Codes

H04B 1/406   with more than one transmis...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0853   using an additional device,...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 4/00   Services specially adapted ...

H04W 48/08   Access restriction or acces...

H04W 48/18   Selecting a network or a co...

H04W 88/06   adapted for operation in mu...

Wireless network authentication apparatus and methods

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless network authentication apparatus and methods

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links