公开(公告)号：US20220385446A1

公开(公告)日：2022-12-01

申请号：US17818953

申请日：2022-08-10

Applicant: Apple Inc.

Inventor： Xiangying YANG

IPC: H04L9/00 ,  H04L67/306 ,  H04L9/40 ,  H04L67/30 ,  H04L9/32 ,  H04W8/24 ,  H04W12/30 ,  H04W12/42 ,  H04W12/069 ,  H04W12/106 ,  H04W12/0433

Abstract: A mobile network operator (MNO) uses a provisioning server to update or install profile content in a profile or electronic subscriber identity module (eSIM). In an exemplary embodiment, the profile is present on a secure element such as an embedded universal integrated circuit card (eUICC) in a wireless device. One or more MNOs use the provisioning server to perform profile content management on profiles in the eUICC. In some embodiments, an MNO has a trust relationship with the provisioning server. In some other embodiments, the MNO does not have a trust relationship with the provisioning server and protects payload targeted for an MNO-associated profile using an over the air (OTA) key.

公开(公告)号：US20220385445A1

公开(公告)日：2022-12-01

申请号：US17818948

申请日：2022-08-10

Applicant: Apple Inc.

Inventor： Xiangying YANG

IPC: H04L9/00 ,  H04L67/306 ,  H04L9/40 ,  H04L67/30 ,  H04L9/32 ,  H04W8/24 ,  H04W12/30 ,  H04W12/42 ,  H04W12/069 ,  H04W12/106 ,  H04W12/0433

Abstract: A mobile network operator (MNO) uses a provisioning server to update or install profile content in a profile or electronic subscriber identity module (eSIM). In an exemplary embodiment, the profile is present on a secure element such as an embedded universal integrated circuit card (eUICC) in a wireless device. One or more MNOs use the provisioning server to perform profile content management on profiles in the eUICC. In some embodiments, an MNO has a trust relationship with the provisioning server. In some other embodiments, the MNO does not have a trust relationship with the provisioning server and protects payload targeted for an MNO-associated profile using an over the air (OTA) key.

公开(公告)号：US20220303823A1

公开(公告)日：2022-09-22

申请号：US17437735

申请日：2020-04-30

Applicant: APPLE INC.

Inventor： Shu GUO ,  Dawei ZHANG ,  Fangli XU ,  Haijing HU ,  Huarui LIANG ,  Xiangying YANG ,  Yuqin CHEN

IPC: H04W28/02 ,  H04W28/08 ,  H04W12/106 ,  H04W76/20

Abstract: Systems, apparatuses, methods, and program products to provision a user plane (UP) security policy at a granularity level that is per data radio bearer (DRB) within a protocol data unit (PDU) session or per quality of service (QoS) flow within one or more DRB of the PDU session.

公开(公告)号：US20200304327A1

公开(公告)日：2020-09-24

申请号：US16841273

申请日：2020-04-06

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI ,  Avinash NARASIMHAN ,  Jean-Marc PADOVA

IPC: H04L9/32 ,  H04W4/70 ,  H04W12/00

Abstract: Duplicate processing of events registered at a root server is avoided. An electronic subscriber identity module (eSIM) server pushes, to a root server, data in the form of notification data portions indicating that commands or events need to be processed by a device. The device includes an embedded universal integrated circuit card (eUICC). The device pulls a notification list from the root server. The notification list includes one or more notification data portions. The device checks a given notification data portion to see if it represents a duplicate before communicating with the eSIM server to perform further processing related to the event. The device bases the check for duplication on an event history and/or on a hash value where the hash value is based on one or more eSIMs installed in the eUICC. The device is able to prioritize notification data portions before processing them.

公开(公告)号：US20190239075A1

公开(公告)日：2019-08-01

申请号：US16384844

申请日：2019-04-15

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Li LI ,  Jerrold Von HAUCK

IPC: H04W12/06 ,  H04W4/60 ,  H04L9/32 ,  H04W12/00 ,  G06F21/32 ,  H04W4/50 ,  H04W12/08

CPC classification number: H04W12/06 ,  G06F21/32 ,  H04L9/3231 ,  H04L9/3271 ,  H04L2209/80 ,  H04W4/50 ,  H04W4/60 ,  H04W12/0023 ,  H04W12/08

Abstract: The embodiments set forth techniques for an embedded Universal Integrated Circuit Card (eUICC) to conditionally require, when performing management operations in association with electronic Subscriber Identity Modules (eSIMs), human-based authentication. The eUICC receives a request to perform a management operation in association with an eSIM. In response, the eUICC determines whether a policy being enforced by the eUICC indicates that a human-based authentication is required prior to performing the management operation. Next, the eUICC causes the mobile device to prompt a user of the mobile device to carry out the human-based authentication. The management operation is then performed or ignored in accordance with results of the human-based authentication.

公开(公告)号：US20190074983A1

公开(公告)日：2019-03-07

申请号：US16117642

申请日：2018-08-30

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Avinash NARASIMHAN ,  Li LI ,  David I. AHN ,  Jean-Marc PADOVA ,  Clark P. MUELLER ,  David T. HAGGERTY

IPC: H04L9/32 ,  H04L9/30

Abstract: Embodiments provided herein identify a certificate issuer (CI) to be relied on as a trusted third party by an electronic subscriber identity module (eSIM) server in remote SIM provisioning (RSP) transactions with an embedded universal integrated circuit card (eUICC). In an RSP ecosystem, multiple CIs may exist. Parties rely on public key infrastructure (PKI) techniques for establishment of trust. Trust may be established based on a trusted third party such as a CI. Parties need to agree on the CI in order for some PKI techniques to be useful. Embodiments provided herein describe approaches for an eUICC and an eSIM server to arrive at an agreed-on CI. Candidate or negotiated CIs may be indicated on a public key identifier (PKID) list. A PKID list is distributed, in some embodiments, by means of a discovery server, via an activation code (AC) and/or during the establishment of a profile provisioning session.

公开(公告)号：US20180294976A1

公开(公告)日：2018-10-11

申请号：US15940786

申请日：2018-03-29

Applicant: Apple Inc.

Inventor： Xiangying YANG

IPC: H04L9/32 ,  G06F17/30 ,  H04L9/00

Abstract: A digital letter of approval (DLOA) is used by a subscription manager (SM) server to determine whether a device is compliant with requirements for an application to be provisioned. If the device is compliant, the application is provisioned to the device or to an embedded universal integrated circuit card (eUICC) included in the device. To increase the security of the device DLOA, the device DLOA is linked to the eUICC, in some embodiments. The linkage may be based on one or more platform label fields in the device DLOA. A database is consulted, in some embodiments, to confirm a relationship between the device and the eUICC identified in the device DLOA. In some embodiments, the eUICC signs the device DLOA and the device DLOA with eUICC signature is sent to the SM server. In some embodiments, the device provides a device signature on the DLOA independent of the eUICC.

公开(公告)号：US20180249333A1

公开(公告)日：2018-08-30

申请号：US15876875

申请日：2018-01-22

Applicant: Apple Inc.

Inventor： Li LI ,  Xiangying YANG ,  Jerrold Von HAUCK ,  Christopher B. SHARP ,  Yousuf H. VAID ,  Arun G. MATHIAS ,  David T. HAGGERTY ,  Najeeb M. ABDULRAHIMAN

IPC: H04W12/06 ,  H04L29/06 ,  H04L12/24

CPC classification number: H04W12/06 ,  H04L41/28 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/0853 ,  H04W12/00514

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

公开(公告)号：US20180198631A1

公开(公告)日：2018-07-12

申请号：US15917483

申请日：2018-03-09

Applicant: Apple Inc.

Inventor： Xiangying YANG

IPC: H04L9/32 ,  H04L29/06 ,  H04W12/06

CPC classification number: H04L9/3268 ,  H04L9/006 ,  H04L9/321 ,  H04L9/3236 ,  H04L9/3239 ,  H04L9/3297 ,  H04L63/0442 ,  H04L63/0823 ,  H04L63/123 ,  H04L63/1425 ,  H04L2209/38 ,  H04L2209/56 ,  H04L2463/121 ,  H04W12/00502 ,  H04W12/06 ,  H04W12/0806 ,  H04W12/10 ,  H04W12/12

Abstract: A secure element (SE) with a notion of time useful for checking secure items is disclosed herein. Methods of obtaining time information by the SE include push, pull, opportunistic, local interface, and multi-check methods. Time information can be obtained from a root certification authority (CA) and one or more subordinate CAs, which are associated with and subordinate to the root CA. The SE uses the time information for time management of time values stored in the SE. The SE also uses the time information in cooperation with certificate revocation lists (CRLs) and/or online certificate status protocol (OCSP) stapling procedures.

公开(公告)号：US20170171742A1

公开(公告)日：2017-06-15

申请号：US15366737

申请日：2016-12-01

Applicant: Apple Inc.

Inventor： Xiangying YANG

IPC: H04W8/24 ,  G06F3/06

CPC classification number: H04W8/245 ,  G06F3/0604 ,  G06F3/0643 ,  G06F3/0673 ,  H04W8/18 ,  H04W8/183 ,  H04W8/205

Abstract: Methods and apparatus for dynamic file system management of an embedded Universal Integrated Circuit Card (eUICC) in response to changes for electronic Subscriber Identity Modules (eSIMs) on the eUICC are disclosed herein. Hardware specific file information, e.g., hardware-based eUICC parameters, which may apply to multiple eSIMs and/or multiple Mobile Network Operators (MNOs), is included in a default eUICC file system. MNO specific information, e.g., MNO-specified parameters, is included in eSIMs. Customized eUICC level files are created, stored, modified and/or replaced based on a combination of default eUICC files and MNO specific information extracted from an eSIM at installation and/or in response to a change of state of the eSIM, such as when enabling, disabling, or updating the eSIM on the eUICC.