公开(公告)号：WO2015179507A1

公开(公告)日：2015-11-26

申请号：PCT/US2015/031760

申请日：2015-05-20

Applicant: APPLE INC.

Inventor： YANG, Xiangying ,  LI, Li ,  HAUCK, Jerrold Von

IPC: H04W12/08 ,  H04W12/04 ,  H04W8/20

CPC classification number: H04W12/08 ,  G06F21/33 ,  G06F21/34 ,  G06F21/602 ,  G06F2221/2107 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0877 ,  H04L9/3234 ,  H04L63/0853 ,  H04L2209/80 ,  H04W8/205 ,  H04W12/06

Abstract: A method for preparing an eSIM for provisioning is provided. The method can include a provisioning server encrypting the eSIM with a symmetric key. The method can further include the provisioning server, after determining a target eUICC to which the eSIM is to be provisioned, encrypting the symmetric key with a key encryption key derived based at least in part on a private key associated with the provisioning server and a public key associated with the target eUICC. The method can additionally include the provisioning server formatting an eSIM package including the encrypted eSIM, the encrypted symmetric key, and a public key corresponding to the private key associated with the provisioning server. The method can also include the provisioning server sending the eSIM package to the target eUICC.

Abstract translation: 提供了一种用于准备用于配置的eSIM的方法。 该方法可以包括用对称密钥加密eSIM的配置服务器。 所述方法还可以包括：在确定要向其提供eSIM的目标eUICC之后，所述供应服务器至少部分地基于与所述供应服务器相关联的私钥和公共的公共密钥来加密所述对称密钥 与目标eUICC相关联的密钥。 该方法还可以包括配置服务器格式化包括加密eSIM，加密对称密钥和对应于与配置服务器相关联的私有密钥的公钥的eSIM包。 该方法还可以包括配置服务器将eSIM包发送到目标eUICC。

公开(公告)号：WO2015077597A1

公开(公告)日：2015-05-28

申请号：PCT/US2014/066875

申请日：2014-11-21

Applicant: APPLE INC.

Inventor： ZIAT, Mehdi ,  SHARP, Christopher ,  MCLAUGHLIN, Kevin P. ,  LI, Li ,  HAUCK, Jerrold V. ,  VAID, Yousuf H.

IPC: G06F9/445 ,  G06F15/177 ,  G06F9/50

CPC classification number: H04W8/22 ,  G06F9/44505 ,  G06F9/5011

Abstract: ABSTRACT Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a PCF, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification when it is determined the PCF package is valid.

Abstract translation: 摘要用于验证和应用对站的策略控制功能（PCF）的修改的系统和方法。 所述方法包括生成包括对PCF的修改的PCF包，以及确定PCF包是否被第一或第二实体发送到该站。 所述方法进一步包括当PCF包将被第一实体发送时，包括PCF包的传送器字段中的第一实体的第一签名，以及当PCF包将被第二实体发送时，包括 所有者字段中的第一个签名和提供者字段中第二个实体的第二个签名。 所述方法还包括从第一或第二实体接收PCF包，确定PCF包是否有效，以及当确定PCF包有效时应用该修改。

公开(公告)号：WO2013126217A2

公开(公告)日：2013-08-29

申请号：PCT/US2013/025193

申请日：2013-02-07

Applicant: APPLE INC.

Inventor： HAUCK, Jerrold, Von ,  LI, Li ,  SCHELL, Stephan, V.

IPC: H04L29/06

CPC classification number: H04L63/1408 ,  H04W8/205 ,  H04W12/12

Abstract: Methods and apparatus for detecting fraudulent device operation. In one exemplary embodiment of the present disclosure, a device is issued a user access control client that is uniquely associated with a shared secret that is securely stored within the network and the access control client. Subsequent efforts to activate or deactivate the access control client require verification of the shared secret. Each change in state includes a change to the shared secret. Consequently, requests for a change to state which do not have the proper shared secret will be disregarded, and/or flagged as fraudulent.

Abstract translation: 用于检测欺骗性设备操作的方法和设备。 在本公开的一个示例性实施例中，向设备发布用户访问控制客户端，该用户访问控制客户端唯一地与安全地存储在网络和访问控制客户端内的共享秘密相关联。 随后激活或取消激活访问控制客户端的工作需要验证共享密钥。 状态的每次变化都包括对共享密钥的更改。 因此，对没有适当共享密钥的状态进行更改的请求将被忽略，和/或被标记为欺诈。

公开(公告)号：WO2012058429A3

公开(公告)日：2012-05-03

申请号：PCT/US2011/058093

申请日：2011-10-27

Applicant: APPLE INC. ,  SCHELL, Stephan, V. ,  MATHIAS, Arun, G. ,  VON HAUCK, Ferrold ,  HAGGERTY, David, T. ,  MCLAUGHLIN, Kevin ,  JUANG, Ben-Heng ,  LI, Li

Inventor： SCHELL, Stephan, V. ,  MATHIAS, Arun, G. ,  VON HAUCK, Ferrold ,  HAGGERTY, David, T. ,  MCLAUGHLIN, Kevin ,  JUANG, Ben-Heng ,  LI, Li

IPC: G06F21/00

Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

公开(公告)号：WO2017027115A1

公开(公告)日：2017-02-16

申请号：PCT/US2016/040297

申请日：2016-06-30

Applicant: APPLE INC.

Inventor： YERRABOMMANAHALLI, Vikram B. ,  LI, Li ,  MATHIAS, Arun G. ,  ABDULRAHIMAN, Najeeb M. ,  VASUDEVAN, Chandiramohan ,  MALTHANKAR, Rohan C. ,  GONZALEZ, Francisco J. ,  RIVERA-BARRETO, Rafael L. ,  PADOVA, Jean-Marc

IPC: H04W8/20 ,  H04W8/18

CPC classification number: H04W4/60 ,  H04L61/106 ,  H04W8/18 ,  H04W8/205 ,  H04W68/005

Abstract: Some embodiments relate to methods for provisioning a secondary wireless device with an eSIM for wireless communication and activating multi-SIM functionality between the secondary wireless device and a primary wireless device having a subscribed SIM. The primary wireless device may act as a proxy in obtaining the eSIM for the secondary wireless device. The primary wireless device may then provide, to the cellular network, identifiers of the SIMs of the primary and secondary wireless devices. The primary wireless device may then request initiation of multi-SIM functionality for the two SIMs, and receive an indication that the multi-SIM functionality has been initiated. As an example, the multi-SIM functionality may be implemented by mapping the SIM of the primary wireless device and the SIM of the secondary wireless device (e.g., the provisioned eSIM) to the same Mobile Directory Number (MDN).

Abstract translation: 一些实施例涉及用于为辅助无线设备提供用于无线通信的eSIM以及在辅助无线设备与具有订阅的SIM的主要无线设备之间激活多SIM功能的方法。 主要无线设备可以作为获得辅助无线设备的eSIM的代理。 然后，主要无线设备可以向蜂窝网络提供主要和次要无线设备的SIM的标识符。 然后，主要无线设备可以请求启动用于两个SIM的多SIM功能，并且接收多SIM功能已被启动的指示。 作为示例，可以通过将主无线设备的SIM和辅助无线设备的SIM（例如，所提供的eSIM）映射到相同的移动目录号码（MDN）来实现多SIM功能。

公开(公告)号：WO2014123622A1

公开(公告)日：2014-08-14

申请号：PCT/US2013/074181

申请日：2013-12-10

Applicant: APPLE INC.

Inventor： LI, Li ,  JUANG, Ben-Heng ,  MATHIAS, Arun, G.

IPC: G06F12/00 ,  G06F11/30

CPC classification number: G06F3/0617 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/0653 ,  G06F3/0679 ,  G06F11/3466 ,  G06F12/0246 ,  H04W8/245

Abstract: The invention provides a technique for managing write operations issued to a non-volatile memory included in a wireless device. A monitor software application executes on the wireless device and is configured to determine that a number of write operations issued to the non-volatile memory is greater than or equal to a write operation threshold associated with the non-volatile memory. In response, at least one application is isolated as the application responsible for issuing excessive write operations. The isolation can be carried out locally on the wireless device, or the isolation can be carried out remotely at a server by sending information about the write operations to the server. The monitor then limits additional write operations from being issued to the non-volatile memory so as to protect the non-volatile memory from becoming corrupted or inoperable.

Abstract translation: 本发明提供一种用于管理发给无线设备中包括的非易失性存储器的写操作的技术。 监视器软件应用程序在无线设备上执行，并且被配置为确定发出到非易失性存储器的写入操作的数量大于或等于与非易失性存储器相关联的写入操作阈值。 作为响应，至少一个应用程序被隔离为负责发出过多写入操作的应用程序。 隔离可以在无线设备上本地执行，也可以通过向服务器发送有关写入操作的信息，在服务器上远程执行隔离。 监视器然后限制额外的写入操作被发布到非易失性存储器，以便保护非易失性存储器不被损坏或不可操作。

公开(公告)号：WO2014043040A1

公开(公告)日：2014-03-20

申请号：PCT/US2013/058818

申请日：2013-09-09

Applicant: APPLE INC.

Inventor： LI, Li ,  JUANG, Ben-Heng ,  MATHIAS, Arun G. ,  HAUCK, Jerrold Von

IPC: H04W12/08 ,  H04W88/02

CPC classification number: H04W12/08 ,  H04W8/183

Abstract: Apparatus and methods for managing and sharing data across multiple access control clients in devices are disclosed herein. In one embodiment, the access control clients comprise electronic Subscriber Identity Modules (eSIMs) disposed on an embedded Universal Integrated Circuit Card (eUICC). Each eSIM contains its own data. An Advanced Subscriber Identity Toolkit application maintained within the eUICC facilitates managing and sharing multiple eSIMs' data for various purposes such as sharing phonebook contacts or facilitating automatic switch-over between the multiple eSIMs (such as based on user context).

Abstract translation: 本文公开了用于在设备中的多个访问控制客户端上管理和共享数据的装置和方法。 在一个实施例中，访问控制客户端包括设置在嵌入式通用集成电路卡（eUICC）上的电子订户身份模块（eSIM）。 每个eSIM都包含自己的数据。 在eUICC内部维护的高级用户身份工具包应用程序便于管理和共享多个eSIM的数据，用于各种目的，例如共享电话簿联系人或促进多个eSIM之间的自动切换（例如基于用户上下文）。

公开(公告)号：WO2013169484A1

公开(公告)日：2013-11-14

申请号：PCT/US2013/037950

申请日：2013-04-24

Applicant: APPLE INC.

Inventor： LI, Li ,  MATHIAS, Arun, G. ,  JUANG, Ben-Heng

IPC: H04W8/20 ,  H04W8/18

CPC classification number: H04W4/001 ,  H04W4/50 ,  H04W8/20 ,  H04W12/04

Abstract: Provisioning an embedded subscriber identity module (eSIM) in a user equipment (UE) device with personalized subscriber information. A request may be transmitted for personalized subscriber information. The personalized subscriber information may be received. The personalized subscriber information may be installed in an eSIM in the UE device.

Abstract translation: 在具有个性化订户信息的用户设备（UE）设备中提供嵌入式用户识别模块（eSIM）。 可以发送用于个性化订户信息的请求。 可以接收个性化订户信息。 个性化用户信息可以安装在UE设备中的eSIM中。

公开(公告)号：WO2013123233A2

公开(公告)日：2013-08-22

申请号：PCT/US2013/026194

申请日：2013-02-14

Applicant: APPLE INC.

Inventor： HAGGERTY, David ,  HAUCK, Jerrold ,  JUANG, Ben ,  LI, Li ,  MATHIAS, Arun ,  MCLAUGHLIN, Kevin ,  NARASIMHAN, Avinash ,  SHARP, Chris ,  YOUSUF, Vaid ,  XIANGGYING, Yang

IPC: H04W12/06

CPC classification number: H04L63/10 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/205 ,  H04W8/18 ,  H04W8/183 ,  H04W8/20 ,  H04W12/06

Abstract: Methods and apparatus for large scale distribution of electronic access control clients, in one aspect, a tiered security software protocol is disclosed. In one exemplary embodiment, a server electronic Universal integrated Circuit Card (eUlCC) and client eUiCC software comprise a so-called "stack" of software layers. Each software layer is responsible for a set of hierarchical functions which are negotiated with its corresponding peer software layer. The tiered security software protocol is configured for large scale distribution of electronic Subscriber Identity Modules (eS!Ms).

Abstract translation: 公开了一种电子访问控制客户端大规模分发的方法和装置，一方面，分层安全软件协议。 在一个示例性实施例中，服务器电子通用集成电路卡（eUlCC）和客户端eUiCC软件包括软件层的所谓“栈”。 每个软件层负责与其相应的对等软件层协商的一组分层功能。 分层安全软件协议配置为大规模分发电子订户身份模块（eS！Ms）。

公开(公告)号：WO2013109550A1

公开(公告)日：2013-07-25

申请号：PCT/US2013/021598

申请日：2013-01-15

Applicant: APPLE INC.

Inventor： LI, Li

IPC: H04L29/08

CPC classification number: H04L67/26 ,  H04L67/28

Abstract: A method and apparatus to proxy notification service connections between a mobile client and a notification server. In one embodiment of the invention, a proxy receives a proxy setup request for the notification service from the mobile client. The proxy further establishes a notification connection with the notification server for the mobile client and maintains the notification connection without waking an application processor of the mobile client. The proxy receives a notification from the notification service and forwards the notification to the mobile client.

Abstract translation: 一种用于代理移动客户端和通知服务器之间的通知服务连接的方法和装置。 在本发明的一个实施例中，代理从移动客户端接收针对通知服务的代理建立请求。 代理进一步建立与用于移动客户端的通知服务器的通知连接，并维护通知连接，而不会唤醒移动客户端的应用处理器。 代理从通知服务接收通知，并将通知转发给移动客户端。