Methods and apparatus for delivering electronic identification components over a wireless network
First Claim
1. A method of receiving an access control client over a network, the method comprising:
- at least one processor performing the functions of;
establishing an authorized data session having a first set of access rights, the first set of access rights enabling access to one or more packages comprising an access control client having a second set of access rights configured to permit the mobile device to authenticate to a network associated with the access control client;
downloading the one or more packages comprising the access control client into a secure element of a mobile device;
assembling the access control client based at least in part on the downloaded one or more packages; and
establishing a subscriber session with the network in accordance with at least a portion of the second access rights using the assembled access control client.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.
201 Citations
20 Claims
-
1. A method of receiving an access control client over a network, the method comprising:
-
at least one processor performing the functions of; establishing an authorized data session having a first set of access rights, the first set of access rights enabling access to one or more packages comprising an access control client having a second set of access rights configured to permit the mobile device to authenticate to a network associated with the access control client; downloading the one or more packages comprising the access control client into a secure element of a mobile device; assembling the access control client based at least in part on the downloaded one or more packages; and establishing a subscriber session with the network in accordance with at least a portion of the second access rights using the assembled access control client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of modifying a device operating system over a network, the method comprising:
-
at least one processor performing the functions of; establishing an authorized data session having a first set of access rights configured only to permit a mobile device to access a network to perform one or more update requests; receiving an update request via the authorized data session, and responsively generating an appropriate update package encrypted with a first key; and transmitting one or more update packages and the first key encrypted with a second key specific to a secure element of the mobile device via the authorized data session; wherein the one or more update packages are configured for operation with an access control client having a second set of access rights to initiate a subscriber session. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A wireless apparatus, comprising:
-
one or more wireless interfaces, the one or more wireless interfaces adapted to connect to one or more wireless networks; a secure element, wherein the secure element is adapted to store a plurality of user access data elements, each user access data element configured to permit the wireless device to authenticate with a corresponding network associated with the user access data element; a processor; and a storage device in data communication with the processor, the storage device comprising computer-executable instructions, when executed by the processor, cause the wireless apparatus to; establish an authorized data session limited to a first set of access rights configured to permit the wireless apparatus only limited access to a network to perform one or more updates for an access control client that has a second set of access rights that are configured to permit the wireless apparatus to perform voice and/or data service with the network via the subscriber session; request an update for an access control client via the authorized data session; and establish a subscriber session with a network associated with the updated access control client. - View Dependent Claims (19)
-
-
20. A network apparatus, comprising:
-
an interface, the interface adapted to communicate with one or more wireless devices; a processor; and a storage device in data communication with the processor, the storage device comprising computer-executable instructions, when executed by the processor, cause the network apparatus to; establish an authorized data session with one of the one or more wireless devices, wherein the authorized data session has a first set of access rights, where the first set of access rights restricts operation of the one of the one or more wireless devices within a network to perform one or more updates for an access control client that has a second set of access rights that are configured to permit the one of the one or more wireless devices to authenticate to a network associated with the access control client; receive an update request from the one wireless device and generate an appropriate update package; and transmit the generated update package; wherein the generated update package is configured to enable the access control client to establish a subscriber session.
-
Specification