公开(公告)号：US20200037161A1

公开(公告)日：2020-01-30

申请号：US16595338

申请日：2019-10-07

申请人： Apple Inc.

发明人： Stephan V. SCHELL ,  David T. HAGGERTY

IPC分类号： H04W12/06 ,  H04L29/06 ,  H04W8/20 ,  H04M15/00 ,  H04W8/18 ,  H04W36/14

摘要： Methods and apparatus that allow a device to migrate wireless service across multiple wireless networks. In one exemplary embodiment, the present invention enables storing and switching between multiple Electronic Subscriber Identity Modules (eSIM), where each eSIM is specific to a different carrier network. By loading the appropriate eSIM, the user device can authenticate itself with the selected carrier, rather than roaming. During roaming operation, the user equipment can load one or more of the previously stored eSIMs. Selection of the eSIM can be done manually by the user or can be driven by the user equipment based on desired context; for example, based on carrier signal strength, cost-effectiveness, etc. Support for multiple radio technologies also allows universal connectivity for wireless devices, even spanning previously incompatible technologies such as GSM (Global Standard for Mobile Communications), CDMA (Code Division Multiple Access), etc.

公开(公告)号：US20160044493A1

公开(公告)日：2016-02-11

申请号：US14814484

申请日：2015-07-30

申请人： Apple Inc.

发明人： Stephan V. SCHELL ,  Jerrold Von HAUCK

IPC分类号： H04W8/18 ,  H04W12/06 ,  H04W4/00 ,  H04W8/20

CPC分类号： H04W8/183 ,  G06F21/34 ,  H04L63/0853 ,  H04L67/34 ,  H04W4/50 ,  H04W4/80 ,  H04W8/205 ,  H04W8/265 ,  H04W12/06

摘要： Described herein is a simulacrum security device and methods. In one embodiment, a simulacrum or likeness of a physical security device is provided for use in conjunction with a software emulation of the security device. In one implementation, a “faux SIM card” is provided that does not contain Subscriber Identification Module (SIM) information itself, but instead enables a user to download Electronic SIM (eSIM) information (e.g., from a network or eSIM server) which is loaded into a software emulation of a Universal Integrated Circuit Card (UICC) device. The faux card is printed with an activation code, scan pattern, or other activation or access information. The subscriber purchases the faux card, and enters the activation code into a device; the entered activation code enables the device to log onto a network, and download the appropriate eSIM data. Delivery of eSIM information as enabled by the faux card addresses deficiencies in existing SIM distribution schemes, provides users with an enhanced perception of security, and further addresses various legal requirements.

摘要翻译： 这里描述的是模拟安全装置和方法。 在一个实施例中，提供物理安全设备的模拟或相似性以与安全设备的软件仿真结合使用。 在一个实现中，提供了不包含用户识别模块（SIM）信息本身的“人造SIM卡”，而是使用户能够下载电子SIM（eSIM）信息（例如，从网络或eSIM服务器） 加载到通用集成电路卡（UICC）设备的软件仿真中。 虚拟卡被打印有激活码，扫描模式或其他激活或访问信息。 用户购买人造卡，并将激活码输入设备; 输入的激活码使设备登录到网络上，并下载相应的eSIM数据。 通过人造卡实现的eSIM信息交付解决了现有SIM分配方案中的缺陷，为用户提供了增强的安全认知，并进一步解决了各种法律要求。

公开(公告)号：US20150312698A1

公开(公告)日：2015-10-29

申请号：US14629386

申请日：2015-02-23

申请人： Apple Inc.

发明人： Stephan V. SCHELL ,  Arun G. MATHIAS ,  Jerrold Von HAUCK ,  David T. HAGGERTY ,  Kevin McLAUGHLIN ,  Ben-Heng JUANG ,  Li LI

IPC分类号： H04W4/00 ,  H04W12/04 ,  H04W12/06 ,  H04L29/06

CPC分类号： H04W12/06 ,  G06F21/45 ,  G06F21/57 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/123 ,  H04L63/20 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W8/205 ,  H04W12/04 ,  H04W12/08

摘要： Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

摘要翻译： 能够对无线装置的电子识别信息进行编程的方法和装置。 在一个实施例中，先前购买或部署的无线设备由蜂窝网络激活。 无线设备使用访问模块连接到蜂窝网络，以下载操作系统组件和/或访问控制客户端组件。 所描述的方法和装置能够更新，添加和替换各种组件，包括电子订户身份模块（eSIM）数据，OS组件。 本发明的一个示例性实施方式利用设备和蜂窝网络之间的可信密钥交换来维护安全性。

公开(公告)号：US20220067133A1

公开(公告)日：2022-03-03

申请号：US17208957

申请日：2021-03-22

申请人： Apple Inc.

发明人： Anthony M. FADELL ,  Andrew Bert HODGE ,  Stephan V. SCHELL ,  Ruben CABALLERO ,  Jesse Lee DOROGUSKER ,  Stephen Paul ZADESKY ,  Emery SANFORD

IPC分类号： G06F21/32 ,  G06F21/31 ,  H04W12/065 ,  H04W12/06 ,  G06F21/36 ,  G06K9/00 ,  G06F3/0488 ,  H04L29/06 ,  G06F3/041 ,  G06F3/0481 ,  G06K9/32 ,  H04L9/32

摘要： This invention is directed to an electronic device with an embedded authentication system for restricting access to device resources. The authentication system may include one or more sensors operative to detect biometric information of a user. The sensors may be positioned in the device such that the sensors may detect appropriate biometric information as the user operates the device, without requiring the user to perform a step for providing the biometric information (e.g., embedding a fingerprint sensor in an input mechanism instead of providing a fingerprint sensor in a separate part of the device housing). In some embodiments, the authentication system may be operative to detect a visual or temporal pattern of inputs to authenticate a user. In response to authenticating, a user may access restricted files, applications (e.g., applications purchased by the user), or settings (e.g., application settings such as contacts or saved game profile).

公开(公告)号：US20190243957A1

公开(公告)日：2019-08-08

申请号：US16386707

申请日：2019-04-17

申请人： Apple Inc.

发明人： Anthony M. FADELL ,  Andrew Bert HODGE ,  Stephan V. SCHELL ,  Ruben CABALLERO ,  Jesse Lee DOROGUSKER ,  Stephen Paul ZADESKY ,  Emery SANFORD

IPC分类号： G06F21/32 ,  G06K9/00 ,  G06F3/0488 ,  H04W12/06 ,  H04L9/32 ,  G06K9/32 ,  G06F3/041 ,  G06F21/36 ,  H04L29/06 ,  G06F21/31 ,  G06F3/0481

CPC分类号： G06F21/32 ,  G06F3/0412 ,  G06F3/0416 ,  G06F3/04817 ,  G06F3/0488 ,  G06F3/04883 ,  G06F21/316 ,  G06F21/36 ,  G06K9/00013 ,  G06K9/0002 ,  G06K9/00033 ,  G06K9/00087 ,  G06K9/00248 ,  G06K9/00255 ,  G06K9/00912 ,  G06K9/3241 ,  H04L9/3231 ,  H04L63/08 ,  H04L63/0861 ,  H04L63/104 ,  H04W12/06 ,  H04W88/02

摘要： This invention is directed to an electronic device with an embedded authentication system for restricting access to device resources. The authentication system may include one or more sensors operative to detect biometric information of a user. The sensors may be positioned in the device such that the sensors may detect appropriate biometric information as the user operates the device, without requiring the user to perform a step for providing the biometric information (e.g., embedding a fingerprint sensor in an input mechanism instead of providing a fingerprint sensor in a separate part of the device housing). In some embodiments, the authentication system may be operative to detect a visual or temporal pattern of inputs to authenticate a user. In response to authenticating, a user may access restricted files, applications (e.g., applications purchased by the user), or settings (e.g., application settings such as contacts or saved game profile).

公开(公告)号：US20170188234A1

公开(公告)日：2017-06-29

申请号：US15373308

申请日：2016-12-08

申请人： Apple Inc.

发明人： Stephan V. SCHELL ,  Jerrold Von HAUCK

IPC分类号： H04W12/06 ,  H04W8/18 ,  H04L29/06

CPC分类号： H04W12/06 ,  H04L63/0823 ,  H04W4/50 ,  H04W4/60 ,  H04W8/18 ,  H04W8/205 ,  H04W8/265

摘要： Disclosed herein is a technique for securely provisioning access control entities (e.g., electronic Subscriber Identity Module (eSIM) components) to a user equipment (UE) device. In one embodiment, a UE device is assigned a unique key and an endorsement certificate that can be used to provide updates or new eSIMs to the UE device. The UE device can trust eSIM material delivered by an unknown third-party eSIM vendor, based on a secure certificate transmission with the unique key. In another aspect, an operating system (OS) is partitioned into various sandboxes. During operation, the UE device can activate and execute the OS in the sandbox corresponding to a current wireless network. Personalization packages received while connected to the network only apply to that sandbox. Similarly, when loading an eSIM, the OS need only load the list of software necessary for the current run-time environment. Unused software can be subsequently activated.

公开(公告)号：US20140248924A1

公开(公告)日：2014-09-04

申请号：US14188623

申请日：2014-02-24

申请人： Apple Inc.

发明人： Stephan V. SCHELL ,  Arun MATHIAS

IPC分类号： H04B1/38

CPC分类号： H04B1/3816 ,  G06F3/0604 ,  G06F3/0631 ,  G06F3/0664 ,  G06F3/067 ,  G06F3/0679 ,  G06F12/0246 ,  G06F2212/177 ,  G06F2212/7211 ,  H04W4/60 ,  H04W8/183 ,  H04W12/06 ,  H04W48/18 ,  H04W88/06

摘要： Apparatus and method for maintaining hardware history profiles for a software-based emulator. In one embodiment, the disclosed software-based emulator monitors the history of the actual hardware device in a secondary device history, the history of the emulated hardware is presented within a primary device history. However, the primary device history is linked to the secondary device history, and receives the device wear history therefrom. In another aspect of the present invention, wear-leveling strategies are disclosed for handling various update sizes. Unlike existing solutions which are optimized for a single SIM that receives small data updates; various embodiments of the present invention are suitable for handling varying data sizes.

摘要翻译： 用于维护基于软件的仿真器的硬件历史配置文件的装置和方法。 在一个实施例中，所公开的基于软件的仿真器监视辅助设备历史中的实际硬件设备的历史，仿真硬件的历史记录在主设备历史中。 然而，主设备历史与辅助设备历史相关联，并从其接收设备磨损历史。 在本发明的另一方面，公开了用于处理各种更新尺寸的磨损均衡策略。 不同于针对接收小数据更新的单个SIM进行了优化的现有解决方案; 本发明的各种实施例适用于处理变化的数据大小。

公开(公告)号：US20170199997A1

公开(公告)日：2017-07-13

申请号：US15470752

申请日：2017-03-27

申请人： Apple Inc.

发明人： Anthony M. FADELL ,  Andrew Bert HODGE ,  Stephan V. SCHELL ,  Ruben CABALLERO ,  Jesse Lee DOROGUSKER ,  Stephen Paul ZADESKY ,  Emery SANFORD

IPC分类号： G06F21/32 ,  G06F3/041 ,  H04L9/32 ,  G06K9/32 ,  G06F21/36 ,  G06F21/31 ,  G06F3/0481 ,  G06F3/0488 ,  G06K9/00 ,  H04L29/06

CPC分类号： G06F21/32 ,  G06F3/0412 ,  G06F3/0416 ,  G06F3/04817 ,  G06F3/0488 ,  G06F3/04883 ,  G06F21/316 ,  G06F21/36 ,  G06K9/00013 ,  G06K9/0002 ,  G06K9/00033 ,  G06K9/00087 ,  G06K9/00248 ,  G06K9/00255 ,  G06K9/00912 ,  G06K9/3241 ,  H04L9/3231 ,  H04L63/08 ,  H04L63/0861 ,  H04L63/104 ,  H04W12/06 ,  H04W88/02

摘要： This invention is directed to an electronic device with an embedded authentication system for restricting access to device resources. The authentication system may include one or more sensors operative to detect biometric information of a user. The sensors may be positioned in the device such that the sensors may detect appropriate biometric information as the user operates the device, without requiring the user to perform a step for providing the biometric information (e.g., embedding a fingerprint sensor in an input mechanism instead of providing a fingerprint sensor in a separate part of the device housing). In some embodiments, the authentication system may be operative to detect a visual or temporal pattern of inputs to authenticate a user. In response to authenticating, a user may access restricted files, applications (e.g., applications purchased by the user), or settings (e.g., application settings such as contacts or saved game profile).

公开(公告)号：US20160044495A1

公开(公告)日：2016-02-11

申请号：US14814486

申请日：2015-07-30

申请人： Apple Inc.

发明人： Stephan V. SCHELL ,  David T. HAGGERTY

IPC分类号： H04W8/20

CPC分类号： H04W8/205

摘要： Methods and apparatus for managing multiple user access control entities or clients. For example, in one embodiment, a “wallet” of electronic subscriber identity modules (eSIMs) may be stored and used at a user device and/or distributed to other devices for use thereon. In another embodiment, a networked server may store and distribute eSIM to a plurality of user devices in communication therewith. A database of available eSIM is maintained at the wallet entity and/or at the network which enables request for a particular eSIM to be processed and various rules for the distribution thereof to be implemented. Security precautions are implemented to protect both user and network carrier specific data as the data is transmitted between networked entities. Solutions for eSIM backup and restoration are also described.

摘要翻译： 用于管理多个用户访问控制实体或客户端的方法和装置。 例如，在一个实施例中，可以在用户设备处存储和使用电子用户识别模块（eSIM）的“钱包”和/或分发给其他设备以在其上使用。 在另一个实施例中，网络服务器可以将eSIM存储和分发到与其通信的多个用户设备。 可以在电子钱包实体和/或网络上维护可用eSIM的数据库，以使得能够处理特定eSIM的请求并实现其分发的各种规则。 实施安全预防措施以在网络实体之间传输数据时保护用户和网络运营商的特定数据。 还描述了eSIM备份和恢复的解决方案。

公开(公告)号：US20150074780A1

公开(公告)日：2015-03-12

申请号：US14543773

申请日：2014-11-17

申请人： Apple Inc.

发明人： Stephan V. SCHELL ,  Jerrold Von HAUCK

IPC分类号： H04W12/06 ,  H04L29/06

CPC分类号： H04W12/06 ,  H04L63/0823 ,  H04W4/50 ,  H04W4/60 ,  H04W8/18 ,  H04W8/205 ,  H04W8/265

摘要： Disclosed herein is a technique for securely provisioning access control entities (e.g., electronic Subscriber Identity Module (eSIM) components) to a user equipment (UE) device. In one embodiment, a UE device is assigned a unique key and an endorsement certificate that can be used to provide updates or new eSIMs to the UE device. The UE device can trust eSIM material delivered by an unknown third-party eSIM vendor, based on a secure certificate transmission with the unique key. In another aspect, an operating system (OS) is partitioned into various sandboxes. During operation, the UE device can activate and execute the OS in the sandbox corresponding to a current wireless network. Personalization packages received while connected to the network only apply to that sandbox. Similarly, when loading an eSIM, the OS need only load the list of software necessary for the current run-time environment. Unused software can be subsequently activated.

摘要翻译： 本文公开了一种用于将访问控制实体（例如，电子订户身份模块（eSIM）组件）安全地提供给用户设备（UE）设备的技术。 在一个实施例中，向UE设备分配唯一密钥和可用于向UE设备提供更新或新eSIM的签注证书。 基于使用唯一密钥的安全证书传输，UE设备可以信任由未知的第三方eSIM供应商提供的eSIM资料。 在另一方面，操作系统（OS）被划分成各种沙盒。 在操作期间，UE设备可以在对应于当前无线网络的沙箱中激活并执行OS。 连接到网络时收到的个性化包仅适用于该沙盒。 同样，当加载eSIM时，操作系统只需加载当前运行时环境所需的软件列表。 未使用的软件可以随后激活。