-
公开(公告)号:US20160063260A1
公开(公告)日:2016-03-03
申请号:US14815391
申请日:2015-07-31
Applicant: Apple Inc.
Inventor: Christopher B. SHARP , Yousuf H. VAID , Li LI , Jerrold Von HAUCK , Arun G. MATHIAS , Xiangying YANG , Kevin P. McLAUGHLIN
CPC classification number: G06F21/604 , H04L63/102 , H04L63/105 , H04L63/20 , H04W12/08
Abstract: A policy-based framework is described. This policy-based framework may be used to specify the privileges for logical entities to perform operations associated with an access-control element (such as an electronic Subscriber Identity Module) located within a secure element in an electronic device. Note that different logical entities may have different privileges for different operations associated with the same or different access-control elements. Moreover, the policy-based framework may specify types of credentials that are used by the logical entities during authentication, so that different types of credentials may be used for different operations and/or by different logical entities. Furthermore, the policy-based framework may specify the security protocols and security levels that are used by the logical entities during authentication, so that different security protocols and security levels may be used for different operations and/or by different logical entities.
Abstract translation: 描述了基于策略的框架。 该基于策略的框架可以用于指定逻辑实体执行与位于电子设备中的安全元件内的访问控制元素(例如电子订户身份模块)相关联的操作的权限。 注意,对于与相同或不同的访问控制元素相关联的不同操作,不同的逻辑实体可以具有不同的权限。 此外,基于策略的框架可以指定在认证期间由逻辑实体使用的凭证的类型,使得不同类型的凭证可以用于不同的操作和/或由不同的逻辑实体使用。 此外,基于策略的框架可以指定在认证期间由逻辑实体使用的安全协议和安全级别,使得不同的安全协议和安全级别可以用于不同的操作和/或不同的逻辑实体。
-
公开(公告)号:US20200177450A1
公开(公告)日:2020-06-04
申请号:US16780621
申请日:2020-02-03
Applicant: Apple Inc.
Inventor: Li LI , Yousuf H. VAID , Christopher B. SHARP , Arun G. MATHIAS , David T. HAGGERTY , Jerrold Von HAUCK
IPC: H04L12/24 , H04W12/06 , H04W8/20 , H04L29/06 , H04W8/18 , H04B1/3827 , H04B1/3816
Abstract: Representative embodiments described herein set forth techniques for optimizing large-scale deliveries of electronic Subscriber Identity Modules (eSIMs) to mobile devices. Specifically, instead of generating and assigning eSIMs when mobile devices are being activated—which can require significant processing overhead—eSIMs are pre-generated with a basic set of information, and are later-assigned to the mobile devices when they are activated. This can provide considerable benefits over conventional approaches that involve generating and assigning eSIMs during mobile device activation, especially when new mobile devices (e.g., smartphones, tablets, etc.) are being launched and a large number of eSIM assignment requests are to be fulfilled in an efficient manner.
-
3.发明申请公开(公告)号:US20160345162A1
公开(公告)日:2016-11-24
申请号:US15157332
申请日:2016-05-17
Applicant: Apple Inc.
Inventor: Li LI , Yousuf H. VAID , Christopher B. SHARP , Arun G. MATHIAS , David T. HAGGERTY , Jerrold Von HAUCK
IPC: H04W8/18 , H04W12/06 , H04L12/24 , H04B1/3816 , H04B1/3827
Abstract: Representative embodiments described herein set forth techniques for optimizing large-scale deliveries of electronic Subscriber Identity Modules (eSIMs) to mobile devices. Specifically, instead of generating and assigning eSIMs when mobile devices are being activated—which can require significant processing overhead—eSIMs are pre-generated with a basic set of information, and are later-assigned to the mobile devices when they are activated. This can provide considerable benefits over conventional approaches that involve generating and assigning eSIMs during mobile device activation, especially when new mobile devices (e.g., smartphones, tablets, etc.) are being launched and a large number of eSIM assignment requests are to be fulfilled in an efficient manner.
Abstract translation: 本文描述的代表性实施例阐述了用于优化向移动设备大规模地递送电子订户身份模块(eSIM)的技术。 具体而言,代替在移动设备被激活时生成和分配eSIM,这可能需要很大的处理开销 - eSIM是用一组基本信息预先生成的,并且在激活时被分配给移动设备。 这可以提供相当于在移动设备激活期间生成和分配eSIM的传统方法的显着优点,特别是当新的移动设备(例如,智能电话,平板电脑等)正在启动并且大量的eSIM分配请求将被满足时 有效的方式。
-
公开(公告)号:US20210295282A1
公开(公告)日:2021-09-23
申请号:US17341711
申请日:2021-06-08
Applicant: Apple Inc.
Inventor: George R. DICKER , Christopher B. SHARP , Ahmer A. KHAN , Yousuf H. VAID , Glen W. STEELE , Christopher D. ADAMS , David T. HAGGERTY
Abstract: To facilitate conducting a financial transaction via wireless communication between an electronic device and another electronic device, the electronic device determines a unique transaction identifier for the financial transaction based on financial-account information communicated to the other electronic device. The financial-account information specifies a financial account that is used to pay for the financial transaction. Moreover, the unique transaction identifier may be capable of being independently computed by one or more other entities associated with the financial transaction (such as a counterparty in the financial transaction or a payment network that processes payment for the financial transaction) based on the financial-account information communicated by the portable electronic device. The electronic device may also associate receipt information, which is subsequently received from a third party (such as the payment network), with the financial transaction by comparing the determined unique transaction identifier to the computed unique transaction identifier.
-
Patent Agency Ranking
5.发明申请公开(公告)号:US20190387402A1
公开(公告)日:2019-12-19
申请号:US16557770
申请日:2019-08-30
Applicant: Apple Inc.
Inventor: Li LI , Xiangying YANG , Jerrold Von HAUCK , Christopher B. SHARP , Yousuf H. VAID , Arun G. MATHIAS , David T. HAGGERTY , Najeeb M. ABDULRAHIMAN
Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.
-
6.发明申请公开(公告)号:US20160277930A1
公开(公告)日:2016-09-22
申请号:US15076527
申请日:2016-03-21
Applicant: Apple Inc.
Inventor: Li LI , Xiangying YANG , Jerrold Von HAUCK , Christopher B. SHARP , Yousuf H. VAID , Arun G. MATHIAS , David T. HAGGERTY , Najeeb M. ABDULRAHIMAN
CPC classification number: H04W12/06 , H04L41/28 , H04L63/083 , H04L63/0838 , H04L63/0853
Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.
Abstract translation: 公开了用于移动设备中包括的eUICC的eSIM的管理操作的用户认证和人为意图验证的方法和装置。 eSIM和/或eUICC固件的某些管理操作(例如导入,修改和/或导出)可能需要在由移动设备执行或完成执行管理操作之前的用户认证和/或人为意图验证。 移动设备的用户提供在eUICC上(或之后)安装时将外部用户帐户链接到eSIM的信息。 可以使用诸如用户名和密码的用户凭证和/或从其生成的信息来用外部服务器认证用户。 响应成功的用户认证,执行管理操作。 人员意图验证还可以与用户认证一起执行,以防止恶意软件干扰移动设备的eSIM和/或eUICC功能。
-
7.发明申请公开(公告)号:US20180249333A1
公开(公告)日:2018-08-30
申请号:US15876875
申请日:2018-01-22
Applicant: Apple Inc.
Inventor: Li LI , Xiangying YANG , Jerrold Von HAUCK , Christopher B. SHARP , Yousuf H. VAID , Arun G. MATHIAS , David T. HAGGERTY , Najeeb M. ABDULRAHIMAN
CPC classification number: H04W12/06 , H04L41/28 , H04L63/083 , H04L63/0838 , H04L63/0853 , H04W12/00514
Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.
-
公开(公告)号:US20170278097A1
公开(公告)日:2017-09-28
申请号:US15482478
申请日:2017-04-07
Applicant: Apple Inc.
Inventor: David T. HAGGERTY , Ahmer A. KHAN , Christopher B. SHARP , Jerrold Von HAUCK , Joakim LINDE , Kevin P. MCLAUGHLIN , Mehdi ZIAT , Yousuf H. VAID
CPC classification number: G06Q20/36 , G06Q20/1235 , G06Q20/3227 , G06Q20/3552 , G06Q20/382
Abstract: Methods and apparatus for the deployment of financial instruments and other assets are disclosed. In one embodiment, a security software protocol is disclosed that guarantees that the asset is always securely encrypted, that one and only one copy of an asset exists, and the asset is delivered to an authenticated and/or authorized customer. Additionally, exemplary embodiments of provisioning systems are disclosed that are capable of, among other things, handling large bursts of traffic (such as can occur on a so-called “launch day” of a device).
-
公开(公告)号:US20150256345A1
公开(公告)日:2015-09-10
申请号:US14279109
申请日:2014-05-15
Applicant: Apple Inc.
Inventor: Yousuf H. VAID , Christopher B. SHARP , Medhi ZIAT , Li LI , Jerrold Von HAUCK , Ramiro SARMIENTO , Jean-Marc PADOVA
IPC: H04L9/32
CPC classification number: H04L9/3268
Abstract: Disclosed herein is a technique for revoking a root certificate from at least one client device. In particular, the technique involves causing a secure element—which is included in the at least one client device and is configured to store the root certificate as well as at least one backup root certificate—to permanently disregard the root certificate and prevent the at least one client device from utilizing the specific root certificate. According to one embodiment, this revocation occurs in response to a receiving a revocation message that directly targets the root certificate, where the message includes at least two levels of authentication that are verified by the secure element prior to carrying out the revocation. Once the root certificate is revoked, the secure element can continue to utilize the at least one backup root certificate, while permanently disregarding the revoked root certificate.
Abstract translation: 本文公开了一种用于从至少一个客户端设备撤销根证书的技术。 特别地,该技术涉及引起安全元件,其包括在至少一个客户端设备中并且被配置为存储根证书以及至少一个备份根证书,以永久地忽略根证书,并且至少防止 一个客户端设备利用特定的根证书。 根据一个实施例,该撤销响应于接收直接针对根证书的撤销消息而发生,其中该消息包括在执行撤销之前由安全元件验证的至少两个认证级别。 根证书被撤销后,安全元素可以继续使用至少一个备份根证书,同时永久忽略已撤销的根证书。
-
-
-
-
-
-
-
-
Search Results
9
records
(took 0.016 seconds)
