公开(公告)号：US20190387402A1

公开(公告)日：2019-12-19

申请号：US16557770

申请日：2019-08-30

Applicant: Apple Inc.

Inventor： Li LI ,  Xiangying YANG ,  Jerrold Von HAUCK ,  Christopher B. SHARP ,  Yousuf H. VAID ,  Arun G. MATHIAS ,  David T. HAGGERTY ,  Najeeb M. ABDULRAHIMAN

IPC: H04W12/06 ,  H04L12/24 ,  H04L29/06

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

公开(公告)号：US20190166483A1

公开(公告)日：2019-05-30

申请号：US16244035

申请日：2019-01-09

Applicant: Apple Inc.

Inventor： Li LI ,  Clark P. MUELLER ,  Avinash NARASIMHAN ,  Arun G. MATHIAS ,  Najeeb M. ABDULRAHIMAN ,  David T. HAGGERTY

IPC: H04W8/18 ,  H04W4/50 ,  H04W12/10 ,  H04L29/06 ,  H04W4/60 ,  G06F21/72 ,  G06F21/57

CPC classification number: H04W8/183 ,  G06F21/575 ,  G06F21/72 ,  H04L63/123 ,  H04W4/50 ,  H04W4/60 ,  H04W8/245 ,  H04W12/10

Abstract: Representative embodiments described herein set forth techniques for provisioning bootstrap electronic Subscriber Identity Modules (eSIMs) to mobile devices. According to some embodiments, a mobile device can be configured to issue, to an eSIM selection server, a bootstrap eSIM request that includes (i) metadata associated with the mobile device, and (ii) metadata associated with an electronic Universal Integrated Circuit Card (eUICC) included in the mobile device. In turn, the eSIM selection server selects and binds a particular bootstrap eSIM to the mobile device, and provides information to the mobile device that enables the mobile device to obtain the particular bootstrap eSIM from one or more eSIM servers. When the mobile device obtains the particular bootstrap eSIM, the mobile device can interface with a mobile network operator (MNO) and obtain a complete eSIM that enables the mobile device to access services provided by the MNO.

公开(公告)号：US20190090129A1

公开(公告)日：2019-03-21

申请号：US16102189

申请日：2018-08-13

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI ,  Arun G. MATHIAS

IPC: H04W12/02 ,  H04W4/50

CPC classification number: H04W12/02 ,  H04W4/50 ,  H04W12/0023 ,  H04W12/00401 ,  H04W12/0806

Abstract: Methods and apparatus for managing processing of electronic Subscriber Identity Modules (eSIM) data at a mobile device are disclosed. An eSIM management entity of an embedded Universal Integrated Circuit Card (eUICC) in the mobile device obtains an encrypted eSIM package, decrypts the eSIM package to obtain eSIM contents formatted generically and not specifically tailored to requirements of the eUICC. In some embodiments, the eSIM contents are formatted based on an abstract syntax notation (ASN) distinguished encoding rules (DER) format. The eSIM management entity parses the formatted eSIM contents to retrieve individual eSIM components and installs each eSIM component for the eSIM in an eSIM security domain on the eUICC. In some embodiments, the eSIM management entity acts as a local, personalization server to provide local Trusted Service Manager (TSM) server functionality for eSIM installation that transforms “generically formatted” eSIM contents into eSIM components that match specific requirements of the eUICC.

公开(公告)号：US20180352530A1

公开(公告)日：2018-12-06

申请号：US15995636

申请日：2018-06-01

Applicant: Apple Inc.

Inventor： Ajoy K. SINGH ,  Rohan C. MALTHANKAR ,  Arun G. MATHIAS

IPC: H04W60/04 ,  H04W60/06 ,  H04W76/10 ,  H04W76/30 ,  H04W88/04 ,  H04W8/18

CPC classification number: H04W60/04 ,  H04W8/183 ,  H04W48/16 ,  H04W60/06 ,  H04W76/10 ,  H04W76/14 ,  H04W76/23 ,  H04W76/30 ,  H04W76/38 ,  H04W88/04

Abstract: Methods and apparatus to enable and disable cellular services for one or more cellular capable secondary wireless devices associated with a primary wireless device are disclosed. The primary wireless device, in response to detecting a status change of an in use state of a cellular capable secondary wireless device can provide a notification to a network server of a wireless network to disable cellular wireless services for previously enabled cellular capable secondary wireless devices and to enable cellular wireless services for the cellular capable secondary wireless device. Control of cellular wireless services for cellular capable secondary wireless devices can be based on a combination of registration for services, activation and deactivation of eSIMs on the cellular capable secondary wireless devices, and/or changes to eSIM states or contexts maintained by the network server.

公开(公告)号：US20180069581A1

公开(公告)日：2018-03-08

申请号：US15807516

申请日：2017-11-08

Applicant: Apple Inc.

Inventor： Avinash NARASIMHAN ,  Hemant PURSWANI ,  Clark P. MUELLER ,  David T. HAGGERTY ,  Li LI ,  Arun G. MATHIAS ,  Najeeb M. ABDULRAHIMAN

IPC: H04B1/3816 ,  H04W4/24 ,  H04L12/24

CPC classification number: H04W4/24 ,  H04L12/1407 ,  H04M15/66 ,  H04M15/80 ,  H04M17/02 ,  H04M17/023 ,  H04M17/026 ,  H04M17/103

Abstract: Methods, devices, and servers for as-needed update of a trusted list are provided herein. An electronic subscriber identity module (eSIM) server receives a request for an eSIM of a particular type from a wireless device. The eSIM server evaluates the particular type and requests an eSIM of the particular type from a second eSIM server, which is not initially trusted by a secure element (SE) of the wireless device. The eSIM server sends a policy update to the wireless device. The wireless device passes the policy update to the SE, for example, a universal integrated circuit card (UICC). The UICC updates the trusted list with an identity of the second eSIM server. When the wireless device downloads a bound profile package (BPP) containing an eSIM from the second eSIM server, the UICC validates the BPP based on the updated trusted list. The eSIM is then installed on the UICC.

公开(公告)号：US20180062853A1

公开(公告)日：2018-03-01

申请号：US15691399

申请日：2017-08-30

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: H04L9/32 ,  H04M15/00 ,  H04W12/04 ,  H04L9/00 ,  H04L9/14 ,  H04L9/30 ,  H04W12/06 ,  H04L29/06

CPC classification number: H04L9/3247 ,  H04L9/006 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3234 ,  H04L9/3271 ,  H04L63/0876 ,  H04L2209/80 ,  H04M15/47 ,  H04M15/48 ,  H04M2215/0148 ,  H04M2215/0156 ,  H04W4/24 ,  H04W12/00512 ,  H04W12/00514 ,  H04W12/04 ,  H04W12/06 ,  H04W12/12

Abstract: A malicious party may attempt to avoid a mobile network operator (MNO) contract involved with subsidy-lock by inserting an interfering piece of hardware called a proxy SIM in a device. The device provided herein uses an authentication technique to guard against a proxy-SIM attack. The device includes a secure element (SE) with subscriber identity module (SIM) functionality present on the SE. The device sends the SE a nonce to be signed over. The SE signs using a public key infrastructure (PKI) private key of the SE and provides a response. The device evaluates whether the response contains a valid signature. If the validation is successful, the device relies on SIM data provided in the response to continue with activation of the device, so that the device can provide services under the MNO contract. If the validation fails, the device will not attempt to access network services with the SIM functionality.

公开(公告)号：US20170013442A1

公开(公告)日：2017-01-12

申请号：US15269896

申请日：2016-09-19

Applicant: Apple Inc.

Inventor： Li LI ,  Ben-Heng JUANG ,  Arun G. MATHIAS

IPC: H04W8/18 ,  H04W8/20

CPC classification number: H04W8/183 ,  H04W8/20

Abstract: Embodiments are described for identifying and accessing an electronic subscriber identity module (eSIM) and associated content of the eSIM in a multiple eSIM configuration. An embedded Universal Integrated Circuit Card (eUICC) can include multiple eSIMs, where each eSIM can include its own file structures and applications. Some embodiments include a processor of a mobile device transmitting a special command to the eUICC, including an identification that uniquely identifies an eSIM in the eUICC. After selecting the eSIM, the processor can access file structures and applications of the selected eSIM. The processor can then use existing commands to access content in the selected eSIM. The special command can direct the eUICC to activate or deactivate content associated with the selected eSIM. Other embodiments include an eUICC platform operating system interacting with eSIMs associated with logical channels to facilitate identification and access to file structures and applications of the eSIMs.

Abstract translation: 描述了用于在多个eSIM配置中识别和访问电子订户身份模块（eSIM）和eSIM的相关内容的实施例。 嵌入式通用集成电路卡（eUICC）可以包括多个eSIM，每个eSIM可以包括其自己的文件结构和应用程序。 一些实施例包括向eUICC发送特殊命令的移动设备的处理器，包括在eUICC中唯一地标识eSIM的标识。 选择eSIM后，处理器可以访问所选eSIM的文件结构和应用程序。 然后，处理器可以使用现有命令访问所选eSIM中的内容。 特殊命令可以指示eUICC激活或停用与所选eSIM相关联的内容。 其他实施例包括与与逻辑信道相关联的eSIM交互的eUICC平台操作系统，以便于识别和访问eSIM的文件结构和应用。

公开(公告)号：US20160302070A1

公开(公告)日：2016-10-13

申请号：US15093595

申请日：2016-04-07

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI ,  Arun G. MATHIAS

IPC: H04W12/08

CPC classification number: H04W12/02 ,  H04W4/50

Abstract: Methods and apparatus for managing processing of electronic Subscriber Identity Modules (eSIM) data at a mobile device are disclosed. An eSIM management entity of an embedded Universal Integrated Circuit Card (eUICC) in the mobile device obtains an encrypted eSIM package, decrypts the eSIM package to obtain eSIM contents formatted generically and not specifically tailored to requirements of the eUICC. In some embodiments, the eSIM contents are formatted based on an abstract syntax notation (ASN) distinguished encoding rules (DER) format. The eSIM management entity parses the formatted eSIM contents to retrieve individual eSIM components and installs each eSIM component for the eSIM in an eSIM security domain on the eUICC. In some embodiments, the eSIM management entity acts as a local, personalization server to provide local Trusted Service Manager (TSM) server functionality for eSIM installation that transforms “generically formatted” eSIM contents into eSIM components that match specific requirements of the eUICC.

Abstract translation: 公开了在移动设备处理电子用户识别模块（eSIM）数据处理的方法和装置。 移动设备嵌入式通用集成电路卡（eUICC）的eSIM管理实体获取加密的eSIM包，解密eSIM包，获取一般格式的eSIM内容，而不是专门针对eUICC的要求。 在一些实施例中，基于抽象语法符号（ASN）区分编码规则（DER）格式来格式化eSIM内容。 eSIM管理实体解析格式化的eSIM内容，检索单个eSIM组件，并将eSIM的每个eSIM组件安装在eUICC的eSIM安全域中。 在一些实施例中，eSIM管理实体充当本地个性化服务器，为eSIM安装提供本地可信服务管理器（TSM）服务器功能，将“一般格式化”的eSIM内容转换为符合eUICC特定要求的eSIM组件。

公开(公告)号：US20160277930A1

公开(公告)日：2016-09-22

申请号：US15076527

申请日：2016-03-21

Applicant: Apple Inc.

Inventor： Li LI ,  Xiangying YANG ,  Jerrold Von HAUCK ,  Christopher B. SHARP ,  Yousuf H. VAID ,  Arun G. MATHIAS ,  David T. HAGGERTY ,  Najeeb M. ABDULRAHIMAN

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L41/28 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/0853

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract translation: 公开了用于移动设备中包括的eUICC的eSIM的管理操作的用户认证和人为意图验证的方法和装置。 eSIM和/或eUICC固件的某些管理操作（例如导入，修改和/或导出）可能需要在由移动设备执行或完成执行管理操作之前的用户认证和/或人为意图验证。 移动设备的用户提供在eUICC上（或之后）安装时将外部用户帐户链接到eSIM的信息。 可以使用诸如用户名和密码的用户凭证和/或从其生成的信息来用外部服务器认证用户。 响应成功的用户认证，执行管理操作。 人员意图验证还可以与用户认证一起执行，以防止恶意软件干扰移动设备的eSIM和/或eUICC功能。

公开(公告)号：US20160227409A1

公开(公告)日：2016-08-04

申请号：US15099444

申请日：2016-04-14

Applicant: Apple Inc.

Inventor： Stephan V. SCHELL ,  Arun G. MATHIAS ,  Jerrold Von HAUCK ,  David T. HAGGERTY ,  Kevin McLAUGHLIN ,  Ben-Heng JUANG ,  Li LI

IPC: H04W12/06 ,  H04W4/00 ,  H04L29/06 ,  H04W12/04

CPC classification number: H04W12/06 ,  G06F21/45 ,  G06F21/57 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/123 ,  H04L63/20 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W8/205 ,  H04W12/04 ,  H04W12/08

Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.