公开(公告)号：US20150289129A1

公开(公告)日：2015-10-08

申请号：US14664739

申请日：2015-03-20

Applicant: Apple Inc.

Inventor： Li LI ,  Xiangying YANG

IPC: H04W8/18 ,  G06F3/06

CPC classification number: H04W8/183 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/0665 ,  G06F3/0673 ,  G06F12/0223 ,  G06F2212/1052 ,  G06F2212/177 ,  H04W8/205

Abstract: Disclosed herein are various techniques for preventing or at least partially securing parameters—e.g., Type parameters—of electronic Subscriber Identity Modules (eSIMs) stored within an embedded Universal Integrated Circuit Card (eUICC) from being inappropriately modified by mobile network operators (MNOs). One embodiment sets forth a technique that involves modifying file access properties of the Type parameters of eSIMs to make the Type parameters readable, but not updatable by the MNOs. Another embodiment sets forth a technique that involves implementing eSIM logical containers that separate the Type parameters from the eSIM data within the eUICC, such that the Type parameters are inaccessible to the MNOs. Yet another embodiment sets forth a technique that involves implementing an Operating System (OS)-based registry that is inaccessible to the MNOs and manages Type parameters for the eSIMs that are stored by the eUICC.

Abstract translation: 本文公开了用于防止或至少部分地保护存储在嵌入式通用集成电路卡（eUICC）中的电子用户识别模块（eSIM）的参数的类型参数的各种技术不被移动网络运营商（MNO）的不当修改。 一个实施例提出了一种技术，其涉及修改eSIM的Type参数的文件访问属性，以使类型参数可读，但不能由MNO更新。 另一个实施例提出了一种技术，其涉及实现将Type参数与eUICC内的eSIM数据分开的eSIM逻辑容器，使得MNO不能访问Type参数。 另一个实施例提出了一种技术，其涉及实现MNO不可访问的基于操作系统（OS）的注册表，并管理由eUICC存储的eSIM的类型参数。

公开(公告)号：US20150256345A1

公开(公告)日：2015-09-10

申请号：US14279109

申请日：2014-05-15

Applicant: Apple Inc.

Inventor： Yousuf H. VAID ,  Christopher B. SHARP ,  Medhi ZIAT ,  Li LI ,  Jerrold Von HAUCK ,  Ramiro SARMIENTO ,  Jean-Marc PADOVA

IPC: H04L9/32

CPC classification number: H04L9/3268

Abstract: Disclosed herein is a technique for revoking a root certificate from at least one client device. In particular, the technique involves causing a secure element—which is included in the at least one client device and is configured to store the root certificate as well as at least one backup root certificate—to permanently disregard the root certificate and prevent the at least one client device from utilizing the specific root certificate. According to one embodiment, this revocation occurs in response to a receiving a revocation message that directly targets the root certificate, where the message includes at least two levels of authentication that are verified by the secure element prior to carrying out the revocation. Once the root certificate is revoked, the secure element can continue to utilize the at least one backup root certificate, while permanently disregarding the revoked root certificate.

Abstract translation: 本文公开了一种用于从至少一个客户端设备撤销根证书的技术。 特别地，该技术涉及引起安全元件，其包括在至少一个客户端设备中并且被配置为存储根证书以及至少一个备份根证书，以永久地忽略根证书，并且至少防止 一个客户端设备利用特定的根证书。 根据一个实施例，该撤销响应于接收直接针对根证书的撤销消息而发生，其中该消息包括在执行撤销之前由安全元件验证的至少两个认证级别。 根证书被撤销后，安全元素可以继续使用至少一个备份根证书，同时永久忽略已撤销的根证书。

公开(公告)号：US20130210388A1

公开(公告)日：2013-08-15

申请号：US13762897

申请日：2013-02-08

Applicant: Apple Inc.

Inventor： Li LI ,  Stephan V. SCHELL

IPC: H04W48/06

CPC classification number: H04W12/12 ,  H04L69/40 ,  H04W8/20 ,  H04W8/265 ,  H04W28/0289 ,  H04W28/06 ,  H04W48/06 ,  H04W52/0212 ,  H04W74/004 ,  Y02D70/1224 ,  Y02D70/1242 ,  Y02D70/1262 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/146 ,  Y02D70/166

Abstract: Methods and apparatus for correcting error events associated with identity provisioning. In one embodiment, repeated requests for access control clients are responded to with the execution of a provisioning feedback mechanism which is intended to prevent the unintentional (or even intentional) over-consumption or waste of network resources via the delivery of an excessive amount of access control clients. These provisioning feedback mechanisms include rate-limiting algorithms and/or methodologies which place a cost on the user. Apparatus for implementing the aforementioned provisioning feedback mechanisms are also disclosed and include specialized user equipment and/or network side equipment such as a subscriber identity module provisioning server (SPS).

Abstract translation: 用于纠正与身份提供相关的错误事件的方法和装置。 在一个实施例中，对访问控制客户机的重复请求响应于供应反馈机制的执行，其旨在通过传递过多的访问来防止无意（甚至故意的）过度消费或浪费网络资源 控制客户端。 这些供应反馈机制包括对用户造成成本的速率限制算法和/或方法。 还公开了用于实现上述提供反馈机制的装置，并且包括专用用户设备和/或诸如订户身份模块提供服务器（SPS）的网络侧设备。