DEVICE-ASSISTED VERIFICATION
First Claim
1. A method by a device comprising an embedded universal integrated circuit card (eUICC) and a user interface, the method comprising:
- receiving, from a first entity, a first message;
filtering the first message based on a configuration of the device to produce a filtering decision value;
when the filtering decision value is a negative value;
forwarding the first message to the eUICC; and
when the filtering decision value is a positive value;
providing a warning on the user interface.
1 Assignment
0 Petitions
Accused Products
Abstract
A device assists an embedded Universal Integrated Circuit Card (eUICC) resident in the device with verification of public key information or of security materials. The verification provided by the device can be configured by the user and/or by the eUICC. The verification includes checking for expiration of public key information or presence of an associated public key in a trusted list. The trusted list in some instances includes pinning hash values. The device can warn an end user and/or an infrastructure entity, of an issue if the verification fails. An extension of certificate revocation lists includes a logical indication of least one new public key in a CRL list. A CRL data field may also indicate a previous CRL, where the previous CRL is the most recent CRL containing a public key listing with at least one new entry.
-
Citations
20 Claims
-
1. A method by a device comprising an embedded universal integrated circuit card (eUICC) and a user interface, the method comprising:
-
receiving, from a first entity, a first message; filtering the first message based on a configuration of the device to produce a filtering decision value; when the filtering decision value is a negative value; forwarding the first message to the eUICC; and when the filtering decision value is a positive value; providing a warning on the user interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A server apparatus comprising:
-
a memory; and a processor, wherein the memory includes instructions that when executed by the processor cause the server apparatus to publish a plurality of certificate revocation lists (CRLs) by performing operations comprising; forming a first CRL of the plurality of CRLs at a first time, wherein; a first data field of the first CRL comprises a first sequence number, a second data field of the first CRL comprises a first public-key listing, and a third data field of the first CRL indicates that a content of the second data field of the first CRL is not new; providing the first CRL to a server; determining that a first public key is revoked; forming a second CRL of the plurality of CRLs at a second time; and providing the second CRL to the server. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A non-transitory computer readable medium including instructions that when executed by a processor in a device cause the device to perform operations comprising:
-
receiving a first certificate revocation list (CRL) from a first certification authority (CA) via a server; receiving second CRL from the CA via the server; comparing the second CRL to the first CRL; determining whether delivery from the server is reliable based on the comparing; producing a reliability indication based on the determining; when the reliability indication is positive; forwarding the second CRL to an embedded Universal Integrated Circuit Card (eUICC) included in the device; and when the reliability indication is not positive; sending an error report to a second CA. - View Dependent Claims (18, 19, 20)
-
Specification