-
公开(公告)号:US11012852B2
公开(公告)日:2021-05-18
申请号:US16667634
申请日:2019-10-29
Applicant: Apple Inc.
Inventor: Raj S. Chaugule , Anish Kumar Goyal , Keizo Marui , Li Li , Vitalii Kramar , Zexing Shi
Abstract: Embodiments described herein relate to mechanisms for error recovery during transfer of cellular service credentials between two mobile wireless devices. Transfer of credentials includes communication between a source device, a target device, and/or one more network-based servers. Authentication can be based on one or more tokens obtained by the source device and provided to the target device. Error recovery can include using redirection to different servers, providing alternative information for authentication, and storage and subsequent retrieval of information to restart or complete a credential transfer process.
-
公开(公告)号:US10924921B2
公开(公告)日:2021-02-16
申请号:US16667617
申请日:2019-10-29
Applicant: Apple Inc.
Inventor: Sherman X. Jin , Raj S. Chaugule , Anish Kumar Goyal , Li Li , Rafael L. Rivera-Barreto , Samy Touati , Rohan C. Malthankar
Abstract: Embodiments described herein relate to transfer of credentials between two mobile wireless devices that are within proximity of each other, via a secure local connection, or via a network-based cloud service, where the two mobile wireless devices are not in proximity to each other. Transfer of credentials can include communication between a source device, a target device, and/or one more network-based servers, which can include mobile network operator (MNO) managed servers, such as an entitlement server, a web-sheet server, an authentication server, a provisioning server, a subscription management data preparation (SM-DP+) server, a home subscriber server (HSS), and/or an authentication server, as well as third-party managed servers, such as a cloud service server and/or an identification services server. Authentication can be based at least in part on one or more tokens and/or a trust flag obtained by the source device and provided to the target device.
-
公开(公告)号:US10917790B2
公开(公告)日:2021-02-09
申请号:US15996324
申请日:2018-06-01
Applicant: Apple Inc.
Inventor: Li Li , Arun G. Mathias , Gokul P. Thirumalai , Najeeb M. Abdulrahiman , Francisco J. Gonzalez , Jonathon Sodos
Abstract: Disclosed herein are techniques for enabling a user to activate a new device with a Mobile Network Operator (MNO) without requiring the user to provide MNO authentication credentials that are easily forgotten. The user activates the new device using credentials from an existing device (associated with the user) that is trusted by the MNO and also using a trust score provided by a third-party server that has knowledge of associations between the user and the existing device. The new device can be a supplemental device, such as a wearable device to a cellular phone, where both devices remain capable of accessing services provided by the MNO after the new device is activated with the MNO. The new device can also be a replacement device, such as a new phone, tablet, or wearable device, where the new device supplants access to services provided by the MNO for an existing device.
-
公开(公告)号:US10574465B2
公开(公告)日:2020-02-25
申请号:US15598232
申请日:2017-05-17
Applicant: Apple Inc.
Inventor: Li Li , Clark P. Mueller , Avinash Narasimhan , Arun G. Mathias , David T. Haggerty , Najeeb M. Abdulrahiman , Jean-Marc Padova
Abstract: Embodiments provided herein determine if an electronic subscriber identity module (eSIM) associated with a requested service can be installed in a secure element (SE) housed in a wireless device. Before requesting deployment of an eSIM suitable for the requested service from an eSIM delivery server, a carrier server asks that an original equipment manufacturer (OEM) server validate that an eSIM corresponding to a customer request should be deployed. The OEM server obtains information about the wireless device and information about the SE. When the carrier server requests validation, the OEM server evaluates the wireless device information and/or the SE information. If the OEM server indicates that deployment of the eSIM should proceed, the OEM server also indicates the eSIM type that is compatible with the wireless device and with the SE housed in the device.
-
公开(公告)号:US10440034B2
公开(公告)日:2019-10-08
申请号:US13762074
申请日:2013-02-07
Applicant: Apple Inc.
Inventor: Jerrold Von Hauck , Li Li , Stephan V. Schell
Abstract: Methods and apparatus for detecting fraudulent device operation. In one exemplary embodiment of the present disclosure, a device is issued a user access control client that is uniquely associated with a shared secret that is securely stored within the network and the access control client. Subsequent efforts to activate or deactivate the access control client require verification of the shared secret. Each change in state includes a change to the shared secret. Consequently, requests for a change to state which do not have the proper shared secret will be disregarded, and/or flagged as fraudulent.
-
Patent Agency Ranking
公开(公告)号:US10404693B2
公开(公告)日:2019-09-03
申请号:US15936331
申请日:2018-03-26
Applicant: Apple Inc.
Inventor: Xiangying Yang , Li Li , Jerrold Von Hauck
Abstract: A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired. Once the shared session-based symmetric key is established, the off-card entity and the eUICC can securely communicate information.
-
公开(公告)号:US10397770B2
公开(公告)日:2019-08-27
申请号:US14499002
申请日:2014-09-26
Applicant: Apple Inc.
Inventor: Li Li , Arun G. Mathias
Abstract: Disclosed herein is a technique for mitigating paging collisions in mobile devices. When a new electronic Subscriber Identity Module (eSIM) is to be provisioned on a mobile device, International Mobile Subscriber Identity (IMSI) information associated with each of the SIMs/eSIMs currently installed on the mobile device is obtained and provided to a provisioning server. In turn, the provisioning server utilizes the IMSI information to select a new eSIM associated with an IMSI that is unlikely to result in a paging collision when operated alongside the SIMs/eSIMs installed on the mobile device. The provisioning server provides the new eSIM to the mobile device, whereupon the mobile device installs the eSIM into the embedded Universal Integrated Circuit Card (eUICC) for operation.
-
公开(公告)号:US10356614B2
公开(公告)日:2019-07-16
申请号:US15356398
申请日:2016-11-18
Applicant: Apple Inc.
Inventor: Li Li , Arun G. Mathias
Abstract: A secure element uses a backup context to restore a deleted electronic Subscriber Identity Module (eSIM) without compromising a trust relationship with a mobile network operator (MNO). A backup copy of a data binary large object (data blob) originally used to instantiate the eSIM is retrieved. The secure element determines if the eSIM within the data blob is uniquely associated with the secure element from a previous installation. The secure element examines the data blob to determine an identifier unique to the eSIM. The identifier can be an integrated circuit card identifier (ICC-ID) or a profile identifier. The secure element searches a table of instantiated eSIMs in the secure memory. If the secure element is able to match the recovered eSIM identifier with an entry in the table, then the secure element installs this eSIM in the secure element.
-
公开(公告)号:US10264452B2
公开(公告)日:2019-04-16
申请号:US15944738
申请日:2018-04-03
Applicant: Apple Inc.
Inventor: Xiangying Yang , Li Li , Jerrold Von Hauck
Abstract: The embodiments set forth techniques for an embedded Universal Integrated Circuit Card (eUICC) to conditionally require, when performing management operations in association with electronic Subscriber Identity Modules (eSIMs), human-based authentication. The eUICC receives a request to perform a management operation in association with an eSIM. In response, the eUICC determines whether a policy being enforced by the eUICC indicates that a human-based authentication is required prior to performing the management operation. Next, the eUICC causes the mobile device to prompt a user of the mobile device to carry out the human-based authentication. The management operation is then performed or ignored in accordance with results of the human-based authentication.
-
公开(公告)号:US09942755B2
公开(公告)日:2018-04-10
申请号:US14831819
申请日:2015-08-20
Applicant: Apple Inc.
Inventor: Xiangying Yang , Li Li , Jerrold Von Hauck
CPC classification number: H04W12/06 , G06F21/32 , H04L9/3231 , H04L9/3271 , H04L2209/80 , H04W4/50 , H04W4/60 , H04W12/08
Abstract: The embodiments set forth techniques for an embedded Universal Integrated Circuit Card (eUICC) to conditionally require, when performing management operations in association with electronic Subscriber Identity Modules (eSIMs), human-based authentication. The eUICC receives a request to perform a management operation in association with an eSIM. In response, the eUICC determines whether a policy being enforced by the eUICC indicates that a human-based authentication is required prior to performing the management operation. Next, the eUICC causes the mobile device to prompt a user of the mobile device to carry out the human-based authentication. The management operation is then performed or ignored in accordance with results of the human-based authentication.
-
-
-
-
-
-
-
-
-
Search Results
144
records
(took 0.029 seconds)
