Methods and apparatus for storage and execution of access control clients

US 9,930,527 B2
Filed: 12/08/2016
Issued: 03/27/2018
Est. Priority Date: 10/28/2010
Status: Active Grant

First Claim

Patent Images

1. An electronic Universal Integrated Circuit Card (eUICC), comprising:

at least one processor; and

at least one memory storing instructions that, when executed by the at least one processor, cause the eUICC to;

identify an initialization of the eUICC, wherein the eUICC manages a plurality of secure partitions, and each secure partition of the plurality of secure partitions includes a respective access control client;

parse the plurality of secure partitions to identify an access control client for activation; and

cause an operating system (OS) associated with the access control client to execute within a limited scope that corresponds to the secure partition in which the access control client is included, wherein the OS, when executed, activates the access control client.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein is a technique for securely provisioning access control entities (e.g., electronic Subscriber Identity Module (eSIM) components) to a user equipment (UE) device. In one embodiment, a UE device is assigned a unique key and an endorsement certificate that can be used to provide updates or new eSIMs to the UE device. The UE device can trust eSIM material delivered by an unknown third-party eSIM vendor, based on a secure certificate transmission with the unique key. In another aspect, an operating system (OS) is partitioned into various sandboxes. During operation, the UE device can activate and execute the OS in the sandbox corresponding to a current wireless network. Personalization packages received while connected to the network only apply to that sandbox. Similarly, when loading an eSIM, the OS need only load the list of software necessary for the current run-time environment. Unused software can be subsequently activated.

45 Citations

View as Search Results

20 Claims

1. An electronic Universal Integrated Circuit Card (eUICC), comprising:
- at least one processor; and
  
  at least one memory storing instructions that, when executed by the at least one processor, cause the eUICC to;
  
  identify an initialization of the eUICC, wherein the eUICC manages a plurality of secure partitions, and each secure partition of the plurality of secure partitions includes a respective access control client;
  
  parse the plurality of secure partitions to identify an access control client for activation; and
  
  cause an operating system (OS) associated with the access control client to execute within a limited scope that corresponds to the secure partition in which the access control client is included, wherein the OS, when executed, activates the access control client.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The eUICC of claim 1, wherein the access control client comprises an electronic Subscriber Identity Module (eSIM), and the eSIM is a virtualization of a physical SIM.
  - 3. The eUICC of claim 1, wherein the at least one processor further causes the eUICC to:
    - authenticate the access control client by validating a first certificate associated with the access control client against a second certificate associated with the eUICC.
  - 4. The eUICC of claim 1, wherein the initialization of the eUICC is issued in conjunction with a reset of the eUICC.
  - 5. The eUICC of claim 1, wherein the access control client corresponds to a default Mobile Network Operator (MNO) associated with a mobile device in which the eUICC is included.
  - 6. The eUICC of claim 1, wherein the secure partition in which the access control client is included stores at least one additional access control client.
  - 7. The eUICC of claim 1, wherein activating the access control client enables a mobile device in which the eUICC is included to register with a Mobile Network Operator (MNO) that corresponds to the access control client.

8. An electronic Universal Integrated Circuit Card (eUICC), comprising:
- at least one memory that includes a plurality of secure partitions, wherein each secure partition of the plurality of secure partitions includes a respective access control client; and
  
  at least one processor configured to cause the eUICC to carry out steps that include, in response to identifying an initialization of the eUICC;
  
  parsing the plurality of secure partitions to identify an access control client for activation;
  
  authenticating the access control client; and
  
  subsequent to authenticating the access control client;
  
  causing an operating system (OS) associated with the access control client to execute within a limited scope that corresponds to the secure partition in which the access control client is included, wherein the OS, when executed, activates the access control client.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The eUICC of claim 8, wherein the access control client comprises an electronic Subscriber Identity Module (eSIM), and the eSIM is a virtualization of a physical SIM.
  - 10. The eUICC of claim 8, wherein authenticating the access control client comprises:
    - validating a first certificate associated with the access control client against a second certificate associated with the eUICC.
  - 11. The eUICC of claim 8, wherein the initialization of the eUICC is issued in conjunction with a reset of the eUICC.
  - 12. The eUICC of claim 8, wherein the access control client corresponds to a default Mobile Network Operator (MNO) associated with a mobile device in which the eUICC is included.
  - 13. The eUICC of claim 8, wherein the secure partition in which the access control client is included stores at least one additional access control client.
  - 14. The eUICC of claim 8, wherein activating the access control client enables a mobile device in which the eUICC is included to register with a Mobile Network Operator (MNO) that corresponds to the access control client.

15. An electronic Universal Integrated Circuit Card (eUICC), comprising:
- at least one memory storing a plurality of access control clients, wherein each access control client of the plurality of access control clients is included in a respective secure partition; and
  
  at least one processor configured to cause the eUICC to carry out steps that include;
  
  receiving a request to activate an access control client of the plurality of access control clients;
  
  identifying a secure partition that includes the access control client, wherein the access control client is associated with an operating system (OS) that is configured to manage the access control client;
  
  authenticating at least one of the access control client and the OS; and
  
  subsequent to authenticating;
  
  causing the OS to execute within a limited scope that corresponds to the secure partition, wherein the OS, when executed, causes the access control client to be activated.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The eUICC of claim 15, wherein the access control client comprises an electronic Subscriber Identity Module (eSIM), and the eSIM is a virtualization of a physical SIM.
  - 17. The eUICC of claim 15, wherein authenticating the access control client comprises:
    - validating a first certificate associated with the access control client against a second certificate associated with the eUICC.
  - 18. The eUICC of claim 15, wherein the request to activate the access control client is issued in conjunction with a reset of the eUICC.
  - 19. The eUICC of claim 15, wherein the access control client corresponds to a default Mobile Network Operator (MNO) associated with a mobile device in which the eUICC is included.
  - 20. The eUICC of claim 15, wherein activating the access control client enables a mobile device in which the eUICC is included to, using at least one wireless interface included in the mobile device, register with a Mobile Network Operator (MNO) that corresponds to the access control client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Schell, Stephan V., Hauck, Jerrold Von
Primary Examiner(s)
HENNING, MATTHEW T

Application Number

US15/373,308
Publication Number

US 20170188234A1
Time in Patent Office

474 Days
Field of Search

726 7, 726 3
US Class Current
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04W 12/06   Authentication

H04W 12/086   using security domains

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

H04W 8/18   Processing of user or subsc...

H04W 8/205   Transfer to or from user eq...

H04W 8/265   for initial activation of n...

Methods and apparatus for storage and execution of access control clients

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for storage and execution of access control clients

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links