Abstract: Embodiments are described herein for transferring a subscriber identity module (SIM) or electronic SIM (eSIM) profile securely from a source device to a target device with verifiable signatures generated by secure hardware elements of the source device contingent on receipt of a secure intent gesture. Trustworthiness of the profile transfer is based on a mobile network operator (MNO) entitlement server releasing a transfer token after verification of a message signed by an embedded universal integrated circuit card (eUICC) of the source device. The eUICC signs the message only after verifying a message from a secure enclave processor (SEP) of the source device that signs the message based on receipt of the secure intent gesture via a secure interface. To validate communication between the SEP and the eUICC, an asymmetric cryptographic key pair generated by the SEP is bound to a unique eUICC identifier (EID) value of the eUICC.

Abstract: This Application sets forth techniques for profile, e.g., subscriber identity module (SIM) and electronic SIM (eSIM), and cellular wireless service subscription management for a wireless device. The wireless device can support multiple profiles, such as dual SIMS or a single SIM and one or more eSIMs. A user of the wireless device can flexibly enable and disable various eSIMs or change the use of physical SIMs with different associated cellular wireless service subscriptions, and mapping of subscription modules to logical channels and physical hardware interfaces can occur automatically, with mechanisms to reset interfaces when required.

Abstract: The present application relates to devices and components including apparatus. systems, and methods for pairing UICC/SIM with device components.

Abstract: Embodiments are described herein for transferring a subscriber identity module (SIM) or electronic SIM (eSIM) profile securely from a source device to a target device with verifiable signatures generated by secure hardware elements of the source device contingent on receipt of a secure intent gesture. Trustworthiness of the profile transfer is based on a mobile network operator (MNO) entitlement server releasing a transfer token after verification of a message signed by an embedded universal integrated circuit card (eUICC) of the source device. The eUICC signs the message only after verifying a message from a secure enclave processor (SEP) of the source device that signs the message based on receipt of the secure intent gesture via a secure interface. To validate communication between the SEP and the eUICC, an asymmetric cryptographic key pair generated by the SEP is bound to a unique eUICC identifier (EID) value of the eUICC.

Abstract: This Application sets forth techniques for managing subscriber identity module (SIM) toolkit (STK) scheduling for multiple enabled electronic subscriber identity module (eSIM) profiles on an embedded universal integrated circuit card (eUICC) of a wireless device, including managing multiple STK sessions at a baseband processor external to the eUICC of the wireless device. To forestall STK communication for different eSIMs from interfering with execution of processes associated with the eSIMs, a baseband processor can schedule STK sessions to avoid overlap and reduce opportunities for errors in handling eSIM processes. The baseband processor can prioritize whether to queue commands for a second STK session for a second eSIM until a first STK session for a first eSIM ends or to terminate the first STK session to handle the second STK session.

Abstract: This Application sets forth techniques for managing subscriber identity module (SIM) toolkit (STK) scheduling for multiple enabled electronic subscriber identity module (eSIM) profiles on an embedded universal integrated circuit card (eUICC) of a wireless device, including managing multiple STK sessions at a baseband processor external to the eUICC of the wireless device. To forestall STK communication for different eSIMs from interfering with execution of processes associated with the eSIMs, a baseband processor can schedule STK sessions to avoid overlap and reduce opportunities for errors in handling eSIM processes. The baseband processor can prioritize whether to queue commands for a second STK session for a second eSIM until a first STK session for a first eSIM ends or to terminate the first STK session to handle the second STK session.

Abstract: Recovering a user equipment (UE) from limited service due to misconfiguration may include providing a universal subscriber identity module (USIM) identification data or a USIM authentication data to a wireless network. Failure data associated with failing to authenticate or identify the UE to the wireless network may be decoded. The failure data received from the wireless network. The failure data may be processed to determine a cause for the failure. Based on processing the failure data, it may be determined that the USIM identification data or the USIM authentication data is misconfigured. In response to determining that the USIM identification data or the USIM authentication data is misconfigured, a recovery for identifying or authenticating the UE to the wireless network may be automatically performed.

Abstract: Embodiments are described herein for transferring a subscriber identity module (SIM) or electronic SIM (eSIM) profile securely from a source device to a target device with verifiable signatures generated by secure hardware elements of the source device contingent on receipt of a secure intent gesture. Trustworthiness of the profile transfer is based on a mobile network operator (MNO) entitlement server releasing a transfer token after verification of a message signed by an embedded universal integrated circuit card (eUICC) of the source device. The eUICC signs the message only after verifying a message from a secure enclave processor (SEP) of the source device that signs the message based on receipt of the secure intent gesture via a secure interface. To validate communication between the SEP and the eUICC, an asymmetric cryptographic key pair generated by the SEP is bound to a unique eUICC identifier (EID) value of the eUICC.

Abstract: This Application sets forth techniques for managing subscriber identity module (SIM) toolkit (STK) scheduling for multiple enabled electronic subscriber identity module (eSIM) profiles on an embedded universal integrated circuit card (eUICC) of a wireless device, including managing multiple STK sessions at a baseband processor external to the eUICC of the wireless device. To forestall STK communication for different eSIMs from interfering with execution of processes associated with the eSIMs, a baseband processor can schedule STK sessions to avoid overlap and reduce opportunities for errors in handling eSIM processes. The baseband processor can prioritize whether to queue commands for a second STK session for a second eSIM until a first STK session for a first eSIM ends or to terminate the first STK session to handle the second STK session.

Abstract: Recovering a user equipment (UE) from limited service due to misconfiguration may include providing a universal subscriber identity module (USIM) identification data or a USIM authentication data to a wireless network. Failure data associated with failing to authenticate or identify the UE to the wireless network may be decoded. The failure data received from the wireless network. The failure data may be processed to determine a cause for the failure. Based on processing the failure data, it may be determined that the USIM identification data or the USIM authentication data is misconfigured. In response to determining that the USIM identification data or the USIM authentication data is misconfigured, a recovery for identifying or authenticating the UE to the wireless network may be automatically performed.

Abstract: This Application sets forth techniques for profile, e.g., subscriber identity module (SIM) and electronic SIM (eSIM), and cellular wireless service subscription management for a wireless device. The wireless device can support multiple profiles, such as dual SIMS or a single SIM and one or more eSIMs. A user of the wireless device can flexibly enable and disable various eSIMs or change the use of physical SIMs with different associated cellular wireless service subscriptions, and mapping of subscription modules to logical channels and physical hardware interfaces can occur automatically, with mechanisms to reset interfaces when required.

Abstract: A secure element (SE) determines a profile type and a privilege level. The privilege level, in some embodiments, is associated with a key used successfully by the SE to verify a cryptographic signature. In some embodiments, the privilege level is indicated by a privilege value read from an extension field of a root certificate. The SE determines, in some instances, whether to accept or reject a profile installation after comparing the profile type with the determined privilege level. Thus, a test server is allowed to provision a test profile to an SE even if the test server does not have commercial certification required of an electronic subscriber identity module (eSIM) server that provisions operational profiles. Because the test profile does not include credentials useful for network access, the lower-security test server does not create a risk of improper access to the network of a mobile network operator (MNO).

Abstract: A secure element (SE) determines a profile type and a privilege level. The privilege level, in some embodiments, is associated with a key used successfully by the SE to verify a cryptographic signature. In some embodiments, the privilege level is indicated by a privilege value read from an extension field of a root certificate. The SE determines, in some instances, whether to accept or reject a profile installation after comparing the profile type with the determined privilege level. Thus, a test server is allowed to provision a test profile to an SE even if the test server does not have commercial certification required of an electronic subscriber identity module (eSIM) server that provisions operational profiles. Because the test profile does not include credentials useful for network access, the lower-security test server does not create a risk of improper access to the network of a mobile network operator (MNO).