POLICY-BASED TECHNIQUES FOR MANAGING ACCESS CONTROL

摘要

A policy-based framework is described. This policy-based framework may be used to specify the privileges for logical entities to perform operations associated with an access-control element (such as an electronic Subscriber Identity Module) located within a secure element in an electronic device. Note that different logical entities may have different privileges for different operations associated with the same or different access-control elements. Moreover, the policy-based framework may specify types of credentials that are used by the logical entities during authentication, so that different types of credentials may be used for different operations and/or by different logical entities. Furthermore, the policy-based framework may specify the security protocols and security levels that are used by the logical entities during authentication, so that different security protocols and security levels may be used for different operations and/or by different logical entities.

主权项

1. An access control client provisioning server, comprising:
a secure memory configured to store a plurality of access control clients; and a processor configured to cause the access control client provisioning server to carry out steps that include:
receiving a request from a mobile wireless device to transfer a particular access control client of the plurality of access control clients to the mobile wireless device,identifying a first security policy implemented by the mobile wireless device,determining that the first security policy aligns with a second security policy implemented by the access control client provisioning server,preparing the particular access control client to be transferred to the mobile wireless device, andtransferring the particular access control client to the mobile wireless device.