公开(公告)号：US10051464B2

公开(公告)日：2018-08-14

申请号：US15093595

申请日：2016-04-07

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li ,  Arun G. Mathias

IPC: H04L29/06 ,  H04W12/02 ,  H04W4/50

Abstract: Methods and apparatus for managing processing of electronic Subscriber Identity Modules (eSIM) data at a mobile device are disclosed. An eSIM management entity of an embedded Universal Integrated Circuit Card (eUICC) in the mobile device obtains an encrypted eSIM package, decrypts the eSIM package to obtain eSIM contents formatted generically and not specifically tailored to requirements of the eUICC. In some embodiments, the eSIM contents are formatted based on an abstract syntax notation (ASN) distinguished encoding rules (DER) format. The eSIM management entity parses the formatted eSIM contents to retrieve individual eSIM components and installs each eSIM component for the eSIM in an eSIM security domain on the eUICC. In some embodiments, the eSIM management entity acts as a local, personalization server to provide local Trusted Service Manager (TSM) server functionality for eSIM installation that transforms “generically formatted” eSIM contents into eSIM components that match specific requirements of the eUICC.

公开(公告)号：US20180124597A1

公开(公告)日：2018-05-03

申请号：US15793169

申请日：2017-10-25

Applicant: Apple Inc.

Inventor： Rohan C. Malthankar ,  Paresh B. Sawant ,  Delziel J. Fernandes ,  Sergey Sitnikov ,  Arun G. Mathias ,  Jason A. Novak ,  Krisztian Kiss ,  Rafael L. Rivera-Barreto ,  Chandiramohan Vasudevan ,  Vladimir M. Appel

IPC: H04W12/02 ,  H04L29/06 ,  H04L9/32 ,  H04W12/06

Abstract: This disclosure relates to techniques for performing Wi-Fi authentication in a wireless communication system. Public key cryptography may be used to enhance the confidentiality of the user's permanent identity in transit. In some embodiments, a RSA-OAEP (SHA-256) encryption scheme may be used to protect the permanent identity when the EAP client needs to send the user's permanent identity to the server in the absence of pseudonym or fast re-authentication identity. In some embodiments, a server certificate is used to authenticate a iWLAN tunnel to protect an IMSI during setup of a Wi-Fi call. Using the methods described herein on both or either of the EAP client and server side may offer improved privacy protection.

公开(公告)号：US09940141B2

公开(公告)日：2018-04-10

申请号：US14872067

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Li Li ,  Arun G. Mathias ,  Jean-Marc Padova ,  Najeeb M. Abdulrahiman

IPC: G06F9/44 ,  H04L29/06 ,  H04W4/00 ,  H04W4/02 ,  H04W12/08 ,  H04W8/18 ,  G06F21/78

CPC classification number: G06F9/4408 ,  G06F21/78 ,  H04L63/0853 ,  H04L63/107 ,  H04W4/025 ,  H04W4/50 ,  H04W8/183 ,  H04W12/08

Abstract: Disclosed herein is a technique for selecting a bootstrap electronic Subscriber Identity Module (eSIM) from among multiple bootstrap eSIMs stored in a secure element of a mobile device. Specifically, the technique involves selecting the bootstrap eSIM based on location information associated with the mobile device. When the mobile device is located at a first location (for example, a first country) a first bootstrap eSIM associated with a Mobile Network Operator (MNO) local to the first country is selected. Similarly, when the mobile device is located at a second location (for example, a second country), a second bootstrap eSIM associated with an MNO local to the second country is selected.

公开(公告)号：US09877193B2

公开(公告)日：2018-01-23

申请号：US15076527

申请日：2016-03-21

Applicant: Apple Inc.

Inventor： Li Li ,  Xiangying Yang ,  Jerrold Von Hauck ,  Christopher B. Sharp ,  Yousuf H. Vaid ,  Arun G. Mathias ,  David T. Haggerty ,  Najeeb M. Abdulrahiman

IPC: H04M1/66 ,  H04M1/68 ,  H04M3/16 ,  H04W12/06 ,  H04L29/06 ,  H04L12/24

CPC classification number: H04W12/06 ,  H04L41/28 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/0853

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

公开(公告)号：US20170359314A1

公开(公告)日：2017-12-14

申请号：US15274388

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Arun G. Mathias ,  Thomas A. Dilligan ,  Matthew C. Lucas ,  Anush G. Nadathur ,  Kevin P. McLaughlin

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/14 ,  H04L29/08

CPC classification number: H04L63/0428 ,  H04L9/0827 ,  H04L9/0894 ,  H04L9/12 ,  H04L9/3215 ,  H04L63/06 ,  H04L63/061 ,  H04L63/083 ,  H04L63/18 ,  H04L67/06 ,  H04L67/10 ,  H04L67/1095

Abstract: A data transfer process can include multiple verification features usable by a “source” device to ensure that a “destination” device is authorized to receive a requested data object. The source device and destination device can communicate via a first communication channel (which can be on a wide-area network) to exchange public keys, then use the public keys to verify their identities and establish a secure session on a second communication channel (which can be a local channel). The data object can be transferred via the secure session. Prior to sending the data object, the source device can perform secondary verification operations (in addition to the key exchange) to confirm the identity of the second device and/or the locality of the connection on the second communication channel.

公开(公告)号：US09843885B2

公开(公告)日：2017-12-12

申请号：US15178727

申请日：2016-06-10

Applicant: Apple Inc.

Inventor： Vikram B. Yerrabommanahalli ,  Li Li ,  Arun G. Mathias ,  Najeeb M. Abdulrahiman ,  Chandiramohan Vasudevan ,  Rohan C. Malthankar ,  Francisco J. Gonzalez ,  Rafael L. Rivera-Barreto ,  Jean-Marc Padova

IPC: H04B1/38 ,  H04W4/00 ,  H04W8/20 ,  H04L29/12 ,  H04W68/00 ,  H04W8/18

CPC classification number: H04W4/60 ,  H04L61/106 ,  H04W8/18 ,  H04W8/205 ,  H04W68/005

Abstract: Some embodiments relate to methods for provisioning a secondary wireless device with an eSIM for wireless communication and activating multi-SIM functionality between the secondary wireless device and a primary wireless device having a subscribed SIM. The primary wireless device may act as a proxy in obtaining the eSIM for the secondary wireless device. The primary wireless device may then provide, to the cellular network, identifiers of the SIMs of the primary and secondary wireless devices. The primary wireless device may then request initiation of multi-SIM functionality for the two SIMs, and receive an indication that the multi-SIM functionality has been initiated. As an example, the multi-SIM functionality may be implemented by mapping the SIM of the primary wireless device and the SIM of the secondary wireless device (e.g., the provisioned eSIM) to the same Mobile Directory Number (MDN).

公开(公告)号：US09831903B1

公开(公告)日：2017-11-28

申请号：US15222759

申请日：2016-07-28

Applicant: Apple Inc.

Inventor： Avinash Narasimhan ,  Hemant Purswani ,  Clark P. Mueller ,  David T. Haggerty ,  Li Li ,  Arun G. Mathias ,  Najeeb M. Abdulrahiman

IPC: H04B1/3816 ,  H04L12/24 ,  H04W4/24

CPC classification number: H04W4/24 ,  H04L12/1407 ,  H04L41/0893 ,  H04M15/66 ,  H04M15/80 ,  H04M17/02 ,  H04M17/023 ,  H04M17/026 ,  H04M17/103

Abstract: Methods, devices, and servers for as-needed update of a trusted list are provided herein. An electronic subscriber identity module (eSIM) server receives a request for an eSIM of a particular type from a wireless device. The eSIM server evaluates the particular type and requests an eSIM of the particular type from a second eSIM server, which is not initially trusted by a secure element (SE) of the wireless device. The eSIM server sends a policy update to the wireless device. The wireless device passes the policy update to the SE, for example, a universal integrated circuit card (UICC). The UICC updates the trusted list with an identity of the second eSIM server. When the wireless device downloads a bound profile package (BPP) containing an eSIM from the second eSIM server, the UICC validates the BPP based on the updated trusted list. The eSIM is then installed on the UICC.

公开(公告)号：US09681452B2

公开(公告)日：2017-06-13

申请号：US14725638

申请日：2015-05-29

Applicant: Apple Inc.

Inventor： Harshit Chuttani ,  Chandiramohan Vasudevan ,  Matthew S. Klahn ,  Rajesh Ambati ,  Arun G. Mathias ,  Vikram Yerrabommanahalli

IPC: H04W72/00 ,  H04W72/04 ,  H04W48/14 ,  H04W4/14

CPC classification number: H04W48/18 ,  H04L12/2859 ,  H04W4/14 ,  H04W8/18 ,  H04W8/183 ,  H04W48/14 ,  H04W72/0493 ,  H04W76/16 ,  H04W84/042 ,  H04W84/12 ,  H04W88/06

Abstract: Apparatuses, systems, and methods for multi-SIM user equipment (UE) devices to perform data operations with a packet data network of a carrier associated with a first SIM of the UE. An indication of a requested data operation with the packet data network of the carrier associated with the first SIM of the UE may be received. The UE may be operating in a dual SIM mode in which the packet data network of the carrier associated with the first SIM of the UE is unavailable. It may be determined if one or more conditions for performing the requested data operation are present and if a data path to perform the requested data operation is available. The requested data operation may be performed if the one or more conditions for performing the requested data operation are present and if a data path to perform the requested data operation is available.

公开(公告)号：US09626520B2

公开(公告)日：2017-04-18

申请号：US14815391

申请日：2015-07-31

Applicant: Apple Inc.

Inventor： Christopher B. Sharp ,  Yousuf H. Vaid ,  Li Li ,  Jerrold Von Hauck ,  Arun G. Mathias ,  Xiangying Yang ,  Kevin P. McLaughlin

IPC: H04L29/06 ,  G06F21/60 ,  H04W12/08

CPC classification number: G06F21/604 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04W12/08

Abstract: A policy-based framework is described. This policy-based framework may be used to specify the privileges for logical entities to perform operations associated with an access-control element (such as an electronic Subscriber Identity Module) located within a secure element in an electronic device. Note that different logical entities may have different privileges for different operations associated with the same or different access-control elements. Moreover, the policy-based framework may specify types of credentials that are used by the logical entities during authentication, so that different types of credentials may be used for different operations and/or by different logical entities. Furthermore, the policy-based framework may specify the security protocols and security levels that are used by the logical entities during authentication, so that different security protocols and security levels may be used for different operations and/or by different logical entities.

公开(公告)号：US09451445B2

公开(公告)日：2016-09-20

申请号：US14502448

申请日：2014-09-30

Applicant: Apple Inc.

Inventor： Li Li ,  Ben-Heng Juang ,  Arun G. Mathias

IPC: H04W8/18 ,  H04W8/20

CPC classification number: H04W8/183 ,  H04W8/20

Abstract: Embodiments are described for identifying and accessing an electronic subscriber identity module (eSIM) and associated content of the eSIM in a multiple eSIM configuration. An embedded Universal Integrated Circuit Card (eUICC) can include multiple eSIMs, where each eSIM can include its own file structures and applications. Some embodiments include a processor of a mobile device transmitting a special command to the eUICC, including an identification that uniquely identifies an eSIM in the eUICC. After selecting the eSIM, the processor can access file structures and applications of the selected eSIM. The processor can then use existing commands to access content in the selected eSIM. The special command can direct the eUICC to activate or deactivate content associated with the selected eSIM. Other embodiments include an eUICC platform operating system interacting with eSIMs associated with logical channels to facilitate identification and access to file structures and applications of the eSIMs.

Abstract translation: 描述了用于在多个eSIM配置中识别和访问电子订户身份模块（eSIM）和eSIM的相关内容的实施例。 嵌入式通用集成电路卡（eUICC）可以包括多个eSIM，每个eSIM可以包括其自己的文件结构和应用程序。 一些实施例包括向eUICC发送特殊命令的移动设备的处理器，包括在eUICC中唯一地标识eSIM的标识。 选择eSIM后，处理器可以访问所选eSIM的文件结构和应用程序。 然后，处理器可以使用现有命令访问所选eSIM中的内容。 特殊命令可以指示eUICC激活或停用与所选eSIM相关联的内容。 其他实施例包括与与逻辑信道相关联的eSIM交互的eUICC平台操作系统，以便于识别和访问eSIM的文件结构和应用。