公开(公告)号：US20140143826A1

公开(公告)日：2014-05-22

申请号：US14085951

申请日：2013-11-21

Applicant: Apple Inc.

Inventor： Christopher B. Sharp ,  Yousuf H. Vaid ,  Li Li ,  Jerrold V. Hauck ,  Arun G. Mathias ,  Xiangying Yang ,  Kevin P. McLaughlin

IPC: G06F21/60

CPC classification number: G06F21/604 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04W12/08

Abstract: A policy-based framework is described. This policy-based framework may be used to specify the privileges for logical entities to perform operations associated with an access-control element (such as an electronic Subscriber Identity Module) located within a secure element in an electronic device. Note that different logical entities may have different privileges for different operations associated with the same or different access-control elements. Moreover, the policy-based framework may specify types of credentials that are used by the logical entities during authentication, so that different types of credentials may be used for different operations and/or by different logical entities. Furthermore, the policy-based framework may specify the security protocols and security levels that are used by the logical entities during authentication, so that different security protocols and security levels may be used for different operations and/or by different logical entities.

Abstract translation: 描述了基于策略的框架。 该基于策略的框架可以用于指定逻辑实体执行与位于电子设备中的安全元件内的访问控制元素（例如电子订户身份模块）相关联的操作的权限。 注意，对于与相同或不同的访问控制元素相关联的不同操作，不同的逻辑实体可以具有不同的权限。 此外，基于策略的框架可以指定在认证期间由逻辑实体使用的凭证的类型，使得不同类型的凭证可以用于不同的操作和/或由不同的逻辑实体使用。 此外，基于策略的框架可以指定在认证期间由逻辑实体使用的安全协议和安全级别，使得不同的安全协议和安全级别可以用于不同的操作和/或不同的逻辑实体。

公开(公告)号：US12245308B2

公开(公告)日：2025-03-04

申请号：US17776449

申请日：2020-01-31

Applicant: Apple Inc.

Inventor： Shu Guo ,  Xiangying Yang ,  Fangli Xu ,  Yuqin Chen ,  Huarui Liang ,  Haijing Hu ,  Dawei Zhang

IPC: H04W76/00 ,  H04W12/106 ,  H04W36/00 ,  H04W72/231 ,  H04W72/30 ,  H04W76/19 ,  H04W76/30

Abstract: Embodiments are presented herein of apparatuses, systems, and methods for a user equipment device (UE) and/or cellular network to resume a connection. To resume the connection, the UE may transmit a fully protected connection resume message, e.g., which may include protection for a resume cause field.

公开(公告)号：US12177918B2

公开(公告)日：2024-12-24

申请号：US18488644

申请日：2023-10-17

Applicant: Apple Inc.

Inventor： Wei Zeng ,  Haijing Hu ,  Yuchul Kim ,  Dawei Zhang ,  Xiangying Yang ,  Zhu Ji ,  Yang Li ,  Beibei Wang ,  Jia Tang ,  Sami M. Almalfouh ,  Johnson O. Sebeni ,  Wei Zhang ,  Tianyan Pu ,  Vijay Venkataraman ,  Christian W. Mucke

IPC: H04W76/15 ,  H04B7/26 ,  H04W72/0453 ,  H04W72/12 ,  H04W72/21 ,  H04W88/10 ,  H04W76/28 ,  H04W88/06

Abstract: Apparatuses, systems, and methods for a wireless device to perform substantially concurrent communications with a next generation network node and a legacy network node. The wireless device may be configured to stablish a first wireless link with a first cell according to a RAT, where the first cell operates in a first system bandwidth and establish a second wireless link with a second cell according to a RAT, where the second cell operates in a second system bandwidth. Further, the wireless device may be configured to perform uplink activity for both the first RAT and the second RAT by TDM uplink data for the first RAT and uplink data for the second RAT if uplink activity is scheduled according to both the first RAT and the second RAT.

公开(公告)号：US12150147B2

公开(公告)日：2024-11-19

申请号：US18450953

申请日：2023-08-16

Applicant: Apple Inc.

Inventor： Johnson O. Sebeni ,  Yang Li ,  Zhu Ji ,  Yuchul Kim ,  Wei Zeng ,  Dawei Zhang ,  Haijing Hu ,  Xiangying Yang ,  Li Su

IPC: H04W72/23 ,  H04W52/02 ,  H04W76/28 ,  H04W84/04

Abstract: A downlink control information (DCI), such as a blanking DCI (bDCI) message may be transmitted by a base station (e.g., eNB) and received by a mobile device (e.g., UE). The bDCI may indicate that the eNB will not transmit a subsequent DCI to the UE for a duration of time. The UE may be in continuous reception mode or connected discontinuous reception (C-DRX) mode. The UE may therefore determine to enter a sleep state or take other action. The bDCI may specify an explicit blanking duration, or an index indicating a blanking duration from a lookup table, and/or the blanking duration (and/or a blanking duration offset value) may be determined in advance, e.g., semi-statically. When the UE is in C-DRX mode, the UE may be configured such that either the sleep/wake period of the C-DRX mode or the blanking period of the bDCI may take precedence over the other.

公开(公告)号：US12132830B2

公开(公告)日：2024-10-29

申请号：US17437798

申请日：2020-04-03

Applicant: Apple Inc.

Inventor： Shu Guo ,  Dawei Zhang ,  Fangli Xu ,  Haijing Hu ,  Huarui Liang ,  Xiangying Yang ,  Yuqin Chen

IPC: H04L29/06 ,  H04L9/08 ,  H04W12/041

CPC classification number: H04L9/0861 ,  H04L9/0891 ,  H04W12/041 ,  H04L2209/80

Abstract: Apparatuses, systems, and methods for application function (AF) key generation and AF key renewal. A user equipment device (UE) may communicate with an application function (AF) via a radio access network (RAN) using a first AF key and determine that the first AF key has expired. The UE may derive a second AF key based on at least an Architecture for Authentication and Key Management for Applications (AKMA) anchor key (KAKMA) and a counter parameter and communicate with the AF via the RAN using the second AF key. At least one of the UE, the AF, and/or an AKMA Anchor Function (AAnF) may be configured to monitor expiration of the first AF key based on an associated lifetime of the first AF key. The first and second AF keys may be derived using a key derivation function that includes at least one variable parameter.

公开(公告)号：US12101630B2

公开(公告)日：2024-09-24

申请号：US17634950

申请日：2019-08-18

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Jean-Marc Padova ,  Li Li ,  Shu Guo

IPC: G06F7/04 ,  H04L9/32 ,  H04W8/20 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/069 ,  H04L9/40

CPC classification number: H04W12/069 ,  H04L9/3247 ,  H04L9/3263 ,  H04W8/205 ,  H04W12/041 ,  H04W12/0431 ,  H04L63/166 ,  H04L2209/80

Abstract: This application sets forth techniques for authenticating a mobile device with a cellular wireless network without electronic Subscriber Identity Module (eSIM) credentials by using an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) procedure. The mobile device authenticates with an Authentication Server Function (AUSF) of the cellular wireless network using an embedded Universal Integrated Circuit Card (eUICC) certificate. Processing circuitry of the mobile wireless device external to the eUICC implements the EAP-TLS procedure and authenticates validity of the AUSF. In some embodiments, the eUICC provides key generation and storage for a session key for communication between the mobile device and the cellular wireless network. In some embodiments, a third-party managed Unified Data Management (UDM) broker authenticates the mobile device based on knowledge of the eUICC certificate and provides a session key to the cellular wireless network for subsequent communication with the mobile device, upon successful authentication of the mobile device.

公开(公告)号：US12063505B2

公开(公告)日：2024-08-13

申请号：US17442778

申请日：2020-04-01

Applicant: Apple Inc.

Inventor： Shu Guo ,  Xiangying Yang ,  Yuqin Chen ,  Fangli Xu ,  Zhibin Wu ,  Dawei Zhang ,  Huarui Liang ,  Haijing Hu

IPC: H04W12/08 ,  H04W12/67

CPC classification number: H04W12/08 ,  H04W12/67

Abstract: Techniques discussed herein can facilitate improved security establishment procedures for Vehicle to Everything (V2X) direct connections. Various embodiments are employable at or comprise User Equipment, and can initiate and/or receive V2X security establishment connections wherein a receiving UE can reject the connection based on the initiating UE's capabilities/policy and/or the initiating UE can make the final decision regarding the connection based at least on receiving security policy and capability information from the receiving UE.

公开(公告)号：US12021965B2

公开(公告)日：2024-06-25

申请号：US17818948

申请日：2022-08-10

Applicant: Apple Inc.

Inventor： Xiangying Yang

IPC: H04L9/00 ,  H04L9/32 ,  H04L9/40 ,  H04L67/30 ,  H04L67/306 ,  H04W8/24 ,  H04W12/0433 ,  H04W12/069 ,  H04W12/106 ,  H04W12/30 ,  H04W12/42

CPC classification number: H04L9/006 ,  H04L9/3273 ,  H04L63/0853 ,  H04L67/30 ,  H04L67/306 ,  H04W8/245 ,  H04W12/0433 ,  H04W12/069 ,  H04W12/106 ,  H04W12/35 ,  H04W12/42 ,  H04L9/321 ,  H04L2209/80

Abstract: A mobile network operator (MNO) uses a provisioning server to update or install profile content in a profile or electronic subscriber identity module (eSIM). In an exemplary embodiment, the profile is present on a secure element such as an embedded universal integrated circuit card (eUICC) in a wireless device. One or more MNOs use the provisioning server to perform profile content management on profiles in the eUICC. In some embodiments, an MNO has a trust relationship with the provisioning server. In some other embodiments, the MNO does not have a trust relationship with the provisioning server and protects payload targeted for an MNO-associated profile using an over the air (OTA) key.

公开(公告)号：US11968530B2

公开(公告)日：2024-04-23

申请号：US17593499

申请日：2020-08-06

Applicant: Apple Inc.

Inventor： Shu Guo ,  Dawei Zhang ,  Fangli Xu ,  Haijing Hu ,  Huarui Liang ,  Mona Agnel ,  Ralf Rossbach ,  Sudeep Manithara Vamanan ,  Xiangying Yang ,  Yuqin Chen

IPC: H04L29/06 ,  H04W12/06 ,  H04W60/00

CPC classification number: H04W12/068 ,  H04W60/00

Abstract: A network may authenticate a user equipment (UE) to access an edge data network. The network generates a first credential based on a second credential, the second credential generated for a procedure between the UE and a cellular network corresponding to the network component, receives an identifier associated with the first credential from a further network component in response to the UE transmitting an application registration request to a server associated with an edge data network and retrieves the first credential based on the identifier. The network also receives a multi-access edge computing (MEC) authorization parameter, verifies the MEC authorization parameter and transmits an authentication verification response to a second network component.

公开(公告)号：US11924184B2

公开(公告)日：2024-03-05

申请号：US17598224

申请日：2021-06-15

Applicant: Apple Inc.

Inventor： Shu Guo ,  Fangli Xu ,  Yuqin Chen ,  Xiangying Yang ,  Huarui Liang ,  Haijing Hu ,  Chunhai Yao ,  Dawei Zhang ,  Yushu Zhang ,  Zhibin Wu

IPC: H04L9/40 ,  H04L9/14

CPC classification number: H04L63/061 ,  H04L9/14

Abstract: The present application relates to devices and components including apparatus, systems, and methods for secured user equipment communications over a user equipment relay. In some embodiments, symmetric or asymmetric encryption may be used for the secured user equipment communications.