Apple Inc.
Device-assisted verification

Abstract:

A device assists an embedded Universal Integrated Circuit Card (eUICC) resident in the device with verification of public key information or of security materials. The verification provided by the device can be configured by the user and/or by the eUICC. The verification includes checking for expiration of public key information or presence of an associated public key in a trusted list. The trusted list in some instances includes pinning hash values. The device can warn an end user and/or an infrastructure entity, of an issue if the verification fails. An extension of certificate revocation lists includes a logical indication of at least one new public key in a CRL list. A CRL data field may also indicate a previous CRL, where the previous CRL is the most recent CRL containing a public key listing with at least one new entry.