公开(公告)号：US20160246585A1

公开(公告)日：2016-08-25

申请号：US14629388

申请日：2015-02-23

Applicant: Apple Inc.

Inventor： Li LI ,  Jerrold Von HAUCK ,  Najeeb M. ABDULRAHIMAN ,  Arun G. MATHIAS

IPC: G06F9/445 ,  H04W8/24

CPC classification number: G06F8/65 ,  G06F8/61 ,  G06F8/654 ,  H04L63/0853 ,  H04W8/205 ,  H04W8/24

Abstract: Disclosed herein is a technique for updating firmware of an embedded Universal Integrated Circuit Card (eUICC) included in a mobile device. The technique includes the steps of (1) receiving, from a firmware provider, an indication that an updated firmware is available for the eUICC, (2) in response to the indication, providing, to the firmware provider, (i) a unique identifier (ID) associated with the eUICC, and (ii) a nonce value, (3) subsequent to providing, receiving, from the firmware provider, a firmware update package, wherein the firmware update package includes (i) authentication information, and (ii) the updated firmware, (4) subsequent to verifying the authentication information, persisting, to a memory included in the mobile device, a hash value that corresponds to the updated firmware, and (5) installing the updated firmware on the eUICC.

Abstract translation: 这里公开了一种用于更新包括在移动设备中的嵌入式通用集成电路卡（eUICC）的固件的技术。 该技术包括以下步骤：（1）从固件提供商接收更新的固件可用于eUICC的指示，（2）响应于该指示，向固件提供商提供（i）唯一标识符 （i）与所述eUICC相关联，以及（ii）随机值，（3）在从所述固件提供商提供固件更新包之后，其中所述固件更新包包括（i）认证信息，和（ii） ）更新的固件，（4）在验证认证信息之后，将包含在移动设备中的存储器持久化到与更新的固件相对应的散列值，以及（5）在eUICC上安装更新的固件。

公开(公告)号：US20160006729A1

公开(公告)日：2016-01-07

申请号：US14789905

申请日：2015-07-01

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI ,  Jerrold Von HAUCK

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/065 ,  H04L63/068 ,  H04L63/105 ,  H04W12/04 ,  H04W12/06

Abstract: A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired. Once the shared session-based symmetric key is established, the off-card entity and the eUICC can securely communicate information.

Abstract translation: 提供了一种用于在卡外实体和嵌入式通用集成电路卡（eUICC）之间建立安全通信信道的方法。 该方法涉及建立在范围上短暂的对称密钥。 具体来说，脱卡实体和由脱机实体管理的一组eUICC中的每个eUICC都具有长期公钥基础设施（PKI）信息。 当在离线卡实体和eUICC之间建立一个安全通信信道时，eUICC和离开卡实体可以根据分别拥有的PKI信息（例如，验证公开密钥）来彼此认证。 认证后，离线卡实体和eUICC建立共享的基于会话的对称密钥，用于实现安全通信信道。 具体地，基于会话的对称密钥是根据是否需要完美的或半正向的安全来生成的。 一旦建立了共享的基于会话的对称密钥，离卡实体和eUICC就可以安全地传递信息。

公开(公告)号：US20190387402A1

公开(公告)日：2019-12-19

申请号：US16557770

申请日：2019-08-30

Applicant: Apple Inc.

Inventor： Li LI ,  Xiangying YANG ,  Jerrold Von HAUCK ,  Christopher B. SHARP ,  Yousuf H. VAID ,  Arun G. MATHIAS ,  David T. HAGGERTY ,  Najeeb M. ABDULRAHIMAN

IPC: H04W12/06 ,  H04L12/24 ,  H04L29/06

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

公开(公告)号：US20170289142A1

公开(公告)日：2017-10-05

申请号：US15630710

申请日：2017-06-22

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI ,  Jerrold Von HAUCK

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/065 ,  H04L63/068 ,  H04L63/105 ,  H04W12/04 ,  H04W12/06

Abstract: A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired. Once the shared session-based symmetric key is established, the off-card entity and the eUICC can securely communicate information.

公开(公告)号：US20170006473A1

公开(公告)日：2017-01-05

申请号：US15263306

申请日：2016-09-12

Applicant: Apple Inc.

Inventor： Jerrold Von HAUCK ,  David T. HAGGERTY

IPC: H04W12/08 ,  H04W8/18 ,  H04W12/04 ,  H04L9/32 ,  H04W12/06

CPC classification number: H04W12/08 ,  H04L9/3228 ,  H04L9/3247 ,  H04L63/061 ,  H04L63/0869 ,  H04L2209/80 ,  H04W4/60 ,  H04W8/183 ,  H04W8/245 ,  H04W12/04 ,  H04W12/06 ,  H04W12/12

Abstract: Apparatus and methods for controlling the distribution of electronic access clients to a device. In one embodiment, a virtualized Universal Integrated Circuit Card (UICC) can only load an access client such as an electronic Subscriber Identity Module (eSIM) according to an activation ticket. The activation ticket ensures that the virtualized UICC can only receive eSIMs from specific carriers (“carrier locking”). Unlike prior art methods which enforce carrier locking on a software application launched from a software chain of trust (which can be compromised), the present invention advantageously enforces carrier locking with the secure UICC hardware which has, for example, a secure code base.

Abstract translation: 用于控制电子访问客户端到设备的分发的装置和方法。 在一个实施例中，虚拟化通用集成电路卡（UICC）只能根据激活票加载诸如电子订户身份模块（eSIM）的访问客户端。 激活票确保虚拟化UICC只能从特定运营商接收eSIM（“运营商锁定”）。 不同于在从软件信任链（其可能受到损害）启动的软件应用上实施载体锁定的现有技术方法，本发明有利地利用具有例如安全代码库的安全UICC硬件实施载波锁定。

公开(公告)号：US20160366585A1

公开(公告)日：2016-12-15

申请号：US15245013

申请日：2016-08-23

Applicant: Apple Inc.

Inventor： David FLEISCHMAN ,  Patrick COFFMAN ,  Jeremy WYLD ,  Gregory N. CHRISTIE ,  Jerrold Von HAUCK ,  Audra Men-jhi LIU ,  Sebastien SAHUC ,  Muralidhar S. VEMPATY ,  Shruti CHUGH ,  Ashutosh CHAUBEY ,  Dallas DE ATLEY ,  Jean-Marc PADOVA ,  Heath CULP ,  Bruno POSOKHOW ,  Brian CASSIDY ,  John N. LEHNER

IPC: H04W8/26 ,  H04W8/24 ,  H04W8/18

CPC classification number: H04W8/265 ,  H04W4/50 ,  H04W8/183 ,  H04W8/245

Abstract: Methods, systems, and computer-readable medium for providing telecommunications carrier configuration at activation of a mobile device. In one implementation, a method is provided. The method includes receiving a request for activation of a mobile device, and during activation of the mobile device, determining for the mobile device a telecommunications carrier from a number of telecommunications carriers, and identifying information associated with the determined telecommunications carrier for configuring the mobile device.

Abstract translation: 用于在移动设备激活时提供电信运营商配置的方法，系统和计算机可读介质。 在一个实现中，提供了一种方法。 该方法包括接收激活移动设备的请求，并且在激活移动设备期间，从移动设备确定来自多个电信运营商的电信运营商，以及识别与确定的电信运营商相关联的信息，以配置移动设备 。

公开(公告)号：US20160277930A1

公开(公告)日：2016-09-22

申请号：US15076527

申请日：2016-03-21

Applicant: Apple Inc.

Inventor： Li LI ,  Xiangying YANG ,  Jerrold Von HAUCK ,  Christopher B. SHARP ,  Yousuf H. VAID ,  Arun G. MATHIAS ,  David T. HAGGERTY ,  Najeeb M. ABDULRAHIMAN

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L41/28 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/0853

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract translation: 公开了用于移动设备中包括的eUICC的eSIM的管理操作的用户认证和人为意图验证的方法和装置。 eSIM和/或eUICC固件的某些管理操作（例如导入，修改和/或导出）可能需要在由移动设备执行或完成执行管理操作之前的用户认证和/或人为意图验证。 移动设备的用户提供在eUICC上（或之后）安装时将外部用户帐户链接到eSIM的信息。 可以使用诸如用户名和密码的用户凭证和/或从其生成的信息来用外部服务器认证用户。 响应成功的用户认证，执行管理操作。 人员意图验证还可以与用户认证一起执行，以防止恶意软件干扰移动设备的eSIM和/或eUICC功能。

公开(公告)号：US20160227409A1

公开(公告)日：2016-08-04

申请号：US15099444

申请日：2016-04-14

Applicant: Apple Inc.

Inventor： Stephan V. SCHELL ,  Arun G. MATHIAS ,  Jerrold Von HAUCK ,  David T. HAGGERTY ,  Kevin McLAUGHLIN ,  Ben-Heng JUANG ,  Li LI

IPC: H04W12/06 ,  H04W4/00 ,  H04L29/06 ,  H04W12/04

CPC classification number: H04W12/06 ,  G06F21/45 ,  G06F21/57 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/123 ,  H04L63/20 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W8/205 ,  H04W12/04 ,  H04W12/08

Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

公开(公告)号：US20160226877A1

公开(公告)日：2016-08-04

申请号：US14995154

申请日：2016-01-13

Applicant: Apple Inc.

Inventor： David T. HAGGERTY ,  Jerrold Von HAUCK ,  Ben-Heng JUANG ,  Li Li ,  Arun G. MATHIAS ,  Kevin McLAUGHLIN ,  Avinash NARASIMHAN ,  Christopher SHARP ,  Yousuf H. Vaid ,  Xiangying YANG

IPC: H04L29/06 ,  H04W8/18

CPC classification number: H04L63/10 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/205 ,  H04W8/18 ,  H04W8/183 ,  H04W8/20 ,  H04W12/06

Abstract: Methods and apparatus for large scale distribution of electronic access control clients. In one aspect, a tiered security software protocol is disclosed. In one exemplary embodiment, a server electronic Universal Integrated Circuit Card (eUICC) and client eUICC software comprise a so-called “stack” of software layers. Each software layer is responsible for a set of hierarchical functions which are negotiated with its corresponding peer software layer. The tiered security software protocol is configured for large scale distribution of electronic Subscriber Identity Modules (eSIMs).

Abstract translation: 电子门禁客户大规模分销的方法和装置。 一方面，公开了一种分层的安全软件协议。 在一个示例性实施例中，服务器电子通用集成电路卡（eUICC）和客户端eUICC软件包括软件层的所谓“堆叠”。 每个软件层负责与其相应的对等软件层协商的一组分层功能。 分层安全软件协议配置为大规模分发电子订户身份模块（eSIM）。

公开(公告)号：US20160057624A1

公开(公告)日：2016-02-25

申请号：US14831819

申请日：2015-08-20

Applicant: APPLE INC.

Inventor： Xiangying YANG ,  Li LI ,  Jerrold Von HAUCK

IPC: H04W12/06 ,  G06F21/32 ,  H04L9/32 ,  H04W12/08 ,  H04W4/22

CPC classification number: H04W12/06 ,  G06F21/32 ,  H04L9/3231 ,  H04L9/3271 ,  H04L2209/80 ,  H04W4/50 ,  H04W4/60 ,  H04W12/08

Abstract: The embodiments set forth techniques for an embedded Universal Integrated Circuit Card (eUICC) to conditionally require, when performing management operations in association with electronic Subscriber Identity Modules (eSIMs), human-based authentication. The eUICC receives a request to perform a management operation in association with an eSIM. In response, the eUICC determines whether a policy being enforced by the eUICC indicates that a human-based authentication is required prior to performing the management operation. Next, the eUICC causes the mobile device to prompt a user of the mobile device to carry out the human-based authentication. The management operation is then performed or ignored in accordance with results of the human-based authentication.

Abstract translation: 实施例阐述了嵌入式通用集成电路卡（eUICC）在与电子订户身份模块（eSIM）相关联的管理操作中有条件地要求基于人的认证的技术。 eUICC接收与eSIM相关联的执行管理操作的请求。 作为响应，eUICC确定由eUICC执行的策略是否指示在执行管理操作之前需要基于人的验证。 接下来，eUICC使得移动设备提示移动设备的用户执行基于人的认证。 然后根据基于人的认证的结果执行或忽略管理操作。