公开(公告)号：US20220399993A1

公开(公告)日：2022-12-15

申请号：US17820236

申请日：2022-08-16

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Jean-Marc PADOVA

IPC: H04L9/08 ,  H04L9/30 ,  H04W12/72 ,  H04W12/037

Abstract: Embodiments described herein relate to credential wrapping for secure transfer of electronic SIMs (eSIMs) between wireless devices. Transfer of an eSIM from a source device to a target device includes re-encryption of sensitive eSIM data, e.g., eSIM encryption keys, financial transaction credentials, transit authority credentials, and the like, using new encryption keys that include ephemeral elements applicable to a single, particular transfer session between the source device and the target device. The sensitive eSIM data encrypted with a symmetric key (Ks) is re-wrapped with a new header that includes a version of Ks encrypted with a new key encryption key (KEK) and information to derive KEK by the target device. The re-encrypted sensitive SIM data is formatted with additional eSIM data into a new bound profile package (BPP) to transfer the eSIM from the source device to the target device.

公开(公告)号：US20210219142A1

公开(公告)日：2021-07-15

申请号：US17147410

申请日：2021-01-12

Applicant: Apple Inc.

Inventor： Jean-Marc PADOVA ,  Xiangying YANG

IPC: H04W12/72 ,  H04W8/20 ,  H04W12/069

Abstract: Embodiments described herein relate to eligibility checking for transfer of one or more electronic subscriber identity modules (eSIMs) between two mobile wireless devices. Eligibility to transfer an eSIM to an eUICC of a target device can depend on whether the eUICC of the target device satisfies certain security requirements for the eSIMs to be transferred. The mobile wireless devices can obtain a transfer eligibility result based on communication with one or more network-based servers that can determine compatibility for eSIM transfer.

公开(公告)号：US20170338962A1

公开(公告)日：2017-11-23

申请号：US15598232

申请日：2017-05-17

Applicant: Apple Inc.

Inventor： Li LI ,  Clark P. MUELLER ,  Avinash NARASIMHAN ,  Arun G. MATHIAS ,  David T. HAGGERTY ,  Najeeb M. ABDULRAHIMAN ,  Jean-Marc PADOVA

IPC: H04L9/32 ,  H04W36/00 ,  H04W12/04 ,  H04L9/14 ,  H04L29/08 ,  H04L9/00 ,  H04L29/06 ,  H04L9/30 ,  H04W76/02 ,  H04W8/18

Abstract: Embodiments provided herein determine if an electronic subscriber identity module (eSIM) associated with a requested service can be installed in a secure element (SE) housed in a wireless device. Before requesting deployment of an eSIM suitable for the requested service from an eSIM delivery server, a carrier server asks that an original equipment manufacturer (OEM) server validate that an eSIM corresponding to a customer request should be deployed. The OEM server obtains information about the wireless device and information about the SE. When the carrier server requests validation, the OEM server evaluates the wireless device information and/or the SE information. If the OEM server indicates that deployment of the eSIM should proceed, the OEM server also indicates the eSIM type that is compatible with the wireless device and with the SE housed in the device.

公开(公告)号：US20250080969A1

公开(公告)日：2025-03-06

申请号：US18824394

申请日：2024-09-04

Applicant: Apple Inc.

Inventor： Raj S CHAUGULE ,  Hyewon LEE ,  Jean-Marc PADOVA ,  Li LI ,  Rohan C MALTHANKAR ,  Sherman X JIN ,  Suraj GUPTA ,  Xiangying YANG ,  Zexing SHI

IPC: H04W8/20 ,  H04W12/06

Abstract: An apparatus configured to engage in an embedded subscriber identity module (eSIM) profile transfer process to receive at a target device, executing a first operating system (OS) that implements a first protocol stack related to eSIM profile transfers, an eSIM profile from a source device executing a second OS that implements a second protocol stack related to eSIM profile transfers to the target device, wherein the first protocol stack and the second protocol stack are different, process, based on signals received from the source device, a token for transferring the eSIM profile, generate, for transmission to an enablement server, a request for the eSIM profile, wherein the request comprises the token and process, based on signals received from the enablement server, the eSIM profile.

公开(公告)号：US20240414536A1

公开(公告)日：2024-12-12

申请号：US18808879

申请日：2024-08-19

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Jean-Marc PADOVA ,  Li LI ,  Shu GUO

IPC: H04W12/069 ,  H04L9/32 ,  H04L9/40 ,  H04W8/20 ,  H04W12/041 ,  H04W12/0431

Abstract: This application sets forth techniques for authenticating a mobile device with a cellular wireless network without electronic Subscriber Identity Module (eSIM) credentials by using an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) procedure. The mobile device authenticates with an Authentication Server Function (AUSF) of the cellular wireless network using an embedded Universal Integrated Circuit Card (eUICC) certificate. Processing circuitry of the mobile wireless device external to the eUICC implements the EAP-TLS procedure and authenticates validity of the AUSF. In some embodiments, the eUICC provides key generation and storage for a session key for communication between the mobile device and the cellular wireless network. In some embodiments, a third-party managed Unified Data Management (UDM) broker authenticates the mobile device based on knowledge of the eUICC certificate and provides a session key to the cellular wireless network for subsequent communication with the mobile device, upon successful authentication of the mobile device.

公开(公告)号：US20220360978A1

公开(公告)日：2022-11-10

申请号：US17662632

申请日：2022-05-09

Applicant: Apple Inc.

Inventor： Li LI ,  Jean-Marc PADOVA ,  Najeeb M. ABDULRAHIMAN

IPC: H04W8/26 ,  H04W8/18 ,  H04W12/03 ,  H04W12/0431 ,  H04W12/06

Abstract: This application describes a phased approach to provision eSIM profiles to a wireless device. Credentials are preloaded to an eUICC during manufacture of the eUICC and used subsequently to load eSIM profiles to the eUICC without requiring an active, real-time connection to an MNO provisioning server. Multiple bound profile packages (BPPs) can be pre-generated and encrypted by MNO provisioning servers for an eUICC and transferred to a BPP aggregator server before assembly of the eUICC in a respective wireless device. A local provisioning server in a manufacturing facility mutually authenticates and connects to the BPP aggregator server to download and store one or more of the encrypted BPPs for later installation on the eUICC. The local provisioning server subsequently mutually authenticates and connects to the eUICC to load at least one of the one or more pre-generated, encrypted BPPs to the eUICC during assembly and/or testing of the wireless device.

公开(公告)号：US20210314148A1

公开(公告)日：2021-10-07

申请号：US17211749

申请日：2021-03-24

Applicant: Apple Inc.

Inventor： Xiangying YANG ,  Jean-Marc PADOVA

IPC: H04L9/08 ,  H04L9/30 ,  H04W12/037 ,  H04W12/72

Abstract: Embodiments described herein relate to credential wrapping for secure transfer of electronic SIMs (eSIMs) between wireless devices. Transfer of an eSIM from a source device to a target device includes re-encryption of sensitive eSIM data, e.g., eSIM encryption keys, financial transaction credentials, transit authority credentials, and the like, using new encryption keys that include ephemeral elements applicable to a single, particular transfer session between the source device and the target device. The sensitive eSIM data encrypted with a symmetric key (Ks) is re-wrapped with a new header that includes a version of Ks encrypted with a new key encryption key (KEK) and information to derive KEK by the target device. The re-encrypted sensitive SIM data is formatted with additional eSIM data into a new bound profile package (BPP) to transfer the eSIM from the source device to the target device.

公开(公告)号：US20250080970A1

公开(公告)日：2025-03-06

申请号：US18824522

申请日：2024-09-04

Applicant: Apple Inc.

Inventor： Raj S CHAUGULE ,  Hyewon LEE ,  Jean-Marc PADOVA ,  Li LI ,  Rohan C MALTHANKAR ,  Sherman X JIN ,  Suraj GUPTA ,  Xiangying YANG ,  Zexing SHI

IPC: H04W8/20

Abstract: An apparatus configured to engage in an embedded subscriber identity module (eSIM) profile transfer process to transfer an eSIM profile from a source device executing a first operating system (OS) that implements a first protocol stack related to eSIM profile transfers to a target device executing a second OS that implements a second protocol stack related to eSIM profile transfers, wherein the first protocol stack and the second protocol stack are different, process, based on signaling received from an entitlement server, a token for transferring the eSIM profile and generate, for transmission to the target device, a message comprising the token.

公开(公告)号：US20250030514A1

公开(公告)日：2025-01-23

申请号：US18906801

申请日：2024-10-04

Applicant: Apple Inc.

Inventor： Hyewon LEE ,  Jean-Marc PADOVA ,  Li LI ,  Xiangying YANG

IPC: H04L5/00 ,  H04W8/18 ,  H04W72/0453 ,  H04W76/15

Abstract: Techniques for managing logical channel communication for multiple electronic subscriber identity module (eSIM) profiles installed on an embedded universal integrated circuit card (eUICC), including mapping of logical channel identifier values between different logical channel labeling schemes are described herein. In a first scheme, logical channels are identified using logical channel values alone. In a second scheme, logical channels are identified using a combination of eSIM port value and channel values. An interpreter in the eUICC and/or in processing circuitry external to the eUICC can map between the logical channel labeling schemes to allow internal state machines in the eUICC and/or the processing circuitry to use the first scheme for identifying logical channels.

公开(公告)号：US20240267722A1

公开(公告)日：2024-08-08

申请号：US18166433

申请日：2023-02-08

Applicant: Apple Inc.

Inventor： Jean-Marc PADOVA ,  Li LI ,  Viswanath NAGARAJAN

IPC: H04W8/20 ,  H04W8/18 ,  H04W12/30

CPC classification number: H04W8/205 ,  H04W8/183 ,  H04W12/35

Abstract: This application describes managing configuration of a bootstrap electronic SIM (eSIM) for a wireless device. A bootstrap eSIM on an embedded universal integrated circuit card (eUICC) of the wireless device is configured as needed to provide cellular wireless access. The bootstrap eSIM is configured with an initial international mobile subscriber identity (i-IMSI) value used to establish a cellular connection to obtain a bootstrap IMSI (b-IMSI) value allocated for temporary, dedicated use by the wireless device. The b-IMSI value is selected by a bootstrap server based on a bootstrap selection rule obtained from a bootstrap rules service, where the bootstrap selection rule accounts for a use case type provided by the wireless device and indicating a purpose for use of the b-IMSI value. The b-IMSI value is returned to a pool for use by other wireless devices after expiration of a timer or responsive to a delete notification message.