公开(公告)号：US20190166483A1

公开(公告)日：2019-05-30

申请号：US16244035

申请日：2019-01-09

Applicant: Apple Inc.

Inventor： Li LI ,  Clark P. MUELLER ,  Avinash NARASIMHAN ,  Arun G. MATHIAS ,  Najeeb M. ABDULRAHIMAN ,  David T. HAGGERTY

IPC: H04W8/18 ,  H04W4/50 ,  H04W12/10 ,  H04L29/06 ,  H04W4/60 ,  G06F21/72 ,  G06F21/57

CPC classification number: H04W8/183 ,  G06F21/575 ,  G06F21/72 ,  H04L63/123 ,  H04W4/50 ,  H04W4/60 ,  H04W8/245 ,  H04W12/10

Abstract: Representative embodiments described herein set forth techniques for provisioning bootstrap electronic Subscriber Identity Modules (eSIMs) to mobile devices. According to some embodiments, a mobile device can be configured to issue, to an eSIM selection server, a bootstrap eSIM request that includes (i) metadata associated with the mobile device, and (ii) metadata associated with an electronic Universal Integrated Circuit Card (eUICC) included in the mobile device. In turn, the eSIM selection server selects and binds a particular bootstrap eSIM to the mobile device, and provides information to the mobile device that enables the mobile device to obtain the particular bootstrap eSIM from one or more eSIM servers. When the mobile device obtains the particular bootstrap eSIM, the mobile device can interface with a mobile network operator (MNO) and obtain a complete eSIM that enables the mobile device to access services provided by the MNO.

公开(公告)号：US20190090129A1

公开(公告)日：2019-03-21

申请号：US16102189

申请日：2018-08-13

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI ,  Arun G. MATHIAS

IPC: H04W12/02 ,  H04W4/50

CPC classification number: H04W12/02 ,  H04W4/50 ,  H04W12/0023 ,  H04W12/00401 ,  H04W12/0806

Abstract: Methods and apparatus for managing processing of electronic Subscriber Identity Modules (eSIM) data at a mobile device are disclosed. An eSIM management entity of an embedded Universal Integrated Circuit Card (eUICC) in the mobile device obtains an encrypted eSIM package, decrypts the eSIM package to obtain eSIM contents formatted generically and not specifically tailored to requirements of the eUICC. In some embodiments, the eSIM contents are formatted based on an abstract syntax notation (ASN) distinguished encoding rules (DER) format. The eSIM management entity parses the formatted eSIM contents to retrieve individual eSIM components and installs each eSIM component for the eSIM in an eSIM security domain on the eUICC. In some embodiments, the eSIM management entity acts as a local, personalization server to provide local Trusted Service Manager (TSM) server functionality for eSIM installation that transforms “generically formatted” eSIM contents into eSIM components that match specific requirements of the eUICC.

公开(公告)号：US20180069581A1

公开(公告)日：2018-03-08

申请号：US15807516

申请日：2017-11-08

Applicant: Apple Inc.

Inventor： Avinash NARASIMHAN ,  Hemant PURSWANI ,  Clark P. MUELLER ,  David T. HAGGERTY ,  Li LI ,  Arun G. MATHIAS ,  Najeeb M. ABDULRAHIMAN

IPC: H04B1/3816 ,  H04W4/24 ,  H04L12/24

CPC classification number: H04W4/24 ,  H04L12/1407 ,  H04M15/66 ,  H04M15/80 ,  H04M17/02 ,  H04M17/023 ,  H04M17/026 ,  H04M17/103

Abstract: Methods, devices, and servers for as-needed update of a trusted list are provided herein. An electronic subscriber identity module (eSIM) server receives a request for an eSIM of a particular type from a wireless device. The eSIM server evaluates the particular type and requests an eSIM of the particular type from a second eSIM server, which is not initially trusted by a secure element (SE) of the wireless device. The eSIM server sends a policy update to the wireless device. The wireless device passes the policy update to the SE, for example, a universal integrated circuit card (UICC). The UICC updates the trusted list with an identity of the second eSIM server. When the wireless device downloads a bound profile package (BPP) containing an eSIM from the second eSIM server, the UICC validates the BPP based on the updated trusted list. The eSIM is then installed on the UICC.

公开(公告)号：US20180062853A1

公开(公告)日：2018-03-01

申请号：US15691399

申请日：2017-08-30

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: H04L9/32 ,  H04M15/00 ,  H04W12/04 ,  H04L9/00 ,  H04L9/14 ,  H04L9/30 ,  H04W12/06 ,  H04L29/06

CPC classification number: H04L9/3247 ,  H04L9/006 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3234 ,  H04L9/3271 ,  H04L63/0876 ,  H04L2209/80 ,  H04M15/47 ,  H04M15/48 ,  H04M2215/0148 ,  H04M2215/0156 ,  H04W4/24 ,  H04W12/00512 ,  H04W12/00514 ,  H04W12/04 ,  H04W12/06 ,  H04W12/12

Abstract: A malicious party may attempt to avoid a mobile network operator (MNO) contract involved with subsidy-lock by inserting an interfering piece of hardware called a proxy SIM in a device. The device provided herein uses an authentication technique to guard against a proxy-SIM attack. The device includes a secure element (SE) with subscriber identity module (SIM) functionality present on the SE. The device sends the SE a nonce to be signed over. The SE signs using a public key infrastructure (PKI) private key of the SE and provides a response. The device evaluates whether the response contains a valid signature. If the validation is successful, the device relies on SIM data provided in the response to continue with activation of the device, so that the device can provide services under the MNO contract. If the validation fails, the device will not attempt to access network services with the SIM functionality.

公开(公告)号：US20170374547A1

公开(公告)日：2017-12-28

申请号：US15698950

申请日：2017-09-08

Applicant: APPLE INC.

Inventor： Mehdi ZIAT ,  Christopher Sharp ,  Kevin P. MCLAUGHLIN ,  Li LI ,  Jerrold V. Hauck ,  Yousuf H. Vaid

IPC: H04W8/22 ,  G06F9/50 ,  G06F9/445

CPC classification number: H04W8/22 ,  G06F9/44505 ,  G06F9/5011

Abstract: Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a POE, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification to the PCF when it is determined the PCF package is valid.

公开(公告)号：US20170289142A1

公开(公告)日：2017-10-05

申请号：US15630710

申请日：2017-06-22

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI ,  Jerrold Von HAUCK

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/065 ,  H04L63/068 ,  H04L63/105 ,  H04W12/04 ,  H04W12/06

Abstract: A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired. Once the shared session-based symmetric key is established, the off-card entity and the eUICC can securely communicate information.

公开(公告)号：US20170078870A1

公开(公告)日：2017-03-16

申请号：US15362732

申请日：2016-11-28

Applicant: Apple Inc.

Inventor： Li LI ,  Xiangying YANG

IPC: H04W8/18 ,  G06F12/02 ,  G06F3/06 ,  H04W8/20

CPC classification number: H04W8/183 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/0665 ,  G06F3/0673 ,  G06F12/0223 ,  G06F2212/1052 ,  G06F2212/177 ,  H04W8/205

Abstract: Disclosed herein are various techniques for preventing or at least partially securing parameters—e.g., Type parameters—of electronic Subscriber Identity Modules (eSIMs) stored within an embedded Universal Integrated Circuit Card (eUICC) from being inappropriately modified by mobile network operators (MNOs). One embodiment sets forth a technique that involves modifying file access properties of the Type parameters of eSIMs to make the Type parameters readable, but not updatable by the MNOs. Another embodiment sets forth a technique that involves implementing eSIM logical containers that separate the Type parameters from the eSIM data within the eUICC, such that the Type parameters are inaccessible to the MNOs. Yet another embodiment sets forth a technique that involves implementing an Operating System (OS)-based registry that is inaccessible to the MNOs and manages Type parameters for the eSIMs that are stored by the eUICC.

Abstract translation: 本文公开了用于防止或至少部分地保护存储在嵌入式通用集成电路卡（eUICC）中的电子用户识别模块（eSIM）的参数的类型参数的各种技术不被移动网络运营商（MNO）的不当修改。 一个实施例提出了一种技术，其涉及修改eSIM的Type参数的文件访问属性，以使类型参数可读，但不能由MNO更新。 另一个实施例提出了一种技术，其涉及实现将Type参数与eUICC内的eSIM数据分开的eSIM逻辑容器，使得MNO不能访问Type参数。 另一个实施例提出了一种技术，其涉及实现MNO不可访问的基于操作系统（OS）的注册表，并管理由eUICC存储的eSIM的类型参数。

公开(公告)号：US20170013442A1

公开(公告)日：2017-01-12

申请号：US15269896

申请日：2016-09-19

Applicant: Apple Inc.

Inventor： Li LI ,  Ben-Heng JUANG ,  Arun G. MATHIAS

IPC: H04W8/18 ,  H04W8/20

CPC classification number: H04W8/183 ,  H04W8/20

Abstract: Embodiments are described for identifying and accessing an electronic subscriber identity module (eSIM) and associated content of the eSIM in a multiple eSIM configuration. An embedded Universal Integrated Circuit Card (eUICC) can include multiple eSIMs, where each eSIM can include its own file structures and applications. Some embodiments include a processor of a mobile device transmitting a special command to the eUICC, including an identification that uniquely identifies an eSIM in the eUICC. After selecting the eSIM, the processor can access file structures and applications of the selected eSIM. The processor can then use existing commands to access content in the selected eSIM. The special command can direct the eUICC to activate or deactivate content associated with the selected eSIM. Other embodiments include an eUICC platform operating system interacting with eSIMs associated with logical channels to facilitate identification and access to file structures and applications of the eSIMs.

Abstract translation: 描述了用于在多个eSIM配置中识别和访问电子订户身份模块（eSIM）和eSIM的相关内容的实施例。 嵌入式通用集成电路卡（eUICC）可以包括多个eSIM，每个eSIM可以包括其自己的文件结构和应用程序。 一些实施例包括向eUICC发送特殊命令的移动设备的处理器，包括在eUICC中唯一地标识eSIM的标识。 选择eSIM后，处理器可以访问所选eSIM的文件结构和应用程序。 然后，处理器可以使用现有命令访问所选eSIM中的内容。 特殊命令可以指示eUICC激活或停用与所选eSIM相关联的内容。 其他实施例包括与与逻辑信道相关联的eSIM交互的eUICC平台操作系统，以便于识别和访问eSIM的文件结构和应用。

公开(公告)号：US20160302070A1

公开(公告)日：2016-10-13

申请号：US15093595

申请日：2016-04-07

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI ,  Arun G. MATHIAS

IPC: H04W12/08

CPC classification number: H04W12/02 ,  H04W4/50

Abstract: Methods and apparatus for managing processing of electronic Subscriber Identity Modules (eSIM) data at a mobile device are disclosed. An eSIM management entity of an embedded Universal Integrated Circuit Card (eUICC) in the mobile device obtains an encrypted eSIM package, decrypts the eSIM package to obtain eSIM contents formatted generically and not specifically tailored to requirements of the eUICC. In some embodiments, the eSIM contents are formatted based on an abstract syntax notation (ASN) distinguished encoding rules (DER) format. The eSIM management entity parses the formatted eSIM contents to retrieve individual eSIM components and installs each eSIM component for the eSIM in an eSIM security domain on the eUICC. In some embodiments, the eSIM management entity acts as a local, personalization server to provide local Trusted Service Manager (TSM) server functionality for eSIM installation that transforms “generically formatted” eSIM contents into eSIM components that match specific requirements of the eUICC.

Abstract translation: 公开了在移动设备处理电子用户识别模块（eSIM）数据处理的方法和装置。 移动设备嵌入式通用集成电路卡（eUICC）的eSIM管理实体获取加密的eSIM包，解密eSIM包，获取一般格式的eSIM内容，而不是专门针对eUICC的要求。 在一些实施例中，基于抽象语法符号（ASN）区分编码规则（DER）格式来格式化eSIM内容。 eSIM管理实体解析格式化的eSIM内容，检索单个eSIM组件，并将eSIM的每个eSIM组件安装在eUICC的eSIM安全域中。 在一些实施例中，eSIM管理实体充当本地个性化服务器，为eSIM安装提供本地可信服务管理器（TSM）服务器功能，将“一般格式化”的eSIM内容转换为符合eUICC特定要求的eSIM组件。

公开(公告)号：US20160277930A1

公开(公告)日：2016-09-22

申请号：US15076527

申请日：2016-03-21

Applicant: Apple Inc.

Inventor： Li LI ,  Xiangying YANG ,  Jerrold Von HAUCK ,  Christopher B. SHARP ,  Yousuf H. VAID ,  Arun G. MATHIAS ,  David T. HAGGERTY ,  Najeeb M. ABDULRAHIMAN

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L41/28 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/0853

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract translation: 公开了用于移动设备中包括的eUICC的eSIM的管理操作的用户认证和人为意图验证的方法和装置。 eSIM和/或eUICC固件的某些管理操作（例如导入，修改和/或导出）可能需要在由移动设备执行或完成执行管理操作之前的用户认证和/或人为意图验证。 移动设备的用户提供在eUICC上（或之后）安装时将外部用户帐户链接到eSIM的信息。 可以使用诸如用户名和密码的用户凭证和/或从其生成的信息来用外部服务器认证用户。 响应成功的用户认证，执行管理操作。 人员意图验证还可以与用户认证一起执行，以防止恶意软件干扰移动设备的eSIM和/或eUICC功能。