公开(公告)号：US20240129730A1

公开(公告)日：2024-04-18

申请号：US18546804

申请日：2021-02-19

Applicant: Apple Inc.

Inventor： Shu GUO ,  Dawei ZHANG ,  Haijing HU ,  Huarui LIANG ,  Mona AGNEL ,  Ralf ROSSBACH ,  Robert ZAUS ,  Sudeep MANITHARA VAMANAN

IPC: H04W12/06 ,  H04W12/37

CPC classification number: H04W12/06 ,  H04W12/37

Abstract: A user equipment (UE) configured to connect to an edge data network. The UE connects to a first edge application server (EAS) of an edge data network (EDN), the connecting comprising performing a first authorization/authentication procedure, receives a message indicating the UE is to connect to a second EAS of the EDN, the message including an indication as to whether the UE is to perform a second authorization/authentication procedure to connect to the second EAS and performs a discovery procedure to locate the second EAS based on at least the indication in the message.

公开(公告)号：US20220394458A1

公开(公告)日：2022-12-08

申请号：US17755726

申请日：2019-11-28

Applicant: Apple Inc.

Inventor： Huarui LIANG ,  Dawei ZHANG ,  Fangli XU ,  Haijing HU ,  Hao DUO ,  Longda XING ,  Murtaza A. SHIKARI ,  Sethuraman GURUMOORTHY ,  Shu GUO ,  Sree Ram KODALI ,  Srinivasan NIMMALA ,  Srirang A. LOVLEKAR ,  Yuqin CHEN

IPC: H04W8/18

Abstract: A user equipment (UE) includes a first subscriber identification module (SIM) and a second SIM. The UE is configured to establish a first cellular network connection based on, at least, the first SIM and a second cellular network connection based on, at least, the second SIM. The UE sends, by the first SIM, a first registration request to the network, wherein the first registration request comprises an identification indicating the multi-SIM device is a type of multi-SIM device, receives, by the first SIM, a first registration accept message indicating the first registration request has been accepted, wherein the first registration accept message comprises a first temporary identification for the first SIM and sends, by the second SIM, an access network message comprising one of the first temporary identification or a further temporary identification based on, at least, the first temporary identification.

公开(公告)号：US20220086642A1

公开(公告)日：2022-03-17

申请号：US17455000

申请日：2021-11-15

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Shu GUO ,  Lijia ZHANG ,  Qian SUN ,  Huarui LIANG ,  Fangli XU ,  Yuqin CHEN ,  Haijing HU ,  Dawei ZHANG ,  Hao DUO ,  Lanpeng CHEN

IPC: H04W12/106 ,  H04W72/04 ,  H04L9/32 ,  H04W74/00 ,  H04W12/069 ,  H04W12/0433

Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.

公开(公告)号：US20210058774A1

公开(公告)日：2021-02-25

申请号：US17052163

申请日：2018-05-02

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Lijia ZHANG ,  Huarui LIANG ,  Dawei ZHANG

IPC: H04W12/00 ,  H04W12/08

Abstract: A device level lock policy, which applies to all smart secure platform (SSP) applications of a mobile device, is used to determine whether a particular SSP application can be activated. A tamper resistant hardware secure element (SE) includes a primary platform with a low level operating system (OS) and one or more SSP applications within one or more secondary platform bundles that include secondary platforms with high level OSs specific to the secondary platform bundles. The low level OS enforces the device level lock policy for all secondary platform bundles by verifying whether a lock policy for the SSP application is consistent with the device level lock policy. When verification succeeds, activation is allowed, and when verification fails, activation is disallowed. Subscription identifiers are not provided in unencrypted form to processing circuitry of the mobile device external to the tamper resistant hardware SE to provide subscriber identity privacy protection.

公开(公告)号：US20240187849A1

公开(公告)日：2024-06-06

申请号：US17755493

申请日：2021-05-07

Applicant: Apple Inc.

Inventor： Shu GUO ,  Dawei ZHANG ,  Fangli XU ,  Haijing HU ,  Huarui LIANG ,  Lanpeng CHEN ,  Xiaoyu QIAO ,  Yuqin CHEN

IPC: H04W12/041 ,  H04W4/06 ,  H04W12/0431

CPC classification number: H04W12/041 ,  H04W4/06 ,  H04W12/0431

Abstract: A user equipment (UE) is configured to join a multicast broadcast service (MBS) session. The UE sends, to a network function, a protocol data unit (PDU) modification request comprising a request to join a multicast broadcast service (MBS) session, generates a first key (KMBS-UE), receives a PDU session modification complete message comprising an encrypted second key (KMBS) and a key identification (KID) corresponding to the KMBS and decrypts the Kiss using the KMBS-UE.

公开(公告)号：US20230164559A1

公开(公告)日：2023-05-25

申请号：US18150771

申请日：2023-01-05

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Huarui LIANG ,  Lijia ZHANG ,  Shu GUO ,  Haijing HU ,  Fangli XU ,  Yuqin CHEN ,  Dawei ZHANG ,  Li LI

IPC: H04W12/069 ,  H04W12/72 ,  H04W12/0433 ,  H04W12/03 ,  H04W12/122 ,  H04W12/041 ,  H04L9/08 ,  H04L9/16 ,  H04L9/32 ,  H04W12/02

CPC classification number: H04W12/069 ,  H04W12/72 ,  H04W12/0433 ,  H04W12/03 ,  H04W12/122 ,  H04W12/041 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0844 ,  H04L9/0891 ,  H04L9/16 ,  H04L9/3228 ,  H04W12/02

Abstract: Techniques to protect a subscriber identity, by encrypting a subscription permanent identifier (SUPI) to form one-time use subscription concealed identifiers (SUCIs) using a set of one-time ephemeral asymmetric keys, generated by a user equipment (UE), and network provided keys are disclosed. Encryption of the SUPI to form the SUCIs can mitigate snooping by rogue network entities, such as fake base stations. The UE is restricted from providing the unencrypted SUPI over an unauthenticated connection to a network entity. In some instances, the UE uses a trusted symmetric fallback encryption key KFB or trusted asymmetric fallback public key PKFB to verify messages from an unauthenticated network entity and/or to encrypt the SUPI to form a fallback SUCIFB for communication of messages with the unauthenticated network entity.

公开(公告)号：US20220304079A1

公开(公告)日：2022-09-22

申请号：US17593422

申请日：2020-09-16

Applicant: Apple Inc.

Inventor： Shu GUO ,  Dawei ZHANG ,  Fangli XU ,  Haijing HU ,  Huarui LIANG ,  Mona AGNEL ,  Ralf ROSSBACH ,  Sudeep Manithara VAMANAN ,  Yuqin CHEN

IPC: H04W76/10 ,  H04W60/00 ,  H04W48/18 ,  H04W8/02

Abstract: The exemplary embodiments relate to a user equipment (UE) providing an indication of user consent to a network for access to UE information. The UE may perform operations including transmitting an indication of user consent to a first network. The user consent corresponds to a network function acquiring UE information. The operations also include transmitting the UE information to the first network and establishing a connection with a second network. The network function performs operations related to establishing the connection between the UE and the second network using the UE information.

公开(公告)号：US20210092603A1

公开(公告)日：2021-03-25

申请号：US17054148

申请日：2018-05-11

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Huarui LIANG ,  Lijia ZHANG ,  Shu GUO ,  Haijing HU ,  Fangli XU ,  Yuqin CHEN ,  Dawei ZHANG ,  Li LI

IPC: H04W12/06 ,  H04L9/08 ,  H04L9/16 ,  H04L9/32 ,  H04W12/02 ,  H04W12/00 ,  H04W12/04 ,  H04W12/12

Abstract: Techniques to protect a subscriber identity, by encrypting a subscription permanent identifier (SUPI) to form one-time use subscription concealed identifiers (SUCIs) using a set of one-time ephemeral asymmetric keys, generated by a user equipment (UE), and network provided keys are disclosed. Encryption of the SUPI to form the SUCIs can mitigate snooping by rogue network entities, such as fake base stations. The UE is restricted from providing the unencrypted SUPI over an unauthenticated connection to a network entity. In some instances, the UE uses a trusted symmetric fallback encryption key KFB or trusted asymmetric fallback public key PKFB to verify messages from an unauthenticated network entity and/or to encrypt the SUPI to form a fallback SUCIFB for communication of messages with the unauthenticated network entity.

公开(公告)号：US20200021993A1

公开(公告)日：2020-01-16

申请号：US16293521

申请日：2019-03-05

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Shu GUO ,  Lijia ZHANG ,  Qian SUN ,  Huarui LIANG ,  Fangli XU ,  Yuqin CHEN ,  Haijing HU ,  Dawei ZHANG ,  Hao DUO ,  Lanpeng CHEN

IPC: H04W12/10 ,  H04W72/04 ,  H04W74/00 ,  H04W12/04 ,  H04W12/06 ,  H04L9/32

Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.

公开(公告)号：US20240236675A9

公开(公告)日：2024-07-11

申请号：US18546809

申请日：2021-02-19

Applicant: Apple Inc.

Inventor： Shu GUO ,  Dawei ZHANG ,  Haijing HU ,  Hao DUO ,  Huarui LIANG ,  Lanpeng CHEN ,  Mona AGNEL ,  Ralf ROSSBACH ,  Sudeep MANITHARA VAMANAN ,  Xiaoyu QIAO

IPC: H04W12/069 ,  H04L9/32 ,  H04W12/106 ,  H04W12/71 ,  H04W12/72

CPC classification number: H04W12/069 ,  H04L9/3242 ,  H04W12/106 ,  H04W12/71 ,  H04W12/72

Abstract: A user equipment (UE) may attempt to access an edge data network. The UE generates a first credential based on a second credential that was generated for a procedure between the UE and a network. The UE then generates an identifier corresponding to the first credential and generates a message authentication code based on the first credential and a count, wherein the count is associated with an identifier of an edge network client running on the UE. The UE then transmits an application registration request, message to a server associated with an edge data network, the application registration request message including the count, the message authentication code, the identifier corresponding to the first credential, and a public land mobile network identifier (PLMN ID) of the network. The UE then receives an authentication accept message or an authentication reject message from the server associated with the edge data network.