公开(公告)号：US10985926B2

公开(公告)日：2021-04-20

申请号：US16117642

申请日：2018-08-30

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Avinash Narasimhan ,  Li Li ,  David I. Ahn ,  Jean-Marc Padova ,  Clark P. Mueller ,  David T. Haggerty

IPC: H04L29/06 ,  H04L9/32 ,  H04W12/00 ,  H04L9/00 ,  H04L9/30

Abstract: Embodiments provided herein identify a certificate issuer (CI) to be relied on as a trusted third party by an electronic subscriber identity module (eSIM) server in remote SIM provisioning (RSP) transactions with an embedded universal integrated circuit card (eUICC). In an RSP ecosystem, multiple CIs may exist. Parties rely on public key infrastructure (PKI) techniques for establishment of trust. Trust may be established based on a trusted third party such as a CI. Parties need to agree on the CI in order for some PKI techniques to be useful. Embodiments provided herein describe approaches for an eUICC and an eSIM server to arrive at an agreed-on CI. Candidate or negotiated CIs may be indicated on a public key identifier (PKID) list. A PKID list is distributed, in some embodiments, by means of a discovery server, via an activation code (AC) and/or during the establishment of a profile provisioning session.

公开(公告)号：US10664257B2

公开(公告)日：2020-05-26

申请号：US15146771

申请日：2016-05-04

Applicant: Apple Inc.

Inventor： Li Li ,  Arun G. Mathias

IPC: H04L29/06 ,  G06F8/65

Abstract: Activities involving a secure element (SE) in a mobile device include a background operation. When the SE initiates the background operation, it informs the mobile device of an estimated duration. The mobile device thus recognizes that the SE is not in a stuck state, and maintains a clock signal and a power flow to the SE. Firmware updates to the SE include erasing a non-volatile (NV) memory in the SE in parallel with firmware or software updates to other processor systems in the mobile device. Needed data, for example calibration data or cryptographic key data, is preserved by storing data from some processor systems in one or more supplementary security domains (SSDs) in the SE. When a given processor system completes a firmware update, the needed data is restored to the processor system from the SSD.

公开(公告)号：US10433131B2

公开(公告)日：2019-10-01

申请号：US16141482

申请日：2018-09-25

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li

IPC: H04W4/60

Abstract: An electronic universal integrated circuit card (eUICC) performs one or more operations to increase the reliability and decrease the execution time of remote profile management (RPM) commands or local profile management (LPM) commands. In some embodiments, the eUICC scans through a received script containing RPM commands and then selectively defers some responsive actions such as refresh commands. An eSIM server that originates the script, in some embodiments, mandates performance of a refresh command after a particular RPM command by including an explicit refresh command code in the script. In some embodiments, the eSIM server includes a command instructing the eUICC to hold responsive refresh commands until the completion of the script. In some scenarios, execution of one or more RPM or LPM commands may be interfered with by a card application toolkit (CAT) session. Embodiments provided herein prioritize the RPM/LPM commands as more important than the CAT session.

公开(公告)号：US10405181B2

公开(公告)日：2019-09-03

申请号：US15876875

申请日：2018-01-22

Applicant: Apple Inc.

Inventor： Li Li ,  Xiangying Yang ,  Jerrold Von Hauck ,  Christopher B. Sharp ,  Yousuf H. Vaid ,  Arun G. Mathias ,  David T. Haggerty ,  Najeeb M. Abdulrahiman

IPC: H04W12/06 ,  H04L29/06 ,  H04L12/24

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

公开(公告)号：US10396981B2

公开(公告)日：2019-08-27

申请号：US15279343

申请日：2016-09-28

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li

IPC: H04L9/32 ,  H04L9/08 ,  H04W12/04 ,  H04L29/06 ,  H04W8/20 ,  H04W12/02 ,  H04W12/06

Abstract: Methods for provisioning electronic Subscriber Identity Modules (eSIMs) to electronic Universal Integrated Circuit Cards (eUICCs) are provided. One method involves a provisioning server configured to encrypt the eSIM with a symmetric key (Ke). The provisioning server, upon identifying a target eUICC, encrypts the symmetric key with a key encryption key (KEK) derived based at least in part on a private key associated with the provisioning server and a public key associated with the target eUICC. The provisioning server generates an eSIM package including the encrypted eSIM, the encrypted symmetric key, a public key corresponding to the private key associated with the provisioning server, as well as additional information that enables the target eUICC to, upon receipt of the eSIM package, identify a private key that corresponds to the public key associated with the target eUICC and used to derive the KEK.

公开(公告)号：US10251054B2

公开(公告)日：2019-04-02

申请号：US15698950

申请日：2017-09-08

Applicant: APPLE INC.

Inventor： Mehdi Ziat ,  Christopher Sharp ,  Kevin P. McLaughlin ,  Li Li ,  Jerrold V. Hauck ,  Yousuf H. Vaid

IPC: H04W4/00 ,  H04W8/22 ,  G06F9/445 ,  G06F9/50

Abstract: Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a PCF, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification to the PCF when it is determined the PCF package is valid.

公开(公告)号：US20190098475A1

公开(公告)日：2019-03-28

申请号：US16141482

申请日：2018-09-25

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li

IPC: H04W4/60

CPC classification number: H04W4/60

Abstract: An electronic universal integrated circuit card (eUICC) performs one or more operations to increase the reliability and decrease the execution time of remote profile management (RPM) commands or local profile management (LPM) commands. In some embodiments, the eUICC scans through a received script containing RPM commands and then selectively defers some responsive actions such as refresh commands. An eSIM server that originates the script, in some embodiments, mandates performance of a refresh command after a particular RPM command by including an explicit refresh command code in the script. In some embodiments, the eSIM server includes a command instructing the eUICC to hold responsive refresh commands until the completion of the script. In some scenarios, execution of one or more RPM or LPM commands may be interfered with by a card application toolkit (CAT) session. Embodiments provided herein prioritize the RPM/LPM commands as more important than the CAT session.

公开(公告)号：US10080119B2

公开(公告)日：2018-09-18

申请号：US15817081

申请日：2017-11-17

Applicant: Apple Inc.

Inventor： Vikram B. Yerrabommanahalli ,  Li Li ,  Arun G. Mathias ,  Najeeb M. Abdulrahiman ,  Chandiramohan Vasudevan ,  Rohan C. Malthankar ,  Francisco J. Gonzalez ,  Rafael L. Rivera-Barreto ,  Jean-Marc Padova

IPC: H04M1/00 ,  H04W4/60 ,  H04W8/20 ,  H04L29/12 ,  H04W68/00 ,  H04W8/18

CPC classification number: H04W4/60 ,  H04L61/106 ,  H04W8/18 ,  H04W8/205 ,  H04W68/005

Abstract: Some embodiments relate to methods for provisioning a secondary wireless device with an eSIM for wireless communication and activating multi-SIM functionality between the secondary wireless device and a primary wireless device having a subscribed SIM. The primary wireless device may act as a proxy in obtaining the eSIM for the secondary wireless device. The primary wireless device may then provide, to the cellular network, identifiers of the SIMs of the primary and secondary wireless devices. The primary wireless device may then request initiation of multi-SIM functionality for the two SIMs, and receive an indication that the multi-SIM functionality has been initiated. As an example, the multi-SIM functionality may be implemented by mapping the SIM of the primary wireless device and the SIM of the secondary wireless device (e.g., the provisioned eSIM) to the same Mobile Directory Number (MDN).

公开(公告)号：US10061942B2

公开(公告)日：2018-08-28

申请号：US14724789

申请日：2015-05-28

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li

IPC: G06F21/78 ,  G06F12/14 ,  H04W8/18 ,  H04W8/20 ,  H04W12/04 ,  H04W12/08

CPC classification number: G06F21/78 ,  G06F12/1408 ,  G06F2212/402 ,  H04W8/183 ,  H04W8/205 ,  H04W12/0023 ,  H04W12/04 ,  H04W12/08

Abstract: A method for secure storage of an embedded Subscriber Identity Module (eSIM) on a wireless communication device including an embedded Universal Integrated Circuit Card (eUICC) and a memory external to the eUICC is provided. The method can include the eUICC determining that an eSIM package including an eSIM is to be stored on the memory. The method can also include the eUICC, in response to determining that the eSIM package is to be stored on the memory, maintaining a single-use session parameter associated with the eSIM package to enable installation of the eSIM on the eUICC if the eSIM package is later loaded onto the eUICC from the memory.

公开(公告)号：US10051464B2

公开(公告)日：2018-08-14

申请号：US15093595

申请日：2016-04-07

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Li Li ,  Arun G. Mathias

IPC: H04L29/06 ,  H04W12/02 ,  H04W4/50

Abstract: Methods and apparatus for managing processing of electronic Subscriber Identity Modules (eSIM) data at a mobile device are disclosed. An eSIM management entity of an embedded Universal Integrated Circuit Card (eUICC) in the mobile device obtains an encrypted eSIM package, decrypts the eSIM package to obtain eSIM contents formatted generically and not specifically tailored to requirements of the eUICC. In some embodiments, the eSIM contents are formatted based on an abstract syntax notation (ASN) distinguished encoding rules (DER) format. The eSIM management entity parses the formatted eSIM contents to retrieve individual eSIM components and installs each eSIM component for the eSIM in an eSIM security domain on the eUICC. In some embodiments, the eSIM management entity acts as a local, personalization server to provide local Trusted Service Manager (TSM) server functionality for eSIM installation that transforms “generically formatted” eSIM contents into eSIM components that match specific requirements of the eUICC.