公开(公告)号：US20160277930A1

公开(公告)日：2016-09-22

申请号：US15076527

申请日：2016-03-21

Applicant: Apple Inc.

Inventor： Li LI ,  Xiangying YANG ,  Jerrold Von HAUCK ,  Christopher B. SHARP ,  Yousuf H. VAID ,  Arun G. MATHIAS ,  David T. HAGGERTY ,  Najeeb M. ABDULRAHIMAN

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L41/28 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/0853

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract translation: 公开了用于移动设备中包括的eUICC的eSIM的管理操作的用户认证和人为意图验证的方法和装置。 eSIM和/或eUICC固件的某些管理操作（例如导入，修改和/或导出）可能需要在由移动设备执行或完成执行管理操作之前的用户认证和/或人为意图验证。 移动设备的用户提供在eUICC上（或之后）安装时将外部用户帐户链接到eSIM的信息。 可以使用诸如用户名和密码的用户凭证和/或从其生成的信息来用外部服务器认证用户。 响应成功的用户认证，执行管理操作。 人员意图验证还可以与用户认证一起执行，以防止恶意软件干扰移动设备的eSIM和/或eUICC功能。

公开(公告)号：US20160226877A1

公开(公告)日：2016-08-04

申请号：US14995154

申请日：2016-01-13

Applicant: Apple Inc.

Inventor： David T. HAGGERTY ,  Jerrold Von HAUCK ,  Ben-Heng JUANG ,  Li Li ,  Arun G. MATHIAS ,  Kevin McLAUGHLIN ,  Avinash NARASIMHAN ,  Christopher SHARP ,  Yousuf H. Vaid ,  Xiangying YANG

IPC: H04L29/06 ,  H04W8/18

CPC classification number: H04L63/10 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/205 ,  H04W8/18 ,  H04W8/183 ,  H04W8/20 ,  H04W12/06

Abstract: Methods and apparatus for large scale distribution of electronic access control clients. In one aspect, a tiered security software protocol is disclosed. In one exemplary embodiment, a server electronic Universal Integrated Circuit Card (eUICC) and client eUICC software comprise a so-called “stack” of software layers. Each software layer is responsible for a set of hierarchical functions which are negotiated with its corresponding peer software layer. The tiered security software protocol is configured for large scale distribution of electronic Subscriber Identity Modules (eSIMs).

Abstract translation: 电子门禁客户大规模分销的方法和装置。 一方面，公开了一种分层的安全软件协议。 在一个示例性实施例中，服务器电子通用集成电路卡（eUICC）和客户端eUICC软件包括软件层的所谓“堆叠”。 每个软件层负责与其相应的对等软件层协商的一组分层功能。 分层安全软件协议配置为大规模分发电子订户身份模块（eSIM）。

公开(公告)号：US20160057624A1

公开(公告)日：2016-02-25

申请号：US14831819

申请日：2015-08-20

Applicant: APPLE INC.

Inventor： Xiangying YANG ,  Li LI ,  Jerrold Von HAUCK

IPC: H04W12/06 ,  G06F21/32 ,  H04L9/32 ,  H04W12/08 ,  H04W4/22

CPC classification number: H04W12/06 ,  G06F21/32 ,  H04L9/3231 ,  H04L9/3271 ,  H04L2209/80 ,  H04W4/50 ,  H04W4/60 ,  H04W12/08

Abstract: The embodiments set forth techniques for an embedded Universal Integrated Circuit Card (eUICC) to conditionally require, when performing management operations in association with electronic Subscriber Identity Modules (eSIMs), human-based authentication. The eUICC receives a request to perform a management operation in association with an eSIM. In response, the eUICC determines whether a policy being enforced by the eUICC indicates that a human-based authentication is required prior to performing the management operation. Next, the eUICC causes the mobile device to prompt a user of the mobile device to carry out the human-based authentication. The management operation is then performed or ignored in accordance with results of the human-based authentication.

Abstract translation: 实施例阐述了嵌入式通用集成电路卡（eUICC）在与电子订户身份模块（eSIM）相关联的管理操作中有条件地要求基于人的认证的技术。 eUICC接收与eSIM相关联的执行管理操作的请求。 作为响应，eUICC确定由eUICC执行的策略是否指示在执行管理操作之前需要基于人的验证。 接下来，eUICC使得移动设备提示移动设备的用户执行基于人的认证。 然后根据基于人的认证的结果执行或忽略管理操作。

公开(公告)号：US20150347786A1

公开(公告)日：2015-12-03

申请号：US14724789

申请日：2015-05-28

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI

IPC: G06F21/78 ,  G06F12/14

CPC classification number: G06F21/78 ,  G06F12/1408 ,  G06F2212/402 ,  H04W8/183 ,  H04W8/205 ,  H04W12/04 ,  H04W12/08

Abstract: A method for secure storage of an embedded Subscriber Identity Module (eSIM) on a wireless communication device including an embedded Universal Integrated Circuit Card (eUICC) and a memory external to the eUICC is provided. The method can include the eUICC determining that an eSIM package including an eSIM is to be stored on the memory. The method can also include the eUICC, in response to determining that the eSIM package is to be stored on the memory, maintaining a single-use session parameter associated with the eSIM package to enable installation of the eSIM on the eUICC if the eSIM package is later loaded onto the eUICC from the memory.

Abstract translation: 提供了一种用于在包括嵌入式通用集成电路卡（eUICC）和eUICC外部的存储器的无线通信设备上安全地存储嵌入式用户识别模块（eSIM）的方法。 该方法可以包括eUICC确定包括eSIM的eSIM包将被存储在存储器中。 该方法还可以包括eUICC，以响应于确定将eSIM包存储在存储器上，维护与eSIM包相关联的一次性会话参数，以便如果eSIM包是在eSU包上安装eSIM，则可以在eUICC上安装eSIM 后来从内存加载到eUICC上。

公开(公告)号：US20150222635A1

公开(公告)日：2015-08-06

申请号：US14685547

申请日：2015-04-13

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Jerrold Von HAUCK

IPC: H04L29/06 ,  H04B1/3816 ,  H04W12/08

CPC classification number: H04B1/3816 ,  G05B11/01 ,  H04B1/38 ,  H04L63/107 ,  H04L63/108 ,  H04W4/50 ,  H04W12/12

Abstract: Methods and apparatuses for providing controlled switching of electronic access control clients without requiring network access are set forth herein. In one embodiment, a method for swapping of subscriptions and/or profiles for electronic Subscriber Identity Modules (eSIMs) without network supervision that prevents possibly malicious high frequency switching is disclosed. The disclosed embodiments offer reasonable management capabilities for network operators, without compromising the flexibility of eSIM operation.

Abstract translation: 本文阐述了用于提供电子访问控制客户端的受控切换而不需要网络访问的方法和装置。 在一个实施例中，公开了一种用于交换用于电子订户身份模块（eSIM）的订阅和/或配置文件的方法，而不进行网络监控，防止可能的恶意高频切换。 所公开的实施例为网络运营商提供合理的管理能力，而不损害eSIM操作的灵活性。

公开(公告)号：US20250088840A1

公开(公告)日：2025-03-13

申请号：US18830065

申请日：2024-09-10

Applicant: Apple Inc.

Inventor： Hyewon LEE ,  Jean-Marc PADOVA ,  Xiangying YANG

IPC: H04W8/20

Abstract: An apparatus configured to process, based on signaling received from a target device with which a source device is engaging in an embedded subscriber identity module (eSIM) transfer process to transfer an eSIM profile to the target device, a first message comprising a target embedded identity document (EID) of the target device, generate, for transmission to the target device, a second message comprising a source EID of the source device and prepare, for transmission to the target device, the eSIM profile, a third message comprising the eSIM profile and an indication of a first state of the eSIM profile on the source device, wherein the eSIM profile includes an Integrated Circuit Card Identification Number (ICCID).

公开(公告)号：US20250080971A1

公开(公告)日：2025-03-06

申请号：US18824563

申请日：2024-09-04

Applicant: Apple Inc.

Inventor： Raj S CHAUGULE ,  Hyewon LEE ,  Jean-Marc PADOVA ,  Li LI ,  Rohan C MALTHANKAR ,  Sherman X JIN ,  Suraj GUPTA ,  Xiangying YANG ,  Zexing SHI

IPC: H04W8/20 ,  H04L9/32

Abstract: An apparatus configured to engage in an embedded subscriber identity module (eSIM) profile transfer process to transfer an eSIM profile from a source device executing a first operating system (OS) that implements a first protocol stack related to eSIM profile transfers to a target device executing a second OS that implements a second protocol stack related to eSIM profile transfers, wherein the first protocol stack and the second protocol stack are different, process, based on signaling received from an entitlement server, a token for transferring the eSIM profile, generate, for transmission to the target device, a message comprising the token and establish a secure tunnel via a wireless communication connection with the target device.

公开(公告)号：US20240187865A1

公开(公告)日：2024-06-06

申请号：US18439622

申请日：2024-02-12

Applicant: Apple Inc.

Inventor： Jean-Marc PADOVA ,  Xiangying YANG

IPC: H04W12/72 ,  H04W8/20 ,  H04W12/069 ,  H04W88/02

CPC classification number: H04W12/72 ,  H04W8/20 ,  H04W12/069 ,  H04W88/02

Abstract: Embodiments described herein relate to eligibility checking for transfer of one or more electronic subscriber identity modules (eSIMs) between two mobile wireless devices. Eligibility to transfer an eSIM to an eUICC of a target device can depend on whether the eUICC of the target device satisfies certain security requirements for the eSIMs to be transferred. The mobile wireless devices can obtain a transfer eligibility result based on communication with one or more network-based servers that can determine compatibility for eSIM transfer.

公开(公告)号：US20240089732A1

公开(公告)日：2024-03-14

申请号：US17932268

申请日：2022-09-14

Applicant: Apple Inc.

Inventor： Stanley M. MAYALIL ,  Hyewon LEE ,  Pinki GYANCHANDANI ,  Rajeev VERMA ,  Xiangying YANG

IPC: H04W12/06 ,  H04W8/18

CPC classification number: H04W12/06 ,  H04W8/18

Abstract: This Application sets forth techniques for managing communication with wireless devices that have been flagged due to certain activity. In particular, the techniques effectively eliminate unnecessary interactions and enable enhanced user feedback when wireless devices that have been flagged are attempting to interact with mobile network operators (MNOs). The techniques can be implemented by a variety of entities to achieve different and efficient results under various scenarios. Such entities can include, for example, i) equipment identity registries that track unique identifiers of wireless devices that have been flagged due to certain activity, ii) MNO servers, such as SM-DP+ servers, and iii) wireless devices. Additionally, individual components within wireless devices can implement the techniques variously, including using issuer security domain root (ISD-R) components, local profile assistants (LPAs), electronic subscriber identity module (eSIM) components, and/or baseband components included in the wireless devices.

公开(公告)号：US20230013030A1

公开(公告)日：2023-01-19

申请号：US17934885

申请日：2022-09-23

Applicant: Apple Inc.

Inventor： Jean-Marc PADOVA ,  Xiangying YANG

IPC: H04W12/72 ,  H04W12/069 ,  H04W8/20

Abstract: Embodiments described herein relate to eligibility checking for transfer of one or more electronic subscriber identity modules (eSIMs) between two mobile wireless devices. Eligibility to transfer an eSIM to an eUICC of a target device can depend on whether the eUICC of the target device satisfies certain security requirements for the eSIMs to be transferred. The mobile wireless devices can obtain a transfer eligibility result based on communication with one or more network-based servers that can determine compatibility for eSIM transfer.