Abstract: Methods and apparatus to enable and disable cellular services for one or more cellular capable secondary wireless devices associated with a primary wireless device are disclosed. The primary wireless device, in response to detecting a status change of an in use state of a cellular capable secondary wireless device can provide a notification to a network server of a wireless network to disable cellular wireless services for previously enabled cellular capable secondary wireless devices and to enable cellular wireless services for the cellular capable secondary wireless device. Control of cellular wireless services for cellular capable secondary wireless devices can be based on a combination of registration for services, activation and deactivation of eSIMs on the cellular capable secondary wireless devices, and/or changes to eSIM states or contexts maintained by the network server.

Abstract: Representative embodiments described herein set forth techniques for optimizing large-scale deliveries of electronic Subscriber Identity Modules (eSIMs) to mobile devices. Specifically, instead of generating and assigning eSIMs when mobile devices are being activated—which can require significant processing overhead—eSIMs are pre-generated with a basic set of information, and are later-assigned to the mobile devices when they are activated. This can provide considerable benefits over conventional approaches that involve generating and assigning eSIMs during mobile device activation, especially when new mobile devices (e.g., smartphones, tablets, etc.) are being launched and a large number of eSIM assignment requests are to be fulfilled in an efficient manner.

Abstract: Activities involving a secure element (SE) in a mobile device include a background operation. When the SE initiates the background operation, it informs the mobile device of an estimated duration. The mobile device thus recognizes that the SE is not in a stuck state, and maintains a clock signal and a power flow to the SE. Firmware updates to the SE include erasing a non-volatile (NV) memory in the SE in parallel with firmware or software updates to other processor systems in the mobile device. Needed data, for example calibration data or cryptographic key data, is preserved by storing data from some processor systems in one or more supplementary security domains (SSDs) in the SE. When a given processor system completes a firmware update, the needed data is restored to the processor system from the SSD.

Abstract: An automated environment can include multiple controller devices capable of communicating with multiple accessory devices. The controller devices can automatically elect one of their number as a coordinator device for the environment and can automatically perform a new election if an incumbent coordinator becomes unavailable or resigns. The election processes can be transparent to any users. An elected coordinator can perform various operations to facilitate management of the automated environment, including routing of communications between controllers and accessories.

Abstract: An automated environment can include an accessory device that operates according to an automation rule, to take a prescribed action when a triggering condition occurs. A controller device for the automated environment can determine a user's regular routine and can detect when the user is deviating from the regular routine. The controller device can communicate with accessory devices in the automated environment to modify their behavior relative to the automation rules.

Abstract: Embodiments provided herein determine if an electronic subscriber identity module (eSIM) associated with a requested service can be installed in a secure element (SE) housed in a wireless device. Before requesting deployment of an eSIM suitable for the requested service from an eSIM delivery server, a carrier server asks that an original equipment manufacturer (OEM) server validate that an eSIM corresponding to a customer request should be deployed. The OEM server obtains information about the wireless device and information about the SE. When the carrier server requests validation, the OEM server evaluates the wireless device information and/or the SE information. If the OEM server indicates that deployment of the eSIM should proceed, the OEM server also indicates the eSIM type that is compatible with the wireless device and with the SE housed in the device.

Abstract: A data transfer process can include multiple verification features usable by a “source” device to ensure that a “destination” device is authorized to receive a requested data object. The source device and destination device can communicate via a first communication channel (which can be on a wide-area network) to exchange public keys, then use the public keys to verify their identities and establish a secure session on a second communication channel (which can be a local channel). The data object can be transferred via the secure session. Prior to sending the data object, the source device can perform secondary verification operations (in addition to the key exchange) to confirm the identity of the second device and/or the locality of the connection on the second communication channel.

Abstract: Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.

Abstract: Representative embodiments described herein set forth techniques for optimizing large-scale deliveries of electronic Subscriber Identity Modules (eSIMs) to mobile devices. Specifically, instead of generating and assigning eSIMs when mobile devices are being activated—which can require significant processing overhead—eSIMs are pre-generated with a basic set of information, and are later-assigned to the mobile devices when they are activated. This can provide considerable benefits over conventional approaches that involve generating and assigning eSIMs during mobile device activation, especially when new mobile devices (e.g., smartphones, tablets, etc.) are being launched and a large number of eSIM assignment requests are to be fulfilled in an efficient manner.

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract: Disclosed herein are techniques for enabling a user to activate a new device with a Mobile Network Operator (MNO) without requiring the user to provide MNO authentication credentials that are easily forgotten. The user activates the new device using credentials from an existing device (associated with the user) that is trusted by the MNO and also using a trust score provided by a third-party server that has knowledge of associations between the user and the existing device. The new device can be a supplemental device, such as a wearable device to a cellular phone, where both devices remain capable of accessing services provided by the MNO after the new device is activated with the MNO. The new device can also be a replacement device, such as a new phone, tablet, or wearable device, where the new device supplants access to services provided by the MNO for an existing device.

Abstract: An automated environment can include an accessory device that operates according to an automation rule, to take a prescribed action when a triggering condition occurs. A controller device for the automated environment can determine a user's regular routine and can detect when the user is deviating from the regular routine. The controller device can communicate with accessory devices in the automated environment to modify their behavior relative to the automation rules.

Abstract: Some embodiments relate to methods for provisioning a secondary wireless device with an eSIM for wireless communication and activating multi-SIM functionality between the secondary wireless device and a primary wireless device having a subscribed SIM. The primary wireless device may act as a proxy in obtaining the eSIM for the secondary wireless device. The primary wireless device may then provide, to the cellular network, identifiers of the SIMs of the primary and secondary wireless devices. The primary wireless device may then request initiation of multi-SIM functionality for the two SIMs, and receive an indication that the multi-SIM functionality has been initiated. As an example, the multi-SIM functionality may be implemented by mapping the SIM of the primary wireless device and the SIM of the secondary wireless device (e.g., the provisioned eSIM) to the same Mobile Directory Number (MDN).

Abstract: Methods and apparatus for managing processing of electronic Subscriber Identity Modules (eSIM) data at a mobile device are disclosed. An eSIM management entity of an embedded Universal Integrated Circuit Card (eUICC) in the mobile device obtains an encrypted eSIM package, decrypts the eSIM package to obtain eSIM contents formatted generically and not specifically tailored to requirements of the eUICC. In some embodiments, the eSIM contents are formatted based on an abstract syntax notation (ASN) distinguished encoding rules (DER) format. The eSIM management entity parses the formatted eSIM contents to retrieve individual eSIM components and installs each eSIM component for the eSIM in an eSIM security domain on the eUICC.

Abstract: A data transfer process can include multiple verification features usable by a “source” device to ensure that a “destination” device is authorized to receive a requested data object. The source device and destination device can communicate via a first communication channel (which can be on a wide-area network) to exchange public keys, then use the public keys to verify their identities and establish a secure session on a second communication channel (which can be a local channel). The data object can be transferred via the secure session. Prior to sending the data object, the source device can perform secondary verification operations (in addition to the key exchange) to confirm the identity of the second device and/or the locality of the connection on the second communication channel.

Abstract: An integrated accessory control system can integrate functionality (services) of multiple disparate accessories and provide a unified user interface for interacting with the system via a controller device. An integrated accessory control system can include one accessory that can detect an event or action and send a notification to the controller device and at least one other accessory, such as an Internet Protocol (IP) camera, that can be operated in response to the notification. In response to the notification, a controller device can generate an integrated user interface for interacting with the accessories in the integrated accessory control system. The interface can include a live feed from the IP camera, which can provide a media stream responsive to instructions from the controller.

Abstract: An automated environment can include an accessory device that operates according to an automation rule, to take a prescribed action when a triggering condition occurs. A controller device for the automated environment can determine a user's regular routine and can detect when the user is deviating from the regular routine. The controller device can communicate with accessory devices in the automated environment to modify their behavior relative to the automation rules.

Abstract: An automated environment can monitor its resource consumption at the environment level and detect anomalies. Resource consumption can be monitored using a sparse set of sensors that provide information about the total resource consumption of the automated environment. The sensor data can be analyzed together with information about a behavioral routine of users in the automated environment to define a baseline resource consumption pattern. Once a baseline resource consumption pattern is established, anomalies in resource consumption can be detected and reported to users.

Abstract: Automated behaviors in an environment can be implemented based on aggregation of individual user routines. For example, mobile devices used by users in the environment can provide information about the users' behavior patterns to a coordinator device that can be located in the environment. The coordinator device can analyze the information to detect an aggregate pattern that involves multiple mobile devices and/or multiple users. Based on a detected aggregate patterns, the coordinator can identify behaviors to automate.

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.