Patents by Inventor Jerrold Von Hauck

Jerrold Von Hauck has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10271213
    Abstract: Methods and apparatus for managing access control clients (e.g., electronic Subscriber Identity Modules (eSIMs)). In one embodiment, secure elements (e.g., electronic Universal Integrated Circuit Cards (eUICCs)) and management entities of secure elements are associated with credentials. Post-deployment managerial operations can be executed, by transmitting the requested operation with the appropriate credentials. For example, a device can receive secure software updates to electronic Subscriber Identity Modules (eSIMs), with properly credentialed network entities.
    Type: Grant
    Filed: May 4, 2012
    Date of Patent: April 23, 2019
    Assignee: Apple Inc.
    Inventors: David T. Haggerty, Jerrold Von Hauck, Kevin McLaughlin, Audra Liu
  • Patent number: 10264452
    Abstract: The embodiments set forth techniques for an embedded Universal Integrated Circuit Card (eUICC) to conditionally require, when performing management operations in association with electronic Subscriber Identity Modules (eSIMs), human-based authentication. The eUICC receives a request to perform a management operation in association with an eSIM. In response, the eUICC determines whether a policy being enforced by the eUICC indicates that a human-based authentication is required prior to performing the management operation. Next, the eUICC causes the mobile device to prompt a user of the mobile device to carry out the human-based authentication. The management operation is then performed or ignored in accordance with results of the human-based authentication.
    Type: Grant
    Filed: April 3, 2018
    Date of Patent: April 16, 2019
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Li Li, Jerrold Von Hauck
  • Patent number: 10206106
    Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.
    Type: Grant
    Filed: January 17, 2018
    Date of Patent: February 12, 2019
    Assignee: Apple Inc.
    Inventors: Stephan V. Schell, Arun G. Mathias, Jerrold Von Hauck, David T. Haggerty, Kevin McLaughlin, Ben-Heng Juang, Li Li
  • Patent number: 10149144
    Abstract: Described herein is a simulacrum security device and methods. In one embodiment, a simulacrum or likeness of a physical security device is provided for use in conjunction with a software emulation of the security device. In one implementation, a “faux SIM card” is provided that does not contain Subscriber Identification Module (SIM) information itself, but instead enables a user to download Electronic SIM (eSIM) information (e.g., from a network or eSIM server) which is loaded into a software emulation of a Universal Integrated Circuit Card (UICC) device. The faux card is printed with an activation code, scan pattern, or other activation or access information. The subscriber purchases the faux card, and enters the activation code into a device; the entered activation code enables the device to log onto a network, and download the appropriate eSIM data.
    Type: Grant
    Filed: July 30, 2015
    Date of Patent: December 4, 2018
    Assignee: Apple Inc.
    Inventors: Stephan V. Schell, Jerrold Von Hauck
  • Publication number: 20180295511
    Abstract: The embodiments set forth techniques for an embedded Universal Integrated Circuit Card (eUICC) to conditionally require, when performing management operations in association with electronic Subscriber Identity Modules (eSIMs), human-based authentication. The eUICC receives a request to perform a management operation in association with an eSIM. In response, the eUICC determines whether a policy being enforced by the eUICC indicates that a human-based authentication is required prior to performing the management operation. Next, the eUICC causes the mobile device to prompt a user of the mobile device to carry out the human-based authentication. The management operation is then performed or ignored in accordance with results of the human-based authentication.
    Type: Application
    Filed: April 3, 2018
    Publication date: October 11, 2018
    Inventors: Xiangying YANG, Li LI, Jerrold Von HAUCK
  • Publication number: 20180278604
    Abstract: A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired.
    Type: Application
    Filed: March 26, 2018
    Publication date: September 27, 2018
    Inventors: Xiangying YANG, Li LI, Jerrold Von HAUCK
  • Publication number: 20180249332
    Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.
    Type: Application
    Filed: January 17, 2018
    Publication date: August 30, 2018
    Inventors: Stephan V. SCHELL, Arun G. MATHIAS, Jerrold Von HAUCK, David T. HAGGERTY, Kevin McLAUGHLIN, Ben-Heng JUANG, Li LI
  • Publication number: 20180249333
    Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.
    Type: Application
    Filed: January 22, 2018
    Publication date: August 30, 2018
    Inventors: Li LI, Xiangying YANG, Jerrold Von HAUCK, Christopher B. SHARP, Yousuf H. VAID, Arun G. MATHIAS, David T. HAGGERTY, Najeeb M. ABDULRAHIMAN
  • Patent number: 10009764
    Abstract: Methods and apparatuses for providing controlled switching of electronic access control clients (e.g., electronic Subscriber Identity Modules (eSIMs)) without requiring network access are set forth herein. In one embodiment, a method for swapping of subscriptions and/or profiles for without network supervision that prevents possibly malicious high frequency switching is disclosed. For example, a secure element included in a mobile device can be configured to issue, to a security module included in the mobile device, a request for the security module to carry out an authentication of a user of the mobile device. Upon determining, based on results received from the security module, that the authentication is successful, the secure element can generate one or more credits in accordance with the results, where each credit of the one or more credits can be used to carry out an eSIM management operation within the secure element.
    Type: Grant
    Filed: June 12, 2015
    Date of Patent: June 26, 2018
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Jerrold Von Hauck
  • Patent number: 9998925
    Abstract: A method for preparing an eSIM for provisioning is provided. The method can include a provisioning server encrypting the eSIM with a symmetric key. The method can further include the provisioning server, after determining a target eUICC to which the eSIM is to be provisioned, encrypting the symmetric key with a key encryption key derived based at least in part on a private key associated with the provisioning server and a public key associated with the target eUICC. The method can additionally include the provisioning server formatting an eSIM package including the encrypted eSIM, the encrypted symmetric key, and a public key corresponding to the private key associated with the provisioning server. The method can also include the provisioning server sending the eSIM package to the target eUICC.
    Type: Grant
    Filed: June 9, 2017
    Date of Patent: June 12, 2018
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Li Li, Jerrold Von Hauck
  • Patent number: 9942755
    Abstract: The embodiments set forth techniques for an embedded Universal Integrated Circuit Card (eUICC) to conditionally require, when performing management operations in association with electronic Subscriber Identity Modules (eSIMs), human-based authentication. The eUICC receives a request to perform a management operation in association with an eSIM. In response, the eUICC determines whether a policy being enforced by the eUICC indicates that a human-based authentication is required prior to performing the management operation. Next, the eUICC causes the mobile device to prompt a user of the mobile device to carry out the human-based authentication. The management operation is then performed or ignored in accordance with results of the human-based authentication.
    Type: Grant
    Filed: August 20, 2015
    Date of Patent: April 10, 2018
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Li Li, Jerrold Von Hauck
  • Patent number: 9930035
    Abstract: A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired.
    Type: Grant
    Filed: June 22, 2017
    Date of Patent: March 27, 2018
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Li Li, Jerrold Von Hauck
  • Patent number: 9930527
    Abstract: Disclosed herein is a technique for securely provisioning access control entities (e.g., electronic Subscriber Identity Module (eSIM) components) to a user equipment (UE) device. In one embodiment, a UE device is assigned a unique key and an endorsement certificate that can be used to provide updates or new eSIMs to the UE device. The UE device can trust eSIM material delivered by an unknown third-party eSIM vendor, based on a secure certificate transmission with the unique key. In another aspect, an operating system (OS) is partitioned into various sandboxes. During operation, the UE device can activate and execute the OS in the sandbox corresponding to a current wireless network. Personalization packages received while connected to the network only apply to that sandbox. Similarly, when loading an eSIM, the OS need only load the list of software necessary for the current run-time environment. Unused software can be subsequently activated.
    Type: Grant
    Filed: December 8, 2016
    Date of Patent: March 27, 2018
    Assignee: Apple Inc.
    Inventors: Stephan V. Schell, Jerrold Von Hauck
  • Patent number: 9882594
    Abstract: Methods and apparatuses for providing controlled switching of electronic access control clients without requiring network access are set forth herein. In one embodiment, a method for swapping of subscriptions and/or profiles for electronic Subscriber Identity Modules (eSIMs) without network supervision that prevents possibly malicious high frequency switching is disclosed. The disclosed embodiments offer reasonable management capabilities for network operators, without compromising the flexibility of eSIM operation.
    Type: Grant
    Filed: April 13, 2015
    Date of Patent: January 30, 2018
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Jerrold Von Hauck
  • Patent number: 9877194
    Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.
    Type: Grant
    Filed: April 14, 2016
    Date of Patent: January 23, 2018
    Assignee: Apple Inc.
    Inventors: Stephan V. Schell, Arun G. Mathias, Jerrold Von Hauck, David T. Haggerty, Kevin McLaughlin, Ben-Heng Juang, Li Li
  • Patent number: 9877193
    Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: January 23, 2018
    Assignee: Apple Inc.
    Inventors: Li Li, Xiangying Yang, Jerrold Von Hauck, Christopher B. Sharp, Yousuf H. Vaid, Arun G. Mathias, David T. Haggerty, Najeeb M. Abdulrahiman
  • Patent number: 9843585
    Abstract: Methods and apparatus for large scale distribution of electronic access control clients. In one aspect, a tiered security software protocol is disclosed. In one exemplary embodiment, a server electronic Universal Integrated Circuit Card (eUICC) and client eUICC software comprise a so-called “stack” of software layers. Each software layer is responsible for a set of hierarchical functions which are negotiated with its corresponding peer software layer. The tiered security software protocol is configured for large scale distribution of electronic Subscriber Identity Modules (eSIMs).
    Type: Grant
    Filed: January 13, 2016
    Date of Patent: December 12, 2017
    Assignee: Apple Inc.
    Inventors: David T. Haggerty, Jerrold Von Hauck, Ben-Heng Juang, Li Li, Arun G. Mathias, Kevin McLaughlin, Avinash Narasimhan, Christopher Sharp, Yousuf H. Vaid, Xiangying Yang
  • Patent number: 9788209
    Abstract: Apparatus and methods for controlling the distribution of electronic access clients to a device. In one embodiment, a virtualized Universal Integrated Circuit Card (UICC) can only load an access client such as an electronic Subscriber Identity Module (eSIM) according to an activation ticket. The activation ticket ensures that the virtualized UICC can only receive eSIMs from specific carriers (“carrier locking”). Unlike prior art methods which enforce carrier locking on a software application launched from a software chain of trust (which can be compromised), the present invention advantageously enforces carrier locking with the secure UICC hardware which has, for example, a secure code base.
    Type: Grant
    Filed: September 12, 2016
    Date of Patent: October 10, 2017
    Assignee: Apple Inc.
    Inventors: Jerrold Von Hauck, David T. Haggerty
  • Publication number: 20170289142
    Abstract: A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired.
    Type: Application
    Filed: June 22, 2017
    Publication date: October 5, 2017
    Inventors: Xiangying YANG, Li LI, Jerrold Von HAUCK
  • Publication number: 20170278097
    Abstract: Methods and apparatus for the deployment of financial instruments and other assets are disclosed. In one embodiment, a security software protocol is disclosed that guarantees that the asset is always securely encrypted, that one and only one copy of an asset exists, and the asset is delivered to an authenticated and/or authorized customer. Additionally, exemplary embodiments of provisioning systems are disclosed that are capable of, among other things, handling large bursts of traffic (such as can occur on a so-called “launch day” of a device).
    Type: Application
    Filed: April 7, 2017
    Publication date: September 28, 2017
    Inventors: David T. HAGGERTY, Ahmer A. KHAN, Christopher B. SHARP, Jerrold Von HAUCK, Joakim LINDE, Kevin P. MCLAUGHLIN, Mehdi ZIAT, Yousuf H. VAID