公开(公告)号：US20180060199A1

公开(公告)日：2018-03-01

申请号：US15684806

申请日：2017-08-23

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: G06F11/20 ,  G06F9/44 ,  G06F21/60 ,  G06F21/45

CPC classification number: G06F11/2094 ,  G06F8/61 ,  G06F9/4401 ,  G06F11/1433 ,  G06F21/45 ,  G06F21/602 ,  G06F2201/81

Abstract: A device hosting a universal integrated circuit card (UICC or eUICC) initiates an electronic subscriber identity module (eSIM) installation flow with an SIM server. The purpose of the eSIM installation flow is to perform a profile provisioning action. The device and, for example, the eUICC preserve state information related to the eSIM installation flow. The eSIM installation flow includes generation of a one-time public key at the eUICC. In some instances, the eSIM installation flow may be interrupted by an error event before successful installation of the eSIM in the eUICC. A subsequent renewed installation attempt is locally initiated and completed without assistance of the eSIM server. In some embodiments, the recovery and subsequent successful eSIM installation make use of the state information preserved during the earlier eSIM installation flow.

公开(公告)号：US20170338966A1

公开(公告)日：2017-11-23

申请号：US15598220

申请日：2017-05-17

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: H04L9/32 ,  H04L29/06

Abstract: Secure reception of a certificate revocation list (CRL) is determined. In some embodiments, a device initiates a CRL update by sending a message with a timestamp to an embedded universal integrated circuit card (eUICC). The eUICC generates a session identifier, nonce, or random number and builds a payload including an internal time value based on a server time, and an internal time value based on a past message received from the device. The eUICC cryptographically signs over the payload and sends it to the device. The device obtains a CRL from a host server, checks the CRL, and, if the CRL passes the device check, sends it to the eUICC along with a second device timestamp and the nonce. The eUICC then performs checks based on the timestamps, the nonce, the CRL and the internal time values to determine whether the CRL has been securely received.

公开(公告)号：US20170338954A1

公开(公告)日：2017-11-23

申请号：US15602027

申请日：2017-05-22

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04L9/0863 ,  H04L9/0838 ,  H04L9/0894 ,  H04L9/3273 ,  H04L63/0435 ,  H04L63/067 ,  H04L63/0853 ,  H04L2463/061 ,  H04W12/0023 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

Abstract: A device hosting a universal integrated circuit card (UICC or eUICC) initiates a provisioning call flow with an electronic subscriber identity module (eSIM) server. The purpose of the provisioning call flow is to perform a particular provisioning action or function. The eSIM server, the device and/or the eUICC maintain state information related to the provisioning call flow. The provisioning call flow includes generation of a one-time public key (otPK) at the eUICC. The provisioning call flow is interrupted by an error event before, for example, successful installation of a profile in the eUICC. A subsequent provisioning call flow is initiated. The eSIM server assists the eUICC to recover from the error event based on the state information of the eSIM server, the device and/or the eUICC. In some embodiments, the recovery and subsequent successful profile installation makes use of the otPK generated during the earlier provisioning call flow.

公开(公告)号：US20170280328A1

公开(公告)日：2017-09-28

申请号：US15619167

申请日：2017-06-09

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI ,  Jerrold Von HAUCK

IPC: H04W12/08 ,  G06F21/33 ,  G06F21/34 ,  G06F21/60 ,  H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04W12/06 ,  H04W8/20

CPC classification number: H04W12/08 ,  G06F21/33 ,  G06F21/34 ,  G06F21/602 ,  G06F2221/2107 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0877 ,  H04L9/3234 ,  H04L63/0853 ,  H04L2209/80 ,  H04W8/205 ,  H04W12/06

Abstract: A method for preparing an eSIM for provisioning is provided. The method can include a provisioning server encrypting the eSIM with a symmetric key. The method can further include the provisioning server, after determining a target eUICC to which the eSIM is to be provisioned, encrypting the symmetric key with a key encryption key derived based at least in part on a private key associated with the provisioning server and a public key associated with the target eUICC. The method can additionally include the provisioning server formatting an eSIM package including the encrypted eSIM, the encrypted symmetric key, and a public key corresponding to the private key associated with the provisioning server. The method can also include the provisioning server sending the eSIM package to the target eUICC.

公开(公告)号：US20170127264A1

公开(公告)日：2017-05-04

申请号：US15340933

申请日：2016-11-01

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI

IPC: H04W8/18 ,  H04L29/06 ,  H04W12/10 ,  H04W12/04

CPC classification number: H04W8/183 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0823 ,  H04L2209/80 ,  H04W4/60 ,  H04W8/205 ,  H04W12/02 ,  H04W12/04 ,  H04W12/10

Abstract: Methods and apparatus for provisioning electronic Subscriber Identity Module (eSIM) data by a mobile device are disclosed. Processing circuitry of the mobile device transfers encrypted eSIM data to an embedded Universal Integrated Circuit Card (eUICC) of the mobile device as a series of data messages and receives corresponding response messages for each data message from the eUICC. The response messages from the eUICC are formatted with a tag field that indicates encryption and signature verification properties for the response message. Different values in the tag field indicate whether the response message is (i) encrypted and verifiably signed, (ii) verifiably signed only, or (iii) includes plain text information. Response messages without encryption are readable by the processing circuitry, and processing of the response messages, including forwarding to network elements, such as to a provisioning server are based at least in part on values in the tag field.

公开(公告)号：US20170093565A1

公开(公告)日：2017-03-30

申请号：US15279343

申请日：2016-09-28

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI

IPC: H04L9/08 ,  H04W12/04

CPC classification number: H04L9/0822 ,  H04L9/0841 ,  H04L63/0428 ,  H04L2209/80 ,  H04L2463/062 ,  H04W8/205 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

Abstract: Methods for provisioning electronic Subscriber Identity Modules (eSIMs) to electronic Universal Integrated Circuit Cards (eUICCs) are provided. One method involves a provisioning server configured to encrypt the eSIM with a symmetric key (Ke). The provisioning server, upon identifying a target eUICC, encrypts the symmetric key with a key encryption key (KEK) derived based at least in part on a private key associated with the provisioning server and a public key associated with the target eUICC. The provisioning server generates an eSIM package including the encrypted eSIM, the encrypted symmetric key, a public key corresponding to the private key associated with the provisioning server, as well as additional information that enables the target eUICC to, upon receipt of the eSIM package, identify a private key that corresponds to the public key associated with the target eUICC and used to derive the KEK.

公开(公告)号：US20160337780A1

公开(公告)日：2016-11-17

申请号：US15217796

申请日：2016-07-22

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS ,  Ben-Heng JUANG

IPC: H04W4/00 ,  H04W12/04 ,  H04W8/20

CPC classification number: H04W4/001 ,  H04W4/50 ,  H04W8/20 ,  H04W12/04

Abstract: Provisioning an embedded subscriber identity module (eSIM) in a user equipment (UE) device with personalized subscriber information. A request may be transmitted for personalized subscriber information. The personalized subscriber information may be received. The personalized subscriber information may be installed in an eSIM in the UE device.

Abstract translation: 在具有个性化订户信息的用户设备（UE）设备中提供嵌入式用户识别模块（eSIM）。 可以发送用于个性化订户信息的请求。 可以接收个性化订户信息。 个性化用户信息可以安装在UE设备中的eSIM中。

公开(公告)号：US20160330175A1

公开(公告)日：2016-11-10

申请号：US15146771

申请日：2016-05-04

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: H04L29/06 ,  G06F9/445

CPC classification number: G06F8/65 ,  H04L63/0853 ,  H04L63/20

Abstract: Activities involving a secure element (SE) in a mobile device include a background operation. When the SE initiates the background operation, it informs the mobile device of an estimated duration. The mobile device thus recognizes that the SE is not in a stuck state, and maintains a clock signal and a power flow to the SE. Firmware updates to the SE include erasing a non-volatile (NV) memory in the SE in parallel with firmware or software updates to other processor systems in the mobile device. Needed data, for example calibration data or cryptographic key data, is preserved by storing data from some processor systems in one or more supplementary security domains (SSDs) in the SE. When a given processor system completes a firmware update, the needed data is restored to the processor system from the SSD.

Abstract translation: 在移动设备中涉及安全元件（SE）的活动包括背景操作。 当SE启动后台操作时，它通知移动设备估计的持续时间。 因此，移动设备识别出SE不处于停滞状态，并且维持时钟信号和功率流到SE。 SE的固件更新包括在移动设备中与固件或软件更新并行地擦除SE中的非易失性（NV）存储器到其他处理器系统。 通过将来自一些处理器系统的数据存储在SE中的一个或多个补充安全域（SSD）中来保存需要的数据，例如校准数据或加密密钥数据。 当给定的处理器系统完成固件更新时，所需的数据从SSD恢复到处理器系统。

公开(公告)号：US20150312698A1

公开(公告)日：2015-10-29

申请号：US14629386

申请日：2015-02-23

Applicant: Apple Inc.

Inventor： Stephan V. SCHELL ,  Arun G. MATHIAS ,  Jerrold Von HAUCK ,  David T. HAGGERTY ,  Kevin McLAUGHLIN ,  Ben-Heng JUANG ,  Li LI

IPC: H04W4/00 ,  H04W12/04 ,  H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  G06F21/45 ,  G06F21/57 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/123 ,  H04L63/20 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W8/205 ,  H04W12/04 ,  H04W12/08

Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

Abstract translation: 能够对无线装置的电子识别信息进行编程的方法和装置。 在一个实施例中，先前购买或部署的无线设备由蜂窝网络激活。 无线设备使用访问模块连接到蜂窝网络，以下载操作系统组件和/或访问控制客户端组件。 所描述的方法和装置能够更新，添加和替换各种组件，包括电子订户身份模块（eSIM）数据，OS组件。 本发明的一个示例性实施方式利用设备和蜂窝网络之间的可信密钥交换来维护安全性。

公开(公告)号：US20250080971A1

公开(公告)日：2025-03-06

申请号：US18824563

申请日：2024-09-04

Applicant: Apple Inc.

Inventor： Raj S CHAUGULE ,  Hyewon LEE ,  Jean-Marc PADOVA ,  Li LI ,  Rohan C MALTHANKAR ,  Sherman X JIN ,  Suraj GUPTA ,  Xiangying YANG ,  Zexing SHI

IPC: H04W8/20 ,  H04L9/32

Abstract: An apparatus configured to engage in an embedded subscriber identity module (eSIM) profile transfer process to transfer an eSIM profile from a source device executing a first operating system (OS) that implements a first protocol stack related to eSIM profile transfers to a target device executing a second OS that implements a second protocol stack related to eSIM profile transfers, wherein the first protocol stack and the second protocol stack are different, process, based on signaling received from an entitlement server, a token for transferring the eSIM profile, generate, for transmission to the target device, a message comprising the token and establish a secure tunnel via a wireless communication connection with the target device.