Methods and apparatus for managing data within a secure element

US 8,983,543 B2
Filed: 09/12/2012
Issued: 03/17/2015
Est. Priority Date: 09/12/2012
Status: Active Grant

First Claim

Patent Images

1. A mobile device, comprising:

wireless circuitry adapted to communicate with at least one wireless network; and

a secure element, comprising;

a plurality of access control clients,a logical entity configured to manage the plurality of access control clients, wherein each access control client of the plurality of access control clients comprises a user data component and a non-user data component, and the logical entity provides access only to the user data components, anda processor configured to;

receive a request to access the user data component contained in an inactive access control client of the plurality of access control clients,when the logical entity verifies that the request is valid, retrieve the user data component from the inactive access control client without activating the inactive access control client, wherein activating the inactive access control client includes carrying out an authentication procedure with a network entity, andtransfer at least a portion of the user data component from the inactive access control client to at least one other access control client of the plurality of access control clients.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and methods for managing and sharing data across multiple access control clients in devices. In one embodiment, the access control clients comprise electronic Subscriber Identity Modules (eSIMs) disposed on a embedded Universal Integrated Circuit Card (eUICC). Each eSIM contains its own data. An Advanced Subscriber Identity Toolkit application maintained within the eUICC facilitates managing and sharing multiple eSIMs'"'"' data for various purposes such as sharing phonebook contacts or facilitating automatic switch-over between the multiple eSIMs (such as based on user context).

11 Citations

View as Search Results

16 Claims

1. A mobile device, comprising:
- wireless circuitry adapted to communicate with at least one wireless network; and
  
  a secure element, comprising;
  
  a plurality of access control clients,a logical entity configured to manage the plurality of access control clients, wherein each access control client of the plurality of access control clients comprises a user data component and a non-user data component, and the logical entity provides access only to the user data components, anda processor configured to;
  
  receive a request to access the user data component contained in an inactive access control client of the plurality of access control clients,when the logical entity verifies that the request is valid, retrieve the user data component from the inactive access control client without activating the inactive access control client, wherein activating the inactive access control client includes carrying out an authentication procedure with a network entity, andtransfer at least a portion of the user data component from the inactive access control client to at least one other access control client of the plurality of access control clients.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The mobile device of claim 1, wherein the plurality of access control clients further include an active access control client, and the at least one other access control client comprises the active access control client.
  - 3. The mobile device of claim 1, wherein the request identifies a requestor that generates the request.
  - 4. The mobile device of claim 3, wherein the requestor comprises a user.
  - 5. The mobile device of claim 3, wherein the requestor comprises a software application.
  - 6. The mobile device of claim 5, wherein the software application is resident on the secure element.
  - 7. The mobile device of claim 3, wherein the requestor comprises a software process that is resident on an active access control client.

8. A method for managing a plurality of access control clients stored in a secure element, the method comprising:
- receiving, from a requestor, a request to access data that is contained in a particular access control client of the plurality of access control clients, wherein the data comprises a user data component and a non-user data component, and the secure element comprises the plurality of access control clients and a logical entity that is configured to manage the plurality of access control clients;
  
  determining whether the request is directed to the logical entity or the particular access control client;
  
  when the request is directed to the particular access control client, providing access to the data that is contained in the particular access control client via a first interface,wherein the first interface allows access to both the user data component and the non-user data component of the particular access control client; and
  
  when the request is directed to the logical entity;
  
  verifying the request, wherein verifying the request comprises authenticating the requestor,searching the plurality of access control clients to locate the particular access control client that contains the data,obtaining the user data component from the particular access control client via a second interface, wherein the second interface allows access to only the user data component of the particular access control client, andreturning the user data component to the requestor.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein verifying the request further comprises analyzing a privilege level associated with the requestor.
  - 10. The method of claim 9, wherein the privilege level associated with the requestor is pre-determined by an administrative entity.
  - 11. The method of claim 8, wherein:
    - the request specifies a particular individual of a plurality of individuals; and
      
      the data comprises contact information for the particular individual.
  - 12. The method of claim 8, wherein the data comprises device configuration information for a mobile device in which the secure element is included, and the method further comprises:
    - configuring an operating state of the mobile device based on the device configuration information.

13. A secure element included in a mobile device, comprising:
- a processor configured to;
  
  receive, from a requestor, a request to access data contained in a particular access control client of the plurality of access control clients, wherein the data comprises a user data component and a non-user data component, and the secure element comprises the plurality of access control clients and a logical entity that is configured to manage the plurality of access control clients;
  
  determine whether the request is directed to the logical entity or the particular access control Client;
  
  when the request is directed to the particular access control client;
  
  provide access to the data that is contained in the particular access control client via a first interface, wherein the first interface allows access to both the user data component and the non-user data component of the particular access control client; and
  
  when the request is directed to the logical entity;
  
  verify the request,search the plurality of access control clients to locate the particular access control client that contains the data,obtain the user data component from the particular access control client via a second interface, wherein the second interface allows access to only the user data component of the particular access control client, andreturn the user data component to the requestor.
- View Dependent Claims (14, 15, 16)
- - 14. The secure element of claim 13, wherein the requestor is a user, and verifying the request comprises verifying a personal identification number (PIN) or password supplied by the user.
  - 15. The secure element of claim 13, wherein the requestor is a software application, and verifying the request comprises analyzing a privilege level property of the software application.
  - 16. The secure element of claim 13, wherein the processor is further configured to cause the mobile device to authenticate to a network using at least one access control client of the plurality of access control clients.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Li, Li, Juang, Ben-Heng, Mathias, Arun G.
Primary Examiner(s)
Obayanju, Omoniyi

Application Number

US13/612,641
Publication Number

US 20140073375A1
Time in Patent Office

916 Days
Field of Search

455/410, 455/411, 455/419, 455/558
US Class Current

455/558
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04W 12/069   using certificates or pre-s...

H04W 12/082   using revocation of authori...

H04W 4/50   Service provisioning or rec...

H04W 8/183   Processing at user equipmen...

H04W 8/22   Processing or transfer of t...

Methods and apparatus for managing data within a secure element

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for managing data within a secure element

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links