Methods and apparatus for storage and execution of access control clients
First Claim
1. An electronic Universal Integrated Circuit Card (eUICC), comprising:
- at least one processor; and
at least one memory storing instructions that, when executed by the at least one processor, cause the eUICC to;
identify an initialization of the eUICC, wherein the eUICC manages a plurality of secure partitions, and each secure partition of the plurality of secure partitions includes a respective access control client;
parse the plurality of secure partitions to identify an access control client for activation; and
cause an operating system (OS) associated with the access control client to execute within a limited scope that corresponds to the secure partition in which the access control client is included, wherein the OS, when executed, activates the access control client.
0 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein is a technique for securely provisioning access control entities (e.g., electronic Subscriber Identity Module (eSIM) components) to a user equipment (UE) device. In one embodiment, a UE device is assigned a unique key and an endorsement certificate that can be used to provide updates or new eSIMs to the UE device. The UE device can trust eSIM material delivered by an unknown third-party eSIM vendor, based on a secure certificate transmission with the unique key. In another aspect, an operating system (OS) is partitioned into various sandboxes. During operation, the UE device can activate and execute the OS in the sandbox corresponding to a current wireless network. Personalization packages received while connected to the network only apply to that sandbox. Similarly, when loading an eSIM, the OS need only load the list of software necessary for the current run-time environment. Unused software can be subsequently activated.
45 Citations
20 Claims
-
1. An electronic Universal Integrated Circuit Card (eUICC), comprising:
-
at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the eUICC to; identify an initialization of the eUICC, wherein the eUICC manages a plurality of secure partitions, and each secure partition of the plurality of secure partitions includes a respective access control client; parse the plurality of secure partitions to identify an access control client for activation; and cause an operating system (OS) associated with the access control client to execute within a limited scope that corresponds to the secure partition in which the access control client is included, wherein the OS, when executed, activates the access control client. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An electronic Universal Integrated Circuit Card (eUICC), comprising:
-
at least one memory that includes a plurality of secure partitions, wherein each secure partition of the plurality of secure partitions includes a respective access control client; and at least one processor configured to cause the eUICC to carry out steps that include, in response to identifying an initialization of the eUICC; parsing the plurality of secure partitions to identify an access control client for activation; authenticating the access control client; and subsequent to authenticating the access control client; causing an operating system (OS) associated with the access control client to execute within a limited scope that corresponds to the secure partition in which the access control client is included, wherein the OS, when executed, activates the access control client. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An electronic Universal Integrated Circuit Card (eUICC), comprising:
-
at least one memory storing a plurality of access control clients, wherein each access control client of the plurality of access control clients is included in a respective secure partition; and at least one processor configured to cause the eUICC to carry out steps that include; receiving a request to activate an access control client of the plurality of access control clients; identifying a secure partition that includes the access control client, wherein the access control client is associated with an operating system (OS) that is configured to manage the access control client; authenticating at least one of the access control client and the OS; and subsequent to authenticating; causing the OS to execute within a limited scope that corresponds to the secure partition, wherein the OS, when executed, causes the access control client to be activated. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification