公开(公告)号：US09736678B2

公开(公告)日：2017-08-15

申请号：US15362732

申请日：2016-11-28

Applicant: Apple Inc.

Inventor： Li Li ,  Xiangying Yang

IPC: H04W8/18 ,  G06F3/06 ,  H04W8/20 ,  G06F12/02

CPC classification number: H04W8/183 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/0665 ,  G06F3/0673 ,  G06F12/0223 ,  G06F2212/1052 ,  G06F2212/177 ,  H04W8/205

Abstract: Disclosed herein are various techniques for preventing or at least partially securing parameters—e.g., Type parameters—of electronic Subscriber Identity Modules (eSIMs) stored within an embedded Universal Integrated Circuit Card (eUICC) from being inappropriately modified by mobile network operators (MNOs). One embodiment sets forth a technique that involves modifying file access properties of the Type parameters of eSIMs to make the Type parameters readable, but not updatable by the MNOs. Another embodiment sets forth a technique that involves implementing eSIM logical containers that separate the Type parameters from the eSIM data within the eUICC, such that the Type parameters are inaccessible to the MNOs. Yet another embodiment sets forth a technique that involves implementing an Operating System (OS)-based registry that is inaccessible to the MNOs and manages Type parameters for the eSIMs that are stored by the eUICC.

公开(公告)号：US09699642B2

公开(公告)日：2017-07-04

申请号：US15269896

申请日：2016-09-19

Applicant: Apple Inc.

Inventor： Li Li ,  Ben-Heng Juang ,  Arun G. Mathias

IPC: H04W8/18 ,  H04W88/06 ,  H04W8/20

CPC classification number: H04W8/183 ,  H04W8/20

Abstract: Embodiments are described for identifying and accessing an electronic subscriber identity module (eSIM) and associated content of the eSIM in a multiple eSIM configuration. An embedded Universal Integrated Circuit Card (eUICC) can include multiple eSIMs, where each eSIM can include its own file structures and applications. Some embodiments include a processor of a mobile device transmitting a special command to the eUICC, including an identification that uniquely identifies an eSIM in the eUICC. After selecting the eSIM, the processor can access file structures and applications of the selected eSIM. The processor can then use existing commands to access content in the selected eSIM. The special command can direct the eUICC to activate or deactivate content associated with the selected eSIM. Other embodiments include an eUICC platform operating system interacting with eSIMs associated with logical channels to facilitate identification and access to file structures and applications of the eSIMs.

公开(公告)号：US09621356B2

公开(公告)日：2017-04-11

申请号：US14279109

申请日：2014-05-15

Applicant: Apple Inc.

Inventor： Yousuf H. Vaid ,  Christopher B. Sharp ,  Medhi Ziat ,  Li Li ,  Jerrold Von Hauck ,  Ramiro Sarmiento ,  Jean-Marc Padova

IPC: H04L9/32

CPC classification number: H04L9/3268

Abstract: Disclosed herein is a technique for revoking a root certificate from at least one client device. In particular, the technique involves causing a secure element—which is included in the at least one client device and is configured to store the root certificate as well as at least one backup root certificate—to permanently disregard the root certificate and prevent the at least one client device from utilizing the specific root certificate. According to one embodiment, this revocation occurs in response to a receiving a revocation message that directly targets the root certificate, where the message includes at least two levels of authentication that are verified by the secure element prior to carrying out the revocation. Once the root certificate is revoked, the secure element can continue to utilize the at least one backup root certificate, while permanently disregarding the revoked root certificate.

公开(公告)号：US20170048645A1

公开(公告)日：2017-02-16

申请号：US15178727

申请日：2016-06-10

Applicant: Apple Inc.

Inventor： Vikram B. Yerrabommanahalli ,  Li Li ,  Arun G. Mathias ,  Najeeb M. Abdulrahiman ,  Chandiramohan Vasudevan ,  Rohan C. Malthankar ,  Francisco J. Gonzalez ,  Rafael L. Rivera-Barreto ,  Jean-Marc Padova

IPC: H04W4/00 ,  H04W68/00 ,  H04L29/12

CPC classification number: H04W4/60 ,  H04L61/106 ,  H04W8/18 ,  H04W8/205 ,  H04W68/005

Abstract: Some embodiments relate to methods for provisioning a secondary wireless device with an eSIM for wireless communication and activating multi-SIM functionality between the secondary wireless device and a primary wireless device having a subscribed SIM. The primary wireless device may act as a proxy in obtaining the eSIM for the secondary wireless device. The primary wireless device may then provide, to the cellular network, identifiers of the SIMs of the primary and secondary wireless devices. The primary wireless device may then request initiation of multi-SIM functionality for the two SIMs, and receive an indication that the multi-SIM functionality has been initiated. As an example, the multi-SIM functionality may be implemented by mapping the SIM of the primary wireless device and the SIM of the secondary wireless device (e.g., the provisioned eSIM) to the same Mobile Directory Number (MDN).

Abstract translation: 一些实施例涉及用于为辅助无线设备提供用于无线通信的eSIM以及在辅助无线设备与具有订阅的SIM的主要无线设备之间激活多SIM功能的方法。 主要无线设备可以作为获得辅助无线设备的eSIM的代理。 然后，主要无线设备可以向蜂窝网络提供主要和次要无线设备的SIM的标识符。 然后，主要无线设备可以请求启动用于两个SIM的多SIM功能，并且接收多SIM功能已被启动的指示。 作为示例，可以通过将主无线设备的SIM和辅助无线设备的SIM（例如，所提供的eSIM）映射到相同的移动目录号码（MDN）来实现多SIM功能。

公开(公告)号：US09510186B2

公开(公告)日：2016-11-29

申请号：US14664739

申请日：2015-03-20

Applicant: Apple Inc.

Inventor： Li Li ,  Xiangying Yang

IPC: H04W8/18 ,  G06F3/06 ,  H04W8/20

CPC classification number: H04W8/183 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/0665 ,  G06F3/0673 ,  G06F12/0223 ,  G06F2212/1052 ,  G06F2212/177 ,  H04W8/205

Abstract: Disclosed herein are various techniques for preventing or at least partially securing parameters—e.g., Type parameters—of electronic Subscriber Identity Modules (eSIMs) stored within an embedded Universal Integrated Circuit Card (eUICC) from being inappropriately modified by mobile network operators (MNOs). One embodiment sets forth a technique that involves modifying file access properties of the Type parameters of eSIMs to make the Type parameters readable, but not updatable by the MNOs. Another embodiment sets forth a technique that involves implementing eSIM logical containers that separate the Type parameters from the eSIM data within the eUICC, such that the Type parameters are inaccessible to the MNOs. Yet another embodiment sets forth a technique that involves implementing an Operating System (OS)-based registry that is inaccessible to the MNOs and manages Type parameters for the eSIMs that are stored by the eUICC.

Abstract translation: 本文公开了用于防止或至少部分地保护存储在嵌入式通用集成电路卡（eUICC）中的电子用户识别模块（eSIM）的参数的类型参数的各种技术不被移动网络运营商（MNO）的不当修改。 一个实施例提出了一种技术，其涉及修改eSIM的Type参数的文件访问属性，以使类型参数可读，但不能由MNO更新。 另一个实施例提出了一种技术，其涉及实现将Type参数与eUICC内的eSIM数据分开的eSIM逻辑容器，使得MNO不能访问Type参数。 另一个实施例提出了一种技术，其涉及实现MNO不可访问的基于操作系统（OS）的注册表，并管理由eUICC存储的eSIM的类型参数。

公开(公告)号：US09247424B2

公开(公告)日：2016-01-26

申请号：US13767593

申请日：2013-02-14

Applicant: Apple Inc.

Inventor： David T. Haggerty ,  Jerrold Von Hauck ,  Ben-Heng Juang ,  Li Li ,  Arun G. Mathias ,  Kevin McLaughlin ,  Avinash Narasimhan ,  Christopher Sharp ,  Yousuf H. Vaid ,  Xiangying Yang

IPC: G06F7/04 ,  H04W12/06 ,  H04L29/06

CPC classification number: H04L63/10 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/205 ,  H04W8/18 ,  H04W8/183 ,  H04W8/20 ,  H04W12/06

Abstract: Methods and apparatus for large scale distribution of electronic access control clients. In one aspect, a tiered security software protocol is disclosed. In one exemplary embodiment, a server electronic Universal Integrated Circuit Card (eUICC) and client eUICC software comprise a so-called “stack” of software layers. Each software layer is responsible for a set of hierarchical functions which are negotiated with its corresponding peer software layer. The tiered security software protocol is configured for large scale distribution of electronic Subscriber Identity Modules (eSIMs).

Abstract translation: 电子门禁客户大规模分销的方法和装置。 一方面，公开了一种分层的安全软件协议。 在一个示例性实施例中，服务器电子通用集成电路卡（eUICC）和客户端eUICC软件包括软件层的所谓“堆叠”。 每个软件层负责与其相应的对等软件层协商的一组分层功能。 分层安全软件协议配置为大规模分发电子订户身份模块（eSIM）。

公开(公告)号：US09026720B2

公开(公告)日：2015-05-05

申请号：US13762108

申请日：2013-02-07

Applicant: Apple Inc.

Inventor： Li Li ,  Ben-Heng Juang ,  Arun G. Mathias

IPC: G06F12/00 ,  G06F12/02 ,  G06F11/34

CPC classification number: G06F3/0617 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/0653 ,  G06F3/0679 ,  G06F11/3466 ,  G06F12/0246 ,  H04W8/245

Abstract: The invention provides a technique for managing write operations issued to a non-volatile memory included in a wireless device. A monitor software application executes on the wireless device and is configured to determine that a number of write operations issued to the non-volatile memory is greater than or equal to a write operation threshold associated with the non-volatile memory. In response, at least one application is isolated as the application responsible for issuing excessive write operations. The isolation can be carried out locally on the wireless device, or the isolation can be carried out remotely at a server by sending information about the write operations to the server. The monitor then limits additional write operations from being issued to the non-volatile memory so as to protect the non-volatile memory from becoming corrupted or inoperable.

Abstract translation: 本发明提供一种用于管理发给无线设备中包括的非易失性存储器的写操作的技术。 监视器软件应用程序在无线设备上执行，并且被配置为确定发出到非易失性存储器的写入操作的数量大于或等于与非易失性存储器相关联的写入操作阈值。 作为响应，至少一个应用程序被隔离为负责发出过多写入操作的应用程序。 隔离可以在无线设备上本地进行，也可以通过向服务器发送有关写入操作的信息，在服务器上远程执行隔离。 监视器然后限制额外的写入操作被发布到非易失性存储器，以便保护非易失性存储器不被损坏或不可操作。

公开(公告)号：US08966262B2

公开(公告)日：2015-02-24

申请号：US14049185

申请日：2013-10-08

Applicant: Apple Inc.

Inventor： Stephan V. Schell ,  Arun G. Mathias ,  Jerrold Von Hauck ,  David T. Haggerty ,  Kevin McLaughlin ,  Ben-Heng Juang ,  Li Li

IPC: H04L29/06 ,  H04W12/06 ,  H04W4/00 ,  H04W12/08 ,  H04L29/08

CPC classification number: H04W12/06 ,  G06F21/45 ,  G06F21/57 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/123 ,  H04L63/20 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W8/205 ,  H04W12/04 ,  H04W12/08

Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

Abstract translation: 能够对无线装置的电子识别信息进行编程的方法和装置。 在一个实施例中，先前购买或部署的无线设备由蜂窝网络激活。 无线设备使用访问模块连接到蜂窝网络，以下载操作系统组件和/或访问控制客户端组件。 所描述的方法和装置能够更新，添加和替换各种组件，包括电子订户身份模块（eSIM）数据，OS组件。 本发明的一个示例性实施方式利用设备和蜂窝网络之间的可信密钥交换来维护安全性。

公开(公告)号：US20130205390A1

公开(公告)日：2013-08-08

申请号：US13762074

申请日：2013-02-07

Applicant: Apple Inc.

Inventor： Jerrold Von Hauck ,  Li Li ,  Stephan V. Schell

IPC: H04L29/06

CPC classification number: H04L63/1408 ,  H04W8/205 ,  H04W12/0023 ,  H04W12/1206

Abstract: Methods and apparatus for detecting fraudulent device operation. In one exemplary embodiment of the present disclosure, a device is issued a user access control client that is uniquely associated with a shared secret that is securely stored within the network and the access control client. Subsequent efforts to activate or deactivate the access control client require verification of the shared secret. Each change in state includes a change to the shared secret. Consequently, requests for a change to state which do not have the proper shared secret will be disregarded, and/or flagged as fraudulent.

Abstract translation: 用于检测设备不正当操作的方法和装置。 在本公开的一个示例性实施例中，向设备发布与安全地存储在网络和访问控制客户端内的共享秘密唯一相关联的用户访问控制客户端。 随后努力激活或停用访问控制客户端需要验证共享密钥。 每个状态变化包括对共享秘密的改变。 因此，对不具有适当共享秘密的状态进行更改的请求将被忽略，和/或被标记为欺诈。

公开(公告)号：US20250048077A1

公开(公告)日：2025-02-06

申请号：US18746417

申请日：2024-06-18

Applicant: APPLE INC.

Inventor： Abhigyan Joshi ,  Manjunath Prasad ,  Krishna Basawaraj Patil ,  Nithish Kulur Prabhakara ,  Li Li ,  Ajay Singh ,  Xiangpeng Jing ,  Dinesh Kumar Arora ,  Gaurav Pathak ,  Rajeev Verma ,  Pinki Gyanchandani

IPC: H04W8/18

Abstract: Systems and methods for providing non-active subscriber identity module (SIM) services leveraging multiple SIMs configured at multiple UEs are disclosed herein. A primary user equipment (UE), activating a first SIM of a dual SIM dual standby (DSDS) configuration used by the primary UE to perform active-mode network communications on the first SIM and sends, to a secondary UE, an indication to activate a second SIM of the DSDS configuration in response to the activating the first SIM of the DSDS configuration used by the primary UE. The secondary UE receives the indication to activate the second SIM of the first DSDS configuration used by the primary UE and activates the second SIM for use by the secondary UE in response to receiving the indication. Accordingly, the secondary UE may handle any network communications on the second SIM during the network communications on the first SIM at the primary UE.