公开(公告)号：US20190090129A1

公开(公告)日：2019-03-21

申请号：US16102189

申请日：2018-08-13

申请人： Apple Inc.

发明人： Xiangying YANG ,  Li LI ,  Arun G. MATHIAS

IPC分类号： H04W12/02 ,  H04W4/50

CPC分类号： H04W12/02 ,  H04W4/50 ,  H04W12/0023 ,  H04W12/00401 ,  H04W12/0806

摘要： Methods and apparatus for managing processing of electronic Subscriber Identity Modules (eSIM) data at a mobile device are disclosed. An eSIM management entity of an embedded Universal Integrated Circuit Card (eUICC) in the mobile device obtains an encrypted eSIM package, decrypts the eSIM package to obtain eSIM contents formatted generically and not specifically tailored to requirements of the eUICC. In some embodiments, the eSIM contents are formatted based on an abstract syntax notation (ASN) distinguished encoding rules (DER) format. The eSIM management entity parses the formatted eSIM contents to retrieve individual eSIM components and installs each eSIM component for the eSIM in an eSIM security domain on the eUICC. In some embodiments, the eSIM management entity acts as a local, personalization server to provide local Trusted Service Manager (TSM) server functionality for eSIM installation that transforms “generically formatted” eSIM contents into eSIM components that match specific requirements of the eUICC.

公开(公告)号：US20180295509A1

公开(公告)日：2018-10-11

申请号：US15570650

申请日：2016-04-11

申请人： KT Corporation

发明人： Hyun-Song LEE ,  Sang-Woo WOO ,  Yong-Joo CHA

IPC分类号： H04W12/06 ,  H04W8/04 ,  H04W12/08 ,  H04L29/06

CPC分类号： H04W12/0806 ,  H04L63/0209 ,  H04L63/102 ,  H04W4/00 ,  H04W8/02 ,  H04W8/04 ,  H04W8/06 ,  H04W8/186 ,  H04W8/20 ,  H04W12/06 ,  H04W12/08 ,  H04W80/10 ,  H04W84/10

摘要： A private network service providing method and system for breaking dependency on a terminal and providing a private network service is provided. The private network service system according to the present exemplary embodiments include: a service linkage server for, when access to a private network is requested by a mobile communication terminal connected to a public network or access of the mobile communication terminal to the private network is requested by a third server, identifying identification information of the mobile communication terminal and requesting an access point name-operator identifier (APN-OI) change to a home subscriber server; the home subscriber server for authenticating whether the mobile communication terminal is subscribed to a private network service when the APN-OI change is requested by the service linkage server, and identifying an access point name (APN) included in a subscriber profile of the mobile communication terminal and changing a public APN-OI recorded in the APN to a private APN-OI when the authenticating is successful; and a mobility management entity for receiving the subscriber profile of the mobile communication terminal from the home subscriber server when there is an attempt of access from the mobile communication terminal, and inducing the mobile communication terminal to connect to a public gateway or a private gateway, using an IP address of the public gateway or IP address of the private gateway corresponding to the APN included in the subscriber profile.

公开(公告)号：US20180270112A1

公开(公告)日：2018-09-20

申请号：US15922886

申请日：2018-03-15

申请人： NXP B.V.

发明人： Anil Hiranniah ,  Priyank Palle ,  Sachin Dhivare ,  Shashank Vimal ,  Suhas Suresh

IPC分类号： H04L12/24 ,  H04W4/80 ,  H04B5/00 ,  H04L29/08

CPC分类号： H04L41/0806 ,  G06Q20/227 ,  G06Q20/3223 ,  G06Q20/3229 ,  G06Q20/3278 ,  H04B5/0031 ,  H04L63/102 ,  H04L67/16 ,  H04W4/80 ,  H04W12/00405 ,  H04W12/0806

摘要： In accordance with a first aspect of the present disclosure, an NFC device is provided, comprising an application processor and a plurality of execution environments, wherein the application processor is configured to generate a mapping between application identifiers and said execution environments, and wherein, in said mapping, the application identifiers are associated with specific ones of said execution environments. In accordance with a second aspect of the present disclosure, a corresponding method of initializing an NFC device is conceived. In accordance with a third aspect of the present disclosure, a corresponding computer program is provided.

公开(公告)号：US20180211036A1

公开(公告)日：2018-07-26

申请号：US15876654

申请日：2018-01-22

申请人： Hysolate Ltd.

发明人： Oleg ZLOTNIK ,  Nir ADLER ,  Tal ZAMIR

IPC分类号： G06F21/53 ,  H04L29/06 ,  G06F9/455

CPC分类号： G06F21/53 ,  G06F9/45537 ,  G06F9/45545 ,  G06F9/45558 ,  G06F21/606 ,  G06F2009/45562 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  H04L61/2015 ,  H04L63/02 ,  H04L63/0209 ,  H04L63/0263 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/10 ,  H04L63/1416 ,  H04L63/1491 ,  H04L63/20 ,  H04W12/0806

摘要： A method for performing user experience (UX) functions on an air-gapped endpoint is provided. The method includes monitoring a plurality of security zones, instantiated on the air-gapped endpoint, to detect at least one UX command executed in a first security zone; determining if the detected UX command triggers a UX function effecting a second security zone; determining if the UX function to be triggered maintains compliance with a security policy of the first and second security zones; and executing the UX function across the first and second security zones.

公开(公告)号：US10021104B2

公开(公告)日：2018-07-10

申请号：US14909718

申请日：2014-08-01

申请人： GIESECKE & DEVRIENT GMBH

发明人： Martin Rösner ,  Carlos Maldonado Miranda

IPC分类号： H04L29/06 ,  H04W12/08 ,  H04W12/10

CPC分类号： H04L63/10 ,  H04L63/0428 ,  H04W12/0023 ,  H04W12/004 ,  H04W12/08 ,  H04W12/0806 ,  H04W12/10

摘要： A method for operating a security element, preferably in the form of a chip card, having a processor, and a memory. stores an operating system comprising an operating-system kernel and at least one additional operating-system module for supplying optional operating-system functionalities, and at least one access permission associated with the operating-system module and determining whether the operating-system module can be accessed during operation of the security element. The method comprises the step of changing the access permission for the operating-system module for supplying optional operating-system functionalities in reaction to the receiving of a message from a server. The message from the server may be an OTA message sent from the server to the security element via a mobile radio network.

公开(公告)号：US10003971B2

公开(公告)日：2018-06-19

申请号：US15196799

申请日：2016-06-29

申请人： XEROX CORPORATION

发明人： Aaron Dale Sanders

IPC分类号： H04M1/66 ,  H04W12/06 ,  H04W12/08

CPC分类号： H04W12/06 ,  H04L2463/082 ,  H04W12/00522 ,  H04W12/08 ,  H04W12/0806

摘要： Techniques for obtaining compartmentalized authenticated access to a feature on an electronic mobile device comprising a camera are presented. The techniques may include obtaining data representing a printable authentication pattern, wherein the printable authentication pattern encodes access information, storing in electronic persistent memory the access information in association with data representing the feature, receiving, at the mobile telephone, a user request to access the feature, capturing, using a camera of the mobile device, an image of an input pattern printed on to a substrate, decoding the input pattern to obtain captured information, determining, by retrieving the access information, that the captured information matches the access information, and providing access to the feature on the mobile device as a consequence of at least the determining.

公开(公告)号：US20170295171A1

公开(公告)日：2017-10-12

申请号：US15512767

申请日：2015-09-18

申请人： Dominique BOLIGNANO

发明人： Dominique BOLIGNANO

IPC分类号： H04L29/06 ,  H04W12/08 ,  H04W12/04

CPC分类号： H04L63/0853 ,  G06F21/575 ,  H04W12/003 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W12/0806

摘要： Some embodiments are directed to a method for peering between first and second modules each installed in a different device, the device of the first module includes a human-machine interface, and the two devices can be linked by an unsecure communication channel. The method can include: receiving via the human-machine interface a command setting the device of the first module in operating mode so the first module takes control of a part of the communication means of the first device in order to set them in a secure operating mode and takes control of the human-machine interface; establishing a temporarily secure communication between first and second modules; displaying on the human-machine interface a status signaling the set-up of the secure communication; receiving via the human-machine interface a peering acceptance command; and exchanging of keys/secrets between the modules through the temporarily secure communication channel to perform the peering.

公开(公告)号：US20150215737A1

公开(公告)日：2015-07-30

申请号：US14564220

申请日：2014-12-09

申请人： Samsung Electronics Co., Ltd.

发明人： Sang-Min SHIN ,  Won-Do KANG ,  Jin-Hyun SIN

IPC分类号： H04W4/02

CPC分类号： H04W4/021 ,  H04W4/80 ,  H04W12/003 ,  H04W12/0806 ,  H04W84/12

摘要： Examples of the present disclosure provide an electronic device and method for performing a geo-fencing based service. Access information is received from a beacon message and a communication network is used to access a geographical network.

摘要翻译： 本公开的示例提供了用于执行基于地理围栏的服务的电子设备和方法。 从信标消息接收访问信息，并且使用通信网络访问地理网络。

公开(公告)号：US20140317704A1

公开(公告)日：2014-10-23

申请号：US14205510

申请日：2014-03-12

申请人： OpenPeak Inc.

发明人： Philip Schentrup ,  Andrew James Dobson ,  Robert M. Dare ,  Christopher Michael Wade

IPC分类号： H04L29/06

CPC分类号： H04L63/0815 ,  H04W12/0027 ,  H04W12/0806

摘要： A method of enabling the federation of unrelated applications is described herein. The method can include the step of installing a candidate application for inclusion in a secure workspace. A first previously-installed application may have a certificate signed by a first entity, and a second previously-installed application may have a certificate signed by a second entity such that the first and second previously-installed applications have different certificates. The method can also include the steps of generating a federation value for the candidate application for inclusion in the secure workspace and determining the result of a federation check of the candidate application based on the generated federation value. If the federation check for the candidate application is satisfied, the candidate application may be permitted to be part of the secure workspace.

摘要翻译： 本文描述了实现不相关应用的联合的方法。 该方法可以包括安装候选应用以包含在安全工作空间中的步骤。 第一先前安装的应用可以具有由第一实体签名的证书，并且第二预先安装的应用可以具有由第二实体签名的证书，使得第一和第二预先安装的应用具有不同的证书。 该方法还可以包括以下步骤：为候选应用生成包含在安全工作区中的联合值，并且基于生成的联合值确定候选应用的联合检查的结果。 如果满足候选申请的联邦检查，候选申请可被允许成为安全工作区的一部分。

公开(公告)号：US20140109171A1

公开(公告)日：2014-04-17

申请号：US14027929

申请日：2013-09-16

申请人： Citrix Systems, Inc.

发明人： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC分类号： H04L29/06

CPC分类号： H04L63/0272 ,  H04L63/0807 ,  H04L63/0884 ,  H04L63/20 ,  H04W12/0027 ,  H04W12/00503 ,  H04W12/06 ,  H04W12/0802 ,  H04W12/0806

摘要： Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects.

摘要翻译： 本公开的各个方面涉及提供每应用程序策略控制的虚拟专用网（VPN）隧道。 在一些实施例中，票据可以用于提供对企业资源的访问，而不需要对应用的单独认证，并且在某些情况下可以以这样的方式使用，以便在重新建立每个应用程序策略时向用户提供无缝体验 在票的生命周期内控制VPN隧道。 另外的方面涉及提供对移动设备的更新的策略信息和故障单的接入网关。 其他方面涉及从移动设备的安全容器中选择性地擦拭票据。 另外的方面涉及在诸如管理模式和非托管模式的多种模式中的操作应用，以及基于上述方面中的一个或多个来提供与认证相关的服务。