Apparatus and methods for distributing and storing electronic access clients
First Claim
1. A method for distributing access control clients, comprising:
- tracking distribution statuses of a plurality of access control clients that are stored within a secure repository;
uniquely encrypting for a target mobile device a first access control client of the plurality of access control clients, wherein the target mobile device is configured to download the encrypted first access control client from any one of two or more distribution entities;
transmitting the encrypted first access control client to each of the two or more distribution entities;
removing the first access control client from the secure repository;
updating a distribution status that corresponds to the first access control client to indicate;
the removal of the first access control client from the secure repository, andthe transmission of the encrypted first access control client to the two or more distribution entities; and
in response to determining that the target mobile device has downloaded the encrypted first access control client from one distribution entity of the two or more distribution entities;
removing the encrypted first access control client from each of the two or more distribution entities, andupdating the distribution status to reflect the removal of the encrypted first access control client from each of the two or more distribution entities.
2 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods for efficiently distributing and storing access control clients within a network. In one embodiment, the access clients include electronic Subscriber Identity Modules (eSIMs), and an eSIM distribution network infrastructure is described which enforces eSIM uniqueness and conservation, distributes network traffic to prevent “bottle necking” congestion, and provides reasonable disaster recovery capabilities. In one variant, eSIMs are securely stored at electronic Universal Integrated Circuit Card (eUICC) appliances which ensure eSIM uniqueness and conservation. Access to the eUICC appliances is made via multiple eSIM depots, which ensure that network load is distributed. Persistent storage is additionally described, for among other activities, archiving and backup.
88 Citations
22 Claims
-
1. A method for distributing access control clients, comprising:
-
tracking distribution statuses of a plurality of access control clients that are stored within a secure repository; uniquely encrypting for a target mobile device a first access control client of the plurality of access control clients, wherein the target mobile device is configured to download the encrypted first access control client from any one of two or more distribution entities; transmitting the encrypted first access control client to each of the two or more distribution entities; removing the first access control client from the secure repository; updating a distribution status that corresponds to the first access control client to indicate; the removal of the first access control client from the secure repository, and the transmission of the encrypted first access control client to the two or more distribution entities; and in response to determining that the target mobile device has downloaded the encrypted first access control client from one distribution entity of the two or more distribution entities; removing the encrypted first access control client from each of the two or more distribution entities, and updating the distribution status to reflect the removal of the encrypted first access control client from each of the two or more distribution entities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for distributing access control clients, comprising:
-
receiving, at each of two or more distribution locations, an access control client that is encrypted for a unique target device; receiving, at any one of the two or more distribution locations, a request from the unique target device for the encrypted access control client; transmitting the encrypted access control client to the unique target device; and responsive to receiving an indication that the encrypted access control client was successfully transmitted to the unique target device; at each of the two or more distribution locations, removing or rendering inactive the encrypted access control client. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An appliance for distributing access control clients, the appliance comprising:
-
a signing appliance, wherein the signing appliance is configured to track distribution statuses of a plurality of access control clients; a security module, wherein the security module is configured to uniquely encrypt the plurality of access control clients for target devices; a processor; and a storage device in data communication with the processor, wherein the storage device stores computer-executable instructions that, when executed by the processor, cause the appliance to; receive from a target device a request for an access control client of the plurality of access control clients; cause the security module to uniquely encrypt the access control client for the target device; transmit the encrypted access control client to two or more distribution locations, wherein any one of the two or more distribution locations is capable of transmitting the encrypted access control client to the target device; and cause the signing appliance to update a distribution status associated with the encrypted access control client to reflect the transmission of the encrypted access control client to each of the two or more distribution locations. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification