DEVICE-ASSISTED VERIFICATION

US 20170279619A1
Filed: 03/24/2017
Published: 09/28/2017
Est. Priority Date: 03/25/2016
Status: Active Grant

First Claim

Patent Images

1. A method by a device comprising an embedded universal integrated circuit card (eUICC) and a user interface, the method comprising:

receiving, from a first entity, a first message;

filtering the first message based on a configuration of the device to produce a filtering decision value;

when the filtering decision value is a negative value;

forwarding the first message to the eUICC; and

when the filtering decision value is a positive value;

providing a warning on the user interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device assists an embedded Universal Integrated Circuit Card (eUICC) resident in the device with verification of public key information or of security materials. The verification provided by the device can be configured by the user and/or by the eUICC. The verification includes checking for expiration of public key information or presence of an associated public key in a trusted list. The trusted list in some instances includes pinning hash values. The device can warn an end user and/or an infrastructure entity, of an issue if the verification fails. An extension of certificate revocation lists includes a logical indication of least one new public key in a CRL list. A CRL data field may also indicate a previous CRL, where the previous CRL is the most recent CRL containing a public key listing with at least one new entry.

31 Citations

View as Search Results

20 Claims

1. A method by a device comprising an embedded universal integrated circuit card (eUICC) and a user interface, the method comprising:
- receiving, from a first entity, a first message;
  
  filtering the first message based on a configuration of the device to produce a filtering decision value;
  
  when the filtering decision value is a negative value;
  
  forwarding the first message to the eUICC; and
  
  when the filtering decision value is a positive value;
  
  providing a warning on the user interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising, when the filtering decision value is positive:
    - forwarding the first message to the eUICC if the first message is i) deemed non-critical or ii) an expiration time of a content of the first message is later than a second expiration time of a content of a last-forwarded message.
  - 3. The method of claim 1, wherein the method further comprises, when the filtering decision value is a positive value:
    - providing a message on the user interface, wherein the message indicates a second entity that signed the first message;
      
      receiving a response on the user interface, wherein the response indicates whether a user trusts or does not trust the second entity; and
      
      when the response indicates that the user trusts the second entity, forwarding the first message to the eUICC.
  - 4. The method of claim 1, wherein the first message comprises a data part and a signature part, and wherein the method further comprises:
    - determining, subsequent to receiving the first message, a first hash value based on the first message; and
      
      reading, from a pinning table in the device, a second hash value.
  - 5. The method of claim 4, wherein the filtering comprises:
    - producing the filtering decision value based on comparing the first hash value with the second hash value, wherein the filtering decision value is the positive value when the first hash value does not match the second hash value.
  - 6. The method of claim 1, wherein the first message comprises a data part and a signature part, and wherein the method further comprises:
    - determining a current time value;
      
      determining an expiration time value;
      
      determining a first hash value based on the first message; and
      
      reading, from a pinning table in the device, a second hash value.
  - 7. The method of claim 6, wherein the filtering comprises:
    - producing the filtering decision value based on;
      
      i) comparing the expiration time value with the current time value, and ii) comparing the first hash value with the second hash value to produce a matching result, wherein the filtering decision value is the negative value when i) the expiration time value is later than the current time value, and ii) the matching result indicates that the first hash value matches the second hash value.
  - 8. The method of claim 1, wherein the first message comprises:
    - i) a certificate revocation list (CRL) signed by a certificate authority (CA), or ii) a public-key certificate signed by the CA.
  - 9. The method of claim 8, further comprising:
    - searching an untrusted list to determine a presence of an identity of the CA on the untrusted list; and
      
      when the identity of the CA is not present on the untrusted list, forwarding the first message to the eUICC.
  - 10. The method of claim 1, wherein the first entity is a delivery server.
  - 11. The method of claim 10, wherein the first message comprises an online certificate status protocol (OCSP) stapled message and the first message comprises:
    - a second public-key certificate of the delivery server, andan OCSP stapled response from a second certificate authority (CA).

12. A server apparatus comprising:
- a memory; and
  
  a processor, wherein the memory includes instructions that when executed by the processor cause the server apparatus to publish a plurality of certificate revocation lists (CRLs) by performing operations comprising;
  
  forming a first CRL of the plurality of CRLs at a first time, wherein;
  
  a first data field of the first CRL comprises a first sequence number,a second data field of the first CRL comprises a first public-key listing, anda third data field of the first CRL indicates that a content of the second data field of the first CRL is not new;
  
  providing the first CRL to a server;
  
  determining that a first public key is revoked;
  
  forming a second CRL of the plurality of CRLs at a second time; and
  
  providing the second CRL to the server.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The server apparatus of claim 12, wherein:
    - the first data field of the second CRL comprises a second sequence number;
      
      the second data field of the second CRL comprises a second public-key listing;
      
      the second public-key listing comprises an indication of the first public key; and
      
      the third data field of the second CRL indicates that a content of the second data field of the second CRL is new.
  - 14. The server apparatus of claim 13, wherein the operations further comprise:
    - forming a third CRL of the plurality of CRLs at a third time, wherein;
      
      the first data field of the third CRL comprises a third sequence number,the second data field of the third CRL comprises the second public-key listing, andthe third data field of the third CRL indicates that a content of the second data field of the third CRL is not new; and
      
      providing the third CRL to the server.
  - 15. The server apparatus of claim 14, wherein the operations further comprise:
    - determining that a second public key is revoked;
      
      forming a fourth CRL of the plurality of CRLs at a fourth time, wherein;
      
      the first data field of the fourth CRL comprises a fourth sequence number,the second data field of the fourth CRL comprises a third public-key listing,the third public-key listing comprises an indication of the second public key, andthe third data field of the fourth CRL indicates that a content of the second data field of the fourth CRL is new; and
      
      providing the fourth CRL to the server.
  - 16. The server apparatus of claim 15, wherein the operations further comprise:
    - forming a fifth CRL of the plurality of CRLs at a fifth time, wherein;
      
      the first data field of the fifth CRL comprises a fifth sequence number,the second data field of the fifth CRL comprises the third public-key listing, andthe third data field of the fifth CRL indicates that a content of the second data field of the fifth CRL is not new; and
      
      providing the fifth CRL to the server.

17. A non-transitory computer readable medium including instructions that when executed by a processor in a device cause the device to perform operations comprising:
- receiving a first certificate revocation list (CRL) from a first certification authority (CA) via a server;
  
  receiving second CRL from the CA via the server;
  
  comparing the second CRL to the first CRL;
  
  determining whether delivery from the server is reliable based on the comparing;
  
  producing a reliability indication based on the determining;
  
  when the reliability indication is positive;
  
  forwarding the second CRL to an embedded Universal Integrated Circuit Card (eUICC) included in the device; and
  
  when the reliability indication is not positive;
  
  sending an error report to a second CA.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer readable medium of claim 17, wherein the comparing comprises:
    - a sequence number comparison and/or a timestamp comparison.
  - 19. The non-transitory computer readable medium of claim 17, wherein:
    - the first CRL comprises a first field indicating that the first CRL comprises a public key listing with a new entry.
  - 20. The non-transitory computer readable medium of claim 19, wherein:
    - the comparing comprises;
      
      comparing a last sequence value of the second CRL to a sequence number of the first CRL, andthe producing a reliability indication comprises;
      
      producing a positive reliability indication when the last sequence value of the second CRL matches with the sequence number of the first CRL.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
YANG, Xiangying

Granted Patent

US 10,848,320 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/108   when the policy decisions a...

H04L 9/006   involving public key infras...

H04L 9/3234   involving additional secure...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3268   using certificate validatio...

DEVICE-ASSISTED VERIFICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DEVICE-ASSISTED VERIFICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links