Apparatus and methods for controlling distribution of electronic access clients
First Claim
1. A wireless apparatus configured to selectively enable and disable different components included in the wireless apparatus, the wireless apparatus comprising:
- a wireless interface; and
a secure element, wherein the secure element includes;
a first secure storage for storing user access control clients that enable the wireless apparatus to access wireless services via the wireless interface,a processor, anda second secure storage configured to store instructions that, when executed by the processor, cause the processor to carry out steps that include;
receiving an activation ticket from a manufacturer of the wireless apparatus, wherein the activation ticket includes at least one record, and each record;
corresponds to a component included in the wireless apparatus,includes a shared secret associated with the component, andindicates whether to enable or disable the component; and
upon verifying the activation ticket;
downloading a user access control client,storing the user access control client in the first secure storage, andfor each record included in the activation ticket;
causing an enablement or a disablement of the component in accordance with the record and in response to a verification of the shared secret by the component.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatus and methods for controlling the distribution of electronic access clients to a device. In one embodiment, a virtualized Universal Integrated Circuit Card (UICC) can only load an access client such as an electronic Subscriber Identity Module (eSIM) according to an activation ticket. The activation ticket ensures that the virtualized UICC can only receive eSIMs from specific carriers (“carrier locking”). Unlike prior art methods which enforce carrier locking on a software application launched from a software chain of trust (which can be compromised), the present invention advantageously enforces carrier locking with the secure UICC hardware which has, for example, a secure code base.
-
Citations
28 Claims
-
1. A wireless apparatus configured to selectively enable and disable different components included in the wireless apparatus, the wireless apparatus comprising:
-
a wireless interface; and a secure element, wherein the secure element includes; a first secure storage for storing user access control clients that enable the wireless apparatus to access wireless services via the wireless interface, a processor, and a second secure storage configured to store instructions that, when executed by the processor, cause the processor to carry out steps that include; receiving an activation ticket from a manufacturer of the wireless apparatus, wherein the activation ticket includes at least one record, and each record; corresponds to a component included in the wireless apparatus, includes a shared secret associated with the component, and indicates whether to enable or disable the component; and upon verifying the activation ticket; downloading a user access control client, storing the user access control client in the first secure storage, and for each record included in the activation ticket;
causing an enablement or a disablement of the component in accordance with the record and in response to a verification of the shared secret by the component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A hardware secure element included in a mobile device, the hardware secure element comprising:
-
an interface to different components included in the mobile device; a secure processor; a first secure storage configured to store at least one access control client that enables the mobile device to access services provided by a cellular network associated with the at least one access control client; and a second secure storage configured to store instructions that, when executed by the secure processor, cause the secure processor to carry out steps that include; receiving an activation ticket that specifies at least one limitation for operating the mobile device to be enforced by the hardware secure element, wherein the activation ticket includes at least one record, and each record; corresponds to a component of the different components, includes a shared secret associated with the component, and indicates whether to enable or disable the component; and upon verifying the activation ticket; downloading a user access control client, storing the user access control client in the first secure storage, and for each record included in the activation ticket; causing an enablement or a disablement of the component in accordance with the record and in response to a verification of the shared secret by the component. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method for selectively enabling and disabling different components included in a wireless device, the method comprising:
at a secure element included the wireless device; transmitting a request for an activation ticket in response to a command issued by a mobile services application, wherein the request includes information associated with a user account of a user of the wireless device; receiving the activation ticket, wherein the activation ticket includes at least one record, and each record; corresponds to one of the different components included in the wireless device, includes a shared secret associated with the component, and indicates whether to enable or disable the component; and upon verifying the activation ticket; downloading a user access control client, storing the user access control client in a first secure storage included in the secure element, and for each record included in the activation ticket; causing an enablement or a disablement of the component in accordance with the record and in response to a verification of the shared secret by the component. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
Specification