Apparatus and methods for distributing and storing electronic access clients

US 8,707,022 B2
Filed: 04/27/2011
Issued: 04/22/2014
Est. Priority Date: 04/05/2011
Status: Active Grant

First Claim

Patent Images

1. A method for distributing access control clients, comprising:

tracking distribution statuses of a plurality of access control clients that are stored within a secure repository;

uniquely encrypting for a target mobile device a first access control client of the plurality of access control clients, wherein the target mobile device is configured to download the encrypted first access control client from any one of two or more distribution entities;

transmitting the encrypted first access control client to each of the two or more distribution entities;

removing the first access control client from the secure repository;

updating a distribution status that corresponds to the first access control client to indicate;

the removal of the first access control client from the secure repository, andthe transmission of the encrypted first access control client to the two or more distribution entities; and

in response to determining that the target mobile device has downloaded the encrypted first access control client from one distribution entity of the two or more distribution entities;

removing the encrypted first access control client from each of the two or more distribution entities, andupdating the distribution status to reflect the removal of the encrypted first access control client from each of the two or more distribution entities.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and methods for efficiently distributing and storing access control clients within a network. In one embodiment, the access clients include electronic Subscriber Identity Modules (eSIMs), and an eSIM distribution network infrastructure is described which enforces eSIM uniqueness and conservation, distributes network traffic to prevent “bottle necking” congestion, and provides reasonable disaster recovery capabilities. In one variant, eSIMs are securely stored at electronic Universal Integrated Circuit Card (eUICC) appliances which ensure eSIM uniqueness and conservation. Access to the eUICC appliances is made via multiple eSIM depots, which ensure that network load is distributed. Persistent storage is additionally described, for among other activities, archiving and backup.

88 Citations

View as Search Results

22 Claims

1. A method for distributing access control clients, comprising:
- tracking distribution statuses of a plurality of access control clients that are stored within a secure repository;
  
  uniquely encrypting for a target mobile device a first access control client of the plurality of access control clients, wherein the target mobile device is configured to download the encrypted first access control client from any one of two or more distribution entities;
  
  transmitting the encrypted first access control client to each of the two or more distribution entities;
  
  removing the first access control client from the secure repository;
  
  updating a distribution status that corresponds to the first access control client to indicate;
  
  the removal of the first access control client from the secure repository, andthe transmission of the encrypted first access control client to the two or more distribution entities; and
  
  in response to determining that the target mobile device has downloaded the encrypted first access control client from one distribution entity of the two or more distribution entities;
  
  removing the encrypted first access control client from each of the two or more distribution entities, andupdating the distribution status to reflect the removal of the encrypted first access control client from each of the two or more distribution entities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the encrypted first access control client is not modified by the two or more distribution entities.
  - 3. The method of claim 1, wherein tracking the distribution statuses includes maintaining distribution data associated with each access control client of the plurality of access control clients.
  - 4. The method of claim 1, wherein tracking the distribution statuses includes maintaining transaction data associated with the each access control client of the plurality of access control clients.
  - 5. The method of claim 1, wherein the target mobile device conforms to a standard trusted relationship.
  - 6. The method of claim 5, wherein the target mobile device is verified based at least in part on a challenge-response scheme prior to downloading the encrypted first access control client.
  - 7. The method of claim 1, wherein each access control client of the plurality of access control clients is an electronic Subscriber Identity Module (eSIM).
  - 8. The method of claim 7, wherein each distribution entity of the two or more distribution entities is an eSIM depot.

9. A method for distributing access control clients, comprising:
- receiving, at each of two or more distribution locations, an access control client that is encrypted for a unique target device;
  
  receiving, at any one of the two or more distribution locations, a request from the unique target device for the encrypted access control client;
  
  transmitting the encrypted access control client to the unique target device; and
  
  responsive to receiving an indication that the encrypted access control client was successfully transmitted to the unique target device;
  
  at each of the two or more distribution locations, removing or rendering inactive the encrypted access control client.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the encrypted access control client is transmitted to the unique target device without notifying a network centralized entity.
  - 11. The method of claim 9, wherein the encrypted access control client is associated with metadata.
  - 12. The method of claim 11, wherein the metadata includes identifying information associated with the encrypted access control client.
  - 13. The method of claim 11, wherein the metadata includes information about an issuer of the encrypted access control client.
  - 14. The method of claim 11, wherein the metadata includes account information associated with the encrypted access control client.
  - 15. The method of claim 11, wherein the metadata includes status information associated with the encrypted access control client.
  - 16. The method of claim 11, further comprising:
    - receiving, at any one of the two or more distribution locations, a request from the unique target device for the metadata; and
      
      transmitting the metadata to the unique target device.

17. An appliance for distributing access control clients, the appliance comprising:
- a signing appliance, wherein the signing appliance is configured to track distribution statuses of a plurality of access control clients;
  
  a security module, wherein the security module is configured to uniquely encrypt the plurality of access control clients for target devices;
  
  a processor; and
  
  a storage device in data communication with the processor, wherein the storage device stores computer-executable instructions that, when executed by the processor, cause the appliance to;
  
  receive from a target device a request for an access control client of the plurality of access control clients;
  
  cause the security module to uniquely encrypt the access control client for the target device;
  
  transmit the encrypted access control client to two or more distribution locations, wherein any one of the two or more distribution locations is capable of transmitting the encrypted access control client to the target device; and
  
  cause the signing appliance to update a distribution status associated with the encrypted access control client to reflect the transmission of the encrypted access control client to each of the two or more distribution locations.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The appliance of claim 17, wherein the appliance additionally comprises a secure storage for locally storing the plurality of access control clients.
  - 19. The appliance of claim 18, wherein each access control client of the plurality of access control clients is encrypted uniquely for the secure storage.
  - 20. The appliance of claim 19, where the security module is additionally configured to, prior to encrypting the access control client for the target device, decrypt the access control client when it is encrypted for the secure storage.
  - 21. The appliance of claim 17, wherein each access control client of the plurality of access control clients is an electronic Subscriber Identity Module (eSIM).
  - 22. The appliance of claim 21, wherein each of the two or more distribution locations is an eSIM depot.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Haggerty, David T., Von Hauck, Jerrold, McLaughlin, Kevin
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US13/095,716
Publication Number

US 20120260086A1
Time in Patent Office

1,091 Days
Field of Search

713/150
US Class Current

713/150
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 9/30   Public key, i.e. encryption...

H04W 12/02   Protecting privacy or anony...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 12/48   using secure binding, e.g. ...

H04W 4/02   Services making use of loca...

H04W 4/60   Subscription-based services...

H04W 8/265   for initial activation of n...

Apparatus and methods for distributing and storing electronic access clients

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

88 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and methods for distributing and storing electronic access clients

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

88 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links