Apparatus and methods for storing electronic access clients
First Claim
Patent Images
1. An apparatus configured to provide access data elements to peer devices, the apparatus comprising:
- a first secure element adapted to store a plurality of access data elements; and
a processor configured to cause the apparatus to;
receive, from a peer device, a request for at least one access data element of the plurality of access data elements, wherein the request includes;
a public key that is unique to a second secure element included in the peer device, anda unique identifier that is generated by the peer device in conjunction with the request;
obtain, from the first secure element, the at least one access data element;
encrypt the at least one access data element using the public key;
generate a package that includes the encrypted at least one access data element and the unique identifier;
sign the package to produce a signed package, wherein the signed package enables the peer device to authenticate the apparatus;
transfer the signed package to the peer device; and
in response to receiving, from the peer device, an indication that the at least one access data element is stored in the second secure element;
remove the at least one access data element from the first secure element.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatus and methods for storing and controlling access control clients. In one embodiment, transmitting and receiving devices ensure that only one copy of an eSIM is active at any time. Specifically, each transferred eSIM is encrypted for the destination device; the eSIM from the source device is deleted, deactivated, or otherwise rendered unusable. Various aspects of network infrastructure are also described, including electronic Universal Integrated Circuit Card (eUICC) appliances, and mobile devices. Various scenarios for transfer of eSIMs are also disclosed.
68 Citations
22 Claims
-
1. An apparatus configured to provide access data elements to peer devices, the apparatus comprising:
-
a first secure element adapted to store a plurality of access data elements; and a processor configured to cause the apparatus to; receive, from a peer device, a request for at least one access data element of the plurality of access data elements, wherein the request includes; a public key that is unique to a second secure element included in the peer device, and a unique identifier that is generated by the peer device in conjunction with the request; obtain, from the first secure element, the at least one access data element; encrypt the at least one access data element using the public key; generate a package that includes the encrypted at least one access data element and the unique identifier; sign the package to produce a signed package, wherein the signed package enables the peer device to authenticate the apparatus; transfer the signed package to the peer device; and in response to receiving, from the peer device, an indication that the at least one access data element is stored in the second secure element; remove the at least one access data element from the first secure element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for transferring access data elements to peer devices, the method comprising:
at an apparatus including a first secure element that stores a plurality of access data elements; receiving, from a peer device, a request for at least one access data element of the plurality of access data elements, wherein the request includes; a public key that is unique to a second secure element included in the peer device, and a unique identifier that is generated by the peer device in conjunction with the request; obtaining, from the first secure element, the at least one access data element; encrypting the at least one access data element using the public key; generating a package that includes the encrypted at least one access data element and the unique identifier; signing the package to produce a signed package, wherein the signed package enables the peer device to authenticate the apparatus; transferring the signed package to the peer device; and in response to receiving, from the peer device, an indication that the at least one access data element is stored in the second secure element; removing the at least one access data element from the first secure element. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
20. A mobile device, comprising:
-
a secure element; and a processor configured to cause the mobile device to; issue, to an apparatus configured to store a plurality of access data elements, a request for at least one access data element of the plurality of access data elements, wherein the request includes; a public key that is unique to the secure element, and a unique identifier that is generated in conjunction with issuing the request; receive a package from the apparatus, wherein the package includes; a digital signature generated by the apparatus; the at least one access data element, wherein the at least one access data element is encrypted based on the public key, and the unique identifier; verify the package in accordance with the digital signature; decrypt the at least one access data element using a private key that corresponds to the public key; and store the at least one access data element into the secure element. - View Dependent Claims (21, 22)
-
Specification