公开(公告)号：EP3072047A1

公开(公告)日：2016-09-28

申请号：EP14816001.3

申请日：2014-11-21

Applicant: Apple Inc.

Inventor： ZIAT, Mehdi ,  SHARP, Christopher ,  MCLAUGHLIN, Kevin P. ,  LI, Li ,  HAUCK, Jerrold V. ,  VAID, Yousuf H.

IPC: G06F9/445 ,  G06F15/177 ,  G06F9/50

CPC classification number: H04W8/22 ,  G06F9/44505 ,  G06F9/5011

Abstract: ABSTRACT Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a PCF, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification when it is determined the PCF package is valid.

公开(公告)号：EP3059923A1

公开(公告)日：2016-08-24

申请号：EP16152557.1

申请日：2016-01-25

Applicant: APPLE INC.

Inventor： LI, Li ,  HAUCK, Jerrold Von ,  MATHIAS, Arun G.

IPC: H04L29/06 ,  H04L29/08 ,  H04W4/00 ,  H04W8/20 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08

Abstract: Disclosed herein are different techniques for enabling a mobile device to dynamically support different authentication algorithms. A first technique involves configuring an eUICC included in the mobile device to implement various authentication algorithms that are utilized by MNOs (e.g., MNOs with which the mobile device can interact). Specifically, this technique involves the eUICC storing executable code for each of the various authentication algorithms. According to this technique, the eUICC is configured to manage at least one eSIM, where the eSIM includes (i) an identifier that corresponds to one of the various authentication algorithms implemented by the eUICC, and (ii) authentication parameters that are compatible with the authentication algorithm. A second technique involves configuring the eUICC to interface with an eSIM to extract (i) executable code for an authentication algorithm used by an MNO that corresponds to the eSIM, and (ii) authentication parameters that are compatible with the authentication algorithm.

Abstract translation: 这里公开了使移动设备能够动态地支持不同认证算法的不同技术。 第一技术涉及配置包括在移动设备中的eUICC以实现由MNO（例如，移动设备可以与之交互的MNO）利用的各种认证算法。 具体地说，这种技术涉及用于各种认证算法中的每一种的可执行代码的eUICC。 根据该技术，eUICC被配置为管理至少一个eSIM，其中eSIM包括（i）对应于由eUICC实现的各种认证算法之一的标识符，以及（ii）与 认证算法。 第二种技术涉及配置eUICC与eSIM接口，以提取（i）与eSIM相对应的MNO使用的认证算法的可执行代码，以及（ii）与认证算法兼容的认证参数。

公开(公告)号：EP2923478A1

公开(公告)日：2015-09-30

申请号：EP13802185.2

申请日：2013-11-20

Applicant: Apple Inc.

Inventor： SHARP, Christopher B. ,  VAID, Yousuf H. ,  LI, Li ,  HAUCK, Jerrold V. ,  MATHIAS, Arun G. ,  YANG, Xiangying ,  MCLAUGHLIN, Kevin P.

IPC: H04L29/06 ,  H04W12/08

CPC classification number: G06F21/604 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04W12/08 ,  H04W12/0806

Abstract: A policy-based framework is described. This policy-based framework may be used to specify the privileges for logical entities to perform operations associated with an access-control element (such as an electronic Subscriber Identity Module) located within a secure element in an electronic device. Note that different logical entities may have different privileges for different operations associated with the same or different access-control elements. Moreover, the policy-based framework may specify types of credentials that are used by the logical entities during authentication, so that different types of credentials may be used for different operations and/or by different logical entities. Furthermore, the policy-based framework may specify the security protocols and security levels that are used by the logical entities during authentication, so that different security protocols and security levels may be used for different operations and/or by different logical entities.

公开(公告)号：EP2815553A2

公开(公告)日：2014-12-24

申请号：EP13714036.4

申请日：2013-02-14

Applicant: Apple Inc.

Inventor： HAGGERTY, David ,  HAUCK, Jerrold ,  JUANG, Ben ,  LI, Li ,  MATHIAS, Arun ,  MCLAUGHLIN, Kevin ,  NARASIMHAN, Avinash ,  SHARP, Chris ,  VAID, Yousuf ,  YANG, Xiangying

IPC: H04L29/06 ,  H04W12/06

CPC classification number: H04W12/06 ,  H04L63/0853 ,  H04L63/205

Abstract: Methods and apparatus for large scale distribution of electronic access control clients. In one aspect, a tiered security software protocol is disclosed. In one exemplary embodiment, a server electronic Universal Integrated Circuit Card (eUICC) and client eUICC software comprise a so-called ''stack'' of software layers. Each software layer is responsible for a set of hierarchical functions which are negotiated with its corresponding peer software layer. The tiered security software protocol is configured for large scale distribution of electronic Subscriber Identity Modules (eSIMs).

Abstract translation: 方法及装置电子门禁客户的大规模发行。 一方面，分层安全软件的协议是游离缺失盘。 在一个示例性实施例中，服务器电子通用集成电路卡（所述eUICC）和客户端软件的eUICC包括的软件层的所谓的“”栈”。 每个软件层负责一组分级函数，它们商定了相应对等的软件层。 分层安全软件协议配置电子用户身份模块（的eSIM）的大规模分布。

公开(公告)号：EP2813103A2

公开(公告)日：2014-12-17

申请号：EP13722157.8

申请日：2013-02-08

Applicant: Apple Inc.

Inventor： LI, Li ,  SCHELL, Stephan, V.

IPC: H04W28/02 ,  H04W12/12 ,  H04W8/20

CPC classification number: H04W12/12 ,  H04L69/40 ,  H04W8/20 ,  H04W8/265 ,  H04W28/0289 ,  H04W28/06 ,  H04W48/06 ,  H04W52/0212 ,  H04W74/004 ,  Y02D70/1224 ,  Y02D70/1242 ,  Y02D70/1262 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/146 ,  Y02D70/166

Abstract: Methods and apparatus for correcting error events associated with identity provisioning. In one embodiment, repeated requests for access control clients are responded to with the execution of a provisioning feedback mechanism which is intended to prevent the unintentional (or even intentional) over-consumption or waste of network resources via the delivery of an excessive amount of access control clients. These provisioning feedback mechanisms include rate-limiting algorithms and/or methodologies which place a cost on the user. Apparatus for implementing the aforementioned provisioning feedback mechanisms are also disclosed and include specialized user equipment and/or network side equipment such as a subscriber identity module provisioning server (SPS).

Abstract translation: 方法和装置用于校正与身份供应相关联的错误事件。 在一个，实施例重复访问控制客户端的请求回应了与配置的反馈机制的执行所有这些是为了防止过度消费或网络资源的浪费的无意（或甚至有意地）经由接入过量的输送 控制客户端。 这些供应反馈机制包括限速算法和/或方法哪个地方上的用户成本。 一种用于实现上述供应反馈机制，因此游离缺失盘和包括专用用户设备和/或网络侧设备：诸如订户身份模块供应服务器（SPS）。

公开(公告)号：EP2813100A2

公开(公告)日：2014-12-17

申请号：EP13722156.0

申请日：2013-02-07

Applicant: Apple Inc.

Inventor： HAUCK, Jerrold, Von ,  LI, Li ,  SCHELL, Stephan, V.

IPC: H04W12/12 ,  H04L29/06 ,  H04W8/20

CPC classification number: H04L63/1408 ,  H04W8/205 ,  H04W12/12

Abstract: Methods and apparatus for detecting fraudulent device operation. In one exemplary embodiment of the present disclosure, a device is issued a user access control client that is uniquely associated with a shared secret that is securely stored within the network and the access control client. Subsequent efforts to activate or deactivate the access control client require verification of the shared secret. Each change in state includes a change to the shared secret. Consequently, requests for a change to state which do not have the proper shared secret will be disregarded, and/or flagged as fraudulent.

Abstract translation: 用于检测设备无效操作的方法和装置。 在本公开的一个示例性实施例中，向设备发布与安全地存储在网络和访问控制客户端内的共享秘密唯一相关联的用户访问控制客户端。 随后努力激活或停用访问控制客户端需要验证共享密钥。 每个状态变化包括对共享秘密的改变。 因此，对不具有适当共享秘密的更改状态的请求将被忽略，和/或被标记为欺诈。

公开(公告)号：EP4527094A1

公开(公告)日：2025-03-26

申请号：EP23739716.1

申请日：2023-06-12

Applicant: Apple Inc.

Inventor： CHAUGULE, Raj S. ,  ZHENG, He ,  LI, Li ,  GUPTA, Suraj

IPC: H04W8/18 ,  H04W8/20

公开(公告)号：EP4099739A1

公开(公告)日：2022-12-07

申请号：EP22176233.9

申请日：2022-05-30

Applicant: Apple Inc.

Inventor： LI, Li ,  VERMA, Rajeev ,  CONWAY, Dennis D.

IPC: H04W8/18 ,  H04W8/20 ,  H04W4/60

Abstract: This Application sets forth techniques for managing subscriber identity module (SIM) toolkit (STK) scheduling for multiple enabled electronic subscriber identity module (eSIM) profiles on an embedded universal integrated circuit card (eUICC) of a wireless device, including managing multiple STK sessions at a baseband processor external to the eUICC of the wireless device. To forestall STK communication for different eSIMs from interfering with execution of processes associated with the eSIMs, a baseband processor can schedule STK sessions to avoid overlap and reduce opportunities for errors in handling eSIM processes. The baseband processor can prioritize whether to queue commands for a second STK session for a second eSIM until a first STK session for a first eSIM ends or to terminate the first STK session to handle the second STK session.

公开(公告)号：EP3258667A1

公开(公告)日：2017-12-20

申请号：EP17172936.1

申请日：2011-10-28

Applicant: Apple Inc.

Inventor： SCHNELL, Stephan V. ,  MATHIAS, Arun, G. ,  VON HAUCK, Jerrold ,  HAGGERTY, David, T. ,  McLAUGHLIN, Kevin ,  JUANG, Ben-Huang ,  LI, Li

IPC: H04L29/06 ,  H04W12/08 ,  H04W8/20 ,  H04L29/08 ,  G06F21/45 ,  G06F21/57 ,  H04W4/00

CPC classification number: H04W12/06 ,  G06F21/45 ,  G06F21/57 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/123 ,  H04L63/20 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W8/205 ,  H04W12/04 ,  H04W12/08

Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus (500). In one embodiment, a previously purchased or deployed wireless apparatus (500) is activated by a cellular network. The wireless apparatus (500) connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

Abstract translation: 能够编程无线装置（500）的电子标识信息的方法和装置。 在一个实施例中，先前购买或部署的无线装置（500）由蜂窝网络激活。 无线装置（500）使用访问模块连接到蜂窝网络以下载操作系统组件和/或访问控制客户端组件。 所描述的方法和设备实现了包括电子订户身份模块（eSIM）数据，OS组件的各种组件的更新，添加和替换。 本发明的一个示例性实现利用设备和蜂窝网络之间的可信密钥交换来维护安全性。

公开(公告)号：EP3151593A1

公开(公告)日：2017-04-05

申请号：EP16191562.4

申请日：2016-09-29

Applicant: Apple Inc.

Inventor： YANG, Xiangying ,  LI, Li

IPC: H04W8/20 ,  H04L9/08 ,  H04L29/06 ,  H04W12/04

CPC classification number: H04L9/0822 ,  H04L9/0841 ,  H04L63/0428 ,  H04L2209/80 ,  H04L2463/062 ,  H04W8/205 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

Abstract: Methods for provisioning electronic Subscriber Identity Modules (eSIMs) to electronic Universal Integrated Circuit Cards (eUICCs) are provided. One method involves a provisioning server (102) configured to encrypt (416) the eSIM with a symmetric key (Ke). The provisioning server, upon identifying a target eUICC (120), encrypts (434) the symmetric key with a key encryption key (KEK) derived (428) based at least in part on a private key associated with the provisioning server and a public key associated with the target eUICC. The provisioning server generates (636) an eSIM package including the encrypted eSIM, the encrypted symmetric key, a public key corresponding to the private key associated with the provisioning server, as well as additional information that enables the target eUICC to, upon receipt of the eSIM package, identify (641) a private key that corresponds to the public key associated with the target eUICC and used to derive the KEK.

Abstract translation: 提供了向电子通用集成电路卡（eUICC）提供电子用户识别模块（eSIM）的方法。 一种方法涉及配置服务器（102），其被配置为用对称密钥（Ke）加密（416）eSIM。 所述供应服务器在识别目标eUICC（120）时，至少部分地基于与所述供应服务器相关联的专用密钥和公共密钥来加密（434）所导出的密钥加密密钥（KEK）的对称密钥（428） 与目标eUICC相关联。 配置服务器生成（636）包括加密的eSIM，加密的对称密钥，与配置服务器相关联的私有密钥对应的公开密钥的eSIM包，以及使目标eUICC在接收到 eSIM包，识别（641）对应于与目标eUICC相关联并用于导出KEK的公钥的私钥。