公开(公告)号：US10999074B2

公开(公告)日：2021-05-04

申请号：US16051040

申请日：2018-07-31

Applicant: Apple Inc.

Inventor： Carmen A. Bovalino, III ,  Shyam S. Toprani ,  George Lin ,  Yin Shun Osborn Chan ,  Anush G. Nadathur ,  Dennis Mathews

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

Abstract: An authentication process for an endpoint device uses a pair of tokens. Tokens are generated at an authentication server that maintains a data store of token states, where the states are defined to include a “normal” state sequence along which a token is expected to advance. The endpoint device can store a token pair in non-volatile local storage. To authenticate, the endpoint device can provide its stored token pair to the authentication server, which can determine whether authentication succeeds based on the states of the tokens in the token pair. After successful authentication, the authentication server can provide a new token pair to the endpoint device and advance the token states along the normal sequence. When the endpoint device confirms receipt of the new token pair, which replaces the previous token pair, the authentication server can advance the state of the tokens again.

公开(公告)号：US20200044849A1

公开(公告)日：2020-02-06

申请号：US16051040

申请日：2018-07-31

Applicant: Apple Inc.

Inventor： Carmen A. Bovalino, III ,  Shyam S. Toprani ,  George Lin ,  Yin Shun Osborn Chan ,  Anush G. Nadathur ,  Dennis Mathews

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: An authentication process for an endpoint device uses a pair of tokens. Tokens are generated at an authentication server that maintains a data store of token states, where the states are defined to include a “normal” state sequence along which a token is expected to advance. The endpoint device can store a token pair in non-volatile local storage. To authenticate, the endpoint device can provide its stored token pair to the authentication server, which can determine whether authentication succeeds based on the states of the tokens in the token pair. After successful authentication, the authentication server can provide a new token pair to the endpoint device and advance the token states along the normal sequence. When the endpoint device confirms receipt of the new token pair, which replaces the previous token pair, the authentication server can advance the state of the tokens again.

公开(公告)号：US12294864B2

公开(公告)日：2025-05-06

申请号：US17661277

申请日：2022-04-28

Applicant: Apple Inc.

Inventor： Li Li ,  Aurelien P. Raboisson ,  Avinash Narasimhan ,  George Lin ,  Keizo Marui

IPC: H04W12/72 ,  H04W8/18 ,  H04W12/0431 ,  H04W12/069

Abstract: The described embodiments set forth techniques for management of electronic subscriber identity module (eSIM) profiles for a wireless device, including in-field replacement of provisioning (bootstrap) eSIM profiles. Public key infrastructure (PKI) information for an original equipment manufacturer (OEM) profile management server is installed in an embedded universal integrated circuit card (eUICC) of a wireless device at a time of manufacture and used subsequently by the wireless device to conduct an eSIM profile management session and verify authorization of the OEM profile management server to manage, e.g., update and/or replace, one or more eSIM profiles on the eUICC of the wireless device.