Methods and apparatus for delivering electronic identification components over a wireless network

US 8,555,067 B2
Filed: 05/19/2011
Issued: 10/08/2013
Est. Priority Date: 10/28/2010
Status: Active Grant

First Claim

Patent Images

1. A method of receiving an access control client over a network, the method comprising:

at least one processor performing the functions of;

establishing an authorized data session having a first set of access rights, the first set of access rights enabling access to one or more packages comprising an access control client having a second set of access rights configured to permit the mobile device to authenticate to a network associated with the access control client;

downloading the one or more packages comprising the access control client into a secure element of a mobile device;

assembling the access control client based at least in part on the downloaded one or more packages; and

establishing a subscriber session with the network in accordance with at least a portion of the second access rights using the assembled access control client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

201 Citations

20 Claims

1. A method of receiving an access control client over a network, the method comprising:
- at least one processor performing the functions of;
  
  establishing an authorized data session having a first set of access rights, the first set of access rights enabling access to one or more packages comprising an access control client having a second set of access rights configured to permit the mobile device to authenticate to a network associated with the access control client;
  
  downloading the one or more packages comprising the access control client into a secure element of a mobile device;
  
  assembling the access control client based at least in part on the downloaded one or more packages; and
  
  establishing a subscriber session with the network in accordance with at least a portion of the second access rights using the assembled access control client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the authorized data session comprises a mutual verification between the network and a recipient device.
  - 3. The method of claim 2, wherein the mutual verification comprises a cryptographic key protocol.
  - 4. The method of claim 3, wherein the cryptographic key protocol is based on one or more asymmetric Rivest Shamir and Adelman (RSA) public and private keys.
  - 5. The method of claim 1, wherein the second set of access rights enables one or more customer services.
  - 6. The method of claim 5, wherein the network comprises a wireless network, and the one or more customer services comprises placing or receiving a voice call.
  - 7. The method of claim 5, wherein the one or more customer services comprises accessing the network.
  - 8. The method of claim 5, wherein the one or more customer services comprises accessing a media file.
  - 9. The method of claim 5, wherein the first set of access rights is not enabled for customer services.

10. A method of modifying a device operating system over a network, the method comprising:
- at least one processor performing the functions of;
  
  establishing an authorized data session having a first set of access rights configured only to permit a mobile device to access a network to perform one or more update requests;
  
  receiving an update request via the authorized data session, and responsively generating an appropriate update package encrypted with a first key; and
  
  transmitting one or more update packages and the first key encrypted with a second key specific to a secure element of the mobile device via the authorized data session;
  
  wherein the one or more update packages are configured for operation with an access control client having a second set of access rights to initiate a subscriber session.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein the network comprises a wireless network, and the authorized data session comprises a mutual verification between the wireless network and the device.
  - 12. The method of claim 10, wherein the first set of access rights is substantially limited to exchanging update packages.
  - 13. The method of claim 10, wherein the second set of access rights enables one or more subscriber sessions.
  - 14. The method of claim 10, wherein the first set of access rights is a subset of the second set of access rights.
  - 15. The method of claim 10, wherein the second set of access rights is selected based on one or more user selections.
  - 16. The method of claim 15, wherein the update request comprises the one or more user selections.
  - 17. The method of claim 10, additionally comprising presenting one or more update options to the device.

18. A wireless apparatus, comprising:
- one or more wireless interfaces, the one or more wireless interfaces adapted to connect to one or more wireless networks;
  
  a secure element, wherein the secure element is adapted to store a plurality of user access data elements, each user access data element configured to permit the wireless device to authenticate with a corresponding network associated with the user access data element;
  
  a processor; and
  
  a storage device in data communication with the processor, the storage device comprising computer-executable instructions, when executed by the processor, cause the wireless apparatus to;
  
  establish an authorized data session limited to a first set of access rights configured to permit the wireless apparatus only limited access to a network to perform one or more updates for an access control client that has a second set of access rights that are configured to permit the wireless apparatus to perform voice and/or data service with the network via the subscriber session;
  
  request an update for an access control client via the authorized data session; and
  
  establish a subscriber session with a network associated with the updated access control client.
- View Dependent Claims (19)
- - 19. The wireless apparatus of claim 18, wherein the wireless device comprises a mobile device, and the access control client comprises an electronic Subscriber Identity Module (eSIM).

20. A network apparatus, comprising:
- an interface, the interface adapted to communicate with one or more wireless devices;
  
  a processor; and
  
  a storage device in data communication with the processor, the storage device comprising computer-executable instructions, when executed by the processor, cause the network apparatus to;
  
  establish an authorized data session with one of the one or more wireless devices, wherein the authorized data session has a first set of access rights, where the first set of access rights restricts operation of the one of the one or more wireless devices within a network to perform one or more updates for an access control client that has a second set of access rights that are configured to permit the one of the one or more wireless devices to authenticate to a network associated with the access control client;
  
  receive an update request from the one wireless device and generate an appropriate update package; and
  
  transmit the generated update package;
  
  wherein the generated update package is configured to enable the access control client to establish a subscriber session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Schell, Stephan V., Mathias, Arun G., Haggerty, David T., McLaughlin, Kevin, Juang, Ben-Heng, Li, Li, Von Hauck, Jerrold
Primary Examiner(s)
Chai, Longbit

Application Number

US13/111,801
Publication Number

US 20120108207A1
Time in Patent Office

873 Days
Field of Search

713/169
US Class Current

713/169
CPC Class Codes

G06F 21/45   Structures or tools for the...

G06F 21/57   Certifying or maintaining t...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/123   received data contents, e.g...

H04L 63/20   for managing network securi...

H04L 67/34   involving the movement of s...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

H04W 8/205   Transfer to or from user eq...

Methods and apparatus for delivering electronic identification components over a wireless network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

201 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for delivering electronic identification components over a wireless network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

201 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links