Abstract: The described embodiments set forth techniques for managing subscription service files, e.g., Customized Applications for Mobile network Enhanced Logic (CAMEL) Application Part (CAP) files, for export and/or transfer of an electronic SIM (eSIM) from a source wireless device. As part of an eSIM procedure to transfer an eSIM, e.g., a processor of the source wireless device obtains, from one or more applet asset servers, one or more subscription service files usable to generate a version of applets associated with the eSIM. The wireless device generates an eSIM export package that includes the eSIM and at least one of the one or more of the subscription service files. The processor of the source wireless device provides the eSIM export package to the target wireless device to use to install the transferred eSIM and one or more applets based on the subscription service files on the eUICC of the target wireless device.

Abstract: Embodiments are described herein for transferring a subscriber identity module (SIM) or electronic SIM (eSIM) profile securely from a source device to a target device with verifiable signatures generated by secure hardware elements of the source device contingent on receipt of a secure intent gesture. Trustworthiness of the profile transfer is based on a mobile network operator (MNO) entitlement server releasing a transfer token after verification of a message signed by an embedded universal integrated circuit card (eUICC) of the source device. The eUICC signs the message only after verifying a message from a secure enclave processor (SEP) of the source device that signs the message based on receipt of the secure intent gesture via a secure interface. To validate communication between the SEP and the eUICC, an asymmetric cryptographic key pair generated by the SEP is bound to a unique eUICC identifier (EID) value of the eUICC.

Abstract: The described embodiments set forth techniques for managing subscription service files, e.g., Customized Applications for Mobile network Enhanced Logic (CAMEL) Application Part (CAP) files, for export and/or transfer of an electronic SIM (eSIM) from a source wireless device. As part of an eSIM procedure to transfer an eSIM, e.g., a processor of the source wireless device obtains, from one or more applet asset servers, one or more subscription service files usable to generate a version of applets associated with the eSIM. The wireless device generates an eSIM export package that includes the eSIM and at least one of the one or more of the subscription service files. The processor of the source wireless device provides the eSIM export package to the target wireless device to use to install the transferred eSIM and one or more applets based on the subscription service files on the eUICC of the target wireless device.

Abstract: The described embodiments set forth techniques for management of electronic subscriber identity module (eSIM) profiles for a wireless device, including in-field replacement of provisioning (bootstrap) eSIM profiles. Public key infrastructure (PKI) information for an original equipment manufacturer (OEM) profile management server is installed in an embedded universal integrated circuit card (eUICC) of a wireless device at a time of manufacture and used subsequently by the wireless device to conduct an eSIM profile management session and verify authorization of the OEM profile management server to manage, e.g., update and/or replace, one or more eSIM profiles on the eUICC of the wireless device.

Abstract: The present application relates to devices and components including apparatus. systems, and methods for pairing UICC/SIM with device components.

Abstract: Embodiments are described herein for transferring a subscriber identity module (SIM) or electronic SIM (eSIM) profile securely from a source device to a target device with verifiable signatures generated by secure hardware elements of the source device contingent on receipt of a secure intent gesture. Trustworthiness of the profile transfer is based on a mobile network operator (MNO) entitlement server releasing a transfer token after verification of a message signed by an embedded universal integrated circuit card (eUICC) of the source device. The eUICC signs the message only after verifying a message from a secure enclave processor (SEP) of the source device that signs the message based on receipt of the secure intent gesture via a secure interface. To validate communication between the SEP and the eUICC, an asymmetric cryptographic key pair generated by the SEP is bound to a unique eUICC identifier (EID) value of the eUICC.

Abstract: This application describes techniques for postponed certificate credential installation to wireless devices, including generation and storage of secured scripts to be used for subsequent certificate credential installation on an eUICC of a wireless device after manufacturing. Management of certificate credentials, including installation on, modification to, and removal from, an eUICC can occur post-manufacturing, such as during a device activation procedure or as part of remote electronic subscriber identity module (eSIM) provisioning to the eUICC of the wireless device. Updating certificate credentials on an eUICC can allow for wireless device operation in different geographic regions that use different public key infrastructures (PKIs) with distinct root certificate issuers. The secured scripts can be pre-generated by an eUICC manufacturer (EUM) for the particular eUICC and stored at an OEM networked server and later used to install the certificate credentials on the eUICC of the wireless device.

Abstract: The described embodiments set forth techniques for management of electronic subscriber identity module (eSIM) profiles for a wireless device, including in-field replacement of provisioning (bootstrap) eSIM profiles. Public key infrastructure (PKI) information for an original equipment manufacturer (OEM) profile management server is installed in an embedded universal integrated circuit card (eUICC) of a wireless device at a time of manufacture and used subsequently by the wireless device to conduct an eSIM profile management session and verify authorization of the OEM profile management server to manage, e.g.

Abstract: Embodiments are described herein for transferring a subscriber identity module (SIM) or electronic SIM (eSIM) profile securely from a source device to a target device with verifiable signatures generated by secure hardware elements of the source device contingent on receipt of a secure intent gesture. Trustworthiness of the profile transfer is based on a mobile network operator (MNO) entitlement server releasing a transfer token after verification of a message signed by an embedded universal integrated circuit card (eUICC) of the source device. The eUICC signs the message only after verifying a message from a secure enclave processor (SEP) of the source device that signs the message based on receipt of the secure intent gesture via a secure interface. To validate communication between the SEP and the eUICC, an asymmetric cryptographic key pair generated by the SEP is bound to a unique eUICC identifier (EID) value of the eUICC.