Abstract: Systems, methods, and computer-readable media for provisioning credentials on an electronic device are provided. In one example embodiment, a secure platform system may be in communication with an electronic device and a financial institution subsystem.

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract: The disclosed technology provides enhanced financial statements such as credit statements that provide customized payment options to a customer that takes into account the total amount owed by the customer, and past payments made by the customer. The customized payment options are determined with the goal of providing more payment options that encourage financial health, while not overwhelming the customer with too many options or irrelevant options. The customized payment options can be displayed in an interactive user interface for paying a credit statement that can visually inform a user of the benefit of the respective payment options with respect to the impact of the respective payment option on the customer's financial health—at least as it pertains to a credit account for which the statement was issued.

Abstract: Representative embodiments described herein set forth techniques for optimizing large-scale deliveries of electronic Subscriber Identity Modules (eSIMs) to mobile devices. Specifically, instead of generating and assigning eSIMs when mobile devices are being activated—which can require significant processing overhead—eSIMs are pre-generated with a basic set of information, and are later-assigned to the mobile devices when they are activated. This can provide considerable benefits over conventional approaches that involve generating and assigning eSIMs during mobile device activation, especially when new mobile devices (e.g., smartphones, tablets, etc.) are being launched and a large number of eSIM assignment requests are to be fulfilled in an efficient manner.

Abstract: Embodiments provided herein determine if an electronic subscriber identity module (eSIM) associated with a requested service can be installed in a secure element (SE) housed in a wireless device. Before requesting deployment of an eSIM suitable for the requested service from an eSIM delivery server, a carrier server asks that an original equipment manufacturer (OEM) server validate that an eSIM corresponding to a customer request should be deployed. The OEM server obtains information about the wireless device and information about the SE. When the carrier server requests validation, the OEM server evaluates the wireless device information and/or the SE information. If the OEM server indicates that deployment of the eSIM should proceed, the OEM server also indicates the eSIM type that is compatible with the wireless device and with the SE housed in the device.

Abstract: Representative embodiments described herein set forth techniques for optimizing large-scale deliveries of electronic Subscriber Identity Modules (eSIMs) to mobile devices. Specifically, instead of generating and assigning eSIMs when mobile devices are being activated—which can require significant processing overhead—eSIMs are pre-generated with a basic set of information, and are later-assigned to the mobile devices when they are activated. This can provide considerable benefits over conventional approaches that involve generating and assigning eSIMs during mobile device activation, especially when new mobile devices (e.g., smartphones, tablets, etc.) are being launched and a large number of eSIM assignment requests are to be fulfilled in an efficient manner.

Abstract: Systems, methods, and computer-readable media for using an online resource to manage credentials on an electronic device are provided. In one example embodiment, a method, at an electronic device, includes, inter alia, receiving account data via an online resource, accessing commerce credential status data from a secure element of the electronic device, providing initial credential management option data via the online resource based on the received account data and based on the accessed commerce credential status data, in response to the providing, receiving a selection of an initial credential management option via the online resource, and changing the status of a credential on the secure element based on the received selection. Additional embodiments are also provided.

Abstract: Methods and apparatus that allow a device to migrate wireless service across multiple wireless networks. In one exemplary embodiment, the present invention enables storing and switching between multiple Electronic Subscriber Identity Modules (eSIM), where each eSIM is specific to a different carrier network. By loading the appropriate eSIM, the user device can authenticate itself with the selected carrier, rather than roaming. During roaming operation, the user equipment can load one or more of the previously stored eSIMs. Selection of the eSIM can be done manually by the user or can be driven by the user equipment based on desired context; for example, based on carrier signal strength, cost-effectiveness, etc. Support for multiple radio technologies also allows universal connectivity for wireless devices, even spanning previously incompatible technologies such as GSM (Global Standard for Mobile Communications), CDMA (Code Division Multiple Access), etc.

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract: A device implementing multi-scheme transaction credentials for a mobile transaction system includes a processor configured to transmit, to a mobile transaction system server, a request to provision a transaction credential on a device secure element. The processor is further configured to receive, from the mobile transaction system server, a provisioning script that, when executed by the device secure element, provisions, on the device secure element, a first applet corresponding to a first transaction network for the transaction credential and a second applet corresponding to a second transaction network for the transaction credential, the first and second applets being provisioned as an applet group having a shared life cycle. The processor is configured to, upon execution of the provisioning script, provide, for display, a single representation of the transaction credential corresponding to both the first and second applets.

Abstract: Methods and apparatus for activating a purchased or previously deployed device by a subscriber. In one embodiment, activation includes authenticating the device to a service provider or carrier, and providing the device with data necessary for enabling the service to the device. In one variant, a user device is activated at a retail store, with the assistance of a carrier representative. In another variant, user equipment is activated via a communications network without the assistance of a representative. In yet another variant, the user equipment is activated via the Internet without the assistance of a representative. The provision of access data includes pre-assigning eSIM from a population of unassigned eSIMs to certain devices for various carrier networks. Alternatively, the eSIM may be assigned on an as-needed basis. Unassigned and/or unused eSIMs can be released (or sold back to the vendor) and/or reused. Solutions for eSIM backup and restoration are also described.

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract: Representative embodiments described herein set forth techniques for provisioning bootstrap electronic Subscriber Identity Modules (eSIMs) to mobile devices. According to some embodiments, a mobile device can be configured to issue, to an eSIM selection server, a bootstrap eSIM request that includes (i) metadata associated with the mobile device, and (ii) metadata associated with an electronic Universal Integrated Circuit Card (eUICC) included in the mobile device. In turn, the eSIM selection server selects and binds a particular bootstrap eSIM to the mobile device, and provides information to the mobile device that enables the mobile device to obtain the particular bootstrap eSIM from one or more eSIM servers. When the mobile device obtains the particular bootstrap eSIM, the mobile device can interface with a mobile network operator (MNO) and obtain a complete eSIM that enables the mobile device to access services provided by the MNO.

Abstract: Methods and apparatus for managing multiple user access control entities or clients. For example, in one embodiment, a “wallet” of electronic subscriber identity modules (eSIMs) may be stored and used at a user device and/or distributed to other devices for use thereon. In another embodiment, a networked server may store and distribute eSIM to a plurality of user devices in communication therewith. A database of available eSIM is maintained at the wallet entity and/or at the network which enables request for a particular eSIM to be processed and various rules for the distribution thereof to be implemented. Security precautions are implemented to protect both user and network carrier specific data as the data is transmitted between networked entities. Solutions for eSIM backup and restoration are also described.

Abstract: Systems, methods, and computer-readable media for using an online resource to manage credentials on an electronic device are provided. In one example embodiment, a method, at an electronic device, includes, inter alia, receiving account data via an online resource, accessing commerce credential status data from a secure element of the electronic device, providing initial credential management option data via the online resource based on the received account data and based on the accessed commerce credential status data, in response to the providing, receiving a selection of an initial credential management option via the online resource, and changing the status of a credential on the secure element based on the received selection. Additional embodiments are also provided.

Abstract: Methods and apparatus for activating a purchased or previously deployed device by a subscriber. In one embodiment, activation includes authenticating the device to a service provider or carrier, and providing the device with data necessary for enabling the service to the device. In one variant, a user device is activated at a retail store, with the assistance of a carrier representative. In another variant, user equipment is activated via a communications network without the assistance of a representative. In yet another variant, the user equipment is activated via the Internet without the assistance of a representative. The provision of access data includes pre-assigning eSIM from a population of unassigned eSIMs to certain devices for various carrier networks. Alternatively, the eSIM may be assigned on an as-needed basis. Unassigned and/or unused eSIMs can be released (or sold back to the vendor) and/or reused. Solutions for eSIM backup and restoration are also described.

Abstract: Representative embodiments described herein set forth techniques for provisioning bootstrap electronic Subscriber Identity Modules (eSIMs) to mobile devices. According to some embodiments, a mobile device can be configured to issue, to an eSIM selection server, a bootstrap eSIM request that includes (i) metadata associated with the mobile device, and (ii) metadata associated with an electronic Universal Integrated Circuit Card (eUICC) included in the mobile device. In turn, the eSIM selection server selects and binds a particular bootstrap eSIM to the mobile device, and provides information to the mobile device that enables the mobile device to obtain the particular bootstrap eSIM from one or more eSIM servers. When the mobile device obtains the particular bootstrap eSIM, the mobile device can interface with a mobile network operator (MNO) and obtain a complete eSIM that enables the mobile device to access services provided by the MNO.

Abstract: Methods and apparatus for managing access control clients (e.g., electronic Subscriber Identity Modules (eSIMs)). In one embodiment, secure elements (e.g., electronic Universal Integrated Circuit Cards (eUICCs)) and management entities of secure elements are associated with credentials. Post-deployment managerial operations can be executed, by transmitting the requested operation with the appropriate credentials. For example, a device can receive secure software updates to electronic Subscriber Identity Modules (eSIMs), with properly credentialed network entities.

Abstract: Embodiments provided herein identify a certificate issuer (CI) to be relied on as a trusted third party by an electronic subscriber identity module (eSIM) server in remote SIM provisioning (RSP) transactions with an embedded universal integrated circuit card (eUICC). In an RSP ecosystem, multiple CIs may exist. Parties rely on public key infrastructure (PKI) techniques for establishment of trust. Trust may be established based on a trusted third party such as a CI. Parties need to agree on the CI in order for some PKI techniques to be useful. Embodiments provided herein describe approaches for an eUICC and an eSIM server to arrive at an agreed-on CI. Candidate or negotiated CIs may be indicated on a public key identifier (PKID) list. A PKID list is distributed, in some embodiments, by means of a discovery server, via an activation code (AC) and/or during the establishment of a profile provisioning session.

Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.