公开(公告)号：US20210160683A1

公开(公告)日：2021-05-27

申请号：US17103892

申请日：2020-11-24

Applicant: Apple Inc.

Inventor： Li LI ,  Najeeb M. ABDULRAHIMAN ,  Arun G. MATHIAS

IPC: H04W8/18 ,  H04W8/20 ,  H04W12/06 ,  H04W12/00

Abstract: Techniques for flexible electronic subscriber identity module (eSIM) deployment to a wireless device by a network server, including generation of multiple eSIMs using an identical eSIM identifier value, such as an identical integrated circuit card identifier (ICCID) value, and subsequent selection of an eSIM based on capabilities of the wireless device. Multiple eSIMs that correspond to different sets of wireless device capabilities are generated without knowledge of the wireless communication standards that a wireless device supports. The multiple eSIMs include a first eSIM that includes fifth generation (5G) wireless communication protocol information and a second eSIM that excludes 5G wireless communication protocol information. The network server selects an eSIM from the multiple eSIMs based on whether the wireless device is 5G capable. After selection and binding of a profile package that includes the eSIM, the remaining eSIMs that use the identical ICCID value are deleted, for security enforcement against cloning.

公开(公告)号：US20200092095A1

公开(公告)日：2020-03-19

申请号：US16566723

申请日：2019-09-10

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI

IPC: H04L9/08 ,  H04W8/18 ,  H04L9/32 ,  H04L29/06

Abstract: This application describes various embodiments to manage multiple security certificates in a wireless device, including switching between different security certificates to support different functions, including supporting connectivity for multiple industry sectors that use different certificate authorities, and/or supporting different operational modes that require different security certificates for performing administrative functions. The wireless device includes a smart secure platform (SSP) or an embedded Universal Integrated Circuit Card (eUICC) that stores multiple security certificates to use for different industry sectors and/or for different operational modes.

公开(公告)号：US20180352425A1

公开(公告)日：2018-12-06

申请号：US15954345

申请日：2018-04-16

Applicant: Apple Inc.

Inventor： Chandiramohan VASUDEVAN ,  Rohan C. MALTHANKAR ,  Prashant H. VASHI ,  Viswanath NAGARAJAN ,  Vikram Bhaskara YERRABOMMANAHALLI ,  Rafael L. RIVERA-BARRETO ,  Samuel J. MILLER ,  Kannan JEYAKUMAR ,  Li LI

IPC: H04W8/24 ,  H04W4/50

CPC classification number: H04W8/24 ,  H04W4/50 ,  H04W8/205 ,  Y02D70/00 ,  Y02D70/1262 ,  Y02D70/1264 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/166 ,  Y02D70/20 ,  Y02D70/22 ,  Y02D70/26

Abstract: Techniques to manage updates for eSIMs of a secondary wireless device are disclosed. Responsive to a user input, expiration of a timer, receipt of a message from an associated primary wireless device, processing circuitry of the secondary wireless device commands an eUICC to update an eSIM. A secure data connection is established between the eUICC and a network provisioning server, either directly from the secondary wireless device to a cellular wireless network or relayed indirectly via the primary wireless device. The eUICC and the network provisioning server exchange messages in accordance with a BIP process to update the eSIM. The eUICC provides a status to the processing circuitry indicating success or failure for the eSIM update. Upon success, a portion of the secondary wireless device may be placed in a reduced power state. Upon failure, the eSIM update process may repeat up to a maximum number of retries.

公开(公告)号：US20180351945A1

公开(公告)日：2018-12-06

申请号：US15720454

申请日：2017-09-29

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: H04L29/06 ,  H04W8/20 ,  H04B1/3816

CPC classification number: H04L63/0853 ,  G06F21/57 ,  G06F21/72 ,  H04B1/3816 ,  H04L63/0869 ,  H04L63/123 ,  H04W8/205 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10

Abstract: Provisioning of an electronic subscriber identity module (eSIM) to an embedded universal integrated circuit card (eUICC) is observed to acquire a captured payload. The captured payload is then used in replay test sessions. In a live test session, test equipment can be used to monitor the communication between an eSIM server and the eUICC in order to capture the payload transmitted from the eSIM server. In the live test session, the eUICC can be in a debug mode that persists an ability to generate the same keys. In the replay test sessions, the payload captured can be reused and the eUICC can regenerate the same keys to decrypt an encrypted eSIM in the payload. After an installation attempt, the eUICC can provide notifications to the test equipment. The eUICC can be stress-tested using methods described herein without consuming a large number of eSIMs from an eSIM server inventory.

公开(公告)号：US20180060199A1

公开(公告)日：2018-03-01

申请号：US15684806

申请日：2017-08-23

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: G06F11/20 ,  G06F9/44 ,  G06F21/60 ,  G06F21/45

CPC classification number: G06F11/2094 ,  G06F8/61 ,  G06F9/4401 ,  G06F11/1433 ,  G06F21/45 ,  G06F21/602 ,  G06F2201/81

Abstract: A device hosting a universal integrated circuit card (UICC or eUICC) initiates an electronic subscriber identity module (eSIM) installation flow with an SIM server. The purpose of the eSIM installation flow is to perform a profile provisioning action. The device and, for example, the eUICC preserve state information related to the eSIM installation flow. The eSIM installation flow includes generation of a one-time public key at the eUICC. In some instances, the eSIM installation flow may be interrupted by an error event before successful installation of the eSIM in the eUICC. A subsequent renewed installation attempt is locally initiated and completed without assistance of the eSIM server. In some embodiments, the recovery and subsequent successful eSIM installation make use of the state information preserved during the earlier eSIM installation flow.

公开(公告)号：US20170338966A1

公开(公告)日：2017-11-23

申请号：US15598220

申请日：2017-05-17

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: H04L9/32 ,  H04L29/06

Abstract: Secure reception of a certificate revocation list (CRL) is determined. In some embodiments, a device initiates a CRL update by sending a message with a timestamp to an embedded universal integrated circuit card (eUICC). The eUICC generates a session identifier, nonce, or random number and builds a payload including an internal time value based on a server time, and an internal time value based on a past message received from the device. The eUICC cryptographically signs over the payload and sends it to the device. The device obtains a CRL from a host server, checks the CRL, and, if the CRL passes the device check, sends it to the eUICC along with a second device timestamp and the nonce. The eUICC then performs checks based on the timestamps, the nonce, the CRL and the internal time values to determine whether the CRL has been securely received.

公开(公告)号：US20170338954A1

公开(公告)日：2017-11-23

申请号：US15602027

申请日：2017-05-22

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04L9/0863 ,  H04L9/0838 ,  H04L9/0894 ,  H04L9/3273 ,  H04L63/0435 ,  H04L63/067 ,  H04L63/0853 ,  H04L2463/061 ,  H04W12/0023 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

Abstract: A device hosting a universal integrated circuit card (UICC or eUICC) initiates a provisioning call flow with an electronic subscriber identity module (eSIM) server. The purpose of the provisioning call flow is to perform a particular provisioning action or function. The eSIM server, the device and/or the eUICC maintain state information related to the provisioning call flow. The provisioning call flow includes generation of a one-time public key (otPK) at the eUICC. The provisioning call flow is interrupted by an error event before, for example, successful installation of a profile in the eUICC. A subsequent provisioning call flow is initiated. The eSIM server assists the eUICC to recover from the error event based on the state information of the eSIM server, the device and/or the eUICC. In some embodiments, the recovery and subsequent successful profile installation makes use of the otPK generated during the earlier provisioning call flow.

公开(公告)号：US20170280328A1

公开(公告)日：2017-09-28

申请号：US15619167

申请日：2017-06-09

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI ,  Jerrold Von HAUCK

IPC: H04W12/08 ,  G06F21/33 ,  G06F21/34 ,  G06F21/60 ,  H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04W12/06 ,  H04W8/20

CPC classification number: H04W12/08 ,  G06F21/33 ,  G06F21/34 ,  G06F21/602 ,  G06F2221/2107 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0877 ,  H04L9/3234 ,  H04L63/0853 ,  H04L2209/80 ,  H04W8/205 ,  H04W12/06

Abstract: A method for preparing an eSIM for provisioning is provided. The method can include a provisioning server encrypting the eSIM with a symmetric key. The method can further include the provisioning server, after determining a target eUICC to which the eSIM is to be provisioned, encrypting the symmetric key with a key encryption key derived based at least in part on a private key associated with the provisioning server and a public key associated with the target eUICC. The method can additionally include the provisioning server formatting an eSIM package including the encrypted eSIM, the encrypted symmetric key, and a public key corresponding to the private key associated with the provisioning server. The method can also include the provisioning server sending the eSIM package to the target eUICC.

公开(公告)号：US20170127264A1

公开(公告)日：2017-05-04

申请号：US15340933

申请日：2016-11-01

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI

IPC: H04W8/18 ,  H04L29/06 ,  H04W12/10 ,  H04W12/04

CPC classification number: H04W8/183 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0823 ,  H04L2209/80 ,  H04W4/60 ,  H04W8/205 ,  H04W12/02 ,  H04W12/04 ,  H04W12/10

Abstract: Methods and apparatus for provisioning electronic Subscriber Identity Module (eSIM) data by a mobile device are disclosed. Processing circuitry of the mobile device transfers encrypted eSIM data to an embedded Universal Integrated Circuit Card (eUICC) of the mobile device as a series of data messages and receives corresponding response messages for each data message from the eUICC. The response messages from the eUICC are formatted with a tag field that indicates encryption and signature verification properties for the response message. Different values in the tag field indicate whether the response message is (i) encrypted and verifiably signed, (ii) verifiably signed only, or (iii) includes plain text information. Response messages without encryption are readable by the processing circuitry, and processing of the response messages, including forwarding to network elements, such as to a provisioning server are based at least in part on values in the tag field.

公开(公告)号：US20170093565A1

公开(公告)日：2017-03-30

申请号：US15279343

申请日：2016-09-28

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI

IPC: H04L9/08 ,  H04W12/04

CPC classification number: H04L9/0822 ,  H04L9/0841 ,  H04L63/0428 ,  H04L2209/80 ,  H04L2463/062 ,  H04W8/205 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

Abstract: Methods for provisioning electronic Subscriber Identity Modules (eSIMs) to electronic Universal Integrated Circuit Cards (eUICCs) are provided. One method involves a provisioning server configured to encrypt the eSIM with a symmetric key (Ke). The provisioning server, upon identifying a target eUICC, encrypts the symmetric key with a key encryption key (KEK) derived based at least in part on a private key associated with the provisioning server and a public key associated with the target eUICC. The provisioning server generates an eSIM package including the encrypted eSIM, the encrypted symmetric key, a public key corresponding to the private key associated with the provisioning server, as well as additional information that enables the target eUICC to, upon receipt of the eSIM package, identify a private key that corresponds to the public key associated with the target eUICC and used to derive the KEK.