What technology area does this patent fall under?

Primary CPC classification H04L63/0853. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Dec 12 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Methods and apparatus for large scale distribution of electronic access clients

US9843585B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9843585-B2
Application number	US-201614995154-A
Country	US
Kind code	B2
Filing date	Jan 13, 2016
Priority date	Feb 14, 2012
Publication date	Dec 12, 2017
Grant date	Dec 12, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Methods and apparatus for large scale distribution of electronic access control clients. In one aspect, a tiered security software protocol is disclosed. In one exemplary embodiment, a server electronic Universal Integrated Circuit Card (eUICC) and client eUICC software comprise a so-called “stack” of software layers. Each software layer is responsible for a set of hierarchical functions which are negotiated with its corresponding peer software layer. The tiered security software protocol is configured for large scale distribution of electronic Subscriber Identity Modules (eSIMs).

First claim

Opening claim text (preview).

What is claimed is: 1. A method for replacing compromised digital certificates associated with electronic Universal Integrated Circuit Cards (eUICCs) included in mobile devices, the method comprising: at an eUICC management server: receiving an indication that a signing authority associated with a plurality of digital certificates has been compromised; and in response to the indication, and for each digital certificate of the plurality of digital certificates: identifying (i) an eUICC associated with the digital certificate, and (ii) a mobile device in which the eUICC is included, and causing the eUICC of the mobile device to replace the digital certificate with an updated digital certificate when the updated digital certificate is newer than the digital certificate, wherein the updated digital certificate is based on (i) a public key (PK eUICC ) that corresponds to the eUICC, and (ii) an updated private key (SK Updated _ SA ) that corresponds to the signing authority, and the public key (PK eUICC ) is identified based on a Certificate Signing Request (CSR) associated with the digital certificate. 2. The method of claim 1 , wherein the updated digital certificate is newer than the digital certificate when a second epoch property included in the updated digital certificate exceeds a first epoch property included in the digital certificate. 3. The method of claim 1 , wherein the public key (PK eUICC ) further corresponds to the digital certificate. 4. The method of claim 1 , wherein, for each digital certificate of the plurality of digital certificates, the digital certificate and the updated digital certificate are associated with (i) the PK eUICC , and (ii) a private key (SK eUICC ) that corresponds to the PK eUICC . 5. The method of claim 3 , wherein: for each digital certificate of the plurality of digital certificates, the digital certificate is digitally signed using an original private key (SK Original _ SA ) that corresponds to the signing authority, and the SK Original _ SA is compromised. 6. The method of claim 5 , wherein the SK Updated _ SA is generated by the signing authority in response to a corruption of the SK Original _ SA . 7. A non-transitory computer readable storage medium configured to store instructions that, when executed by a processor included in an electronic Universal Integrated Circuit Card (eUICC) management server, cause the eUICC management server to replace compromised digital certificates associated with eUICCs included in mobile devices, by carrying out steps that include: receiving an indication that a signing authority associated with a plurality of digital certificates has been compromised; and in response to the indication, and for each digital certificate of the plurality of digital certificates: identifying (i) an eUICC associated with the digital certificate, and (ii) a mobile device in which the eUICC is included, and causing the eUICC of the mobile device to replace the digital certificate with an updated digital certificate when the updated digital certificate is newer than the digital certificate, wherein: the updated digital certificate is based on (i) a public key (PK eUICC ) that corresponds to the eUICC, and (ii) an updated private key SK Updated _ SA ) that corresponds to the signaling authority, and the public key (PK eUICC ) is identified based on a Certificate Signing Request (CSR) associated with the digital certificate. 8. The non-transitory computer readable storage medium of claim 7 , wherein the updated digital certificate is newer than the digital certificate when a second epoch property included in the updated digital certificate exceeds a first epoch property included in the digital certificate. 9. The non-transitory computer readable storage medium of claim 7 , wherein the public key (PK eUICC ) further corresponds to the digital certificate. 10. The non-transitory computer readable storage medium of claim 7 , wherein, for each digital certificate of the plurality of digital certificates, the digital certificate and the updated digital certificate are associated with (i) the PK eUICC , and (ii) a private key (SK eUICC ) that corresponds to the PK eUICC . 11. The non-transitory computer readable storage medium of claim 9 , wherein: for each digital certificate of the plurality of digital certificates, the digital certificate is digitally signed using an original private key (SK Original _ SA ) that corresponds to the signing authority, and the SK Original _ SA is compromised. 12. An electronic Universal Integrated Circuit Card (eUICC) management server configured to replace compromised digital certificates associated with eUICCs included in mobile devices, the eUICC management server comprising a processor configured to cause the eUICC management server to carry out steps that include: receiving an indication that a signing authority associated with a plurality of digital certificates has been compromised; and in response to the indication, and for each digital certificate of the plurality of digital certificates: identifying (i) an eUICC associated with the digital certificate, and (ii) a mobile device in which the eUICC is included, and causing the eUICC of the mobile device to replace the digital certificate with an updated digital certificate when the updated digital certificate is newer than the digital certificate, wherein: the updated digital certificate is based on (i) a public key (PK eUICC ) that corresponds to the eUICC, and (ii) an updated private key (SK Updated _ SA ) that corresponds to the signaling authority, and the public key (PK eUICC ) is identified based on a Certificate Signing Request (CSR) associated with the digital certificate. 13. The eUICC management server of claim 12 , wherein the updated digital certificate is newer than the digital certificate when a second epoch property included in the updated digital certificate exceeds a first epoch property included in the digital certificate. 14. The eUICC management server of claim 12 , wherein the public key (PK eUICC ) further corresponds to the digital certificate. 15. The eUICC management server of claim 12 , wherein, for each digital certificate of the plurality of digital certificates, the digital certificate and the updated digital certificate are associated with (i) the PK eUICC , and (ii) a private key (SK eUICC ) that corresponds to the PK eUICC . 16. The eUICC management server of claim 14 , wherein: for each digital certificate of the plurality of digital certificates, the digital certificate is digitally signed using an original private key (SK Original _ SA ) that corresponds to the signing authority, and the SK Original _ SA is compromised. 17. The eUICC management server of claim 16 , wherein the SK Updated _ SA is generated by the signing authority in response to a corruption of the SK Original _ SA .

Assignees

Apple Inc

Inventors

Classifications

H04L63/06
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
H04W8/183
Processing at user equipment or user record carrier · CPC title
H04L63/0853Primary
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
H04L63/10Primary
for controlling access to devices or network resources · CPC title
H04W8/18
Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data · CPC title

Patent family

Related publications grouped by family.

View patent family 48045663

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9843585B2 cover?: Methods and apparatus for large scale distribution of electronic access control clients. In one aspect, a tiered security software protocol is disclosed. In one exemplary embodiment, a server electronic Universal Integrated Circuit Card (eUICC) and client eUICC software comprise a so-called “stack” of software layers. Each software layer is responsible for a set of hierarchical functions which …
Who is the assignee on this patent?: Apple Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0853. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Dec 12 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).