中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

44 records (took 0.044 seconds)

    Techniques for dynamically supporting different authentication algorithms
    2.
    发明授权
    Techniques for dynamically supporting different authentication algorithms 有权

    公开(公告)号:US10785645B2

    公开(公告)日:2020-09-22

    申请号:US14868257

    申请日:2015-09-28

    Applicant: Apple Inc.

    Inventor: Li Li Jerrold Von Hauck Arun G. Mathias

    IPC: H04W12/06 H04W12/04 H04L29/06 H04W12/08 H04W4/60 H04W4/70 H04W12/00 H04W8/20

    Abstract: Disclosed herein are different techniques for enabling a mobile device to dynamically support different authentication algorithms. A first technique involves configuring an eUICC included in the mobile device to implement various authentication algorithms that are utilized by MNOs (e.g., MNOs with which the mobile device can interact). Specifically, this technique involves the eUICC storing executable code for each of the various authentication algorithms. According to this technique, the eUICC is configured to manage at least one eSIM, where the eSIM includes (i) an identifier that corresponds to one of the various authentication algorithms implemented by the eUICC, and (ii) authentication parameters that are compatible with the authentication algorithm. A second technique involves configuring the eUICC to interface with an eSIM to extract (i) executable code for an authentication algorithm used by an MNO that corresponds to the eSIM, and (ii) authentication parameters that are compatible with the authentication algorithm.

    Pre-personalization of eSIMs to support large-scale eSIM delivery
    3.
    发明授权
    Pre-personalization of eSIMs to support large-scale eSIM delivery 有权

    公开(公告)号:US10554487B2

    公开(公告)日:2020-02-04

    申请号:US15157332

    申请日:2016-05-17

    Applicant: Apple Inc.

    Inventor: Li Li Yousuf H. Vaid Christopher B. Sharp Arun G. Mathias David T. Haggerty Jerrold Von Hauck

    IPC: H04L29/06 H04L12/24 H04B1/3816 H04B1/3827

    Abstract: Representative embodiments described herein set forth techniques for optimizing large-scale deliveries of electronic Subscriber Identity Modules (eSIMs) to mobile devices. Specifically, instead of generating and assigning eSIMs when mobile devices are being activated—which can require significant processing overhead—eSIMs are pre-generated with a basic set of information, and are later-assigned to the mobile devices when they are activated. This can provide considerable benefits over conventional approaches that involve generating and assigning eSIMs during mobile device activation, especially when new mobile devices (e.g., smartphones, tablets, etc.) are being launched and a large number of eSIM assignment requests are to be fulfilled in an efficient manner.

    Methods and apparatus for establishing a secure communication channel
    4.
    发明授权
    Methods and apparatus for establishing a secure communication channel 有权

    公开(公告)号:US09722975B2

    公开(公告)日:2017-08-01

    申请号:US14789905

    申请日:2015-07-01

    Applicant: Apple Inc.

    Inventor: Xiangying Yang Li Li Jerrold Von Hauck

    IPC: H04L29/06

    CPC classification number: H04L63/0853 H04L63/0428 H04L63/062 H04L63/065 H04L63/068 H04L63/105 H04W12/04 H04W12/06

    Abstract: A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired. Once the shared session-based symmetric key is established, the off-card entity and the eUICC can securely communicate information.

    Methods and apparatus for storage and execution of access control clients
    6.
    发明授权
    Methods and apparatus for storage and execution of access control clients 有权
    用于存储和执行访问控制客户端的方法和设备

    公开(公告)号:US09532219B2

    公开(公告)日:2016-12-27

    申请号:US14543773

    申请日:2014-11-17

    Applicant: Apple Inc.

    Inventor: Stephan V. Schell Jerrold Von Hauck

    IPC: H04W12/06 H04L29/06 H04W4/00 H04W8/20 H04W8/26 H04W8/18

    CPC classification number: H04W12/06 H04L63/0823 H04W4/50 H04W4/60 H04W8/18 H04W8/205 H04W8/265

    Abstract: Disclosed herein is a technique for securely provisioning access control entities (e.g., electronic Subscriber Identity Module (eSIM) components) to a user equipment (UE) device. In one embodiment, a UE device is assigned a unique key and an endorsement certificate that can be used to provide updates or new eSIMs to the UE device. The UE device can trust eSIM material delivered by an unknown third-party eSIM vendor, based on a secure certificate transmission with the unique key. In another aspect, an operating system (OS) is partitioned into various sandboxes. During operation, the UE device can activate and execute the OS in the sandbox corresponding to a current wireless network. Personalization packages received while connected to the network only apply to that sandbox. Similarly, when loading an eSIM, the OS need only load the list of software necessary for the current run-time environment. Unused software can be subsequently activated.

    Abstract translation: 本文公开了一种用于将访问控制实体(例如,电子订户身份模块(eSIM)组件)安全地提供给用户设备(UE)设备的技术。 在一个实施例中,向UE设备分配唯一密钥和可用于向UE设备提供更新或新eSIM的签注证书。 基于使用唯一密钥的安全证书传输,UE设备可以信任由未知的第三方eSIM供应商提供的eSIM资料。 在另一方面,操作系统(OS)被划分成各种沙盒。 在操作期间,UE设备可以在对应于当前无线网络的沙箱中激活并执行OS。 连接到网络时收到的个性化包仅适用于该沙盒。 同样,当加载eSIM时,操作系统只需加载当前运行时环境所需的软件列表。 未使用的软件可以随后激活。

    ELECTRONIC SUBSCRIBER IDENTITY MODULE PROVISIONING
    7.
    发明申请
    ELECTRONIC SUBSCRIBER IDENTITY MODULE PROVISIONING 有权
    电子订户身份识别模块提供

    公开(公告)号:US20150341791A1

    公开(公告)日:2015-11-26

    申请号:US14715761

    申请日:2015-05-19

    Applicant: Apple Inc.

    Inventor: Xiangying Yang Li Li Jerrold Von Hauck

    IPC: H04W12/08 H04L29/06 H04L9/32 H04L9/08

    CPC classification number: H04W12/08 G06F21/33 G06F21/34 G06F21/602 G06F2221/2107 H04L9/0822 H04L9/0825 H04L9/0877 H04L9/3234 H04L63/0853 H04L2209/80 H04W8/205 H04W12/06

    Abstract: A method for preparing an eSIM for provisioning is provided. The method can include a provisioning server encrypting the eSIM with a symmetric key. The method can further include the provisioning server, after determining a target eUICC to which the eSIM is to be provisioned, encrypting the symmetric key with a key encryption key derived based at least in part on a private key associated with the provisioning server and a public key associated with the target eUICC. The method can additionally include the provisioning server formatting an eSIM package including the encrypted eSIM, the encrypted symmetric key, and a public key corresponding to the private key associated with the provisioning server. The method can also include the provisioning server sending the eSIM package to the target eUICC.

    Abstract translation: 提供了一种用于准备用于配置的eSIM的方法。 该方法可以包括用对称密钥加密eSIM的供应服务器。 所述方法还可以包括所述供应服务器,在确定要向其提供所述eSIM的目标eUICC之后,至少部分地基于与所述供应服务器相关联的私钥和公共的公共密钥来加密所述对称密钥,所述密钥加密密钥 与目标eUICC相关联的关键。 该方法还可以包括配置服务器格式化包括加密eSIM,加密对称密钥和对应于与配置服务器相关联的私有密钥的公钥的eSIM包。 该方法还可以包括配置服务器将eSIM包发送到目标eUICC。

    Methods and apparatus for user authentication and human intent verification in mobile devices
    8.
    发明授权
    Methods and apparatus for user authentication and human intent verification in mobile devices 有权

    公开(公告)号:US10405181B2

    公开(公告)日:2019-09-03

    申请号:US15876875

    申请日:2018-01-22

    Applicant: Apple Inc.

    Inventor: Li Li Xiangying Yang Jerrold Von Hauck Christopher B. Sharp Yousuf H. Vaid Arun G. Mathias David T. Haggerty Najeeb M. Abdulrahiman

    IPC: H04W12/06 H04L29/06 H04L12/24

    Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Patent Agency Ranking