公开(公告)号：US11463883B2

公开(公告)日：2022-10-04

申请号：US17001575

申请日：2020-08-24

Applicant: Apple Inc.

Inventor： Anish Kumar Goyal ,  Chenzhi Yu ,  Francisco J. Gonzalez ,  Li Li ,  Raj S. Chaugule ,  Rohan C. Malthankar ,  Samy Touati

IPC: H04W12/04 ,  H04W4/00 ,  H04W12/72 ,  H04W76/10 ,  H04W8/20 ,  H04W12/06 ,  H04B1/3818 ,  H04W12/50 ,  H04L67/53 ,  H04L29/06 ,  H04L67/1097 ,  H04L67/02

Abstract: This Application describes efficient cellular service transfer mechanisms to move cellular services that are based on cellular service credentials, e.g., eSIMs, between accessory wireless devices under various scenarios, including in some embodiments transfer of multiple eSIMs. The first and second accessory wireless devices and the primary wireless device are associated with a common user account. Transfer of credentials for cellular service access can occur between two accessory wireless devices via the primary wireless device, where the primary wireless device and the accessory wireless devices interact with applicable network-based servers.

公开(公告)号：US20220232370A1

公开(公告)日：2022-07-21

申请号：US17230987

申请日：2021-04-14

Applicant: Apple Inc.

Inventor： Raj Sukumar Chaugule ,  Li Li ,  Sherman Xu Jin ,  Nai Tao Cui ,  Samy Touati ,  Bhogeswara Rao Metta

IPC: H04W8/20 ,  H04W8/18 ,  H04W4/50

Abstract: Techniques for on-device enrollment of a secondary wireless device in an add-on cellular plan include receiving, at the secondary wireless device, cellular plan information for a cellular plan of a primary wireless device associated with the secondary wireless device. Based on the cellular plan information, the secondary wireless device displays an option to add the secondary wireless device to the cellular plan of the primary wireless device. A selection of the option to add the secondary wireless device to the cellular plan of the primary wireless device is received, and a request is transmitted to the primary wireless device for enrollment information for enrolling the secondary wireless device in an add-on plan of the cellular plan. The enrollment information, which includes a list of available add-on plans for the secondary wireless device or information associated with a provider of the cellular plan, is received at the secondary wireless device.

公开(公告)号：US11290268B2

公开(公告)日：2022-03-29

申请号：US16566723

申请日：2019-09-10

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  H04W8/18

Abstract: This application describes various embodiments to manage multiple security certificates in a wireless device, including switching between different security certificates to support different functions, including supporting connectivity for multiple industry sectors that use different certificate authorities, and/or supporting different operational modes that require different security certificates for performing administrative functions. The wireless device includes a smart secure platform (SSP) or an embedded Universal Integrated Circuit Card (eUICC) that stores multiple security certificates to use for different industry sectors and/or for different operational modes.

公开(公告)号：US20210204129A1

公开(公告)日：2021-07-01

申请号：US17057622

申请日：2018-06-22

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Elliot S. Briggs ,  Samuel D. Post ,  Yannick L. Sierra ,  Fangli Xu ,  Dawei Zhang ,  Haijing Hu ,  Huarui Liang ,  Li Li ,  Lijia Zhang ,  Shu Guo ,  Yuqin Chen

IPC: H04W12/069 ,  H04W12/73 ,  H04W12/108 ,  H04W76/27 ,  H04W74/08

Abstract: This disclosure relates to techniques, base stations, and user equipment devices (UEs) for performing base station authentication through access stratum signaling transmissions. The UE may operate in idle mode and may receive an authentication message from a base station through the wireless interface while operating in idle mode. The UE may determine whether a signature comprised within the authentication message is valid, and the UE may continue a connection procedure with the base station based on a determination that the signature is valid. If it is determined that the signature is invalid, the UE may designate the base station as a barred base station and may perform cell re-selection. The authentication message may be one of a radio resource control (RRC) connection setup message, a special RRC message, a media access control (MAC) message, or a random access channel (RACH) message comprising a random access response (RAR) message.

公开(公告)号：US10856148B2

公开(公告)日：2020-12-01

申请号：US16557770

申请日：2019-08-30

Applicant: Apple Inc.

Inventor： Li Li ,  Xiangying Yang ,  Jerrold Von Hauck ,  Christopher B. Sharp ,  Yousuf H. Vaid ,  Arun G. Mathias ,  David T. Haggerty ,  Najeeb M. Abdulrahiman

IPC: H04L29/06 ,  H04W12/06 ,  H04L12/24 ,  H04W12/00

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

公开(公告)号：US10425818B2

公开(公告)日：2019-09-24

申请号：US16384844

申请日：2019-04-15

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li ,  Jerrold Von Hauck

IPC: H04W12/06 ,  H04W4/60 ,  H04L9/32 ,  H04W12/00 ,  H04W4/50 ,  H04W12/08 ,  G06F21/32

Abstract: The embodiments set forth techniques for an embedded Universal Integrated Circuit Card (eUICC) to conditionally require, when performing management operations in association with electronic Subscriber Identity Modules (eSIMs), human-based authentication. The eUICC receives a request to perform a management operation in association with an eSIM. In response, the eUICC determines whether a policy being enforced by the eUICC indicates that a human-based authentication is required prior to performing the management operation. Next, the eUICC causes the mobile device to prompt a user of the mobile device to carry out the human-based authentication. The management operation is then performed or ignored in accordance with results of the human-based authentication.

公开(公告)号：US10277587B2

公开(公告)日：2019-04-30

申请号：US15287614

申请日：2016-10-06

Applicant: Apple Inc.

Inventor： Li Li ,  Arun G. Mathias

IPC: H04L29/06 ,  H04W12/04 ,  H04W12/06

Abstract: Methods are provided for instantiating multiple electronic subscriber identity modules (eSIMs) to an electronic universal integrated circuit card (eUICC) using a manufacturer-installed data binary large object (data blob). An eSIM package including the data blob in encrypted form is securely installed in the eUICC in a manufacturing environment. A key encryption key (KEK) associated with the eSIM package is separately provided to an original equipment manufacturer (OEM) wireless device factory. The OEM wireless device factory provides the KEK to the eUICC within a given wireless device. The eUICC uses the KEK to decrypt the eSIM package and provide the data blob. The eUICC can receive a request to instantiate a first eSIM. The eUICC can instantiate the first eSIM using data from the data blob. A user can then access network services using the wireless device. Subsequently, a second eSIM can be instantiated by the eUICC using the data blob.

公开(公告)号：US09930035B2

公开(公告)日：2018-03-27

申请号：US15630710

申请日：2017-06-22

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li ,  Jerrold Von Hauck

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/065 ,  H04L63/068 ,  H04L63/105 ,  H04W12/04 ,  H04W12/06

Abstract: A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired. Once the shared session-based symmetric key is established, the off-card entity and the eUICC can securely communicate information.

公开(公告)号：US09877194B2

公开(公告)日：2018-01-23

申请号：US15099444

申请日：2016-04-14

Applicant: Apple Inc.

Inventor： Stephan V. Schell ,  Arun G. Mathias ,  Jerrold Von Hauck ,  David T. Haggerty ,  Kevin McLaughlin ,  Ben-Heng Juang ,  Li Li

IPC: H04L29/06 ,  H04W12/06 ,  H04W4/00 ,  H04W12/08 ,  G06F21/45 ,  G06F21/57 ,  H04W12/04 ,  H04L29/08

CPC classification number: H04W12/06 ,  G06F21/45 ,  G06F21/57 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/123 ,  H04L63/20 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W8/205 ,  H04W12/04 ,  H04W12/08

Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

公开(公告)号：US09843585B2

公开(公告)日：2017-12-12

申请号：US14995154

申请日：2016-01-13

Applicant: Apple Inc.

Inventor： David T. Haggerty ,  Jerrold Von Hauck ,  Ben-Heng Juang ,  Li Li ,  Arun G. Mathias ,  Kevin McLaughlin ,  Avinash Narasimhan ,  Christopher Sharp ,  Yousuf H. Vaid ,  Xiangying Yang

IPC: H04L29/06 ,  H04W12/06 ,  H04W8/18 ,  H04W8/20

CPC classification number: H04L63/10 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/205 ,  H04W8/18 ,  H04W8/183 ,  H04W8/20 ,  H04W12/06

Abstract: Methods and apparatus for large scale distribution of electronic access control clients. In one aspect, a tiered security software protocol is disclosed. In one exemplary embodiment, a server electronic Universal Integrated Circuit Card (eUICC) and client eUICC software comprise a so-called “stack” of software layers. Each software layer is responsible for a set of hierarchical functions which are negotiated with its corresponding peer software layer. The tiered security software protocol is configured for large scale distribution of electronic Subscriber Identity Modules (eSIMs).