公开(公告)号：US20180063668A1

公开(公告)日：2018-03-01

申请号：US15691660

申请日：2017-08-30

Applicant: Apple Inc.

Inventor： Li LI

IPC: H04W4/00 ,  H04W8/24 ,  H04W12/04 ,  H04L9/06 ,  H04L9/14 ,  H04L9/32

CPC classification number: H04W4/50 ,  H04L9/0643 ,  H04L9/14 ,  H04L9/3247 ,  H04L2209/80 ,  H04W4/60 ,  H04W8/245 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10

Abstract: Representative embodiments described herein set forth techniques for provisioning device configuration files and electronic Subscriber Identity Modules (eSIMs) to mobile devices. One embodiment sets forth a method for installing an eSIM at a mobile device. According to some embodiments, the method includes the steps of (1) receiving a first request to obtain the eSIM, (2) issuing, to an eSIM server, a second request for the eSIM, (3) receiving an eSIM installation package from the eSIM server, where the eSIM installation package includes (i) the eSIM, and (ii) a device configuration file that corresponds to: the mobile device, and at least one Mobile Network Operator (MNO) associated with the eSIM, and (4) upon verifying at least one digital signature associated with the eSIM installation package: installing the device configuration file on the mobile device, and installing the eSIM on an electronic Universal Integrated Circuit Card (eUICC) included in the mobile device.

公开(公告)号：US20160316356A1

公开(公告)日：2016-10-27

申请号：US15134289

申请日：2016-04-20

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: H04W8/18 ,  H04W4/00 ,  H04W8/26

CPC classification number: H04W8/183 ,  H04W4/50 ,  H04W8/205 ,  H04W12/04

Abstract: This disclosure describes procedures for maintaining multiple electronic subscriber identity modules (eSIMs) within a user equipment (UE) device, in such a manner that an inactive eSIM can be maintained/updated at the UE device while an active eSIM is being utilized by the UE device to communicate with a corresponding network. The procedures include, a UE device establishing communications with a first network using an active eSIM, initiating an eSIM manager at the UE device, selecting an inactive eSIM (e.g., associated with a second network) with the eSIM manager, applying a profile update to the inactive eSIM with the eSIM manager during communications with the first network, and deselecting the inactive eSIM with the eSIM manager when the profile update to the inactive eSIM is complete. In some configurations, the eSIM manager and the multiple eSIMs can be stored within a secure element of the UE device.

Abstract translation: 本公开描述了在用户设备（UE）设备内维护多个电子用户识别模块（eSIM）的过程，其方式是当UE正在利用活动eSIM时，可以在UE设备处维持/更新非活动eSIM 设备与对应的网络通信。 该过程包括：使用活动eSIM建立与第一网络的通信的UE设备，在UE设备发起eSIM管理器，用eSIM管理器选择不活动的eSIM（例如，与第二网络相关联的），将配置文件更新应用于 在与第一个网络通信时与eSIM管理器进行非活动的eSIM，当非活动eSIM的配置文件更新完成时，使用eSIM管理器取消选中不活动的eSIM。 在一些配置中，eSIM管理器和多个eSIM可以存储在UE设备的安全元素内。

公开(公告)号：US20160037350A1

公开(公告)日：2016-02-04

申请号：US14866969

申请日：2015-09-27

Applicant: Apple Inc.

Inventor： Li LI ,  Stephan V. SCHELL

IPC: H04W12/12 ,  H04W48/06

CPC classification number: H04W12/12 ,  H04L69/40 ,  H04W8/20 ,  H04W8/265 ,  H04W28/0289 ,  H04W28/06 ,  H04W48/06 ,  H04W52/0212 ,  H04W74/004 ,  Y02D70/1224 ,  Y02D70/1242 ,  Y02D70/1262 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/146 ,  Y02D70/166

Abstract: Methods and apparatus for correcting error events associated with identity provisioning. In one embodiment, repeated requests for access control clients are responded to with the execution of a provisioning feedback mechanism which is intended to prevent the unintentional (or even intentional) over-consumption or waste of network resources via the delivery of an excessive amount of access control clients. These provisioning feedback mechanisms include rate-limiting algorithms and/or methodologies which place a cost on the user. Apparatus for implementing the aforementioned provisioning feedback mechanisms are also disclosed and include specialized user equipment and/or network side equipment such as a subscriber identity module provisioning server (SPS).

公开(公告)号：US20150349826A1

公开(公告)日：2015-12-03

申请号：US14720670

申请日：2015-05-22

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: H04B1/3816

CPC classification number: H04B1/3816 ,  H04M2250/14 ,  H04W4/60 ,  H04W8/183 ,  H04W88/06

Abstract: Disclosed herein is a technique for enabling Subscriber Identity Module (SIM) toolkit commands to be properly routed within a mobile device that includes an embedded Universal Integrated Circuit Card (eUICC) configured to manage two or more electronic SIMs (eSIMs). Specifically, the technique involves a baseband component of the mobile device and the eUICC initially exchanging information about their eSIM capabilities to identify whether multiple eSIMs are active within the eUICC. During this exchange of information, the eUICC can generate a list of unique identifiers of the active eSIMs that are managed by the eUICC and provide the list of unique identifiers to the baseband component. In turn, the baseband component can update a configuration to manage the list of unique identifiers and use the list of unique identifiers to properly route SIM toolkit commands to the appropriate eSIM within the eUICC.

Abstract translation: 本文公开了一种使用户身份模块（SIM）工具包命令能够在包括被配置为管理两个或更多个电子SIM（eSIM））的嵌入式通用集成电路卡（eUICC）的移动设备内正确路由的技术。 具体来说，该技术涉及移动设备的基带组件，并且eUICC最初交换有关其eSIM能力的信息，以识别在eUICC内多个eSIM是否活动。 在这种信息交换期间，eUICC可以生成由eUICC管理的活动eSIM的唯一标识符列表，并向基带组件提供唯一标识符列表。 反过来，基带组件可以更新配置以管理唯一标识符列表，并使用唯一标识符列表将SIM工具包命令正确路由到eUICC内的适当eSIM。

公开(公告)号：US20150289129A1

公开(公告)日：2015-10-08

申请号：US14664739

申请日：2015-03-20

Applicant: Apple Inc.

Inventor： Li LI ,  Xiangying YANG

IPC: H04W8/18 ,  G06F3/06

CPC classification number: H04W8/183 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/0665 ,  G06F3/0673 ,  G06F12/0223 ,  G06F2212/1052 ,  G06F2212/177 ,  H04W8/205

Abstract: Disclosed herein are various techniques for preventing or at least partially securing parameters—e.g., Type parameters—of electronic Subscriber Identity Modules (eSIMs) stored within an embedded Universal Integrated Circuit Card (eUICC) from being inappropriately modified by mobile network operators (MNOs). One embodiment sets forth a technique that involves modifying file access properties of the Type parameters of eSIMs to make the Type parameters readable, but not updatable by the MNOs. Another embodiment sets forth a technique that involves implementing eSIM logical containers that separate the Type parameters from the eSIM data within the eUICC, such that the Type parameters are inaccessible to the MNOs. Yet another embodiment sets forth a technique that involves implementing an Operating System (OS)-based registry that is inaccessible to the MNOs and manages Type parameters for the eSIMs that are stored by the eUICC.

Abstract translation: 本文公开了用于防止或至少部分地保护存储在嵌入式通用集成电路卡（eUICC）中的电子用户识别模块（eSIM）的参数的类型参数的各种技术不被移动网络运营商（MNO）的不当修改。 一个实施例提出了一种技术，其涉及修改eSIM的Type参数的文件访问属性，以使类型参数可读，但不能由MNO更新。 另一个实施例提出了一种技术，其涉及实现将Type参数与eUICC内的eSIM数据分开的eSIM逻辑容器，使得MNO不能访问Type参数。 另一个实施例提出了一种技术，其涉及实现MNO不可访问的基于操作系统（OS）的注册表，并管理由eUICC存储的eSIM的类型参数。

公开(公告)号：US20150256345A1

公开(公告)日：2015-09-10

申请号：US14279109

申请日：2014-05-15

Applicant: Apple Inc.

Inventor： Yousuf H. VAID ,  Christopher B. SHARP ,  Medhi ZIAT ,  Li LI ,  Jerrold Von HAUCK ,  Ramiro SARMIENTO ,  Jean-Marc PADOVA

IPC: H04L9/32

CPC classification number: H04L9/3268

Abstract: Disclosed herein is a technique for revoking a root certificate from at least one client device. In particular, the technique involves causing a secure element—which is included in the at least one client device and is configured to store the root certificate as well as at least one backup root certificate—to permanently disregard the root certificate and prevent the at least one client device from utilizing the specific root certificate. According to one embodiment, this revocation occurs in response to a receiving a revocation message that directly targets the root certificate, where the message includes at least two levels of authentication that are verified by the secure element prior to carrying out the revocation. Once the root certificate is revoked, the secure element can continue to utilize the at least one backup root certificate, while permanently disregarding the revoked root certificate.

Abstract translation: 本文公开了一种用于从至少一个客户端设备撤销根证书的技术。 特别地，该技术涉及引起安全元件，其包括在至少一个客户端设备中并且被配置为存储根证书以及至少一个备份根证书，以永久地忽略根证书，并且至少防止 一个客户端设备利用特定的根证书。 根据一个实施例，该撤销响应于接收直接针对根证书的撤销消息而发生，其中该消息包括在执行撤销之前由安全元件验证的至少两个认证级别。 根证书被撤销后，安全元素可以继续使用至少一个备份根证书，同时永久忽略已撤销的根证书。

公开(公告)号：US20130210388A1

公开(公告)日：2013-08-15

申请号：US13762897

申请日：2013-02-08

Applicant: Apple Inc.

Inventor： Li LI ,  Stephan V. SCHELL

IPC: H04W48/06

CPC classification number: H04W12/12 ,  H04L69/40 ,  H04W8/20 ,  H04W8/265 ,  H04W28/0289 ,  H04W28/06 ,  H04W48/06 ,  H04W52/0212 ,  H04W74/004 ,  Y02D70/1224 ,  Y02D70/1242 ,  Y02D70/1262 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/146 ,  Y02D70/166

Abstract: Methods and apparatus for correcting error events associated with identity provisioning. In one embodiment, repeated requests for access control clients are responded to with the execution of a provisioning feedback mechanism which is intended to prevent the unintentional (or even intentional) over-consumption or waste of network resources via the delivery of an excessive amount of access control clients. These provisioning feedback mechanisms include rate-limiting algorithms and/or methodologies which place a cost on the user. Apparatus for implementing the aforementioned provisioning feedback mechanisms are also disclosed and include specialized user equipment and/or network side equipment such as a subscriber identity module provisioning server (SPS).

Abstract translation: 用于纠正与身份提供相关的错误事件的方法和装置。 在一个实施例中，对访问控制客户机的重复请求响应于供应反馈机制的执行，其旨在通过传递过多的访问来防止无意（甚至故意的）过度消费或浪费网络资源 控制客户端。 这些供应反馈机制包括对用户造成成本的速率限制算法和/或方法。 还公开了用于实现上述提供反馈机制的装置，并且包括专用用户设备和/或诸如订户身份模块提供服务器（SPS）的网络侧设备。