公开(公告)号：US11483711B2

公开(公告)日：2022-10-25

申请号：US17176167

申请日：2021-02-15

Applicant: Apple Inc.

Inventor： Sherman X. Jin ,  Raj S. Chaugule ,  Anish Kumar Goyal ,  Li Li ,  Rafael L. Rivera-Barreto ,  Samy Touati ,  Rohan C. Malthankar

IPC: H04W12/43 ,  H04W76/14 ,  H04L9/40 ,  H04W8/20 ,  H04W12/42 ,  H04W12/50 ,  H04W12/069

Abstract: Embodiments described herein relate to transfer of credentials between two mobile wireless devices that are within proximity of each other, via a secure local connection, or via a network-based cloud service, where the two mobile wireless devices are not in proximity to each other. Transfer of credentials can include communication between a source device, a target device, and/or one more network-based servers, which can include mobile network operator (MNO) managed servers, such as an entitlement server, a web-sheet server, an authentication server, a provisioning server, a subscription management data preparation (SM-DP+) server, a home subscriber server (HSS), and/or an authentication server, as well as third-party managed servers, such as a cloud service server and/or an identification services server. Authentication can be based at least in part on one or more tokens and/or a trust flag obtained by the source device and provided to the target device.

公开(公告)号：US11172350B1

公开(公告)日：2021-11-09

申请号：US16902216

申请日：2020-06-15

Applicant: Apple Inc.

Inventor： Raj S. Chaugule ,  Li Li ,  Vikram Bhaskara Yerrabommanahalli ,  Chandiramohan Vasudevan ,  Damien R. Holzapfel ,  Avinash Narasimhan ,  Ameya R. Kasbekar

IPC: H04W8/18 ,  H04W8/20 ,  H04W4/50 ,  H04W12/06 ,  H04W4/24 ,  H04W4/60 ,  H04W12/30

Abstract: This Application sets forth techniques for provisioning and activating electronic subscriber identity modules (eSIMs) for mobile wireless devices. An eSIM is reserved during a sales order process and later activated during device activation after receipt by a user. An option for eSIM installation in place of (or in addition to) physical SIM installation is provided when purchasing the mobile wireless device. The reserved eSIM can replace a previous SIM/eSIM or be a new eSIM. During device activation, installation and activation of the eSIM occurs. Activation of the eSIM can occur before or after deactivation of a transferred SIM/eSIM. The mobile wireless device accounts for propagation delay of eSIM activation through MNO servers by disabling and re-enabling the eSIM until initial attachment to an MNO cellular wireless network succeeds or a maximum number of retry attempts is reached.

公开(公告)号：US10985926B2

公开(公告)日：2021-04-20

申请号：US16117642

申请日：2018-08-30

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Avinash Narasimhan ,  Li Li ,  David I. Ahn ,  Jean-Marc Padova ,  Clark P. Mueller ,  David T. Haggerty

IPC: H04L29/06 ,  H04L9/32 ,  H04W12/00 ,  H04L9/00 ,  H04L9/30

Abstract: Embodiments provided herein identify a certificate issuer (CI) to be relied on as a trusted third party by an electronic subscriber identity module (eSIM) server in remote SIM provisioning (RSP) transactions with an embedded universal integrated circuit card (eUICC). In an RSP ecosystem, multiple CIs may exist. Parties rely on public key infrastructure (PKI) techniques for establishment of trust. Trust may be established based on a trusted third party such as a CI. Parties need to agree on the CI in order for some PKI techniques to be useful. Embodiments provided herein describe approaches for an eUICC and an eSIM server to arrive at an agreed-on CI. Candidate or negotiated CIs may be indicated on a public key identifier (PKID) list. A PKID list is distributed, in some embodiments, by means of a discovery server, via an activation code (AC) and/or during the establishment of a profile provisioning session.

公开(公告)号：US10664257B2

公开(公告)日：2020-05-26

申请号：US15146771

申请日：2016-05-04

Applicant: Apple Inc.

Inventor： Li Li ,  Arun G. Mathias

IPC: H04L29/06 ,  G06F8/65

Abstract: Activities involving a secure element (SE) in a mobile device include a background operation. When the SE initiates the background operation, it informs the mobile device of an estimated duration. The mobile device thus recognizes that the SE is not in a stuck state, and maintains a clock signal and a power flow to the SE. Firmware updates to the SE include erasing a non-volatile (NV) memory in the SE in parallel with firmware or software updates to other processor systems in the mobile device. Needed data, for example calibration data or cryptographic key data, is preserved by storing data from some processor systems in one or more supplementary security domains (SSDs) in the SE. When a given processor system completes a firmware update, the needed data is restored to the processor system from the SSD.

公开(公告)号：US10433131B2

公开(公告)日：2019-10-01

申请号：US16141482

申请日：2018-09-25

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li

IPC: H04W4/60

Abstract: An electronic universal integrated circuit card (eUICC) performs one or more operations to increase the reliability and decrease the execution time of remote profile management (RPM) commands or local profile management (LPM) commands. In some embodiments, the eUICC scans through a received script containing RPM commands and then selectively defers some responsive actions such as refresh commands. An eSIM server that originates the script, in some embodiments, mandates performance of a refresh command after a particular RPM command by including an explicit refresh command code in the script. In some embodiments, the eSIM server includes a command instructing the eUICC to hold responsive refresh commands until the completion of the script. In some scenarios, execution of one or more RPM or LPM commands may be interfered with by a card application toolkit (CAT) session. Embodiments provided herein prioritize the RPM/LPM commands as more important than the CAT session.

公开(公告)号：US10405181B2

公开(公告)日：2019-09-03

申请号：US15876875

申请日：2018-01-22

Applicant: Apple Inc.

Inventor： Li Li ,  Xiangying Yang ,  Jerrold Von Hauck ,  Christopher B. Sharp ,  Yousuf H. Vaid ,  Arun G. Mathias ,  David T. Haggerty ,  Najeeb M. Abdulrahiman

IPC: H04W12/06 ,  H04L29/06 ,  H04L12/24

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

公开(公告)号：US10396981B2

公开(公告)日：2019-08-27

申请号：US15279343

申请日：2016-09-28

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li

IPC: H04L9/32 ,  H04L9/08 ,  H04W12/04 ,  H04L29/06 ,  H04W8/20 ,  H04W12/02 ,  H04W12/06

Abstract: Methods for provisioning electronic Subscriber Identity Modules (eSIMs) to electronic Universal Integrated Circuit Cards (eUICCs) are provided. One method involves a provisioning server configured to encrypt the eSIM with a symmetric key (Ke). The provisioning server, upon identifying a target eUICC, encrypts the symmetric key with a key encryption key (KEK) derived based at least in part on a private key associated with the provisioning server and a public key associated with the target eUICC. The provisioning server generates an eSIM package including the encrypted eSIM, the encrypted symmetric key, a public key corresponding to the private key associated with the provisioning server, as well as additional information that enables the target eUICC to, upon receipt of the eSIM package, identify a private key that corresponds to the public key associated with the target eUICC and used to derive the KEK.

公开(公告)号：US10251054B2

公开(公告)日：2019-04-02

申请号：US15698950

申请日：2017-09-08

Applicant: APPLE INC.

Inventor： Mehdi Ziat ,  Christopher Sharp ,  Kevin P. McLaughlin ,  Li Li ,  Jerrold V. Hauck ,  Yousuf H. Vaid

IPC: H04W4/00 ,  H04W8/22 ,  G06F9/445 ,  G06F9/50

Abstract: Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a PCF, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification to the PCF when it is determined the PCF package is valid.

公开(公告)号：US20190098475A1

公开(公告)日：2019-03-28

申请号：US16141482

申请日：2018-09-25

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li

IPC: H04W4/60

CPC classification number: H04W4/60

Abstract: An electronic universal integrated circuit card (eUICC) performs one or more operations to increase the reliability and decrease the execution time of remote profile management (RPM) commands or local profile management (LPM) commands. In some embodiments, the eUICC scans through a received script containing RPM commands and then selectively defers some responsive actions such as refresh commands. An eSIM server that originates the script, in some embodiments, mandates performance of a refresh command after a particular RPM command by including an explicit refresh command code in the script. In some embodiments, the eSIM server includes a command instructing the eUICC to hold responsive refresh commands until the completion of the script. In some scenarios, execution of one or more RPM or LPM commands may be interfered with by a card application toolkit (CAT) session. Embodiments provided herein prioritize the RPM/LPM commands as more important than the CAT session.

公开(公告)号：US10080119B2

公开(公告)日：2018-09-18

申请号：US15817081

申请日：2017-11-17

Applicant: Apple Inc.

Inventor： Vikram B. Yerrabommanahalli ,  Li Li ,  Arun G. Mathias ,  Najeeb M. Abdulrahiman ,  Chandiramohan Vasudevan ,  Rohan C. Malthankar ,  Francisco J. Gonzalez ,  Rafael L. Rivera-Barreto ,  Jean-Marc Padova

IPC: H04M1/00 ,  H04W4/60 ,  H04W8/20 ,  H04L29/12 ,  H04W68/00 ,  H04W8/18

CPC classification number: H04W4/60 ,  H04L61/106 ,  H04W8/18 ,  H04W8/205 ,  H04W68/005

Abstract: Some embodiments relate to methods for provisioning a secondary wireless device with an eSIM for wireless communication and activating multi-SIM functionality between the secondary wireless device and a primary wireless device having a subscribed SIM. The primary wireless device may act as a proxy in obtaining the eSIM for the secondary wireless device. The primary wireless device may then provide, to the cellular network, identifiers of the SIMs of the primary and secondary wireless devices. The primary wireless device may then request initiation of multi-SIM functionality for the two SIMs, and receive an indication that the multi-SIM functionality has been initiated. As an example, the multi-SIM functionality may be implemented by mapping the SIM of the primary wireless device and the SIM of the secondary wireless device (e.g., the provisioned eSIM) to the same Mobile Directory Number (MDN).