公开(公告)号：US11070355B2

公开(公告)日：2021-07-20

申请号：US16024025

申请日：2018-06-29

Applicant: Apple Inc.

Inventor： Li Li ,  Dennis D. Conway

IPC: H04L29/06 ,  H04L9/00 ,  H04L9/14 ,  H04L9/32 ,  H04W12/04 ,  H04L9/08 ,  H04W12/08 ,  H04W12/30 ,  H04W12/37 ,  H04W12/069 ,  H04W12/10 ,  H04W12/40

Abstract: A secure element (SE) determines a profile type and a privilege level. The privilege level, in some embodiments, is associated with a key used successfully by the SE to verify a cryptographic signature. In some embodiments, the privilege level is indicated by a privilege value read from an extension field of a root certificate. The SE determines, in some instances, whether to accept or reject a profile installation after comparing the profile type with the determined privilege level. Thus, a test server is allowed to provision a test profile to an SE even if the test server does not have commercial certification required of an electronic subscriber identity module (eSIM) server that provisions operational profiles. Because the test profile does not include credentials useful for network access, the lower-security test server does not create a risk of improper access to the network of a mobile network operator (MNO).

公开(公告)号：US10785645B2

公开(公告)日：2020-09-22

申请号：US14868257

申请日：2015-09-28

Applicant: Apple Inc.

Inventor： Li Li ,  Jerrold Von Hauck ,  Arun G. Mathias

IPC: H04W12/06 ,  H04W12/04 ,  H04L29/06 ,  H04W12/08 ,  H04W4/60 ,  H04W4/70 ,  H04W12/00 ,  H04W8/20

Abstract: Disclosed herein are different techniques for enabling a mobile device to dynamically support different authentication algorithms. A first technique involves configuring an eUICC included in the mobile device to implement various authentication algorithms that are utilized by MNOs (e.g., MNOs with which the mobile device can interact). Specifically, this technique involves the eUICC storing executable code for each of the various authentication algorithms. According to this technique, the eUICC is configured to manage at least one eSIM, where the eSIM includes (i) an identifier that corresponds to one of the various authentication algorithms implemented by the eUICC, and (ii) authentication parameters that are compatible with the authentication algorithm. A second technique involves configuring the eUICC to interface with an eSIM to extract (i) executable code for an authentication algorithm used by an MNO that corresponds to the eSIM, and (ii) authentication parameters that are compatible with the authentication algorithm.

公开(公告)号：US10764066B2

公开(公告)日：2020-09-01

申请号：US15598220

申请日：2017-05-17

Applicant: Apple Inc.

Inventor： Li Li ,  Arun G. Mathias

IPC: H04L9/32 ,  H04L29/06 ,  H04W12/06

Abstract: Secure reception of a certificate revocation list (CRL) is determined. In some embodiments, a device initiates a CRL update by sending a message with a timestamp to an embedded universal integrated circuit card (eUICC). The eUICC generates a session identifier, nonce, or random number and builds a payload including an internal time value based on a server time, and an internal time value based on a past message received from the device. The eUICC cryptographically signs over the payload and sends it to the device. The device obtains a CRL from a host server, checks the CRL, and, if the CRL passes the device check, sends it to the eUICC along with a second device timestamp and the nonce. The eUICC then performs checks based on the timestamps, the nonce, the CRL and the internal time values to determine whether the CRL has been securely received.

公开(公告)号：US10554487B2

公开(公告)日：2020-02-04

申请号：US15157332

申请日：2016-05-17

Applicant: Apple Inc.

Inventor： Li Li ,  Yousuf H. Vaid ,  Christopher B. Sharp ,  Arun G. Mathias ,  David T. Haggerty ,  Jerrold Von Hauck

IPC: H04L29/06 ,  H04L12/24 ,  H04B1/3816 ,  H04B1/3827

Abstract: Representative embodiments described herein set forth techniques for optimizing large-scale deliveries of electronic Subscriber Identity Modules (eSIMs) to mobile devices. Specifically, instead of generating and assigning eSIMs when mobile devices are being activated—which can require significant processing overhead—eSIMs are pre-generated with a basic set of information, and are later-assigned to the mobile devices when they are activated. This can provide considerable benefits over conventional approaches that involve generating and assigning eSIMs during mobile device activation, especially when new mobile devices (e.g., smartphones, tablets, etc.) are being launched and a large number of eSIM assignment requests are to be fulfilled in an efficient manner.

公开(公告)号：US10462654B2

公开(公告)日：2019-10-29

申请号：US16102189

申请日：2018-08-13

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li ,  Arun G. Mathias

IPC: H04L29/06 ,  H04W12/02 ,  H04W4/50 ,  H04W12/00

Abstract: Methods and apparatus for managing processing of electronic Subscriber Identity Modules (eSIM) data at a mobile device are disclosed. An eSIM management entity of an embedded Universal Integrated Circuit Card (eUICC) in the mobile device obtains an encrypted eSIM package, decrypts the eSIM package to obtain eSIM contents formatted generically and not specifically tailored to requirements of the eUICC. In some embodiments, the eSIM contents are formatted based on an abstract syntax notation (ASN) distinguished encoding rules (DER) format. The eSIM management entity parses the formatted eSIM contents to retrieve individual eSIM components and installs each eSIM component for the eSIM in an eSIM security domain on the eUICC. In some embodiments, the eSIM management entity acts as a local, personalization server to provide local Trusted Service Manager (TSM) server functionality for eSIM installation that transforms “generically formatted” eSIM contents into eSIM components that match specific requirements of the eUICC.

公开(公告)号：US10397771B2

公开(公告)日：2019-08-27

申请号：US16244035

申请日：2019-01-09

Applicant: Apple Inc.

Inventor： Li Li ,  Clark P. Mueller ,  Avinash Narasimhan ,  Arun G. Mathias ,  Najeeb M. Abdulrahiman ,  David T. Haggerty

IPC: H04W8/18 ,  H04L29/06 ,  G06F21/72 ,  H04W12/10 ,  H04W4/50 ,  H04W8/24 ,  H04W4/60 ,  G06F21/57

Abstract: Representative embodiments described herein set forth techniques for provisioning bootstrap electronic Subscriber Identity Modules (eSIMs) to mobile devices. According to some embodiments, a mobile device can be configured to issue, to an eSIM selection server, a bootstrap eSIM request that includes (i) metadata associated with the mobile device, and (ii) metadata associated with an electronic Universal Integrated Circuit Card (eUICC) included in the mobile device. In turn, the eSIM selection server selects and binds a particular bootstrap eSIM to the mobile device, and provides information to the mobile device that enables the mobile device to obtain the particular bootstrap eSIM from one or more eSIM servers. When the mobile device obtains the particular bootstrap eSIM, the mobile device can interface with a mobile network operator (MNO) and obtain a complete eSIM that enables the mobile device to access services provided by the MNO.

公开(公告)号：US10367810B2

公开(公告)日：2019-07-30

申请号：US15720454

申请日：2017-09-29

Applicant: Apple Inc.

Inventor： Li Li ,  Arun G. Mathias

IPC: H04W8/20 ,  H04W12/06 ,  H04W12/08 ,  H04B1/3816 ,  H04W12/04 ,  G06F21/57 ,  H04L29/06 ,  H04W12/10 ,  G06F21/72

Abstract: Provisioning of an electronic subscriber identity module (eSIM) to an embedded universal integrated circuit card (eUICC) is observed to acquire a captured payload. The captured payload is then used in replay test sessions. In a live test session, test equipment can be used to monitor the communication between an eSIM server and the eUICC in order to capture the payload transmitted from the eSIM server. In the live test session, the eUICC can be in a debug mode that persists an ability to generate the same keys. In the replay test sessions, the payload captured can be reused and the eUICC can regenerate the same keys to decrypt an encrypted eSIM in the payload. After an installation attempt, the eUICC can provide notifications to the test equipment. The eUICC can be stress-tested using methods described herein without consuming a large number of eSIMs from an eSIM server inventory.

公开(公告)号：US20180098178A1

公开(公告)日：2018-04-05

申请号：US15817081

申请日：2017-11-17

Applicant: Apple Inc.

Inventor： Vikram B. Yerrabommanahalli ,  Li Li ,  Arun G. Mathias ,  Najeeb M. Abdulrahiman ,  Chandiramohan Vasudevan ,  Rohan C. Malthankar ,  Francisco J. Gonzalez ,  Rafael L. Rivera-Barreto ,  Jean-Marc Padova

IPC: H04W4/00 ,  H04W68/00

CPC classification number: H04W4/60 ,  H04L61/106 ,  H04W8/18 ,  H04W8/205 ,  H04W68/005

Abstract: Some embodiments relate to methods for provisioning a secondary wireless device with an eSIM for wireless communication and activating multi-SIM functionality between the secondary wireless device and a primary wireless device having a subscribed SIM. The primary wireless device may act as a proxy in obtaining the eSIM for the secondary wireless device. The primary wireless device may then provide, to the cellular network, identifiers of the SIMs of the primary and secondary wireless devices. The primary wireless device may then request initiation of multi-SIM functionality for the two SIMs, and receive an indication that the multi-SIM functionality has been initiated. As an example, the multi-SIM functionality may be implemented by mapping the SIM of the primary wireless device and the SIM of the secondary wireless device (e.g., the provisioned eSIM) to the same Mobile Directory Number (MDN).

公开(公告)号：US09763101B2

公开(公告)日：2017-09-12

申请号：US14866969

申请日：2015-09-27

Applicant: Apple Inc.

Inventor： Li Li ,  Stephan V. Schell

IPC: H04M1/66 ,  H04W12/12 ,  H04W48/06 ,  H04W28/02 ,  H04W52/02 ,  H04W8/20 ,  H04L29/14 ,  H04W8/26 ,  H04W28/06 ,  H04W74/00

CPC classification number: H04W12/12 ,  H04L69/40 ,  H04W8/20 ,  H04W8/265 ,  H04W28/0289 ,  H04W28/06 ,  H04W48/06 ,  H04W52/0212 ,  H04W74/004 ,  Y02D70/1224 ,  Y02D70/1242 ,  Y02D70/1262 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/146 ,  Y02D70/166

Abstract: Methods and apparatus for correcting error events associated with identity provisioning. In one embodiment, repeated requests for access control clients are responded to with the execution of a provisioning feedback mechanism which is intended to prevent the unintentional (or even intentional) over-consumption or waste of network resources via the delivery of an excessive amount of access control clients. These provisioning feedback mechanisms include rate-limiting algorithms and/or methodologies which place a cost on the user. Apparatus for implementing the aforementioned provisioning feedback mechanisms are also disclosed and include specialized user equipment and/or network side equipment such as a subscriber identity module provisioning server (SPS).

公开(公告)号：US09763081B2

公开(公告)日：2017-09-12

申请号：US14549088

申请日：2014-11-20

Applicant: APPLE INC.

Inventor： Mehdi Ziat ,  Christopher Sharp ,  Kevin P. McLaughlin ,  Li Li ,  Jerrold V. Hauck ,  Yousuf H. Vaid

IPC: H04W4/00 ,  H04W8/22 ,  G06F9/445 ,  G06F9/50

CPC classification number: H04W8/22 ,  G06F9/44505 ,  G06F9/5011

Abstract: Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a PCF, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification to the PCF when it is determined the PCF package is valid.