公开(公告)号：WO2012012526A1

公开(公告)日：2012-01-26

申请号：PCT/US2011/044673

申请日：2011-07-20

Applicant: APPLE INC. ,  HAGGERTY, David, T. ,  VON HAUCK, Jerrold ,  SCHELL, Stephan, V. ,  MATHIA, Arun, G.

Inventor： HAGGERTY, David, T. ,  VON HAUCK, Jerrold ,  SCHELL, Stephan, V. ,  MATHIA, Arun, G.

IPC: H04M1/66

CPC classification number: H04W8/265

Abstract: Apparatus and methods for distributing electronic access client modules for use with electronic devices. In one embodiment, the access client modules are virtual subscriber identity modules (VSIMs) that can be downloaded from online services for use with cellular- equipped devices such as smartphones. The online services may include a point of sale (POS) system that sells electronic devices to users. A broker may be used to facilitate the selection of a virtual subscriber identity module. A provisioning service may also be used to provision the selected VSIM.

Abstract translation: 用于分发用于电子设备的电子访问客户端模块的装置和方法。 在一个实施例中，访问客户端模块是虚拟订户身份模块（VSIM），其可以从在线服务下载以与诸如智能电话的蜂窝配备的设备一起使用。 在线服务可以包括向用户销售电子设备的销售点（POS）系统。 可以使用代理来促进对虚拟订户身份模块的选择。 还可以使用供应服务来配置所选择的VSIM。

公开(公告)号：WO2015030912A1

公开(公告)日：2015-03-05

申请号：PCT/US2014/043382

申请日：2014-06-20

Applicant: APPLE INC.

Inventor： KHAN, Ahmer, A. ,  HAGGERTY, David, T. ,  DICKER, George, R. ,  HAUCK, Jerrold, V. ,  LINDE, Joakim ,  ADLER, Mitchell, D. ,  ROSEN, Zachary, A. ,  VAID, Yousuf, H. ,  SHARP, Christopher

IPC: G06F21/35 ,  G06Q20/32 ,  G06Q20/40

CPC classification number: G06Q20/42 ,  G06F21/35 ,  G06Q20/32 ,  G06Q20/3226 ,  G06Q20/40 ,  G06Q20/4016

Abstract: Systems, methods, and computer-readable media for provisioning credentials on an electronic device are provided. In one example embodiment, a secure platform system may be in communication with an electronic device and a financial institution subsystem. The secure platform system may be configured to, inter alia , receive user account information from the electronic device, authenticate a user account with a commercial entity using the received user account information, detect a commerce credential associated with the authenticated user account, run a commercial entity fraud check on the detected commerce credential, commission the financial institution subsystem to run a financial entity fraud check on the detected commerce credential based on the results of the commercial entity fraud check, and facilitate provisioning of the detected commerce credential on the electronic device based on the results of the financial entity fraud check. Additional embodiments are also provided.

Abstract translation: 提供了用于在电子设备上提供凭证的系统，方法和计算机可读介质。 在一个示例性实施例中，安全平台系统可以与电子设备和金融机构子系统通信。 安全平台系统可以被配置为特别地从电子设备接收用户帐户信息，使用接收到的用户帐户信息向商业实体验证用户帐户，检测与经认证的用户帐户相关联的商业凭证，运行商业广告 实体欺诈检查检测到的商业凭证，委托金融机构子系统根据商业实体欺诈检查的结果对检测到的商业凭证进行金融实体欺诈检查，并促进在电子设备上提供检测到的商业凭证 关于金融实体欺诈检查的结果。 还提供了另外的实施例。

公开(公告)号：WO2012058446A1

公开(公告)日：2012-05-03

申请号：PCT/US2011/058117

申请日：2011-10-27

Applicant: APPLE INC. ,  SCHELL, Stephan, V. ,  HAGGERTY, David, T.

Inventor： SCHELL, Stephan, V. ,  HAGGERTY, David, T.

IPC: H04W8/26

CPC classification number: H04W8/265 ,  H04W4/50 ,  H04W4/60 ,  H04W12/04

Abstract: Methods and apparatus for activating a purchased or previously deployed device by a subscriber. In one embodiment, activation includes authenticating the device to a service provider or carrier, and providing the device with data necessary for enabling the service to the device. In one variant, a user device is activated at a retail store, with the assistance of a carrier representative. In another variant, user equipment is activated via a communications network without the assistance of a representative. In yet another variant, the user equipment is activated via the Internet without the assistance of a representative. The provision of access data includes pre-assigning eSIM from a population of unassigned eSIMs to certain devices for various carrier networks. Alternatively, the eSIM may be assigned on an as-needed basis. Unassigned and/or unused eSIMs can be released (or sold back to the vendor) and/or reused. Solutions for eSIM backup and restoration are also described.

Abstract translation: 用户激活购买或预先部署的设备的方法和装置。 在一个实施例中，激活包括将设备认证给服务提供商或运营商，以及向设备提供启用服务到设备所需的数据。 在一个变型中，在运营商代表的协助下，在零售商店激活用户设备。 在另一个变型中，用户设备通过通信网络被激活，而无需代表的帮助。 在又一变型中，用户设备在没有代表的帮助的情况下通过因特网被激活。 提供访问数据包括从未分配的eSIM群体向各种运营商网络的某些设备预先分配eSIM。 或者，可以根据需要分配eSIM。 未分配的和/或未使用的eSIM可以被释放（或销售给供应商）和/或重复使用。 还描述了eSIM备份和恢复的解决方案。

公开(公告)号：WO2012058099A1

公开(公告)日：2012-05-03

申请号：PCT/US2011/057156

申请日：2011-10-20

Applicant: APPLE INC. ,  SCHELL, Stephan, V. ,  HAGGERTY, David, T.

Inventor： SCHELL, Stephan, V. ,  HAGGERTY, David, T.

IPC: H04W8/20

CPC classification number: H04W8/205

Abstract: Methods and apparatus for managing multiple user access control entities or clients. For example, in one embodiment, a "wallet" of electronic subscriber identity modules (eSIMs) may be stored and used at a user device and/or distributed to other devices for use thereon. In another embodiment, a networked server may store and distribute eSIM to a plurality of user devices in communication therewith. A database of available eSIM is maintained at the wallet entity and/or at the network which enables request for a particular eSIM to be processed and various rules for the distribution thereof to be implemented. Security precautions are implemented to protect both user and network carrier specific data as the data is transmitted between networked entities. Solutions for eSIM backup and restoration are also described.

Abstract translation: 用于管理多个用户访问控制实体或客户端的方法和装置。 例如，在一个实施例中，可以在用户设备处存储和使用电子用户识别模块（eSIM）的“钱包”和/或分发给其他设备以在其上使用。 在另一个实施例中，网络服务器可以将eSIM存储和分发到与其通信的多个用户设备。 可以在电子钱包实体和/或网络上维护可用eSIM的数据库，以使得能够处理特定eSIM的请求并实现其分发的各种规则。 实施安全预防措施以在网络实体之间传输数据时保护用户和网络运营商的特定数据。 还描述了eSIM备份和恢复的解决方案。

公开(公告)号：WO2012058092A1

公开(公告)日：2012-05-03

申请号：PCT/US2011/057081

申请日：2011-10-20

Applicant: APPLE INC. ,  SCHELL, Stephan, V. ,  HAGGERTY, David, T.

Inventor： SCHELL, Stephan, V. ,  HAGGERTY, David, T.

IPC: H04L12/28

CPC classification number: H04W12/06 ,  H04L63/0853 ,  H04L63/0876 ,  H04M15/77 ,  H04M15/771 ,  H04W8/183 ,  H04W8/20 ,  H04W36/14

Abstract: Methods and apparatus that allow a device to migrate wireless service across multiple wireless networks. In one exemplary embodiment, the present invention enables storing and switching between multiple Electronic Subscriber Identity Modules (eSIM), where each eSIM is specific to a different carrier network. By loading the appropriate eSIM, the user device can authenticate itself with the selected carrier, rather than roaming. During roaming operation, the user equipment can load one or more of the previously stored eSIMs. Selection of the eSIM can be done manually by the user or can be driven by the user equipment based on desired context; for example, based on carrier signal strength, cost-effectiveness, etc. Support for multiple radio technologies also allows universal connectivity for wireless devices, even spanning previously incompatible technologies such as GSM (Global Standard for Mobile Communications), CDMA (Code Division Multiple Access), etc.

Abstract translation: 允许设备跨多个无线网络迁移无线服务的方法和装置。 在一个示例性实施例中，本发明能够在多个电子订户身份模块（eSIM）之间存储和切换，其中每个eSIM特定于不同的运营商网络。 通过加载适当的eSIM，用户设备可以使用选定的运营商进行身份验证，而不是漫游。 在漫游操作期间，用户设备可以加载一个或多个先前存储的eSIM。 eSIM的选择可以由用户手动完成，也可以由用户设备根据需要进行驱动; 例如，基于载波信号强度，成本效益等。对于多个无线电技术的支持也允许无线设备的通用连接，甚至跨越以前不兼容的技术，例如GSM（全球移动通信标准），CDMA（码分多址 ）等

公开(公告)号：EP3258667A1

公开(公告)日：2017-12-20

申请号：EP17172936.1

申请日：2011-10-28

Applicant: Apple Inc.

Inventor： SCHNELL, Stephan V. ,  MATHIAS, Arun, G. ,  VON HAUCK, Jerrold ,  HAGGERTY, David, T. ,  McLAUGHLIN, Kevin ,  JUANG, Ben-Huang ,  LI, Li

IPC: H04L29/06 ,  H04W12/08 ,  H04W8/20 ,  H04L29/08 ,  G06F21/45 ,  G06F21/57 ,  H04W4/00

CPC classification number: H04W12/06 ,  G06F21/45 ,  G06F21/57 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/123 ,  H04L63/20 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W8/205 ,  H04W12/04 ,  H04W12/08

Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus (500). In one embodiment, a previously purchased or deployed wireless apparatus (500) is activated by a cellular network. The wireless apparatus (500) connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

Abstract translation: 能够编程无线装置（500）的电子标识信息的方法和装置。 在一个实施例中，先前购买或部署的无线装置（500）由蜂窝网络激活。 无线装置（500）使用访问模块连接到蜂窝网络以下载操作系统组件和/或访问控制客户端组件。 所描述的方法和设备实现了包括电子订户身份模块（eSIM）数据，OS组件的各种组件的更新，添加和替换。 本发明的一个示例性实现利用设备和蜂窝网络之间的可信密钥交换来维护安全性。

公开(公告)号：EP2873046A1

公开(公告)日：2015-05-20

申请号：EP13816307.6

申请日：2013-07-08

Applicant: Apple Inc.

Inventor： KHAN, Ahmer, A. ,  HAGGERTY, David, T. ,  HERZ, Scott, M. ,  TUCKER, Brian, J.

IPC: G06Q20/38

CPC classification number: G06Q30/06 ,  G06Q20/204 ,  G06Q20/322 ,  G06Q20/3227 ,  G06Q20/3278 ,  G06Q20/3829 ,  G06Q20/425 ,  G06Q30/02

Abstract: A commercial transaction method is disclosed. The method first establishes a secure link over a first air interface by a purchasing device. This secure link is between the purchasing device and a point of sale device. The method further identifies a second air interface, which is different from the first air interface, and the second air interface is used to conduct a secure commercial transaction.

公开(公告)号：EP2633711B1

公开(公告)日：2018-03-14

申请号：EP11793892.8

申请日：2011-10-20

Applicant: Apple Inc.

Inventor： SCHELL, Stephan, V. ,  HAGGERTY, David, T.

IPC: H04W8/20

CPC classification number: H04W8/205

Abstract: Methods and apparatus for managing multiple user access control entities or clients. For example, in one embodiment, a “wallet” of electronic subscriber identity modules (eSIMs) may be stored and used at a user device and/or distributed to other devices for use thereon. In another embodiment, a networked server may store and distribute eSIM to a plurality of user devices in communication therewith. A database of available eSIM is maintained at the wallet entity and/or at the network which enables request for a particular eSIM to be processed and various rules for the distribution thereof to be implemented. Security precautions are implemented to protect both user and network carrier specific data as the data is transmitted between networked entities. Solutions for eSIM backup and restoration are also described.

公开(公告)号：EP3275232A1

公开(公告)日：2018-01-31

申请号：EP16769395.1

申请日：2016-03-18

Applicant: Apple Inc.

Inventor： LI, Li ,  YANG, Xiangying ,  HAUCK, Jerrold Von ,  SHARP, Christopher, B. ,  VAID, Yousuf, H. ,  MATHIAS, Arun, G. ,  HAGGERTY, David, T. ,  ABDULRAHIMAN, Najeeb, M.

IPC: H04W12/06 ,  H04L9/32 ,  G06F21/31 ,  H04W4/00

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.