Method and Apparatus for Distributing Access Control Clients

专利摘要:
METHODS AND DEVICE FOR DISTRIBUTING AND STORING ELECTRONIC ACCESS CLIENTS. The present invention relates to an apparatus and methods for efficiently distributing and storing access control clients within a network. In one embodiment, access clients include electronic Subscriber Identity Modules (eSIMs), and an eSIM delivery network infrastructure is described that enforces uniqueness and SIM conservation, distributes network traffic to prevent "bottleneck" congestion, and provides reasonable disaster recovery capabilities. In one variant, eSlMs are securely stored on electronic Universal Integrated Circuit Card (eUICC) devices that ensure eSIM uniqueness and conservation. Access to eUICC devices is via multiple eSIM depots, which ensure that the network load is distributed. Permanent storage is further described for, among other activities, archiving and retrieval.
公开号:BR102012007800B1
申请号:R102012007800-7
申请日:2012-04-04
公开日:2022-02-01
发明作者:David T. Haggerty；Jerrold Von Hauck；Kevin McLaughlin
申请人:Apple Inc；
IPC主号:

专利说明:

Priority and Related Orders
[0001] This application claims priority to the U.S. Patent Application. At the. Serial 13/095,716 filed on April 27, 2011 and entitled "APPARATUS AND METHODS FOR DISTRIBUTING AND STORING ELECTRONIC ACCESS CLIENTS", which claims priority to the U.S. Provisional Patent Application. At the. Serial 61/472,115 filed on April 5, 2011 and titled "APPARATUS AND METHODS FOR DISTRIBUTING AND STORING ELECTRONIC ACCESS CLIENTS", each of the foregoing being incorporated herein by reference in their entirety.
[0002] This application is also related to the co-owned and co-pending U.S. Patent Applications. US. Serials 13/080,558 filed on April 5, 2011, entitled "APPARATUS AND METHODS FOR CONTROLLING DISTRIBUTION OF ELECTRONIC ACCESS CLIENTS", 12/952,082 filed on November 22, 2010 and entitled "WIRELESS NETWORK AUTHENTICATION APPARATUS AND METHODS", 12/ 952,089 filed on November 22, 2010 and titled "APPARATUS AND METHODS FOR PROVISIONING SUBSCRIBER IDENTITY DATA IN A WIRELESS NETWORK", 12/980,232 filed on December 28, 2010 and titled "VIRTUAL SUBSCRIBER IDENTITY MODULE DISTRIBUTION SYSTEM", and 12/353,227 filed January 13, 2009, entitled "POSTPONED CARRIER CONFIGURATION", and the US Interim Patent Applications US. Serials 61/472,109 filed April 5, 2011, and titled "APPARATUS AND METHODS FOR STORING ELECTRONIC ACCESS CLIENTS" (now US Patent Application Serial No. 13/093,722 filed April 25, 2011, of the same title), 61/407,858 filed October 28, 2010 and titled "METHODS AND APPARATUS FOR ACCESS CONTROL CLIENT ASSISTED ROAMING" (now US Patent Application Serial No. 13/109,851 filed May 17, 2011, of the same title), 61 /407,861 filed October 28, 2010 entitled "MANAGEMENT SYSTEMS FOR MULTIPLE ACCESS CONTROL ENTITIES" (now US Patent Application Serial No. 13/079,614 filed April 4, 2011 of the same title"), 61/407,862 filed October 28, 2010 entitled "METHODS AND APPARATUS FOR DELIVERING ELECTRONIC IDENTIFICATION COMPONENTS OVER A WIRELESS NETOWRK" (now US Patent Application Serial No. 13/111,801 filed May 19, 2011 of the same title), 61 /407,866 filed on October 28, 2010 and titled "ME-THODS AND APPARATUS FOR STORAGE AND EXECUTION OF ACCESS CONTROL CLIENTS" (now the U.S. At the. Serial 13/080,521 filed April 5, 2011, of the same title), 61/408,504 filed October 29, 2010 and titled "ACCESS DATA PROVISIONING SERVICE" (now US Patent Application Serial No. 13/078,811 filed in April 1, 2011, and titled "ACCESS DATA PROVISIONING APPARATUS AND METHODS"), 61/409,891 filed on November 3, 2010 and titled "METHODS AND APPARATUS FOR ACCESS DATA RECO-VERY FROM A MALFUNCTIONING DEVICE" (now the Request for US Patent Serial No. 13/287,874 filed November 2, 2011, of the same title), 61/410,298 filed November 4, 2010 and titled "SIMULACRUM OF PHYSICAL SECURITY DEVICE AND METHODS" (now US Patent Application 13 /080,533 filed on April 5, 2011, of the same title), and 61/413,317 filed on November 12, 2010 and titled "APPARATUS AND METHODS FOR RECORDATION OF DEVICE HISTORY ACROSS MULTIPLE SOFTWARE EMULATION" (now the Patent Application US Serial No. 13/294,631 filed on 11 November 2011, of the same title), each of the foregoing being incorporated herein by reference in its entirety. Background of the Invention1. Field of Invention
[0003] The present invention relates generally to the field of communications systems, and more particularly to an exemplary aspect of efficiently distributing and storing virtual access control clients within a network. 2. Description of Related Technology
[0004] Access control is required for secure communication in most prior art wireless radio systems. As an example, a simple access control scheme might include: (i) verifying the identity of a communicating party, and (ii) granting a level of access commensurate with the verified identity. Within the context of an exemplary cellular system (e.g. Universal Mobile Telecommunications System (UMTS)), access control is governed by an access control client, referred to as a Universal Subscriber Identity Module (USIM) running on a Physical Universal Integrated Circuit Card (UICC). The USIM access control client authenticates the subscriber to the UMTS cellular network. After successful authentication, the subscriber is allowed access to the cellular network. As used below, the term "access control client" generally refers to a logical entity, embedded in hardware or software, suitable for controlling access of a first device to a network. Common examples of access control clients include the aforementioned USIM, CDMA Subscriber Identity Modules (CSIM), IP Multimedia Services Identity Module (ISIM), Subscriber Identity Modules (SIM), User Identity Modules Removable (BAD), etc.
[0005] Traditionally, USIM (or more generally "SIM") performs the well-known Authentication and Key Agreement (AKA) procedure, which verifies and decrypts applicable data and programs to ensure secure boot. Specifically, USIM must either (i) successfully respond to a remote challenge to prove its identity to the network operator, or (ii) issue a challenge to verify the identity of the network.
[0006] Although traditional SIM solutions are embedded in a removable Integrated Circuit Card (ICC) (also referred to as a "SIM card"), incipient research by the applicant of this application is directed towards virtualizing SIM operation within a client software running on the mobile device. . Virtualized SIM operation can reduce device size, increase device functionality, and provide greater flexibility.
[0007] Unfortunately, virtualized SIM operation also presents multiple new challenges for network operators and device manufacturers. For example, traditional SIM cards are manufactured and guaranteed by a trusted SIM seller. These traditional SIM cards run a single secure version of software that has been permanently "written" to the SIM card. Once recorded, the card cannot be tampered with (without also destroying the SIM card). Distribution of these cards is a simple process of issuing the cards to distribution centers, retail outlets and/or customers.
[0008] In contrast, virtualized SIMs can be easily copied, multiplied, etc. Since each SIM represents a contract for an amount of access to finite network resources, illicit use of a virtualized SIM can greatly impact network operation and user experience. In this way, new distribution infrastructures are required for virtualized SIM delivery. Ideally, such new distribution infrastructures should (i) enhance SIM conservation, (ii) prevent excessive network traffic (also called "bottleneck"), and (iii) provide reasonable disaster recovery capabilities. Summary of the Invention
[0009] The present invention addresses the needs noted above by providing, among other things, apparatus and methods for efficiently distributing virtual access control clients within a network.
[00010] In one aspect of the present invention, a method for efficiently distributing access control clients is disclosed. In one embodiment, the method includes: tracking one or more access control clients within a secure repository; encrypt an access control client exclusively for a target device; transmit the encrypted access control client to one or more distribution locations, and remove the access control client from the secure repository. In one variant, the one or more distribution locations do not modify the encrypted access control client, and the target device is configured to transfer only a single encrypted access control client only from a single distribution location.
[00011] In another aspect of the invention, a method for efficiently distributing access control clients is disclosed. In one embodiment, the method includes storing an encrypted access control client in one or more distribution locations, and responsive to a request to the stored encrypted access control client, delivering the encrypted access control client; and responsive to the encrypted access control client being successfully delivered from any one or more distribution locations, disable the stored encrypted access control client. In one variant, the one or more distribution locations do not modify the encrypted access control client, and the encrypted access control client is configured for a single target device.
[00012] The encrypted access control client may be delivered in an uncontrolled mode, with each stored encrypted access control client being associated with metadata. Metadata may include, for example, access control client identification information, access control client issuer information, access control client account information, and/or access control client status information. In some variants, metadata is provided in response to a request for metadata associated with a specific access control client.
[00013] Also in another aspect of the invention, an apparatus for efficiently distributing access control clients is disclosed. In one embodiment, the apparatus includes: a subscription apparatus, the subscription apparatus configured to track one or more access control clients; a security module, the security module configured to uniquely encrypt an eSIM for a target device; a processor; and a storage device in data communication with the processor. The storage device includes computer executable instructions that are configured to, when executed by the processor: responsive to a request to an access control client tracked by the target device, uniquely encrypt the requested access control client; transmit the encrypted access control client to one or more distribution locations, and update the signing appliance. In one variant, the one or more distribution locations do not modify the encrypted access control client, and the target device is configured to transfer only a single encrypted access control client only from a single distribution location.
[00014] The device may additionally include secure storage for one or more locally stored encrypted access control clients. In a variant like this, the one or more access control clients stored locally are encrypted exclusively for the device. In another such variant, the security module is additionally configured to decrypt eSIMs that are encrypted exclusively for the device.
[00015] In another embodiment, the one or more access control clients include electronic Subscriber Identity Modules (eSIMs), and the one or more distribution locations include eSIM depots.
[00016] In yet another aspect of the invention, a warehouse for efficiently distributing access control clients is disclosed. In one embodiment, the depot includes: a network interface for communicating with a network; a processor; and a storage device in data communication with the processor. The storage device includes computer-executable instructions that are configured to, when executed by the processor: store an access control client that has been encrypted for a target device; responsive to a request for the stored encrypted access control client received from a requesting device, deliver the encrypted access control client to the requesting device; and responsive to the encrypted access control client being successfully delivered to the target device, delete the stored encrypted access control client.
[00017] In another embodiment, the storage device is configured to store metadata associated with each access control client. In such a variant, computer-executable instructions are additionally configured to, responsive to a request for metadata associated with a specific access control client, provide the requested metadata.
[00018] Additional features of the present invention, their nature and various advantages will be more apparent from the accompanying drawings and the detailed description below. Brief Description of the Drawings
[00019] Figure 1 graphically illustrates an exemplary Authentication and Key Agreement (AKA) procedure using a prior art USIM.
[00020] Figure 2 is a logic flowchart illustrating one embodiment of a generalized method for efficiently distributing and storing virtual access control clients within a network, in accordance with the present invention.
[00021] Figure 3 is a block diagram of an exemplary network architecture useful for distributing and storing access control clients, in accordance with the present invention.
[00022] Figure 4 is a ladder diagram of an exemplary life cycle of an eSIM, illustrating various aspects of it.
[00023] Figure 5 is a block diagram illustrating an embodiment of an apparatus in accordance with the present invention.
[00024] Figure 6 is a block diagram illustrating an embodiment of a deposit apparatus in accordance with the present invention.
[00025] Figure 7 is a block diagram illustrating an embodiment of a user equipment, according to the present invention.
[00026] Figure 8 is a block diagram illustrating an embodiment of a permanent storage apparatus, according to the present invention.
[00027] All figures are copyrighted by Apple Inc.'s 2011 copyright registration. All rights are reserved. Detailed Description of the Invention
[00028] Reference is now made to drawings where like numbers refer to like parts throughout. Overview
[00029] The present invention provides, among other things, methods and apparatus for efficiently distributing and storing access control clients within a network. In one embodiment, an electronic Subscriber Identity Module (eSIM) distribution network infrastructure is described that enforces eSIM uniqueness and conservation, and distributes network traffic to prevent "bottleneck" congestion. Additionally, a revealed distribution network mode provides disaster recovery capabilities.
[00030] As described in more detail in this document, the exemplary network modality of the infrastructure for eSIM distribution includes three (3) logical entities: multiple eUICC appliances (or a "cluster of appliances"), multiple eSIM warehouses, and permanent storage. Each eUICC device is further divided into a signature device, a security module and secure storage. In an exemplary embodiment, secure storage is composed of volatile memory (such as Random Access Memory (RAM), static RAM (SRAM), dynamic RAM (DRAM)).
[00031] The eUICC appliance reinforces eSIM uniqueness and conservation within the network infrastructure. Specifically, the signing appliance tracks one or more distributed eSIMs, and the issued challenges and/or known statuses associated with them. The signing device instructs the security module to perform encryption and decryption of eSIMs that the signing device has received, or that the signing device will transmit. The signing device can also securely store eSIMs in the eUICC device's secure storage. Thus, in one aspect of the present invention, the eUICC device ensures that each eSIM is considered (while stored in the eUICC device), and that each eSIM is delivered encrypted specifically to a target device.
[00032] The eSIM warehouse provides a distribution channel to prevent network "bottleneck"; specifically, multiple eSIM warehouses may retain the same encrypted copy of an eSIM that has also not been delivered to the target eUICC. For example, the encrypted combination of eSIM, eUICC and challenge can be cached in the eSIM warehouse for subsequent delivery. A device can retrieve the eSIM from any of the eSIM depots; even if an eSIM bucket is unavailable, the device can retrieve the eSIM from any of the alternative eSIM buckets. Once the device has received the eSIM, the device can decrypt and activate the eSIM.
[00033] In an exemplary embodiment of the invention, the system is further configured in such a way that the device can only import a copy of any of the eSIM deposits once; the other copies stored in the other eSIM depots are then removed, deleted or made inactive. The device itself can enforce this restriction, or the eSIM depots can maintain sync communication, such as via internal sync communication.
[00034] Furthermore, the various devices, in some modalities, may additionally periodically return their contents to permanent storage. Permanent storage stores recovery data that has been encrypted with a device-specific key. In the event of a disaster, permanent storage can provide your recovery data when provided with the appropriate key. In an exemplary embodiment, permanent storage is composed of non-volatile memory (such as Flash, Hard Disk Drives (HDD), etc.).
[00035] A number of other schemes and modalities for efficient distribution are also described in more detail in this document. Detailed Description of Exemplary Modalities
[00036] Exemplary embodiments and aspects of the present invention are now described in detail. While these embodiments and aspects are discussed primarily in the context of Subscriber Identity Modules (SIMs) of a GSM, GPRS/EDGE or UMTS cellular network, it will be recognized by those of ordinary skill that the present invention is not so limited. Indeed, the various aspects of the invention are useful in any network (whether cellular, non-cellular wireless, or otherwise) that can benefit from storing and distributing access control clients for devices.
[00037] It will also be acknowledged that although the term "subscriber identity module" is used in this document (e.g. eSIM), this term in no way does not necessarily connote or require (i) use by a subscriber itself (i.e. that is, the invention may be practiced by a subscriber or non-subscriber); (ii) identity of a single individual (ie, the invention may be practiced on behalf of a group of individuals such as a family, or intangible or fictitious entity such as a company); or (iii) any tangible "module" equipment or hardware.
[00038] Prior Art Subscriber Identity Module (SIM) Operation
[00039] Within the context of the exemplary prior art UMTS cellular network, user equipment (UE) includes a mobile device and a Universal Subscriber Identity Module (USIM). The USIM is a logical software entity that is stored and executed from a physical Universal Integrated Circuit Card (UICC). A variety of information is stored in USIM such as subscriber information, as well as the keys and algorithms used to authenticate with the network operator in order to obtain wireless network services. USIM software is based on the Java Card™ programming language. Java Card is a subset of the Java™ programming language that has been modified for embedded "card" type devices (such as the UICC mentioned earlier).
[00040] Generally speaking, UICCs are programmed with a USIM before distribution to a subscriber; pre-programming or "customization" is specific to each network operator. For example, prior to implementation, USIM is associated with an International Mobile Subscriber Identification (IMSI), a unique Integrated Circuit Card Identifier (ICC-ID) and a specific authentication key (K). The network operator stores the association in a record contained in the network's Authentication Center (AuC). After customization the UICC can be distributed to subscribers.
[00041] Referring now to Figure 1, an exemplary Authentication and Key Agreement (AKA) procedure using the aforementioned prior art USIM is illustrated in detail. During normal authentication procedures, the UE obtains the International Mobile Subscriber Identification (IMSI) from the USIM. The UE passes the IMSI to the Serving Network (SN) of the network operator or to the visited main network. The SN sends the authentication request to the Home Network (HN) AuC. The HN compares the received IMSI with the AuC record and obtains the appropriate K. HN generates a random number (RAND) and assigns it to K using an algorithm to create the expected response (XRES). The HN additionally generates an Encryption Key (CK) and an Integrity Key (IK) for use in cipher and integrity protection as well as an Authentication Token (AUTN) using various algorithms. The HN sends an authentication vector, consisting of the RAND, XRES, CK and AUTN to the SN. The SN stores the authentication vector only for use in a one-time authentication process. The SN passes the RAND and AUTN to the UE.
[00042] Once the UE receives the RAND and the AUTN, the USIM verifies that the AUTN received is valid. If so, the UE uses the received RAND to compute its own response (RES) using the stored K and the same algorithm that generated the XRES. The UE passes the RES back to the SN. The SN compares the XRES with the received RES and if they match the SN authorizes the UE to use the operator's wireless network services.
[00043] The procedure described above in figure 1 is embedded in the physical media of the SIM card. Prior art SIM cards have at least two (2) distinct and desirable properties: (i) SIM cards provide secure, encrypted storage for SIM data (e.g. account information, encryption keys, etc.), and (ii) ) SIM cards cannot be cloned easily.
[00044] A prior art SIM card includes a processor and memory formed into a Universal Integrated Circuit Card (UICC). The SIM card can be filled with epoxy resin to prevent external probing of data signals at the UICC. Other tamper-proof structures can be included in the UICC if desired (eg protection layers, masking layers, etc.) The SIM card has a secure interface to the processor, and the processor has an internal interface to the memory. The UICC receives power from the external device, which enables the processor to execute code from the memory component. The memory component itself is not directly accessible (ie, internal file systems are hidden from the user), and must be accessed through the processor.
[00045] During normal operation, the processor accepts a limited number of commands. Each of the commands is only conditionally accessible. Access conditions are restricted to the execution of commands to prevent unauthorized access. Access conditions may or may not be hierarchical; for example, authorization for one level cannot automatically grant authorization for another level. For example, a set of access conditions might include: (i) always accessible, (ii) never accessible, (iii) accessible to a first account, (iv) accessible to a second account, etc. Conditional access is granted only after successful completion of an appropriate security protocol. Common methods to verify identity can include a password or Personal Identification Number (PIN), challenge a shared secret, etc.
[00046] Conditional access, limited command set and protected memory space ensure that the information stored inside the SIM card is safe from external access. Cloning a SIM card would entail building a physical card, and building the file system and internal data. The combination of these features makes the physical SIM card impervious to practical counterfeiting attempts. Method
[00047] As a separate information, the terms "conservation", "conserve" and "conserved" as used in this document refer without limitation to an element (physical or virtual), which cannot be trivially multiplied or reduced. For example, a preserved eSIM cannot be copied or played back during normal operation.
[00048] Additionally, as used in this document, the term "singularity" as applied to an element (physical or virtual) refers without limitation to the property by which the element is the element and only the element having a property and/or particular feature. For example, a unique eSIM cannot have a duplicate eSIM.
[00049] As used in this document, the term "security" generally refers, without limitation, to the protection of data and/or software. For example, access control data security ensures that the data and/or software associated with an access control client are protected from theft, misuse, corruption, publication and/or tampering, by unauthorized activities and/or entities. evil externals.
[00050] In general, it is perceived that software is more flexible than hardware; for example, software is easy to copy, modify and distribute. Additionally, software can often be made cheaper, more energy efficient, and physically smaller than hardware equivalents. Thus, while conventional SIM operation makes use of physical form factors such as cards (UICCs), current areas of research are focused in the direction of virtualizing SIM operation within software.
[00051] However, the sensitive nature of SIM data (eg, subscriber-specific information, etc.) requires special consideration. For example, many parts of SIM data are unique to subscribers, and must be carefully protected from malicious external entities.
[00052] Furthermore, each SIM represents a contract for an amount of access to finite network resources; thus, duplication, destruction and/or recovery of SIMs must be managed to prevent more and/or less use of network resources, as well as surrogacy of fees or service provider revenue.
[00053] Incipient solutions for SIM operation emulate a UICC as a virtual or electronic entity such as, for example, an application program, hereinafter referred to as an Electronic Universal Integrated Circuit Card (eUICC). The eUICC is capable of storing and managing one or more SIM elements, referred to hereinafter as Electronic Subscriber Identity Modules (eSIM). In this way, new network infrastructures are required that are specifically tailored to handle the various eSIM distribution and operation requirements for eUICCs. Specifically, such solutions ideally should have capabilities for: (i) conservation compliance for virtualized eSIMs, (ii) distributed operation, and (iii) disaster recovery.
[00054] Referring now to Figure 2, a generalized method 200 for efficiently distributing virtual access control clients within a network is disclosed.
[00055] In step 202 of method 200, one or more access control clients (eg eSIMs) are stored and tracked within secure repositories. In one embodiment, the secure repository includes one or more of a tracking database, a security module for encrypting and decrypting access control clients based at least in part on information derived from the tracking database, and storage. secure for access control clients.
[00056] The tracking database includes information indicative of access control client distribution and access control client transaction data. In an exemplary implementation of this modality, the transaction data includes a listing of eSIMs implemented, and challenges issued, and/or unique identifiers used, etc. In one variant, described in more detail in the U.S. Provisional Patent Application. At the. Serial 61/472,109 filed April 5, 2011 and titled "APPARATUS AND METHODS FOR STO RING ELECTRONIC ACCESS CLIENTS" previously incorporated in its entirety by reference, a secure protocol between transfer devices ensures that each eSIM of the distributed eSIM population is transferred only between trusted devices. Alternatively, the secure protocol can ensure that only encrypted eSIMs are distributed to devices that are not trusted. In some variants, the trusted protocol is based on a challenge/response protocol. In alternative variants, the trusted protocol is based on an exchange of a digital security certificate signed by a mutually trusted external entity.
[00057] In an exemplary embodiment, the secure repository ensures that access control clients are transferred only between devices that conform to a standard trust relationship. The trust relationship further specifies that when a first device successfully transfers an access control client the first device deletes, disables, or otherwise renders its copy unusable. In this way, the access control client can remain unique and retained throughout the transfer.
[00058] In various embodiments, the tracking database additionally tracks access control client qualities including, for example: (i) access control clients that have been distributed to clients, (ii) access control clients that have not yet been distributed (waiting for activation), (iii) access control clients activated, (iv) access control clients deactivated, (v) access control clients awaiting activation, (vi) access control clients assigned to a device, (vii) access control clients assigned to an account, and (viii) access control clients available for assignment. Similarly, the tracking database can track states such as, for example: (i) current state, (ii) expected state, (iii) previous state, (iv) last known state, and (v) initial state. . Common examples of a state variable include, but are not limited to, a counter value, an encrypted value, a challenge variable, a response variable, etc.
[00059] For example, in an exemplary challenge-response scheme, a challenge variable is a cryptographic input vector, which can be manipulated, transformed, and/or computed to generate a response vector. The manipulation, transformation and/or calculation is a secret protected by the device's access control client. In another example, a counter-based unique identifier uses a unique counter value as a secret that is protected by the device's access control client. Other common types of states can be based on a large, pseudorandom state machine, such as, for example, a Linear Feedback Shift Register (LFSR) based state machine or other such mechanism.
[00060] The security module in one embodiment is configured to encrypt or decrypt access control clients based at least in part on instructions from the tracking database. In particular, the security module is configured to encrypt access control clients for delivery to the desired target device. In fact, in an exemplary embodiment, all eSIMs transferred must be encrypted (ie, eSIMs cannot be transferred to any device in their unencrypted form). Similarly, the security module is configured to decrypt access control clients received from user devices. In one variant, described in more detail in the U.S. Provisional Patent Application. At the. Serial 61/407,866 filed October 28, 2010 and titled "METHODS AND APPARATUS FOR STORAGE AND EXECUTION OF ACCESS CONTROL CLI ENTS" incorporated earlier in this document, each device is given unique device keys and endorsement certificates that can be used to provide updates and/or eSIMs for the user equipment in the "field". User equipment can trust an encrypted eSIM delivered with the device key, and the security module can trust information encrypted with the device key.
[00061] Similarly, in some embodiments, the security module is additionally configured to decrypt an eSIM for SIM application execution. For example, in one scenario, a user device can decrypt an eSIM for use. The eSIM application in general covers access control clients such as USIM, CSIM, ISIM, SIM, BAD, etc. previously mentioned. It should be further understood that each eSIM can be associated with a user account, thus an "eSIM" can broadly span multiple access control clients (e.g. a user can have both a USIM and a SIM associated with the same eSIM account).
[00062] Also in another scenario, the security module can encrypt an eSIM for itself. For example, a security module can encrypt an eSIM for itself, and store the encrypted eSIM in permanent storage for later use.
[00063] In some embodiments, the security module encryption scheme may be based on an asymmetric key pair; or alternatively, the security module encryption scheme may use a symmetric key pair. As a side note, a public/private key pair is based on a secret private key and a publishable public key. Public/private key schemes are considered "asymmetric", as the keys used to encrypt and decrypt are different, and thus the encryptor and decryptor do not share the same key. In contrast, "symmetric" key schemes use the same key (or trivially transformed keys) for both encryption and decryption. The Rivest, Shamir, and Adleman (RSA) algorithm is a type of public/private key pair cryptography that is commonly used within the related techniques, but it will be recognized that the present invention is not limited in any way to the RSA algorithm. (or to that asymmetric or symmetric key pair in question).
[00064] Public/private encryption schemes can be used to encrypt a message and/or generate signatures. Specifically, a message can be encrypted with a private key, and decrypted with the public key, thus ensuring that the message has not been altered in transit. Similarly, a signature generated with the private key can be verified with the public key, ensuring that the entity generating the signature is legitimate. In both uses, the private key is kept hidden, and the public key is freely distributed.
[00065] In an exemplary embodiment, secure storage is volatile computer-readable media that is configured to store access control client data and files. Secure storage is a shared memory containing encrypted access control clients that is coupled to both tracking databases and security modules. Shared memory access implementations allow both tracking databases and security modules to operate on a coherent database (eg, no requirement to synchronize data between different memory clusters). Volatile memory requires energy to retain memory contents; which may be desirable for certain implementations because removing volatile memory will erase the memory (additionally improving security). Volatile memory is also generally faster than equivalent non-volatile memory.
[00066] In some embodiments of the invention, secure storage enables multiple devices to access the same set of access control clients. Secure storage may not be physically coupled between tracking databases and security modules, but may be accessible over a network. In distributed framework arrangements, secure storage may not even be logically shared. For example, remote databases can locally cache portions of client access control data and files, and periodically synchronize between them to ensure that all devices are in agreement.
[00067] Secure storage can also be physically and/or logically protected. For example, secure storage can be protected within a Hardware Security Module (HSM), where the HSM is configured to destroy itself if forcibly opened/accessed. More generally, the tracking database, security modules and secure storage will typically be protected within a reliable boundary. Common implementations of trusted boundaries include both physical boundaries (eg physical isolation, etc.) and logical boundaries (eg, encrypted communication, etc.). Furthermore, although the preceding logical entities (tracking database, security modules and secure storage) are primarily described as coherent or unitary entities, it is clear that in most network infrastructures these logical entities will be composed of multiple distinct devices. (which may even be geographically distinct) operating in tandem.
[00068] For example, in one embodiment, the tracking database is a community of multiple distinct database appliances that run tracking database software, and communicate with each other to maintain data synchronization. Similarly, logic security modules can be composed of multiple distinct security modules; in a variant like this, the security modules are fully driven by the tracking database and do not synchronize with each other.
[00069] Referring again to Figure 2, in step 204, one or more access control clients are streamed to one or more distribution locations from the secure repositories. In an exemplary embodiment, a distribution location is an access control client depot that is configured to store encrypted access control clients for distribution to their respective destinations. Since the access control clients are encrypted and cannot be used by devices other than the target device, multiple depots can be loaded with copies of the encrypted access control clients.
[00070] In an exemplary implementation, the encrypted access control clients are stored in such a way that access control clients can be delivered in an uncontrolled way (i.e. each of the depots does not need to synchronize its transactions with the others deposits, or notify a centralized network entity). Each of the copies is encrypted to the target device, where the target device is a trusted device. In such an embodiment, the target device is configured to transfer the encrypted access control client only once. Once the access control client has been transferred, the other copies of the access control client are "old fashioned" and can be removed, deleted or made inactive afterwards. Malicious external entities cannot decrypt the access control client, nor activate an encrypted copy (old-fashioned or otherwise).
[00071] Secure repositories can provide access control clients for one or more mass distribution locations. For example, a SIM vendor may supply a large number of eSIMs in large batches (eg thousands of eSIMs at a time). Alternatively, the secure repository can provide one eSIM at a time; for example, in some embodiments, a user may "leave" their unused eSIMs into an eSIM warehouse, either temporarily (such as for transfer to another device) or for longer term storage.
[00072] Various embodiments of the present invention further include the addition of metadata that is associated with each access control client stored within distribution locations. Metadata is stored securely but can be accessed by the delivery device to facilitate inventory management. For example, an eSIM bucket can encrypt metadata with its own key (as opposed to a specific key for an eSIM, or target device), such that the eSIM bucket can properly identify an encrypted eSIM. Common examples of metadata may include, but are not limited to: identification information, issuer information, network information, account information, status information, etc.
[00073] In some implementations, metadata can be additionally queried and/or accessed by external entities. For example, an eUICC device may need to periodically check or update eSIM deposit metadata (eg to determine inventory, outdated identification information, etc.). In another such example, a mobile device user may request information regarding eSIMs left, etc. located in a private eSIM warehouse.
[00074] In step 206, the requested access control client is distributed from at least one of the distribution locations to a target device. Because of the flexibility of distribution models, many different schemes are envisaged, and will be recognized by persons of common knowledge when provided with the present disclosure. The following subsections describe several eSIM distribution schemes that are illustrative of the wide variety of schemes suitable for operation in accordance with various aspects of the present invention. "Pull" and "Push" eSIM delivery
[00075] In "pull" eSIM delivery, an eSIM warehouse delivers an eSIM in response to the initial request originating from a user device. Pull delivery is the simplest delivery scheme; a user can order eSIMs from any of the various eSIM warehouses as per the user's wish.
[00076] In contrast, during "push" eSIM delivery, the eSIM warehouse initiates the delivery of an eSIM (or notification thereof) to a user device. Push delivery is a more complex delivery scheme, as some coordination between eSIM depots may be required to prevent multiple redundant copies of an eSIM from being pushed to a single device.
[00077] In some cases, push and pull delivery schemes may be combined; for example, a user may request an eSIM and the eSIM filing may indicate that they are currently unable to fulfill the request. At a later point, the eSIM warehouse can push an eSIM to the user. In another such example, an eSIM deposit can push an eSIM notification to a user, where the notification is valid for a period of time (eg a promotional offer, trial period, etc.). If the user is interested in the eSIM, the user can subsequently pull an eSIM from the eSIM warehouse.
[00078] Still other schemes for eSIM delivery useful in conjunction with push and/or pull eSIM delivery are described in more detail in the U.S. Provisional Patent Application. At the. Serial 61/354,653 filed June 14, 2010 and titled "METHODS FOR PROVISIONING SUBSCRIBER IDENTITY DATA IN A WIRELESS NETWORK", and in the U.S. Patent Application. At the. Serial 12/952,089 filed November 22, 2010 and titled "APPARATUS AND METHODS FOR PROVISIONING SUBSCRIBER IDENTITY DATA IN A WIRELESS NETWORK", hereby incorporated in their entirety by reference. eSIM Delivery Reserved
[00079] In some models, an eSIM warehouse can reserve a specific eSIM for a particular user. For example, where a new customer purchases a device from an online store, the store may identify one or more eSIMs that are reserved for the device purchased by the customer. In some cases, the store may ship the device to the customer and provide the eSIMs reserved for eSIM warehouses. When the customer first operates their newly purchased device, the device contacts eSIM depots to request the reserved eSIMs. Other variations of such reservation-based eSIM delivery are described in more detail in the U.S. Provisional Patent Application. At the. Serial 61/408,504 filed October 29, 2010 and titled "ACCESS DATA PROVISIONING SERVICE", hereby incorporated in its entirety by reference. eSIM File Delivery (Recovery)
[00080] In yet another example, it is easily seen that the eSIM warehouse can also serve as a storage location for unused eSIMs. For example, a customer may leave their own eSIM when not in use in an eSIM warehouse; at a later point, the customer can retrieve their eSIM (on their device, or on a different device), and re-establish operation. In many cases, the customer will additionally encrypt the eSIM before leaving the eSIM in the eSIM warehouse; for example, the customer encrypts the eSIM for their current device in such a way that only their current device can reset the eSIM. In applications where the customer does not know the target device (e.g. during transfer to a new device), your current device can encrypt the eSIM with, for example: a generic key, its own key (which would require decryption and encryption again at a later point), etc. Postponed eSIM delivery
[00081] In yet another distribution scheme, the eSIM filing may promote delayed delivery, such as the type described in the U.S. Provisional Patent Application. At the. Serial 61/354,653 filed June 14, 2010 entitled "METHODS FOR PROVISIONING SUBSCRIBER IDENTITY DATA IN A WIRELESS NETWORK", and in U.S. Patent Applications. US. Serials 12/952,089, filed November 22, 2010 and titled "APPARATUS AND METHODS FOR PROVISIONING SUBSCRIBER IDENTITY DATA IN A WIRELESS NETWORK", and 12/353,227 (now published as US Patent Publication Number 2009/0181662) filed 13 January 2009, and titled "POSTPONED CARRIER CONFIGURATION", each of the foregoing is incorporated herein by reference in its entirety. For example, in a scenario like this, a mobile device is manufactured in a device factory and delivered to the user without an eSIM. On initial activation, the user's mobile device requests an eSIM from the eSIM warehouse. This time, the eSIM deposit determines an appropriate eSIM for the mobile device based on, for example, one or more criteria including, but not limited to: a desired Mobile Network Operator (MNO), a desired service plan, a device-specific restriction, user input, etc.
[00082] In another such scenario, a mobile device is purchased by a user at a kiosk or point of sale, where the sales kiosk assigns the mobile device an eSIM type, but does not program an eSIM into the device. The user takes the mobile device at home and transfers a new eSIM from the eSIM warehouse. Once downloaded, the mobile device can activate the eSIM.
[00083] Various combinations and permutations of the foregoing schemes will be recognized by persons of ordinary skill in the related arts, given the contents of the present disclosure.
[00084] In step 208 of method 200, the target device activates the delivered access control client. In an exemplary embodiment, activation of the delivered access control client is performed between the target device and an activation service, such as an Authentication Center (AuC) or similar entity of a Mobile Network Operator (MNO). For example, in an exemplary embodiment, the mobile device requests activation of an activation service. The activation service verifies the eSIM (eg with a cryptographic challenge and response transaction, etc.), and if successful activates the eSIM. Exemplary Network Architecture for eSIM Distribution
[00085] Referring now to Figure 3, an exemplary embodiment of a network and system architecture is revealed. The illustrated system 300 is composed of several logical entities, including: (i) several eUICC appliances 302, (ii) several eSIM depots 304, and (iii) the associated permanent recovery storage 306, each of which is now described in more detail. Details. eUICC device(s)
[00086] The eUICC 302 device(s) in figure 3 is(are) responsible for ensuring that the current population of eSIMs remains both exclusive and conserved. Specifically, eUICC devices must ensure that only one (1) unique eSIM is available for use at any given time; that is, two (2) eUICC devices do not have the same eSIM. Each time an eSIM is transferred between eUICC devices, the transferring eUICC device deletes, disables or otherwise renders its copy unusable, so that only the transferred eUICC is active. In actual implementation, eUICC device functionality is incorporated as a "cluster" of devices, which is a set of eUICC devices that have been logically joined together.
[00087] In an exemplary embodiment, eUICC devices can communicate with other eUICC devices, eSIM 304 depots, and mobile device eUICCs. Alternatively, in some networks, it may be useful to force communication between eUICC devices only through eSIM 304 buckets (ie eSIM buckets are the only intermediaries for transfer; eUICC devices cannot transfer eSIMs directly). Such limitations can help reduce the likelihood of a race condition during transfers. For example, in a direct transfer from eUICC device to eUICC device, the eUICC devices may have a brief overlapping moment when an eSIM exists on two devices, and can accidentally be duplicated if the transaction is interrupted unexpectedly. By limiting transfers to occur via eSIM deposits only, the transmitting eUICC device can delete its eSIM before the destination eUICC device receives the encrypted eSIM.
[00088] In one configuration, the eUICC apparatus 302 is subdivided into three (3) logical entities: (i) a signature apparatus 312, (ii) a security store 314, and (iii) secure module 316. Implementations eUICC appliance commons can consolidate the logical entities within a single appliance, or alternatively they can implement the entities within multiple appliances operating within a reliable boundary. For example, in one configuration, the security module is implemented as a separate rigid module with a dedicated processor and execution code base. In alternate configurations, the security module is implemented in a larger logical entity (eg, including the security signature and storage apparatus) that is implemented in a secure processor. Also in other embodiments, multiple security modules are connected to servers running other logical entities; for example, a distributed subscription entity application, etc. Common implementations of trusted boundaries include both physical boundaries (eg physical isolation, etc.) and logical boundaries (eg, encrypted communication, etc.). In still other implementations, the aforementioned entities may be additionally duplicated to provide desirable redundancy, load capacity, etc.
[00089] The signing apparatus 312 is responsible for tracking the population of eSIMs, transaction data associated therewith (eg challenges issued, unique identifiers used, etc.). In an exemplary embodiment, the signing apparatus tracks the eSIM (eg, Integrated Circuit Card ID (ICCID)), and the last issued challenge and/or unique transaction identifier(s). In a variant like this, the last issued challenge and/or unique transaction identifier(s) are for pending transfers where the eSIM has not yet been imported (or exported). In some variants, once a subscription device has completed the transfer, transactional data is no longer needed and can be deleted.
[00090] Security module 316 is configured to encrypt or decrypt eSIMs. The security module is instructed to encrypt or decrypt eSIMs for transfer by the signing device. eSIMs are encrypted using an encryption key specific to the device's target eUICC (such as the eUICC public key and/or secure session key). Also, in certain embodiments, the security module can decrypt an encrypted eSIM received from a device, and store the decrypted eSIM in secure storage. In such an embodiment, received encrypted eSIMs are decrypted with the security module's private key (the security module's public key is distributed to the originating device).
[00091] The signing apparatus is coupled to secure storage 314 to store data and files. Secure storage can be physically and/or logically protected. For example, stored eSIMs can be encrypted in a Hardware Security Module (HSM), where the HSM is configured to destroy itself if forcibly opened/accessed. Secure storage stores encrypted data and files, such as encrypted eSIMs, and/or periodic retrieval data. In some embodiments, secure storage can add additional internal layers of encryption/securitization. For example, in some embodiment, encrypted data and files may be recovered and duplicated on less physically secure or physically insecure permanent storage (storage media may be generic computer media). eSIM deposit
[00092] eSIM depot 304 provides a distributed interface for eSIM distribution. Multiple eSIM buckets can store encrypted eSIMs and deliver encrypted eSIMs to devices to prevent excessive network traffic ("bottleneck") to any single network entity.
[00093] In one embodiment, eSIM 304 buckets generate and respond to requests for eSIMs from other eSIM buckets, eUICC 302 devices, and/or device eUICCs. In one variant, eSIM buckets additionally respond to requests and updates to metadata that are associated with each eSIM. While metadata has no impact on network security, metadata is used to identify and otherwise characterize encrypted eSIMs. Thus, changes to metadata in this implementation can only be performed by trusted authorities who have been authenticated and/or authorized to modify metadata. eSIM metadata may include, for example: the eSIM Integrated Circuit Card ID (ICCID), eSIM vendor, Mobile Network Operator, subscriber account information (if any), and the current status of the eSIM (e.g., active, inactive, reserved, left, etc.).
[00094] eSIMs stored in eSIM warehouse 304 are typically encrypted to the target device. During normal operation, the target device can request encrypted eSIM from any of the eSIM buckets. Responsively, the eSIM warehouse delivers the encrypted eSIM to the target device, and notifies the other eSIM warehouses of the delivery. The other eSIM warehouses may destroy their encrypted eSIM copies during their free time (eg to free up storage space, etc.).
[00095] It should be particularly noted that multiple versions of encrypted eSIM can be distributed to eSIM depots. Since eSIM 304 buckets do not verify status information and do not modify the contents of the encrypted eSIM, the same eSIM can be stored in multiple eSIM buckets. However, eSIMs are encrypted to a target device (which will activate only one copy of the eSIM). Permanent Storage
[00096] In some embodiments, eUICC 302 appliances or eSIM 304 depots are additionally coupled to external permanent storage 306 to aid in disaster recovery and/or archival services. Permanent storage may not be required in some implementations (eg where the eUICC device's internal storage is used for retrieval information, etc.).
[00097] In other embodiments, permanent storage is the only non-volatile storage for the system. For example, some network architectures may be restricted in such a way that eSIMs are not encrypted only for volatile memory for use; this has the benefit, among other things, of putting an additional layer of protection in which if power to the volatile memory is interrupted (whether intentionally or otherwise), the unencrypted contents of the memory will be lost as well. In such embodiments, eSIMs are stored in an encrypted form in non-volatile memory for permanent storage, distribution, etc.
[00098] In one embodiment, during operation, permanent storage 302 is written periodically with a uniquely encrypted BLOB (Binary Large Object); the BLOB contains eUICC device states, challenges, etc. and any other data needed to recreate the current eUICC database. The BLOB can only be decrypted with the eUICC device security key. If, at a later point, the eUICC 302 device experiences an unrecoverable fault, the eUICC device can return to a previously stored BLOB. In one variant, the BLOB is exported to external storage, and does not need to be stored securely (the contents are encrypted); for example, the BLOB can be stored in a geographically remote location such as a warehouse, etc.
[00099] In an alternative embodiment, the eSIM warehouse periodically stores its BLOBs in permanent storage. In some such variants, the eSIM bucket can additionally encrypt metadata associated with the BLOB, thus enabling full state recovery in the event of, for example, a memory leak. Example Operation
[000100] The following discussion describes exemplary transactions that are illustrative of various aspects of the present invention.
[000101] Figure 4 presents an exemplary ladder diagram illustrating a typical life cycle of an eSIM. Initially, the eSIM is provided by an eSIM vendor to an eSIM 304 warehouse. Generally speaking, eSIMs can be delivered via network transfer or, in some cases, delivered physically, for example on a storage device. mass, computer readable media, etc. Delivered eSIMs are delivered encrypted to the target eUICC device 302, or delivered with encryption information in such a way that the eUICC devices can decrypt the eSIMs (e.g., a session key, a shared manufacturer-specific key, etc.) .
[000102] The eUICC device cluster (a set of eUICC 302 devices) retrieves the eSIMs from the eSIM 304 warehouse, and allocates each eSIM to an eUICC device for storage. For each eSIM, the signing apparatus 312 is notified of an allocated eSIM and records the eSIM identifiers, and associated transaction data. The security module 316 stores the eSIM in secure storage 314. In some cases, the eSIM is encrypted to the eUICC device, and stored in an encrypted format.
[000103] Referring now to a request event, a mobile device 402 requests an eSIM from the eSIM warehouse 304. The request includes the mobile device's eUICC public encryption key and a challenge. The request is sent to the eUICC appliance 302. The eUICC appliance checks the challenge, and generates the appropriate response. The eSIM device then selects an appropriate encrypted eSIM from storage, decrypts the eSIM using its own private key, and re-encrypts the eSIM to the mobile with the challenge response, using the mobile device's eUICC public encryption key. The eUICC appliance transfers the newly encrypted BLOB to any of several eSIM buckets, and updates its internal recordings.
[000104] Any of the eSIM depots 304 can notify the mobile device 402 that an eSIM is available for recovery. Responsively, the mobile device transfers the encrypted BLOB from the nearest eSIM warehouse, and decrypts the BLOB. If the challenge response is valid, the mobile device activates the decrypted eSIM. In some embodiments the eSIM deposit can notify the eUICC device of successful delivery. Unused copies stored in eSIM warehouses and the copy stored in the eSIM device can be deleted after successful delivery. Since each request for an eSIM includes a different challenge, copies are outdated and cannot be "repeated" for subsequent requests. Device
[000105] Various apparatus useful in conjunction with the methods described above are now described in more detail. eUICC device
[000106] Figure 5 illustrates an exemplary embodiment of an eUICC 302 apparatus according to the present invention. The eUICC device can include a standalone entity, or be incorporated with other network entities. As shown, the eUICC apparatus 302 generally includes a network interface 502 for interfacing to the communications network, a processor 504, and one or more storage appliances 508. The network interface is shown connecting to the communications network. to the MNO infrastructure in order to provide access to other eUICC devices, and direct or indirect access to one or more mobile devices, although other configurations and functionality may be used.
[000107] In one configuration, the eUICC device is capable of: (i) establishing communications with another eUICC (an eUICC device or client device), (ii) securely storing an eSIM, (iii) retrieving a stored eSIM from securely, (iv) encrypt an eSIM for delivery to another specific eUICC, and (v) send multiple eSIMs to/from an eSIM warehouse.
[000108] In the embodiment illustrated in Figure 5, the eUICC apparatus 302 includes at least one signing entity 312 running on the processor 504. The signing entity 312 processes requests that include: (i) a request to store an eSIM, (ii) a request to transfer a currently stored eSIM. The subscribing entity is also responsible for verifying requests to ensure that communication is received from another entity authorized to make such a request.
[000109] In one embodiment, the signing entity 312 verifies requests when performing challenge-response security exchanges. The challenge/response security protocol is configured to verify requests made by an unknown external entity, based on appropriate generation of challenges and/or responses. Alternatively, in another embodiment, the secure element can verify a digital certificate signed by a trusted authority.
[000110] Subscription entity 312 is additionally configured to manage available eSIMs. As illustrated in Figure 5, the subscribing entity may provide information, for example, relating to the particular eSIM, the devices authorized to use the eSIM, the current state of the eSIM, and/or the current status of the eSIM ("available ", "not available", "old fashioned", etc.). Additional information can also be kept. The subscribing entity is configured to update or change information stored in secure storage 314.
[000111] In the embodiment illustrated in Figure 5, secure storage 314 is adapted to store a set of access control clients. In an exemplary embodiment, an eUICC device stores a set of securely encrypted eSIMs in volatile storage. Volatile memory requires energy to retain memory contents; Common examples of volatile memory include Random Access Memory (RAM), static RAM (SRAM), dynamic RAM (DRAM), etc.
[000112] Each eSIM includes a small file system that includes computer-readable instructions (the eSIM program) and associated data (eg, encryption keys, integrity keys, etc.). Furthermore, each eSIM is additionally associated with transaction data (eg challenges issued, unique identifiers used, etc.). Security module 316 is configured in a variant to encrypt or decrypt access control clients based at least in part on instructions from the signing entity 312. The security module has a unique set of device-specific encryption keys. Encryption keys include, for example, a public key and a private key. The security module can decrypt an eSIM encrypted with your public key, using your private key. Additionally, the security module can encrypt an eSIM with another device public key. Further discussion of public/private key cryptography is detailed in the U.S. Provisional Patent Application. At the. 61/407,866 entitled "METHODS AND APPARATUS FOR STORAGE AND EXECUTION OF ACCESS CONTROL CLIENTS", incorporated earlier in this document.
[000113] When another device requests an eSIM from the eUICC 302 device, the subscribing device retrieves the current state of the requested eSIM. This information can be used to determine whether the requested eSIM can be provided. This validity check can be performed on the eUICC device, or it can also take place at other locations; for example, when comparing the state in another entity (such as an eSIM warehouse) with the last known state in the eUICC device.
[000114] If the validity check succeeds, then the signing apparatus instructs security module 316 to encrypt the associated eSIM. For example, in one embodiment, the security module encrypts the eSIM for the target device (eg, a client device, another eUICC 302 device, etc.). Once an eSIM has been encrypted for the target eUICC device, it can only be decrypted by the target eUICC device. In some embodiments, each encrypted eSIM is additionally encrypted with a unique identifier, challenge, or challenge response. Upon successful transfer, the eSIM can be deleted from the eUICC device inventory.
[000115] Similarly, when another device transfers an eSIM to the eUICC apparatus 302, the signing apparatus instructs the security module 316 to decrypt the associated eSIM for secure storage, and update its associated transaction data. eSIM deposit
[000116] Figure 6 illustrates an exemplary embodiment of an eSIM deposit 304 according to the present invention. The eSIM warehouse 304 can be implemented as a standalone entity, or it can be incorporated into other network entities (eg an eUICC 302 appliance, etc.). As shown, the eSIM warehouse 304 generally includes a network interface 602 for interfacing to the communications network, a processor 604, and a storage device 608.
[000117] In the illustrated embodiment of Figure 6, the eSIM 304 warehouse is capable of: (i) managing eSIM inventory (e.g. via associated metadata), (ii) responding to requests for encrypted eSIMs (e.g. from other eSIM warehouses and/or from eUICC 302 handsets), (iii) manage subscriber requests for eSIMs.
[000118] For example, when an eSIM is stored in an eSIM warehouse 304 by a user, the eSIM can be stored with an intended destination (eg, to facilitate transfer to another device), or left indefinitely. In any case, the eSIM warehouse can deliver the eSIM to the eUICC device for secure storage and for subsequent encryption to the target device.
[000119] In the illustrated embodiment of Figure 6, the storage apparatus 608 is adapted to store a set of encrypted access control clients. The eSIM warehouse stores a set of encrypted eSIMs as Binary Large Objects (BLOBs) in non-volatile memory. Common examples of non-volatile memory include, without limitation, flash, Hard Disk Drive, Read-Only Memory (ROM), etc. In such an implementation, each BLOB is additionally associated with metadata that identifies the contents of the BLOB. For example, metadata may contain: identification information, issuer information, network information, account information, status information, etc. User Device
[000120] Referring now to Figure 7, exemplary user apparatus 700 in accordance with various aspects of the present invention is illustrated.
[000121] The exemplary UE apparatus of Figure 7 is a wireless device with a processor subsystem 702 such as a digital signal processor, microprocessor, field programmable gate array, or a plurality of processing components mounted on one or more substrates. . The processing subsystem may also include an internal cache memory. The processing subsystem is in communication with a memory subsystem 704 including memory which, for example, may include SRAM, flash and/or SDRAM components. The memory subsystem may implement one or more DMA-like hardware in order to facilitate data accesses as is well known in the art. The memory subsystem contains computer-executable instructions that are executable by the processor subsystem.
[000122] In an exemplary embodiment, the device may include one or more wireless interfaces 706 adapted to connect to one or more wireless networks. The multiple wireless interfaces can support different radio technologies such as GSM, CDMA, UMTS, LTE/LTE-A, WiMAX, WLAN, Bluetooth, etc. by implementing the appropriate antenna and modem subsystems.
[000123] The 708 user interface subsystem includes any number of well-known input/output devices including, without limitation: a mini keyboard, touch screen (e.g., multi-touch interface), LCD display, backlight, speaker and/or microphone. However, it is recognized that in certain applications one or more of these components may be removed. For example, PCMCIA card-type client modalities may be devoid of a user interface (as they can be loaded into the user interface of the host device to which they are physically and/or electrically connected).
[000124] In the illustrated embodiment, the device includes a secure element 710 that contains and operates the eUICC application. The eUICC is capable of storing and accessing a plurality of access control clients to be used for authentication with a network operator. The secure element includes a secure processor running software stored on secure media. Secure media is inaccessible to all other components (other than the secure processor). In addition, the secure element may be further strengthened to prevent tampering (e.g., wrapped in resin) as described above.
[000125] Secure element 710 is capable of receiving and storing one or more access control clients. In one embodiment, the secure element stores a set or plurality of eSIMs associated with a user (e.g., one for work, one for personal, several for access, transfer between service areas, etc.), and/or in accordance with a another schema or logical relationship (for example, one for each of multiple elements of a family or business entity, one for each of personal and work use for family elements, and so on). Each eSIM includes a small file system including computer-readable instructions (the eSIM program) and associated data (eg, cipher keys, integrity keys, etc.).
[000126] The secure element is further adapted to enable transfer of eSIMs to and/or from the mobile device. In one implementation, the mobile device provides a GUI-based confirmation to initiate transfer of an eSIM.
[000127] Once the mobile device user chooses to activate an eSIM, the mobile device sends an activation request to an activation service. The mobile device can use eSIM for standard Authentication and Agreement Key (AKA) exchanges. Permanent Storage
[000128] Figure 8 illustrates an exemplary embodiment of permanent storage 306 in accordance with the present invention. Permanent storage can be implemented as a standalone entity, or it can be incorporated into other network entities (eg, an eUICC 302 appliance, eSIM 304 warehouse, etc.). As shown, permanent storage generally includes an interface 804 and a storage apparatus 802.
[000129] Permanent storage is adapted to store a set of encrypted access control clients and associated state in non-volatile storage. In one embodiment, permanent storage stores a set of encrypted eSIMs and associated metadata such as Binary Large Objects (BLOBs). Each BLOB can be uniquely encrypted by the storage device key (eg eUICC device, eSIM deposit, etc.).
[000130] It will be recognized that while certain aspects of the invention are described in terms of a specific sequence of steps of a method, these descriptions are only illustrative of the broader methods of the invention, and may be modified as required by the particular application. Certain steps may be made unnecessary or optional under certain circumstances. Additionally, certain steps or functionality may be added to the disclosed embodiments, or the order of performance of two or more steps may be interchanged. All such variations are considered to be within the scope of the invention disclosed and claimed herein.
[000131] While the foregoing detailed description has shown, described and highlighted unpublished features of the invention as applied to various embodiments, it will be understood that various omissions, substitutions and changes in the form and details of the device or process illustrated may be made by those skilled in the art without depart from the invention. The description set out above is that of the currently considered best mode of carrying out the invention. This description is not intended to be limiting in any way, but rather should be regarded as illustrative of the general principles of the invention. The scope of the invention should be determined with reference to the embodiments.

权利要求:
Claims (20)
[0001]
1. Method for distributing access control clients, characterized by the fact that it comprises the steps of: tracking distribution status of a plurality of access control clients that are stored inside a secure repository; encrypting a first client of access control exclusively for a target mobile device, the target mobile device being configured to transfer the first encrypted access control client from any one of two or more distribution entities; transmit the first encrypted access control client for each of the two or more distribution entities; eremove the first access control client from the secure repository;update the distribution status that corresponds to the first access control client to indicate: the removal of the first access control client from the secure repository, and the transmission of the first access control client encrypted access for the two or more distribution entities; and in response to the determination that the target mobile device transferred the first encrypted access control client from a distribution entity of the two or more distribution entities: remove the first encrypted access control client from each of the two or more distribution entities, and update the distribution status to reflect the removal of the first encrypted access control client from each of the two or more distribution entities.
[0002]
2. Method according to claim 1, characterized in that the first encrypted access is not modified by the two or more distribution entities.
[0003]
3. Method according to claim 1, characterized in that tracking distribution statuses includes maintaining distribution data associated with each access control client of the plurality of access control clients.
[0004]
4. Method according to claim 1, characterized in that the tracking of distribution status includes the maintenance of transaction data associated with each access control client of the plurality of access control clients.
[0005]
5. Method according to claim 1, characterized in that the target device complies with a standard reliable relationship.
[0006]
Method according to claim 5, characterized in that the target device is verified based at least in part on a challenge-response scheme before transferring the first encrypted access control client.
[0007]
7. Method according to claim 1, characterized in that each access control client of the plurality of access control clients comprises an electronic Subscriber Identity Module (eSIM).
[0008]
8. Method according to claim 7, characterized in that each distribution entity among the two or more distribution entities is an eSIM deposit.
[0009]
9. Method for distributing access control clients, characterized by the fact that it comprises the steps of: receiving, in each of two or more distribution locations, an encrypted access control client for a unique target device; receiving , at any of the two or more distribution locations, a request from the unique target device to the encrypted access control client; transmit the encrypted access control client to the unique target device; and responsive to receiving an indication that the encrypted access control client has been successfully transmitted to the unique target device: at each of the two or more distribution locations, remove or disable the encrypted access control client.
[0010]
10. Method according to claim 9, characterized in that the encrypted access control client is transmitted to the exclusive target device without notifying a centralized network entity.
[0011]
11. Method according to claim 9, characterized in that the encrypted access control client is associated with metadata.
[0012]
12. Method according to claim 11, characterized in that the metadata includes: identifying information associated with the encrypted access control client, information about an issuer of the encrypted access control client, or account information associated with the encrypted access control client.
[0013]
13. Method according to claim 11, characterized in that the metadata comprises status information associated with the encrypted access control client.
[0014]
14. Method, according to claim 11, characterized in that it further comprises: receiving, in any of the two or more distribution locations, a second request from the target device exclusively for the metadata; and transmit the metadata to the unique target device.
[0015]
15. Apparatus for distributing access control clients, the apparatus characterized in that it comprises: a subscription apparatus, the subscription apparatus being configured to track distribution status of a plurality of access control clients; a module security, wherein the security module is configured to uniquely encrypt the plurality of access control clients for target devices; a processor; and a storage device in data communication with the processor, wherein the storage device stores a computer-executable method that, when executed by the processor, causes the processor to: access from the plurality of access control clients; have the security module uniquely encrypt the access control client for the target device; stream the encrypted access control client to two or more distribution locations, where either of the two or more distribution locations is capable of transmitting the encrypted access control client to the target device; Have the subscription appliance update a distribution status associated with the encrypted access control client to reflect transmission from the encrypted access control client to each of the two or more distribution locations.
[0016]
16. Apparatus according to claim 15, characterized in that the apparatus additionally comprises secure storage for locally storing the plurality of access control clients.
[0017]
17. Apparatus according to claim 16, characterized in that each access control client of the plurality of access control clients is encrypted exclusively for secure storage.
[0018]
18. Device according to claim 17, characterized in that the security module is additionally configured to, before encrypting the access control client, decrypt the access control client when it is encrypted for secure storage .
[0019]
19. Device according to claim 15, characterized in that each access control client of the plurality of access control clients is an electronic Subscriber Identity Modules (eSIMs).
[0020]
20. Device according to claim 19, characterized in that each of the one or more distribution locations is an eSIM depot.

类似技术:

---

公开号 | 公开日 | 专利标题

---

BR102012007800B1|2022-02-01|Method and Apparatus for Distributing Access Control Clients

---

US9686076B2|2017-06-20|Apparatus and methods for storing electronic access clients

---

JP6430449B2|2018-11-28|Policy-based techniques for managing access control

---

AU2014203692B2|2016-04-21|Apparatus and methods for storing electronic access clients

同族专利:

---

公开号 | 公开日

---

TWI451773B|2014-09-01|

---

KR101613792B1|2016-04-19|

---

KR101484367B1|2015-01-28|

---

US8707022B2|2014-04-22|

---

KR20120113686A|2012-10-15|

---

JP2015046166A|2015-03-12|

---

MX2012003953A|2012-10-24|

---

BR102012007800A2|2015-08-11|

---

EP2509342A3|2013-01-09|

---

TWI498015B|2015-08-21|

---

EP2509342A2|2012-10-10|

---

US9438600B2|2016-09-06|

---

JP2012221511A|2012-11-12|

---

TW201251483A|2012-12-16|

---

KR20140103892A|2014-08-27|

---

US20120260086A1|2012-10-11|

---

JP5612018B2|2014-10-22|

---

TW201507495A|2015-02-16|

---

JP6073269B2|2017-02-01|

---

WO2012138780A3|2014-05-01|

---

AU2012201946B2|2014-08-28|

---

US20140298018A1|2014-10-02|

---

AU2012201946A1|2012-10-25|

---

WO2012138780A2|2012-10-11|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

---

US8145701B2|1996-06-28|2012-03-27|Jordaan Consulting Ltd. Iii, Llc|Methods and systems for providing storage of a data file over a computer network|

---

US6799155B1|1998-12-11|2004-09-28|Allied Signal Inc.|Replacement of externally mounted user interface modules with software emulation of user interface module functions in embedded processor applications|

---

US6873609B1|1999-11-02|2005-03-29|Ipwireless, Inc.|Use of internet WEB technology for wireless internet access|

---

US7991697B2|2002-12-16|2011-08-02|Irdeto Usa, Inc.|Method and system to digitally sign and deliver content in a geographically controlled manner via a network|

---

US7062279B2|2000-06-22|2006-06-13|Openwave Systems Inc.|Anonymous positioning of a wireless unit for data network location-based services|

---

US6372974B1|2001-01-16|2002-04-16|Intel Corporation|Method and apparatus for sharing music content between devices|

---

WO2002093811A2|2001-05-16|2002-11-21|Adjungo Networks Ltd.|Access to plmn networks for non-plmn devices|

---

FR2826212B1|2001-06-15|2004-11-19|Gemplus Card Int|METHOD FOR REMOTELY LOADING AN ENCRYPTION KEY IN A STATION OF A TELECOMMUNICATION NETWORK|

---

DE10215861B4|2002-01-31|2005-11-24|Condat Aktiengesellschaft|Method for operating terminal devices in a mobile radio transmission system with multiple access|

---

JP2003281392A|2002-03-20|2003-10-03|Japan Telecom Co Ltd|Method for distributing contents|

---

US7900054B2|2002-03-25|2011-03-01|Intel Corporation|Security protocols for processor-based systems|

---

US6836670B2|2002-05-09|2004-12-28|Casabyte, Inc.|Method, apparatus and article to remotely associate wireless communications devices with subscriber identities and /or proxy wireless communications devices|

---

JP2004015547A|2002-06-07|2004-01-15|Canon Inc|Image encrypting device, image encrypting method, decrypting device, decrypting method, program, and storage medium|

---

TW576063B|2002-07-10|2004-02-11|Benq Corp|Device and method for securing information associated with a subscriber in a communication apparatus|

---

US7280847B2|2002-07-26|2007-10-09|Way Systems Inc|System and method for mobile transactions using the bearer independent protocol|

---

FI117586B|2002-08-02|2006-11-30|Nokia Corp|Method for arranging a SIM function in a digital wireless terminal device as well as the corresponding terminal device and server|

---

JP2004180155A|2002-11-28|2004-06-24|Ntt Docomo Inc|Communication control apparatus, firewall device, communication control system and data communication method|

---

GB2396472A|2002-12-18|2004-06-23|Ncr Int Inc|System for cash withdrawal|

---

US7801820B2|2003-01-13|2010-09-21|Sony Corporation|Real-time delivery of license for previously stored encrypted content|

---

US7379548B2|2003-01-31|2008-05-27|Nds Limited|Virtual smart card device, method and system|

---

WO2004105421A2|2003-05-22|2004-12-02|Axalto Sa|Remote sim card replacement and activation process|

---

US7590837B2|2003-08-23|2009-09-15|Softex Incorporated|Electronic device security and tracking system and method|

---

US20060190999A1|2004-11-22|2006-08-24|David Chen|Method and apparatus for two-way transmission of medical data|

---

US7162408B2|2003-12-15|2007-01-09|Microsoft Corporation|Subscriber identification module emulator|

---

US20050176465A1|2004-02-09|2005-08-11|Ixi Mobile Ltd.|Automatic mobile device configuration system and method in a mobile communication network|

---

KR101254209B1|2004-03-22|2013-04-23|삼성전자주식회사|Apparatus and method for moving and copying right objects between device and portable storage device|

---

US20050250468A1|2004-05-09|2005-11-10|Wei Lu|Open wireless architecture for fourth generation mobile communications|

---

FR2871020B1|2004-05-27|2006-07-07|Radiotelephone Sfr|METHOD AND SYSTEM FOR SECURE REPLACEMENT OF SIM CARD INFORMATION TO AT LEAST ONE COMMUNICABLE OBJECT|

---

US7624072B2|2004-06-15|2009-11-24|Lipsky Scott E|Method and system for securely distributing content|

---

US8265282B2|2004-08-13|2012-09-11|Telecom Italia S.P.A.|Method of and system for secure management of data stored on electronic tags|

---

US20060048232A1|2004-08-26|2006-03-02|International Business Machines Corporation|Controlling with rights objects delivery of broadcast encryption content for a network cluster from a content server outside the cluster|

---

SE528103C2|2004-08-31|2006-09-05|Smarttrust Ab|Procedure and system for checking device identity|

---

US7644272B2|2004-10-22|2010-01-05|Broadcom Corporation|Systems and methods for providing security to different functions|

---

KR100606069B1|2004-10-25|2006-07-28|삼성전자주식회사|Method for managing database in complex phone for gam/gprs and the complex phone|

---

US7856249B2|2004-11-08|2010-12-21|Sony Ericsson Mobile Communications Ab|Combined mass storage and subscriber identity module providing information security and apparatus for use therewith|

---

WO2006124841A2|2005-05-17|2006-11-23|Telcordia Technologies, Inc.|Secure virtual point of service for 3g wireless networks|

---

KR100652125B1|2005-06-03|2006-12-01|삼성전자주식회사|Mutual authentication method for managing and authenticating between service provider, terminal and user identify module at one time and terminal, and the system thereof|

---

US7526662B2|2005-09-02|2009-04-28|Motorola, Inc.|Method and apparatus for secure module restoration|

---

US20070153768A1|2005-12-30|2007-07-05|Balakumar Jagadesan|Apparatus and method for cordless internet protocol|

---

JP2009531943A|2006-03-29|2009-09-03|ケーティーフリーテル・カンパニー・リミテッド|Digital processing apparatus and additional service providing method using the same|

---

EP1916598A1|2006-10-23|2008-04-30|Nagravision S.A.|Method for loading and managing an application in a mobile equipment item|

---

JP2009009545A|2007-01-31|2009-01-15|Hewlett-Packard Development Co Lp|Data processing system and method|

---

US7769693B2|2007-03-30|2010-08-03|Cisco Technology, Inc.|Mechanism for secure rehosting of licenses|

---

US8345869B2|2007-04-11|2013-01-01|The Directv Group, Inc.|Method and apparatus for file sharing of missing content between a group of user devices in a peer-to-peer network|

---

US8064597B2|2007-04-20|2011-11-22|Telefonaktiebolaget Lm Ericsson |Method and system for mobile device credentialing|

---

US8712474B2|2007-04-20|2014-04-29|Telefonaktiebolaget L M Ericsson |Secure soft SIM credential transfer|

---

US8140439B2|2007-04-25|2012-03-20|General Instrument Corporation|Method and apparatus for enabling digital rights management in file transfers|

---

US8331989B2|2007-06-15|2012-12-11|Intel Corporation|Field programming of a mobile station with subscriber identification and related information|

---

US9451450B2|2007-09-01|2016-09-20|Apple Inc.|Postponed carrier configuration|

---

US20090070691A1|2007-09-12|2009-03-12|Devicefidelity, Inc.|Presenting web pages through mobile host devices|

---

DE102007044905A1|2007-09-19|2009-04-09|InterDigital Patent Holdings, Inc., Wilmington|Method and device for enabling service usage and determination of subscriber identity in communication networks by means of software-based access authorization cards |

---

US20090125996A1|2007-09-19|2009-05-14|Interdigital Patent Holdings, Inc.|Virtual subscriber identity module|

---

US8280986B2|2007-11-23|2012-10-02|Lg Electronics Inc.|Mobile terminal and associated storage devices having web servers, and method for controlling the same|

---

FI122163B|2007-11-27|2011-09-15|Teliasonera Ab|Nätaccessautentisering|

---

US8675872B2|2007-11-28|2014-03-18|Echostar Technologies L.L.C.|Secure content distribution apparatus, systems, and methods|

---

US8200736B2|2007-12-24|2012-06-12|Qualcomm Incorporated|Virtual SIM card for mobile handsets|

---

US8516133B2|2008-02-07|2013-08-20|Telefonaktiebolaget Lm Ericsson |Method and system for mobile device credentialing|

---

US8561130B2|2008-02-19|2013-10-15|Sandisk Technologies Inc.|Personal license server and methods for use thereof|

---

US8553883B2|2008-02-22|2013-10-08|Telefonaktiebolaget L M Ericsson |Method and apparatus for managing subscription credentials in a wireless communication device|

---

ES2525469T3|2008-03-31|2014-12-23|Orange|Procedure for accessing and transferring data related to an application installed in a security module associated with a mobile terminal, security module, management server and associated system|

---

DE102008025792A1|2008-05-29|2009-12-17|T-Mobile International Ag|Personalization of a SIM using a unique, personalized MasterSIM|

---

TW201012187A|2008-08-25|2010-03-16|Interdigital Patent Holdings|Universal integrated circuit card having a virtual subscriber identity module functionality|

---

US8578153B2|2008-10-28|2013-11-05|Telefonaktiebolaget L M Ericsson |Method and arrangement for provisioning and managing a device|

---

US8275415B2|2009-02-13|2012-09-25|At&T Intellectual Property I, Lp|Systems and methods for multi-device wireless SIM management|

---

US8328104B2|2009-03-30|2012-12-11|Condel International Technologies Inc.|Storage device management systems and methods|

---

US8214645B2|2009-04-08|2012-07-03|Research In Motion Limited|Systems, devices, and methods for securely transmitting a security parameter to a computing device|

---

KR101332709B1|2009-05-04|2013-11-27|블랙베리 리미티드|System and method for implementing media and media transfer between devices|

---

US9734496B2|2009-05-29|2017-08-15|Paypal, Inc.|Trusted remote attestation agent |

---

JP5265452B2|2009-06-01|2013-08-14|日本電信電話株式会社|Application usage system, application usage method|

---

US8639245B2|2009-06-08|2014-01-28|Qualcomm Incorporated|Method and apparatus for updating rules governing the switching of virtual SIM service contracts|

---

US8634828B2|2009-06-08|2014-01-21|Qualcomm Incorporated|Method and apparatus for switching virtual SIM service contracts based upon a user profile|

---

US8606232B2|2009-06-08|2013-12-10|Qualcomm Incorporated|Method and system for performing multi-stage virtual SIM provisioning and setup on mobile devices|

---

US8811969B2|2009-06-08|2014-08-19|Qualcomm Incorporated|Virtual SIM card for mobile handsets|

---

US8649789B2|2009-06-08|2014-02-11|Qualcomm Incorporated|Method and apparatus for switching virtual SIM service contracts when roaming|

---

US20100311402A1|2009-06-08|2010-12-09|Prasanna Srinivasan|Method and apparatus for performing soft switch of virtual sim service contracts|

---

US8676180B2|2009-07-29|2014-03-18|Qualcomm Incorporated|Virtual SIM monitoring mode for mobile handsets|

---

JP5061166B2|2009-09-04|2012-10-31|Ｋｉｉ株式会社|Data synchronization system and data synchronization method|

---

US20110131421A1|2009-12-02|2011-06-02|Fabrice Jogand-Coulomb|Method for installing an application on a sim card|

---

US8560633B2|2010-01-11|2013-10-15|Tangome, Inc.|Communicating in a peer-to-peer computer environment|

---

WO2011160231A2|2010-06-23|2011-12-29|Polar Wireless Corp.|Method and system for routing communications|

---

EP2410777B1|2010-07-21|2016-10-26|Apple Inc.|Virtual access module distribution apparatus and method|

---

EP2606682A1|2010-08-16|2013-06-26|Telefonaktiebolaget L M Ericsson |Mediation server, control method therefor, communication device, control method therefor, communication system, and computer program|

---

US8726403B2|2010-09-02|2014-05-13|Verizon Patent And Licensing Inc.|Secure video content provisioning using digital rights management|

---

DK2437529T3|2010-10-01|2013-02-25|Ericsson Telefon Ab L M|Technique for managing measurements for multiple subscriptions in a mobile terminal|

---

US8555067B2|2010-10-28|2013-10-08|Apple Inc.|Methods and apparatus for delivering electronic identification components over a wireless network|

---

US8924715B2|2010-10-28|2014-12-30|Stephan V. Schell|Methods and apparatus for storage and execution of access control clients|

---

US8532706B2|2010-10-30|2013-09-10|Palm, Inc.|Techniques to manage a subscriber identity module for a mobile wireless device|

---

CN102457606A|2010-11-02|2012-05-16|鸿富锦精密工业（深圳）有限公司|Mobile phone and anti-theft method thereof|

---

TWI468943B|2010-11-03|2015-01-11|Apple Inc|Methods and apparatus for access data recovery from a malfunctioning device|

---

US9100393B2|2010-11-04|2015-08-04|Apple Inc.|Simulacrum of physical security device and methods|

---

US20120129513A1|2010-11-24|2012-05-24|Frode Van Der Laak|Apparatus, systems and methods for programmable sim card using over the air communicated information|

---

EP2461613A1|2010-12-06|2012-06-06|Gemalto SA|Methods and system for handling UICC data|

---

US20120151022A1|2010-12-10|2012-06-14|Symbol Technologies, Inc.|System and method for rapid staging of a mobile device|

---

ES2395368T3|2010-12-22|2013-02-12|Telefonaktiebolaget Lm Ericsson |Technique for managing activity states for multiple subscriptions on a terminal device|

---

US8863256B1|2011-01-14|2014-10-14|Cisco Technology, Inc.|System and method for enabling secure transactions using flexible identity management in a vehicular environment|

---

EP2671398B1|2011-01-31|2021-03-31|Nokia Technologies Oy|Subscriber identity module provisioning|

---

US9009475B2|2011-04-05|2015-04-14|Apple Inc.|Apparatus and methods for storing electronic access clients|

---

JP5741172B2|2011-04-19|2015-07-01|ソニー株式会社|Information processing apparatus, communication system, and information processing method|US8856511B2|2006-12-14|2014-10-07|Blackberry Limited|System and method for wiping and disabling a removed device|

---

US8555067B2|2010-10-28|2013-10-08|Apple Inc.|Methods and apparatus for delivering electronic identification components over a wireless network|

---

US9009475B2|2011-04-05|2015-04-14|Apple Inc.|Apparatus and methods for storing electronic access clients|

---

US9450759B2|2011-04-05|2016-09-20|Apple Inc.|Apparatus and methods for controlling distribution of electronic access clients|

---

US8887257B2|2011-04-26|2014-11-11|David T. Haggerty|Electronic access client distribution apparatus and methods|

---

US10271213B2|2011-05-06|2019-04-23|Apple Inc.|Methods and apparatus for providing management capabilities for access control clients|

---

US8762742B2|2011-05-16|2014-06-24|Broadcom Corporation|Security architecture for using host memory in the design of a secure element|

---

KR101716743B1|2012-02-14|2017-03-15|애플 인크.|Mobile apparatus supporting a plurality of access control clients, and corresponding methods|

---

US9235406B2|2012-04-24|2016-01-12|Apple Inc.|Methods and apparatus for user identity module update without service interruption|

---

KR102093757B1|2012-05-24|2020-03-26|삼성전자 주식회사|Method for providing sim profile in euicc environment and devices therefor|

---

US8983543B2|2012-09-12|2015-03-17|Li Li|Methods and apparatus for managing data within a secure element|

---

DE102012020987A1|2012-10-25|2014-04-30|Giesecke & Devrient Gmbh|A method for securely managing subscriber identity data|

---

US20140141746A1|2012-11-20|2014-05-22|Khiam Yong Tan|Subscriber identity systems, servers, methods for controlling a subscriber identity system, and methods for controlling a server|

---

EP2923478B1|2012-11-21|2019-08-14|Apple Inc.|Policy-based techniques for managing access control|

---

US20150012863A1|2012-12-28|2015-01-08|Panasonic Intellectual Property Corporation Of America|Control method|

---

US9906254B2|2013-02-11|2018-02-27|Apple Inc.|Facilitating multiple subscriber identity support in a wireless device|

---

TWI492093B|2013-04-18|2015-07-11|Newtype Software Systems Co Ltd|Method for encryption and decryption and electronic device using the same|

---

US9350550B2|2013-09-10|2016-05-24|M2M And Iot Technologies, Llc|Power management and security for wireless modules in “machine-to-machine” communications|

---

US9100175B2|2013-11-19|2015-08-04|M2M And Iot Technologies, Llc|Embedded universal integrated circuit card supporting two-factor authentication|

---

US10700856B2|2013-11-19|2020-06-30|Network-1 Technologies, Inc.|Key derivation for a module using an embedded universal integrated circuit card|

---

US10498530B2|2013-09-27|2019-12-03|Network-1 Technologies, Inc.|Secure PKI communications for “machine-to-machine” modules, including key derivation by modules and authenticating public keys|

---

US10129242B2|2013-09-16|2018-11-13|Airwatch Llc|Multi-persona devices and management|

---

KR102218693B1|2014-01-02|2021-02-22|삼성전자주식회사|Method for processing multiple sim information and an electronic device thereof|

---

US9510186B2|2014-04-04|2016-11-29|Apple Inc.|Tamper prevention for electronic subscriber identity moduletype parameters|

---

US9730072B2|2014-05-23|2017-08-08|Apple Inc.|Electronic subscriber identity module provisioning|

---

WO2015184064A1|2014-05-30|2015-12-03|Apple Inc.|Secure storage of an electronic subscriber identity module on a wireless communication device|

---

KR102160597B1|2014-07-17|2020-09-28|삼성전자 주식회사|Method and apparatus for provisioning profile of embedded universal integrated circuit card|

---

WO2016037048A1|2014-09-05|2016-03-10|Sequitur Labs, Inc.|Policy-managed secure code execution and messaging for computing devices and computing device security|

---

US11172352B2|2014-09-17|2021-11-09|Gigsky, Inc.|Apparatuses, methods, and systems for configuring a trusted java card virtual machine using biometric information|

---

US10516990B2|2014-09-17|2019-12-24|Simless, Inc.|Apparatuses, methods and systems for implementing a trusted subscription management platform|

---

EP3228104B1|2014-09-17|2020-08-26|Simless, Inc.|Apparatuses, methods and systems for implementing a trusted subscription management platform|

---

EP3010264A1|2014-10-16|2016-04-20|Gemalto Sa|Method to manage subscriptions in a provisioning server|

---

US10123191B2|2014-10-31|2018-11-06|At&T Intellectual Property I, L.P.|Device operational profiles|

---

US9787647B2|2014-12-02|2017-10-10|Microsoft Technology Licensing, Llc|Secure computer evaluation of decision trees|

---

US9825758B2|2014-12-02|2017-11-21|Microsoft Technology Licensing, Llc|Secure computer evaluation of k-nearest neighbor models|

---

US9853977B1|2015-01-26|2017-12-26|Winklevoss Ip, Llc|System, method, and program product for processing secure transactions within a cloud computing system|

---

US9940141B2|2015-02-23|2018-04-10|Apple Inc.|Method and apparatus for selecting bootstrap ESIMs|

---

US10785645B2|2015-02-23|2020-09-22|Apple Inc.|Techniques for dynamically supporting different authentication algorithms|

---

US11080414B2|2015-05-22|2021-08-03|Huawei Device Co., Ltd.|Cryptographic unit for public key infrastructureoperations|

---

US10142819B2|2015-07-29|2018-11-27|Blackberry Limited|Establishing machine type communications|

---

US9843885B2|2015-08-12|2017-12-12|Apple Inc.|Methods, procedures and framework to provision an eSIM and make it multi-SIM capable using primary account information|

---

EP3324660A4|2015-08-21|2018-07-04|Huawei Technologies Co., Ltd.|Communication control method and apparatus, terminal, and network platform|

---

US10277587B2|2015-10-08|2019-04-30|Apple Inc.|Instantiation of multiple electronic subscriber identity moduleinstances|

---

WO2017079177A1|2015-11-02|2017-05-11|Apple Inc.|Apparatus and methods for electronic subscriber identity moduleinstallation notification|

---

CN108293043B|2015-11-13|2021-11-05|三星电子株式会社|Method and apparatus for downloading a profile for an embedded universal integrated circuit card of a terminal|

---

US9430337B1|2016-01-07|2016-08-30|International Business Machines Corporation|Disaster recovery as a dynamic service|

---

KR20170109467A|2016-03-21|2017-09-29|삼성전자주식회사|Method and apparatus for controlling electronic device|

---

US10911939B2|2017-06-14|2021-02-02|Huawei Technologies Co., Ltd.|Embedded universal integrated circuit card profile management method and apparatus|

---

US11129014B2|2019-03-08|2021-09-21|Apple Inc.|Methods and apparatus to manage inactive electronic subscriber identity modules|

---

US11172350B1|2020-06-15|2021-11-09|Apple Inc.|Subscription activation for mobile wireless devices|

法律状态:
2015-08-11| B03A| Publication of a patent application or of a certificate of addition of invention [chapter 3.1 patent gazette]|

---

2018-12-18| B06F| Objections, documents and/or translations needed after an examination request according [chapter 6.6 patent gazette]|

---

2020-05-05| B06U| Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette]|

---

2021-11-09| B09A| Decision: intention to grant [chapter 9.1 patent gazette]|

---

2022-02-01| B16A| Patent or certificate of addition of invention granted [chapter 16.1 patent gazette]|Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 04/04/2012, OBSERVADAS AS CONDICOES LEGAIS. |

优先权:

---

申请号 | 申请日 | 专利标题

---

US201161472115P| true| 2011-04-05|2011-04-05|

---

US61/472,115|2011-04-05|

---

US13/095,716|2011-04-27|

---

US13/095,716|US8707022B2|2011-04-05|2011-04-27|Apparatus and methods for distributing and storing electronic access clients|

---