Abstract: Provisioning of an electronic subscriber identity module (eSIM) to an embedded universal integrated circuit card (eUICC) is observed to acquire a captured payload. The captured payload is then used in replay test sessions. In a live test session, test equipment can be used to monitor the communication between an eSIM server and the eUICC in order to capture the payload transmitted from the eSIM server. In the live test session, the eUICC can be in a debug mode that persists an ability to generate the same keys. In the replay test sessions, the payload captured can be reused and the eUICC can regenerate the same keys to decrypt an encrypted eSIM in the payload. After an installation attempt, the eUICC can provide notifications to the test equipment. The eUICC can be stress-tested using methods described herein without consuming a large number of eSIMs from an eSIM server inventory.

Abstract: Methods and apparatus to enable and disable cellular services for one or more cellular capable secondary wireless devices associated with a primary wireless device are disclosed. The primary wireless device, in response to detecting a status change of an in use state of a cellular capable secondary wireless device can provide a notification to a network server of a wireless network to disable cellular wireless services for previously enabled cellular capable secondary wireless devices and to enable cellular wireless services for the cellular capable secondary wireless device. Control of cellular wireless services for cellular capable secondary wireless devices can be based on a combination of registration for services, activation and deactivation of eSIMs on the cellular capable secondary wireless devices, and/or changes to eSIM states or contexts maintained by the network server.

Abstract: This disclosure describes procedures for maintaining multiple electronic subscriber identity modules (eSIMs) within a user equipment (UE) device, in such a manner that an inactive eSIM can be maintained/updated at the UE device while an active eSIM is being utilized by the UE device to communicate with a corresponding network. The procedures include, a UE device establishing communications with a first network using an active eSIM, initiating an eSIM manager at the UE device, selecting an inactive eSIM (e.g., associated with a second network) with the eSIM manager, applying a profile update to the inactive eSIM with the eSIM manager during communications with the first network, and deselecting the inactive eSIM with the eSIM manager when the profile update to the inactive eSIM is complete. In some configurations, the eSIM manager and the multiple eSIMs can be stored within a secure element of the UE device.

Abstract: Methods, devices, and servers for as-needed update of a trusted list are provided herein. An electronic subscriber identity module (eSIM) server receives a request for an eSIM of a particular type from a wireless device. The eSIM server evaluates the particular type and requests an eSIM of the particular type from a second eSIM server, which is not initially trusted by a secure element (SE) of the wireless device. The eSIM server sends a policy update to the wireless device. The wireless device passes the policy update to the SE, for example, a universal integrated circuit card (UICC). The UICC updates the trusted list with an identity of the second eSIM server. When the wireless device downloads a bound profile package (BPP) containing an eSIM from the second eSIM server, the UICC validates the BPP based on the updated trusted list. The eSIM is then installed on the UICC.

Abstract: Some embodiments relate to methods for provisioning a secondary wireless device with an eSIM for wireless communication and activating multi-SIM functionality between the secondary wireless device and a primary wireless device having a subscribed SIM. The primary wireless device may act as a proxy in obtaining the eSIM for the secondary wireless device. The primary wireless device may then provide, to the cellular network, identifiers of the SIMs of the primary and secondary wireless devices. The primary wireless device may then request initiation of multi-SIM functionality for the two SIMs, and receive an indication that the multi-SIM functionality has been initiated. As an example, the multi-SIM functionality may be implemented by mapping the SIM of the primary wireless device and the SIM of the secondary wireless device (e.g., the provisioned eSIM) to the same Mobile Directory Number (MDN).

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

Abstract: Methods and apparatus for managing processing of electronic Subscriber Identity Modules (eSIM) data at a mobile device are disclosed. An eSIM management entity of an embedded Universal Integrated Circuit Card (eUICC) in the mobile device obtains an encrypted eSIM package, decrypts the eSIM package to obtain eSIM contents formatted generically and not specifically tailored to requirements of the eUICC. In some embodiments, the eSIM contents are formatted based on an abstract syntax notation (ASN) distinguished encoding rules (DER) format. The eSIM management entity parses the formatted eSIM contents to retrieve individual eSIM components and installs each eSIM component for the eSIM in an eSIM security domain on the eUICC.

Abstract: This disclosure relates to techniques for performing Wi-Fi authentication in a wireless communication system. Public key cryptography may be used to enhance the confidentiality of the user's permanent identity in transit. In some embodiments, a RSA-OAEP (SHA-256) encryption scheme may be used to protect the permanent identity when the EAP client needs to send the user's permanent identity to the server in the absence of pseudonym or fast re-authentication identity. In some embodiments, a server certificate is used to authenticate a iWLAN tunnel to protect an IMSI during setup of a Wi-Fi call. Using the methods described herein on both or either of the EAP client and server side may offer improved privacy protection.

Abstract: Disclosed herein is a technique for selecting a bootstrap electronic Subscriber Identity Module (eSIM) from among multiple bootstrap eSIMs stored in a secure element of a mobile device. Specifically, the technique involves selecting the bootstrap eSIM based on location information associated with the mobile device. When the mobile device is located at a first location (for example, a first country) a first bootstrap eSIM associated with a Mobile Network Operator (MNO) local to the first country is selected. Similarly, when the mobile device is located at a second location (for example, a second country), a second bootstrap eSIM associated with an MNO local to the second country is selected.

Abstract: Some embodiments relate to methods for provisioning a secondary wireless device with an eSIM for wireless communication and activating multi-SIM functionality between the secondary wireless device and a primary wireless device having a subscribed SIM. The primary wireless device may act as a proxy in obtaining the eSIM for the secondary wireless device. The primary wireless device may then provide, to the cellular network, identifiers of the SIMs of the primary and secondary wireless devices. The primary wireless device may then request initiation of multi-SIM functionality for the two SIMs, and receive an indication that the multi-SIM functionality has been initiated. As an example, the multi-SIM functionality may be implemented by mapping the SIM of the primary wireless device and the SIM of the secondary wireless device (e.g., the provisioned eSIM) to the same Mobile Directory Number (MDN).

Abstract: Methods, devices, and servers for as-needed update of a trusted list are provided herein. An electronic subscriber identity module (eSIM) server receives a request for an eSIM of a particular type from a wireless device. The eSIM server evaluates the particular type and requests an eSIM of the particular type from a second eSIM server, which is not initially trusted by a secure element (SE) of the wireless device. The eSIM server sends a policy update to the wireless device. The wireless device passes the policy update to the SE, for example, a universal integrated circuit card (UICC). The UICC updates the trusted list with an identity of the second eSIM server. When the wireless device downloads a bound profile package (BPP) containing an eSIM from the second eSIM server, the UICC validates the BPP based on the updated trusted list. The eSIM is then installed on the UICC.

Abstract: Apparatuses, systems, and methods for multi-SIM user equipment (UE) devices to perform data operations with a packet data network of a carrier associated with a first SIM of the UE. An indication of a requested data operation with the packet data network of the carrier associated with the first SIM of the UE may be received. The UE may be operating in a dual SIM mode in which the packet data network of the carrier associated with the first SIM of the UE is unavailable. It may be determined if one or more conditions for performing the requested data operation are present and if a data path to perform the requested data operation is available. The requested data operation may be performed if the one or more conditions for performing the requested data operation are present and if a data path to perform the requested data operation is available.

Abstract: Representative embodiments described herein set forth techniques for provisioning bootstrap electronic Subscriber Identity Modules (eSIMs) to mobile devices. According to some embodiments, a mobile device can be configured to issue, to an eSIM selection server, a bootstrap eSIM request that includes (i) metadata associated with the mobile device, and (ii) metadata associated with an electronic Universal Integrated Circuit Card (eUICC) included in the mobile device. In turn, the eSIM selection server selects and binds a particular bootstrap eSIM to the mobile device, and provides information to the mobile device that enables the mobile device to obtain the particular bootstrap eSIM from one or more eSIM servers. When the mobile device obtains the particular bootstrap eSIM, the mobile device can interface with a mobile network operator (MNO) and obtain a complete eSIM that enables the mobile device to access services provided by the MNO.

Abstract: A malicious party may attempt to avoid a mobile network operator (MNO) contract involved with subsidy-lock by inserting an interfering piece of hardware called a proxy SIM in a device. The device provided herein uses an authentication technique to guard against a proxy-SIM attack. The device includes a secure element (SE) with subscriber identity module (SIM) functionality present on the SE. The device sends the SE a nonce to be signed over. The SE signs using a public key infrastructure (PKI) private key of the SE and provides a response. The device evaluates whether the response contains a valid signature. If the validation is successful, the device relies on SIM data provided in the response to continue with activation of the device, so that the device can provide services under the MNO contract. If the validation fails, the device will not attempt to access network services with the SIM functionality.

Abstract: A device hosting a universal integrated circuit card (UICC or eUICC) initiates an electronic subscriber identity module (eSIM) installation flow with an SIM server. The purpose of the eSIM installation flow is to perform a profile provisioning action. The device and, for example, the eUICC preserve state information related to the eSIM installation flow. The eSIM installation flow includes generation of a one-time public key at the eUICC. In some instances, the eSIM installation flow may be interrupted by an error event before successful installation of the eSIM in the eUICC. A subsequent renewed installation attempt is locally initiated and completed without assistance of the eSIM server. In some embodiments, the recovery and subsequent successful eSIM installation make use of the state information preserved during the earlier eSIM installation flow.

Abstract: Facilitating multiple subscriber identity support in a wireless user equipment (UE) device. A UE may include or be coupled to multiple subscriber identity modules (SIMs). The UE may be configured to perform cellular communications with a first cellular network using a first subscriber identity provided by a first SIM. The UE may also be configured to perform cellular communications with a second cellular network using a second subscriber identity provided by a second SIM. The cellular communications with the first cellular network and the second cellular network may be performed concurrently using shared radio resources.

Abstract: Apparatus, system, and method for notifying a mobile station of an incoming circuit switched call during a packet switched session. During the packet switched session, a mobile station may receive a call notification of the circuit switched call. The call notification may be received via a packet switched network associated with the packet switched session. Additionally, the call notification may identify a calling party. In response, an indication of the circuit switched call may be displayed to a user on a display of the mobile station. This indication of the circuit switched call may identify the calling party. Additionally, the indication may be displayed while maintaining the packet switched session. In response, the user may provide input to the mobile station regarding whether to accept the circuit switched call. Based on this input, the mobile station may accept or reject the circuit switched call.

Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.