公开(公告)号：US10149144B2

公开(公告)日：2018-12-04

申请号：US14814484

申请日：2015-07-30

Applicant: Apple Inc.

Inventor： Stephan V. Schell ,  Jerrold Von Hauck

IPC: H04W8/20 ,  H04W8/26 ,  G06F21/34 ,  H04W4/50 ,  H04W8/18 ,  H04L29/08 ,  H04W4/80 ,  H04L29/06 ,  H04W12/06

Abstract: Described herein is a simulacrum security device and methods. In one embodiment, a simulacrum or likeness of a physical security device is provided for use in conjunction with a software emulation of the security device. In one implementation, a “faux SIM card” is provided that does not contain Subscriber Identification Module (SIM) information itself, but instead enables a user to download Electronic SIM (eSIM) information (e.g., from a network or eSIM server) which is loaded into a software emulation of a Universal Integrated Circuit Card (UICC) device. The faux card is printed with an activation code, scan pattern, or other activation or access information. The subscriber purchases the faux card, and enters the activation code into a device; the entered activation code enables the device to log onto a network, and download the appropriate eSIM data. Delivery of eSIM information as enabled by the faux card addresses deficiencies in existing SIM distribution schemes, provides users with an enhanced perception of security, and further addresses various legal requirements.

公开(公告)号：US10009764B2

公开(公告)日：2018-06-26

申请号：US14738792

申请日：2015-06-12

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Jerrold Von Hauck

IPC: H04M1/66 ,  H04W12/06 ,  H04B1/3816

CPC classification number: H04W12/06 ,  H04B1/3816 ,  H04M1/66 ,  H04W12/00405

Abstract: Methods and apparatuses for providing controlled switching of electronic access control clients (e.g., electronic Subscriber Identity Modules (eSIMs)) without requiring network access are set forth herein. In one embodiment, a method for swapping of subscriptions and/or profiles for without network supervision that prevents possibly malicious high frequency switching is disclosed. For example, a secure element included in a mobile device can be configured to issue, to a security module included in the mobile device, a request for the security module to carry out an authentication of a user of the mobile device. Upon determining, based on results received from the security module, that the authentication is successful, the secure element can generate one or more credits in accordance with the results, where each credit of the one or more credits can be used to carry out an eSIM management operation within the secure element.

公开(公告)号：US09942755B2

公开(公告)日：2018-04-10

申请号：US14831819

申请日：2015-08-20

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li ,  Jerrold Von Hauck

IPC: H04W12/06 ,  H04W12/08 ,  H04L9/32 ,  G06F21/32 ,  H04W4/00

CPC classification number: H04W12/06 ,  G06F21/32 ,  H04L9/3231 ,  H04L9/3271 ,  H04L2209/80 ,  H04W4/50 ,  H04W4/60 ,  H04W12/08

Abstract: The embodiments set forth techniques for an embedded Universal Integrated Circuit Card (eUICC) to conditionally require, when performing management operations in association with electronic Subscriber Identity Modules (eSIMs), human-based authentication. The eUICC receives a request to perform a management operation in association with an eSIM. In response, the eUICC determines whether a policy being enforced by the eUICC indicates that a human-based authentication is required prior to performing the management operation. Next, the eUICC causes the mobile device to prompt a user of the mobile device to carry out the human-based authentication. The management operation is then performed or ignored in accordance with results of the human-based authentication.

公开(公告)号：US09882594B2

公开(公告)日：2018-01-30

申请号：US14685547

申请日：2015-04-13

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Jerrold Von Hauck

IPC: H04B1/38 ,  H04B1/3816 ,  H04W12/12 ,  H04W4/00 ,  G05B11/01 ,  H04L29/06

CPC classification number: H04B1/3816 ,  G05B11/01 ,  H04B1/38 ,  H04L63/107 ,  H04L63/108 ,  H04W4/50 ,  H04W12/12

Abstract: Methods and apparatuses for providing controlled switching of electronic access control clients without requiring network access are set forth herein. In one embodiment, a method for swapping of subscriptions and/or profiles for electronic Subscriber Identity Modules (eSIMs) without network supervision that prevents possibly malicious high frequency switching is disclosed. The disclosed embodiments offer reasonable management capabilities for network operators, without compromising the flexibility of eSIM operation.

公开(公告)号：US09524158B2

公开(公告)日：2016-12-20

申请号：US14629388

申请日：2015-02-23

Applicant: Apple Inc.

Inventor： Li Li ,  Jerrold Von Hauck ,  Najeeb M. Abdulrahiman ,  Arun G. Mathias

IPC: G06F9/44 ,  G06F9/445 ,  H04W8/24 ,  H04L29/06

CPC classification number: G06F8/65 ,  G06F8/61 ,  G06F8/654 ,  H04L63/0853 ,  H04W8/205 ,  H04W8/24

Abstract: Disclosed herein is a technique for updating firmware of an embedded Universal Integrated Circuit Card (eUICC) included in a mobile device. The technique includes the steps of (1) receiving, from a firmware provider, an indication that an updated firmware is available for the eUICC, (2) in response to the indication, providing, to the firmware provider, (i) a unique identifier (ID) associated with the eUICC, and (ii) a nonce value, (3) subsequent to providing, receiving, from the firmware provider, a firmware update package, wherein the firmware update package includes (i) authentication information, and (ii) the updated firmware, (4) subsequent to verifying the authentication information, persisting, to a memory included in the mobile device, a hash value that corresponds to the updated firmware, and (5) installing the updated firmware on the eUICC.

Abstract translation: 这里公开了一种用于更新包括在移动设备中的嵌入式通用集成电路卡（eUICC）的固件的技术。 该技术包括以下步骤：（1）从固件提供商接收更新的固件可用于eUICC的指示，（2）响应于该指示，向固件提供商提供（i）唯一标识符 （i）与所述eUICC相关联，以及（ii）随机值，（3）在从所述固件提供商提供固件更新包之后，其中所述固件更新包包括（i）认证信息，和（ii） ）更新的固件，（4）在验证认证信息之后，将包含在移动设备中的存储器持久化到与更新的固件相对应的散列值，以及（5）在eUICC上安装更新的固件。

公开(公告)号：US09438600B2

公开(公告)日：2016-09-06

申请号：US14257971

申请日：2014-04-21

Applicant: Apple Inc.

Inventor： David T. Haggerty ,  Jerrold Von Hauck ,  Kevin McLaughlin

IPC: H04L29/06 ,  H04W4/00 ,  H04W8/26 ,  H04L9/30 ,  H04W4/02 ,  H04W12/02 ,  H04W12/06

CPC classification number: H04L63/10 ,  H04L9/30 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0853 ,  H04L2209/24 ,  H04W4/02 ,  H04W4/60 ,  H04W8/265 ,  H04W12/02 ,  H04W12/06

Abstract: Apparatus and methods for efficiently distributing and storing access control clients within a network. In one embodiment, the access clients include electronic Subscriber Identity Modules (eSIMs), and an eSIM distribution network infrastructure is described which enforces eSIM uniqueness and conservation, distributes network traffic to prevent “bottle necking” congestion, and provides reasonable disaster recovery capabilities. In one variant, eSIMs are securely stored at electronic Universal Integrated Circuit Card (eUICC) appliances which ensure eSIM uniqueness and conservation. Access to the eUICC appliances is made via multiple eSIM depots, which ensure that network load is distributed. Persistent storage is additionally described, for among other activities, archiving and backup.

Abstract translation: 用于在网络内高效地分发和存储访问控制客户端的装置和方法。 在一个实施例中，访问客户端包括电子订户身份模块（eSIM），并且描述了实施eSIM​​唯一性和保存的eSIM分发网络基础设施，分发网络流量以防止“瓶颈缩小”拥塞，并提供合理的灾难恢复能力。 在一个变体中，eSIM被安全地存储在电子通用集成电路卡（eUICC）设备中，确保eSIM的独特性和保存性。 通过多个eSIM仓库访问eUICC设备，确保网络负载分布。 另外描述了持久存储，用于其他活动中的归档和备份。

公开(公告)号：US11068883B2

公开(公告)日：2021-07-20

申请号：US15482478

申请日：2017-04-07

Applicant: Apple Inc.

Inventor： David T. Haggerty ,  Ahmer A. Khan ,  Christopher B. Sharp ,  Jerrold Von Hauck ,  Joakim Linde ,  Kevin P. McLaughlin ,  Mehdi Ziat ,  Yousuf H. Vaid

IPC: G06Q20/36 ,  G06Q20/38 ,  G06Q20/32 ,  G06Q20/12 ,  G06Q20/34

Abstract: Methods and apparatus for the deployment of financial instruments and other assets are disclosed. In one embodiment, a security software protocol is disclosed that guarantees that the asset is always securely encrypted, that one and only one copy of an asset exists, and the asset is delivered to an authenticated and/or authorized customer. Additionally, exemplary embodiments of provisioning systems are disclosed that are capable of, among other things, handling large bursts of traffic (such as can occur on a so-called “launch day” of a device).

公开(公告)号：US10470038B2

公开(公告)日：2019-11-05

申请号：US15245013

申请日：2016-08-23

Applicant: Apple Inc.

Inventor： David Fleischman ,  Patrick Coffman ,  Jeremy Wyld ,  Gregory N. Christie ,  Jerrold Von Hauck ,  Audra Men-jhi Liu ,  Sebastien Sahuc ,  Muralidhar S. Vempaty ,  Shruti Chugh ,  Ashutosh Chaubey ,  Dallas De Atley ,  Jean-Marc Padova ,  Heath Culp ,  Bruno Posokhow ,  Brian Cassidy ,  John N. Lehner

IPC: H04M3/00 ,  H04W8/26 ,  H04W4/50 ,  H04W8/18 ,  H04W8/24

Abstract: Methods, systems, and computer-readable medium for providing telecommunications carrier configuration at activation of a mobile device. In one implementation, a method is provided. The method includes receiving a request for activation of a mobile device, and during activation of the mobile device, determining for the mobile device a telecommunications carrier from a number of telecommunications carriers, and identifying information associated with the determined telecommunications carrier for configuring the mobile device.

公开(公告)号：US10206106B2

公开(公告)日：2019-02-12

申请号：US15873856

申请日：2018-01-17

Applicant: Apple Inc.

Inventor： Stephan V. Schell ,  Arun G. Mathias ,  Jerrold Von Hauck ,  David T. Haggerty ,  Kevin McLaughlin ,  Ben-Heng Juang ,  Li Li

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  G06F21/45 ,  G06F21/57 ,  H04W12/04 ,  H04W8/20 ,  H04W4/50 ,  H04L29/08 ,  H04W4/60

Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

公开(公告)号：US09998925B2

公开(公告)日：2018-06-12

申请号：US15619167

申请日：2017-06-09

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li ,  Jerrold Von Hauck

IPC: H04L29/06 ,  H04W12/08 ,  G06F21/60 ,  G06F21/33 ,  H04L9/08 ,  H04L9/32 ,  H04W12/06 ,  G06F21/34 ,  H04W8/20

CPC classification number: H04W12/08 ,  G06F21/33 ,  G06F21/34 ,  G06F21/602 ,  G06F2221/2107 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0877 ,  H04L9/3234 ,  H04L63/0853 ,  H04L2209/80 ,  H04W8/205 ,  H04W12/06

Abstract: A method for preparing an eSIM for provisioning is provided. The method can include a provisioning server encrypting the eSIM with a symmetric key. The method can further include the provisioning server, after determining a target eUICC to which the eSIM is to be provisioned, encrypting the symmetric key with a key encryption key derived based at least in part on a private key associated with the provisioning server and a public key associated with the target eUICC. The method can additionally include the provisioning server formatting an eSIM package including the encrypted eSIM, the encrypted symmetric key, and a public key corresponding to the private key associated with the provisioning server. The method can also include the provisioning server sending the eSIM package to the target eUICC.