What technology area does this patent fall under?

Primary CPC classification H04W12/06. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Dec 27 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Methods and apparatus for storage and execution of access control clients

US9532219B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9532219-B2
Application number	US-201414543773-A
Country	US
Kind code	B2
Filing date	Nov 17, 2014
Priority date	Oct 28, 2010
Publication date	Dec 27, 2016
Grant date	Dec 27, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Disclosed herein is a technique for securely provisioning access control entities (e.g., electronic Subscriber Identity Module (eSIM) components) to a user equipment (UE) device. In one embodiment, a UE device is assigned a unique key and an endorsement certificate that can be used to provide updates or new eSIMs to the UE device. The UE device can trust eSIM material delivered by an unknown third-party eSIM vendor, based on a secure certificate transmission with the unique key. In another aspect, an operating system (OS) is partitioned into various sandboxes. During operation, the UE device can activate and execute the OS in the sandbox corresponding to a current wireless network. Personalization packages received while connected to the network only apply to that sandbox. Similarly, when loading an eSIM, the OS need only load the list of software necessary for the current run-time environment. Unused software can be subsequently activated.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for securely managing access control clients on a mobile device, the method comprising: by a bootstrap operating system (OS) executing on an electronic Universal Integrated Circuit Card (eUICC) included in the mobile device: receiving a request to activate an access control client; referencing a plurality of secure partitions included within a memory of the mobile device, wherein each secure partition of the plurality of secure partitions includes (i) a respective access control client, and (ii) a respective OS that is associated with the access control client; identifying, among the plurality of secure partitions included within the memory of the mobile device, a secure partition that corresponds to the access control client; authenticating the access control client; and subsequent to authenticating the access control client: causing the OS to execute within a limited scope that corresponds to the secure partition, wherein the OS, when executed, activates the access control client. 2. The method of claim 1 , wherein the access control client comprises an electronic Subscriber Identity Module (eSIM), and the eSIM is a virtualization of a physical SIM. 3. The method of claim 1 , wherein authenticating the access control client comprises validating a first certificate associated with the access control client against a second certificate associated with the eUICC. 4. The method of claim 1 , wherein the bootstrap OS receives the request to activate the access control client after a reset of the eUICC. 5. The method of claim 1 , wherein the access control client corresponds to a default Mobile Network Operator (MNO) associated with the mobile device. 6. The method of claim 1 , wherein the secure partition stores at least one additional access control client. 7. The method of claim 1 , wherein activating the access control client enables the mobile device to register with a Mobile Network Operator (MNO) that corresponds to the access control client. 8. A non-transitory computer readable storage medium configured to store instructions that, when executed by a processor of an electronic Universal Integrated Circuit Card (eUICC) included in a mobile device, cause the mobile device to securely manage access control clients, by carrying out steps that include: identifying an initialization of the eUICC; in response to the initialization, parsing a plurality of secure partitions managed by the eUICC to identify an access control client for activation, wherein each secure partition of the plurality of secure partitions includes a respective access control client; authenticating the access control client; and subsequent to authenticating the access control client: causing an OS associated with the access control client to execute within a limited scope that corresponds to the secure partition, wherein the OS, when executed, activates the access control client. 9. The non-transitory computer readable storage medium of claim 8 , wherein the access control client comprises an electronic Subscriber Identity Module (eSIM), and the eSIM is a virtualization of a physical SIM. 10. The non-transitory computer readable storage medium of claim 8 , wherein authenticating the access control client comprises validating a first certificate associated with the access control client against a second certificate associated with the eUICC. 11. The non-transitory computer readable storage medium of claim 8 , wherein the mobile device receives identifies the initialization of the eUICC after a reset of the eUICC. 12. The non-transitory computer readable storage medium of claim 8 , wherein the access control client corresponds to a default Mobile Network Operator (MNO) associated with the mobile device. 13. The non-transitory computer readable storage medium of claim 8 , wherein the secure partition stores at least one additional access control client. 14. The non-transitory computer readable storage medium of claim 8 , wherein activating the access control client enables the mobile device to register with a Mobile Network Operator (MNO) that corresponds to the access control client. 15. A mobile device configured to securely manage a plurality of access control clients, the mobile device comprising: at least one wireless interface; an electronic Universal Integrated Circuit Card (eUICC), comprising: a memory that includes a plurality of secure partitions, wherein each secure partition of the plurality of secure partitions includes a respective access control client, and a processor is configured to cause the mobile device to carry out steps that include: receiving a request to activate an access control client included in the plurality of access control clients; identifying, among the plurality of secure partitions, a secure partition that includes the access control client, wherein the access control client is associated with an OS that is configured to manage the access control client; authenticating at least one of the access control client and the OS; and subsequent to authenticating: causing the OS to execute within a limited scope that corresponds to the secure partition, wherein the OS, when executed, causes the access control client to be activated. 16. The mobile device of claim 15 , wherein the access control client comprises an electronic Subscriber Identity Module (eSIM), and the eSIM is a virtualization of a physical SIM. 17. The mobile device of claim 15 , wherein authenticating the access control client comprises validating a first certificate associated with the access control client against a second certificate associated with the eUICC. 18. The mobile device of claim 15 , wherein the processor receives the request to activate the access control client after a reset of the eUICC. 19. The mobile device of claim 15 , wherein the access control client corresponds to a default Mobile Network Operator (MNO) associated with the mobile device. 20. The mobile device of claim 15 , wherein activating the access control client enables the mobile device to, using the at least one wireless interface, register with a Mobile Network Operator (MNO) that corresponds to the access control client.

Assignees

Apple Inc

Inventors

Classifications

H04W8/205
Transfer to or from user equipment or user record carrier · CPC title
H04W4/003
Electricity · mapped topic
H04W4/001
Electricity · mapped topic
H04W8/265
for initial activation of new user · CPC title
H04W12/06Primary
Authentication · CPC title

Patent family

Related publications grouped by family.

View patent family 44862753

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9532219B2 cover?: Disclosed herein is a technique for securely provisioning access control entities (e.g., electronic Subscriber Identity Module (eSIM) components) to a user equipment (UE) device. In one embodiment, a UE device is assigned a unique key and an endorsement certificate that can be used to provide updates or new eSIMs to the UE device. The UE device can trust eSIM material delivered by an unknown th…
Who is the assignee on this patent?: Apple Inc
What technology area does this patent fall under?: Primary CPC classification H04W12/06. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Dec 27 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).