公开(公告)号：US20180062853A1

公开(公告)日：2018-03-01

申请号：US15691399

申请日：2017-08-30

申请人： Apple Inc.

发明人： Li LI ,  Arun G. MATHIAS

IPC分类号： H04L9/32 ,  H04M15/00 ,  H04W12/04 ,  H04L9/00 ,  H04L9/14 ,  H04L9/30 ,  H04W12/06 ,  H04L29/06

CPC分类号： H04L9/3247 ,  H04L9/006 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3234 ,  H04L9/3271 ,  H04L63/0876 ,  H04L2209/80 ,  H04M15/47 ,  H04M15/48 ,  H04M2215/0148 ,  H04M2215/0156 ,  H04W4/24 ,  H04W12/00512 ,  H04W12/00514 ,  H04W12/04 ,  H04W12/06 ,  H04W12/12

摘要： A malicious party may attempt to avoid a mobile network operator (MNO) contract involved with subsidy-lock by inserting an interfering piece of hardware called a proxy SIM in a device. The device provided herein uses an authentication technique to guard against a proxy-SIM attack. The device includes a secure element (SE) with subscriber identity module (SIM) functionality present on the SE. The device sends the SE a nonce to be signed over. The SE signs using a public key infrastructure (PKI) private key of the SE and provides a response. The device evaluates whether the response contains a valid signature. If the validation is successful, the device relies on SIM data provided in the response to continue with activation of the device, so that the device can provide services under the MNO contract. If the validation fails, the device will not attempt to access network services with the SIM functionality.

公开(公告)号：US20170374547A1

公开(公告)日：2017-12-28

申请号：US15698950

申请日：2017-09-08

申请人： APPLE INC.

发明人： Mehdi ZIAT ,  Christopher Sharp ,  Kevin P. MCLAUGHLIN ,  Li LI ,  Jerrold V. Hauck ,  Yousuf H. Vaid

IPC分类号： H04W8/22 ,  G06F9/50 ,  G06F9/445

CPC分类号： H04W8/22 ,  G06F9/44505 ,  G06F9/5011

摘要： Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a POE, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification to the PCF when it is determined the PCF package is valid.

公开(公告)号：US20170289142A1

公开(公告)日：2017-10-05

申请号：US15630710

申请日：2017-06-22

申请人： Apple Inc.

发明人： Xiangying YANG ,  Li LI ,  Jerrold Von HAUCK

IPC分类号： H04L29/06

CPC分类号： H04L63/0853 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/065 ,  H04L63/068 ,  H04L63/105 ,  H04W12/04 ,  H04W12/06

摘要： A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired. Once the shared session-based symmetric key is established, the off-card entity and the eUICC can securely communicate information.

公开(公告)号：US20170078870A1

公开(公告)日：2017-03-16

申请号：US15362732

申请日：2016-11-28

申请人： Apple Inc.

发明人： Li LI ,  Xiangying YANG

IPC分类号： H04W8/18 ,  G06F12/02 ,  G06F3/06 ,  H04W8/20

CPC分类号： H04W8/183 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/0665 ,  G06F3/0673 ,  G06F12/0223 ,  G06F2212/1052 ,  G06F2212/177 ,  H04W8/205

摘要： Disclosed herein are various techniques for preventing or at least partially securing parameters—e.g., Type parameters—of electronic Subscriber Identity Modules (eSIMs) stored within an embedded Universal Integrated Circuit Card (eUICC) from being inappropriately modified by mobile network operators (MNOs). One embodiment sets forth a technique that involves modifying file access properties of the Type parameters of eSIMs to make the Type parameters readable, but not updatable by the MNOs. Another embodiment sets forth a technique that involves implementing eSIM logical containers that separate the Type parameters from the eSIM data within the eUICC, such that the Type parameters are inaccessible to the MNOs. Yet another embodiment sets forth a technique that involves implementing an Operating System (OS)-based registry that is inaccessible to the MNOs and manages Type parameters for the eSIMs that are stored by the eUICC.

摘要翻译： 本文公开了用于防止或至少部分地保护存储在嵌入式通用集成电路卡（eUICC）中的电子用户识别模块（eSIM）的参数的类型参数的各种技术不被移动网络运营商（MNO）的不当修改。 一个实施例提出了一种技术，其涉及修改eSIM的Type参数的文件访问属性，以使类型参数可读，但不能由MNO更新。 另一个实施例提出了一种技术，其涉及实现将Type参数与eUICC内的eSIM数据分开的eSIM逻辑容器，使得MNO不能访问Type参数。 另一个实施例提出了一种技术，其涉及实现MNO不可访问的基于操作系统（OS）的注册表，并管理由eUICC存储的eSIM的类型参数。

公开(公告)号：US20170013442A1

公开(公告)日：2017-01-12

申请号：US15269896

申请日：2016-09-19

申请人： Apple Inc.

发明人： Li LI ,  Ben-Heng JUANG ,  Arun G. MATHIAS

IPC分类号： H04W8/18 ,  H04W8/20

CPC分类号： H04W8/183 ,  H04W8/20

摘要： Embodiments are described for identifying and accessing an electronic subscriber identity module (eSIM) and associated content of the eSIM in a multiple eSIM configuration. An embedded Universal Integrated Circuit Card (eUICC) can include multiple eSIMs, where each eSIM can include its own file structures and applications. Some embodiments include a processor of a mobile device transmitting a special command to the eUICC, including an identification that uniquely identifies an eSIM in the eUICC. After selecting the eSIM, the processor can access file structures and applications of the selected eSIM. The processor can then use existing commands to access content in the selected eSIM. The special command can direct the eUICC to activate or deactivate content associated with the selected eSIM. Other embodiments include an eUICC platform operating system interacting with eSIMs associated with logical channels to facilitate identification and access to file structures and applications of the eSIMs.

摘要翻译： 描述了用于在多个eSIM配置中识别和访问电子订户身份模块（eSIM）和eSIM的相关内容的实施例。 嵌入式通用集成电路卡（eUICC）可以包括多个eSIM，每个eSIM可以包括其自己的文件结构和应用程序。 一些实施例包括向eUICC发送特殊命令的移动设备的处理器，包括在eUICC中唯一地标识eSIM的标识。 选择eSIM后，处理器可以访问所选eSIM的文件结构和应用程序。 然后，处理器可以使用现有命令访问所选eSIM中的内容。 特殊命令可以指示eUICC激活或停用与所选eSIM相关联的内容。 其他实施例包括与与逻辑信道相关联的eSIM交互的eUICC平台操作系统，以便于识别和访问eSIM的文件结构和应用。

公开(公告)号：US20160302070A1

公开(公告)日：2016-10-13

申请号：US15093595

申请日：2016-04-07

申请人： Apple Inc.

发明人： Xiangying YANG ,  Li LI ,  Arun G. MATHIAS

IPC分类号： H04W12/08

CPC分类号： H04W12/02 ,  H04W4/50

摘要： Methods and apparatus for managing processing of electronic Subscriber Identity Modules (eSIM) data at a mobile device are disclosed. An eSIM management entity of an embedded Universal Integrated Circuit Card (eUICC) in the mobile device obtains an encrypted eSIM package, decrypts the eSIM package to obtain eSIM contents formatted generically and not specifically tailored to requirements of the eUICC. In some embodiments, the eSIM contents are formatted based on an abstract syntax notation (ASN) distinguished encoding rules (DER) format. The eSIM management entity parses the formatted eSIM contents to retrieve individual eSIM components and installs each eSIM component for the eSIM in an eSIM security domain on the eUICC. In some embodiments, the eSIM management entity acts as a local, personalization server to provide local Trusted Service Manager (TSM) server functionality for eSIM installation that transforms “generically formatted” eSIM contents into eSIM components that match specific requirements of the eUICC.

摘要翻译： 公开了在移动设备处理电子用户识别模块（eSIM）数据处理的方法和装置。 移动设备嵌入式通用集成电路卡（eUICC）的eSIM管理实体获取加密的eSIM包，解密eSIM包，获取一般格式的eSIM内容，而不是专门针对eUICC的要求。 在一些实施例中，基于抽象语法符号（ASN）区分编码规则（DER）格式来格式化eSIM内容。 eSIM管理实体解析格式化的eSIM内容，检索单个eSIM组件，并将eSIM的每个eSIM组件安装在eUICC的eSIM安全域中。 在一些实施例中，eSIM管理实体充当本地个性化服务器，为eSIM安装提供本地可信服务管理器（TSM）服务器功能，将“一般格式化”的eSIM内容转换为符合eUICC特定要求的eSIM组件。

公开(公告)号：US20160277930A1

公开(公告)日：2016-09-22

申请号：US15076527

申请日：2016-03-21

申请人： Apple Inc.

发明人： Li LI ,  Xiangying YANG ,  Jerrold Von HAUCK ,  Christopher B. SHARP ,  Yousuf H. VAID ,  Arun G. MATHIAS ,  David T. HAGGERTY ,  Najeeb M. ABDULRAHIMAN

IPC分类号： H04W12/06 ,  H04L29/06

CPC分类号： H04W12/06 ,  H04L41/28 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/0853

摘要： Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

摘要翻译： 公开了用于移动设备中包括的eUICC的eSIM的管理操作的用户认证和人为意图验证的方法和装置。 eSIM和/或eUICC固件的某些管理操作（例如导入，修改和/或导出）可能需要在由移动设备执行或完成执行管理操作之前的用户认证和/或人为意图验证。 移动设备的用户提供在eUICC上（或之后）安装时将外部用户帐户链接到eSIM的信息。 可以使用诸如用户名和密码的用户凭证和/或从其生成的信息来用外部服务器认证用户。 响应成功的用户认证，执行管理操作。 人员意图验证还可以与用户认证一起执行，以防止恶意软件干扰移动设备的eSIM和/或eUICC功能。

公开(公告)号：US20160227409A1

公开(公告)日：2016-08-04

申请号：US15099444

申请日：2016-04-14

申请人： Apple Inc.

发明人： Stephan V. SCHELL ,  Arun G. MATHIAS ,  Jerrold Von HAUCK ,  David T. HAGGERTY ,  Kevin McLAUGHLIN ,  Ben-Heng JUANG ,  Li LI

IPC分类号： H04W12/06 ,  H04W4/00 ,  H04L29/06 ,  H04W12/04

CPC分类号： H04W12/06 ,  G06F21/45 ,  G06F21/57 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/123 ,  H04L63/20 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W8/205 ,  H04W12/04 ,  H04W12/08

摘要： Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

公开(公告)号：US20160057624A1

公开(公告)日：2016-02-25

申请号：US14831819

申请日：2015-08-20

申请人： APPLE INC.

发明人： Xiangying YANG ,  Li LI ,  Jerrold Von HAUCK

IPC分类号： H04W12/06 ,  G06F21/32 ,  H04L9/32 ,  H04W12/08 ,  H04W4/22

CPC分类号： H04W12/06 ,  G06F21/32 ,  H04L9/3231 ,  H04L9/3271 ,  H04L2209/80 ,  H04W4/50 ,  H04W4/60 ,  H04W12/08

摘要： The embodiments set forth techniques for an embedded Universal Integrated Circuit Card (eUICC) to conditionally require, when performing management operations in association with electronic Subscriber Identity Modules (eSIMs), human-based authentication. The eUICC receives a request to perform a management operation in association with an eSIM. In response, the eUICC determines whether a policy being enforced by the eUICC indicates that a human-based authentication is required prior to performing the management operation. Next, the eUICC causes the mobile device to prompt a user of the mobile device to carry out the human-based authentication. The management operation is then performed or ignored in accordance with results of the human-based authentication.

摘要翻译： 实施例阐述了嵌入式通用集成电路卡（eUICC）在与电子订户身份模块（eSIM）相关联的管理操作中有条件地要求基于人的认证的技术。 eUICC接收与eSIM相关联的执行管理操作的请求。 作为响应，eUICC确定由eUICC执行的策略是否指示在执行管理操作之前需要基于人的验证。 接下来，eUICC使得移动设备提示移动设备的用户执行基于人的认证。 然后根据基于人的认证的结果执行或忽略管理操作。

公开(公告)号：US20150347786A1

公开(公告)日：2015-12-03

申请号：US14724789

申请日：2015-05-28

申请人： Apple Inc.

发明人： Xiangying YANG ,  Li LI

IPC分类号： G06F21/78 ,  G06F12/14

CPC分类号： G06F21/78 ,  G06F12/1408 ,  G06F2212/402 ,  H04W8/183 ,  H04W8/205 ,  H04W12/04 ,  H04W12/08

摘要： A method for secure storage of an embedded Subscriber Identity Module (eSIM) on a wireless communication device including an embedded Universal Integrated Circuit Card (eUICC) and a memory external to the eUICC is provided. The method can include the eUICC determining that an eSIM package including an eSIM is to be stored on the memory. The method can also include the eUICC, in response to determining that the eSIM package is to be stored on the memory, maintaining a single-use session parameter associated with the eSIM package to enable installation of the eSIM on the eUICC if the eSIM package is later loaded onto the eUICC from the memory.

摘要翻译： 提供了一种用于在包括嵌入式通用集成电路卡（eUICC）和eUICC外部的存储器的无线通信设备上安全地存储嵌入式用户识别模块（eSIM）的方法。 该方法可以包括eUICC确定包括eSIM的eSIM包将被存储在存储器中。 该方法还可以包括eUICC，以响应于确定将eSIM包存储在存储器上，维护与eSIM包相关联的一次性会话参数，以便如果eSIM包是在eSU包上安装eSIM，则可以在eUICC上安装eSIM 后来从内存加载到eUICC上。