公开(公告)号：US20180351945A1

公开(公告)日：2018-12-06

申请号：US15720454

申请日：2017-09-29

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: H04L29/06 ,  H04W8/20 ,  H04B1/3816

CPC classification number: H04L63/0853 ,  G06F21/57 ,  G06F21/72 ,  H04B1/3816 ,  H04L63/0869 ,  H04L63/123 ,  H04W8/205 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10

Abstract: Provisioning of an electronic subscriber identity module (eSIM) to an embedded universal integrated circuit card (eUICC) is observed to acquire a captured payload. The captured payload is then used in replay test sessions. In a live test session, test equipment can be used to monitor the communication between an eSIM server and the eUICC in order to capture the payload transmitted from the eSIM server. In the live test session, the eUICC can be in a debug mode that persists an ability to generate the same keys. In the replay test sessions, the payload captured can be reused and the eUICC can regenerate the same keys to decrypt an encrypted eSIM in the payload. After an installation attempt, the eUICC can provide notifications to the test equipment. The eUICC can be stress-tested using methods described herein without consuming a large number of eSIMs from an eSIM server inventory.

公开(公告)号：US20180060199A1

公开(公告)日：2018-03-01

申请号：US15684806

申请日：2017-08-23

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: G06F11/20 ,  G06F9/44 ,  G06F21/60 ,  G06F21/45

CPC classification number: G06F11/2094 ,  G06F8/61 ,  G06F9/4401 ,  G06F11/1433 ,  G06F21/45 ,  G06F21/602 ,  G06F2201/81

Abstract: A device hosting a universal integrated circuit card (UICC or eUICC) initiates an electronic subscriber identity module (eSIM) installation flow with an SIM server. The purpose of the eSIM installation flow is to perform a profile provisioning action. The device and, for example, the eUICC preserve state information related to the eSIM installation flow. The eSIM installation flow includes generation of a one-time public key at the eUICC. In some instances, the eSIM installation flow may be interrupted by an error event before successful installation of the eSIM in the eUICC. A subsequent renewed installation attempt is locally initiated and completed without assistance of the eSIM server. In some embodiments, the recovery and subsequent successful eSIM installation make use of the state information preserved during the earlier eSIM installation flow.

公开(公告)号：US20170338966A1

公开(公告)日：2017-11-23

申请号：US15598220

申请日：2017-05-17

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: H04L9/32 ,  H04L29/06

Abstract: Secure reception of a certificate revocation list (CRL) is determined. In some embodiments, a device initiates a CRL update by sending a message with a timestamp to an embedded universal integrated circuit card (eUICC). The eUICC generates a session identifier, nonce, or random number and builds a payload including an internal time value based on a server time, and an internal time value based on a past message received from the device. The eUICC cryptographically signs over the payload and sends it to the device. The device obtains a CRL from a host server, checks the CRL, and, if the CRL passes the device check, sends it to the eUICC along with a second device timestamp and the nonce. The eUICC then performs checks based on the timestamps, the nonce, the CRL and the internal time values to determine whether the CRL has been securely received.

公开(公告)号：US20160337780A1

公开(公告)日：2016-11-17

申请号：US15217796

申请日：2016-07-22

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS ,  Ben-Heng JUANG

IPC: H04W4/00 ,  H04W12/04 ,  H04W8/20

CPC classification number: H04W4/001 ,  H04W4/50 ,  H04W8/20 ,  H04W12/04

Abstract: Provisioning an embedded subscriber identity module (eSIM) in a user equipment (UE) device with personalized subscriber information. A request may be transmitted for personalized subscriber information. The personalized subscriber information may be received. The personalized subscriber information may be installed in an eSIM in the UE device.

Abstract translation: 在具有个性化订户信息的用户设备（UE）设备中提供嵌入式用户识别模块（eSIM）。 可以发送用于个性化订户信息的请求。 可以接收个性化订户信息。 个性化用户信息可以安装在UE设备中的eSIM中。

公开(公告)号：US20160330175A1

公开(公告)日：2016-11-10

申请号：US15146771

申请日：2016-05-04

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: H04L29/06 ,  G06F9/445

CPC classification number: G06F8/65 ,  H04L63/0853 ,  H04L63/20

Abstract: Activities involving a secure element (SE) in a mobile device include a background operation. When the SE initiates the background operation, it informs the mobile device of an estimated duration. The mobile device thus recognizes that the SE is not in a stuck state, and maintains a clock signal and a power flow to the SE. Firmware updates to the SE include erasing a non-volatile (NV) memory in the SE in parallel with firmware or software updates to other processor systems in the mobile device. Needed data, for example calibration data or cryptographic key data, is preserved by storing data from some processor systems in one or more supplementary security domains (SSDs) in the SE. When a given processor system completes a firmware update, the needed data is restored to the processor system from the SSD.

Abstract translation: 在移动设备中涉及安全元件（SE）的活动包括背景操作。 当SE启动后台操作时，它通知移动设备估计的持续时间。 因此，移动设备识别出SE不处于停滞状态，并且维持时钟信号和功率流到SE。 SE的固件更新包括在移动设备中与固件或软件更新并行地擦除SE中的非易失性（NV）存储器到其他处理器系统。 通过将来自一些处理器系统的数据存储在SE中的一个或多个补充安全域（SSD）中来保存需要的数据，例如校准数据或加密密钥数据。 当给定的处理器系统完成固件更新时，所需的数据从SSD恢复到处理器系统。

公开(公告)号：US20150312698A1

公开(公告)日：2015-10-29

申请号：US14629386

申请日：2015-02-23

Applicant: Apple Inc.

Inventor： Stephan V. SCHELL ,  Arun G. MATHIAS ,  Jerrold Von HAUCK ,  David T. HAGGERTY ,  Kevin McLAUGHLIN ,  Ben-Heng JUANG ,  Li LI

IPC: H04W4/00 ,  H04W12/04 ,  H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  G06F21/45 ,  G06F21/57 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/123 ,  H04L63/20 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W8/205 ,  H04W12/04 ,  H04W12/08

Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

Abstract translation: 能够对无线装置的电子识别信息进行编程的方法和装置。 在一个实施例中，先前购买或部署的无线设备由蜂窝网络激活。 无线设备使用访问模块连接到蜂窝网络，以下载操作系统组件和/或访问控制客户端组件。 所描述的方法和装置能够更新，添加和替换各种组件，包括电子订户身份模块（eSIM）数据，OS组件。 本发明的一个示例性实施方式利用设备和蜂窝网络之间的可信密钥交换来维护安全性。

公开(公告)号：US20230247414A1

公开(公告)日：2023-08-03

申请号：US18161810

申请日：2023-01-30

Applicant: Apple Inc.

Inventor： Li LI ,  Najeeb M. ABDULRAHIMAN ,  Arun G. MATHIAS

IPC: H04W8/18 ,  H04W12/06 ,  H04W8/20 ,  H04W12/30

CPC classification number: H04W8/183 ,  H04W8/205 ,  H04W12/06 ,  H04W12/35

Abstract: Techniques for flexible electronic subscriber identity module (eSIM) deployment to a wireless device by a network server, including generation of multiple eSIMs using an identical eSIM identifier value, such as an identical integrated circuit card identifier (ICCID) value, and subsequent selection of an eSIM based on capabilities of the wireless device. Multiple eSIMs that correspond to different sets of wireless device capabilities are generated without knowledge of the wireless communication standards that a wireless device supports. The multiple eSIMs include a first eSIM that includes fifth generation (5G) wireless communication protocol information and a second eSIM that excludes 5G wireless communication protocol information. The network server selects an eSIM from the multiple eSIMs based on whether the wireless device is 5G capable. After selection and binding of a profile package that includes the eSIM, the remaining eSIMs that use the identical ICCID value are deleted, for security enforcement against cloning.

公开(公告)号：US20200288298A1

公开(公告)日：2020-09-10

申请号：US16808012

申请日：2020-03-03

Applicant: Apple Inc.

Inventor： Li LI ,  Najeeb M. ABDULRAHIMAN ,  Arun G. MATHIAS

IPC: H04W8/18 ,  H04W12/06 ,  H04W12/00 ,  H04W4/60 ,  H04W8/26 ,  H04L29/06

Abstract: The described embodiments set forth techniques for managing inactive (disabled) electronic subscriber identity modules (eSIMs) on secure elements, e.g., Universal Integrated Circuit Cards (UICCs) and/or embedded UICCs (eUICCs), of a wireless device, including retrieving information from an inactive eSIM, obtaining authentication tokens from an inactive eSIM, authenticating the inactive eSIM with a network-based Mobile Network Operator (MNO) server, retrieving status information for a subscription account associated with the inactive eSIM, and/or performing an account management operation on the inactive eSIM.

公开(公告)号：US20170346858A1

公开(公告)日：2017-11-30

申请号：US15609999

申请日：2017-05-31

Applicant: Apple Inc.

Inventor： Prashant H. VASHI ,  Najeeb M. ABDULRAHIMAN ,  Rohan C. MALTHANKAR ,  Arun G. MATHIAS ,  Vikram Bhaskara YERRABOMMANAHALLI

IPC: H04L29/06 ,  H04W8/18 ,  H04L12/24 ,  H04W76/02 ,  H04W40/22

CPC classification number: H04L65/1016 ,  H04L65/1073 ,  H04W8/005 ,  H04W76/19 ,  H04W88/04 ,  Y02D70/1262 ,  Y02D70/1264 ,  Y02D70/14 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/166 ,  Y02D70/168 ,  Y02D70/20 ,  Y02D70/22 ,  Y02D70/23 ,  Y02D70/26

Abstract: Methods and apparatus to manage registration for cellular services of a secondary wireless device associated with a primary wireless device are disclosed. The secondary wireless device can detect entering proximity to the primary wireless device and in response to the detecting deactivate a cellular wireless interface of the secondary wireless device to conserve battery power, and provide an indication to the primary wireless device, via a non-cellular wireless interface, to cause the primary wireless device to perform a deregistration of the secondary wireless device for cellular services. The secondary wireless device can establish connections and communicate via non-cellular wireless interfaces while within proximity of the primary wireless device. Upon leaving proximity of the primary wireless device, the secondary wireless device can activate the cellular wireless interface and register for cellular services to permit establishing connections and communicating directly with a cellular wireless network via the cellular wireless interface.

公开(公告)号：US20170150356A1

公开(公告)日：2017-05-25

申请号：US15356398

申请日：2016-11-18

Applicant: Apple Inc.

Inventor： Li LI ,  Arun G. MATHIAS

IPC: H04W12/06 ,  H04L9/32 ,  H04L9/30 ,  H04L29/06 ,  H04L9/14

CPC classification number: H04W12/06

Abstract: A secure element uses a backup context to restore a deleted electronic Subscriber Identity Module (eSIM) without compromising a trust relationship with a mobile network operator (MNO). A backup copy of a data binary large object (data blob) originally used to instantiate the eSIM is retrieved. The secure element determines if the eSIM within the data blob is uniquely associated with the secure element from a previous installation. The secure element examines the data blob to determine an identifier unique to the eSIM. The identifier can be an integrated circuit card identifier (ICC-ID) or a profile identifier. The secure element searches a table of instantiated eSIMs in the secure memory. If the secure element is able to match the recovered eSIM identifier with an entry in the table, then the secure element installs this eSIM in the secure element.