Abstract: An apparatus configured to process, based on signaling received from a source device with which a target device is engaging in an embedded subscriber identity module (eSIM) transfer process to transfer an eSIM profile to the target device, a first message comprising a source embedded identity document (EID) of the source device, generate, for transmission to the source device, a second message comprising a target EID of the target device and process, based on signaling received from the source device, a third message comprising the eSIM profile and an identification of a first state that the eSIM profile is in on the source device, wherein the eSIM profile includes an Integrated Circuit Card Identification Number (ICCID).

Abstract: An apparatus configured to process, based on signaling received from a target device with which a source device is engaging in an embedded subscriber identity module (eSIM) transfer process to transfer an eSIM profile to the target device, a first message comprising a target embedded identity document (EID) of the target device, generate, for transmission to the target device, a second message comprising a source EID of the source device and prepare, for transmission to the target device, the eSIM profile, a third message comprising the eSIM profile and an indication of a first state of the eSIM profile on the source device, wherein the eSIM profile includes an Integrated Circuit Card Identification Number (ICCID).

Abstract: An apparatus configured to engage in an embedded subscriber identity module (eSIM) profile transfer process to transfer an eSIM profile from a source device executing a first operating system (OS) that implements a first protocol stack related to eSIM profile transfers to a target device executing a second OS that implements a second protocol stack related to eSIM profile transfers, wherein the first protocol stack and the second protocol stack are different, process, based on signaling received from an entitlement server, a token for transferring the eSIM profile and generate, for transmission to the target device, a message comprising the token.

Abstract: An apparatus configured to engage in an embedded subscriber identity module (eSIM) profile transfer process to transfer an eSIM profile from a source device executing a first operating system (OS) that implements a first protocol stack related to eSIM profile transfers to a target device executing a second OS that implements a second protocol stack related to eSIM profile transfers, wherein the first protocol stack and the second protocol stack are different, process, based on signaling received from an entitlement server, a token for transferring the eSIM profile, generate, for transmission to the target device, a message comprising the token and establish a secure tunnel via a wireless communication connection with the target device.

Abstract: An apparatus configured to engage in an embedded subscriber identity module (eSIM) profile transfer process to receive at a target device, executing a first operating system (OS) that implements a first protocol stack related to eSIM profile transfers, an eSIM profile from a source device executing a second OS that implements a second protocol stack related to eSIM profile transfers to the target device, wherein the first protocol stack and the second protocol stack are different, process, based on signals received from the source device, a token for transferring the eSIM profile, generate, for transmission to an enablement server, a request for the eSIM profile, wherein the request comprises the token and process, based on signals received from the enablement server, the eSIM profile.

Abstract: This application describes a phased approach to provision eSIM profiles to a wireless device. Credentials are preloaded to an eUICC during manufacture of the eUICC and used subsequently to load eSIM profiles to the eUICC without requiring an active, real-time connection to an MNO provisioning server. Multiple bound profile packages (BPPs) can be pre-generated and encrypted by MNO provisioning servers for an eUICC and transferred to a BPP aggregator server before assembly of the eUICC in a respective wireless device. A local provisioning server in a manufacturing facility mutually authenticates and connects to the BPP aggregator server to download and store one or more of the encrypted BPPs for later installation on the eUICC. The local provisioning server subsequently mutually authenticates and connects to the eUICC to load at least one of the one or more pre-generated, encrypted BPPs to the eUICC during assembly and/or testing of the wireless device.

Abstract: Techniques for managing logical channel communication for multiple electronic subscriber identity module (eSIM) profiles installed on an embedded universal integrated circuit card (eUICC), including mapping of logical channel identifier values between different logical channel labeling schemes are described herein. In a first scheme, logical channels are identified using logical channel values alone. In a second scheme, logical channels are identified using a combination of eSIM port value and channel values. An interpreter in the eUICC and/or in processing circuitry external to the eUICC can map between the logical channel labeling schemes to allow internal state machines in the eUICC and/or the processing circuitry to use the first scheme for identifying logical channels.

Abstract: This application sets forth techniques for authenticating a mobile device with a cellular wireless network without electronic Subscriber Identity Module (eSIM) credentials by using an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) procedure. The mobile device authenticates with an Authentication Server Function (AUSF) of the cellular wireless network using an embedded Universal Integrated Circuit Card (eUICC) certificate. Processing circuitry of the mobile wireless device external to the eUICC implements the EAP-TLS procedure and authenticates validity of the AUSF. In some embodiments, the eUICC provides key generation and storage for a session key for communication between the mobile device and the cellular wireless network.

Abstract: This application describes a phased approach to provision eSIM profiles to a wireless device. Credentials are preloaded to an eUICC during manufacture of the eUICC and used subsequently to load eSIM profiles to the eUICC without requiring an active, real-time connection to an MNO provisioning server. Multiple bound profile packages (BPPs) can be pre-generated and encrypted by MNO provisioning servers for an eUICC and transferred to a BPP aggregator server before assembly of the eUICC in a respective wireless device. A local provisioning server in a manufacturing facility mutually authenticates and connects to the BPP aggregator server to download and store one or more of the encrypted BPPs for later installation on the eUICC. The local provisioning server subsequently mutually authenticates and connects to the eUICC to load at least one of the one or more pre-generated, encrypted BPPs to the eUICC during assembly and/or testing of the wireless device.

Abstract: This application describes a phased approach to provision eSIM profiles to a wireless device. Credentials are preloaded to an eUICC during manufacture of the eUICC and used subsequently to load eSIM profiles to the eUICC without requiring an active, real-time connection to an MNO provisioning server. Multiple bound profile packages (BPPs) can be pre-generated and encrypted by MNO provisioning servers for an eUICC and transferred to a BPP aggregator server before assembly of the eUICC in a respective wireless device. A local provisioning server in a manufacturing facility mutually authenticates and connects to the BPP aggregator server to download and store one or more of the encrypted BPPs for later installation on the eUICC. The local provisioning server subsequently mutually authenticates and connects to the eUICC to load at least one of the one or more pre-generated, encrypted BPPs to the eUICC during assembly and/or testing of the wireless device.

Abstract: This application sets forth techniques for authenticating a mobile device with a cellular wireless network without electronic Subscriber Identity Module (eSIM) credentials by using an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) procedure. The mobile device authenticates with an Authentication Server Function (AUSF) of the cellular wireless network using an embedded Universal Integrated Circuit Card (eUICC) certificate. Processing circuitry of the mobile wireless device external to the eUICC implements the EAP-TLS procedure and authenticates validity of the AUSF. In some embodiments, the eUICC provides key generation and storage for a session key for communication between the mobile device and the cellular wireless network.

Abstract: This application sets forth techniques for dynamically managing a shared provisioning electronic subscriber identity module (eSIM) for a wireless device. A shared (non-unique) provisioning eSIM is installed in the wireless device to provide limited functionality connectivity to services, such as for device activation and user eSIM provisioning. The shared provisioning eSIM includes records of IMSI values organized into groups of IMSI pools and priorities for selecting IMSI values for configuring the shared provisioning eSIM. An on-device shared provisioning SIM/eSIM controller resident on a cellular baseband processor of the wireless device selects and configures the shared provisioning eSIM with IMSI values based on the priorities and on results from scanning for available public land mobile networks (PLMNs).

Abstract: This application describes managing configuration of a bootstrap electronic SIM (eSIM) for a wireless device. A bootstrap eSIM on an embedded universal integrated circuit card (eUICC) of the wireless device is configured as needed to provide cellular wireless access. The bootstrap eSIM is configured with an initial international mobile subscriber identity (i-IMSI) value used to establish a cellular connection to obtain a bootstrap IMSI (b-IMSI) value allocated for temporary, dedicated use by the wireless device. The b-IMSI value is selected by a bootstrap server based on a bootstrap selection rule obtained from a bootstrap rules service, where the bootstrap selection rule accounts for a use case type provided by the wireless device and indicating a purpose for use of the b-IMSI value. The b-IMSI value is returned to a pool for use by other wireless devices after expiration of a timer or responsive to a delete notification message.

Abstract: Embodiments described herein relate to eligibility checking for transfer of one or more electronic subscriber identity modules (eSIMs) between two mobile wireless devices. Eligibility to transfer an eSIM to an eUICC of a target device can depend on whether the eUICC of the target device satisfies certain security requirements for the eSIMs to be transferred. The mobile wireless devices can obtain a transfer eligibility result based on communication with one or more network-based servers that can determine compatibility for eSIM transfer.

Abstract: Embodiments described herein relate to eligibility checking for transfer of one or more electronic subscriber identity modules (eSIMs) between two mobile wireless devices. Eligibility to transfer an eSIM to an eUICC of a target device can depend on whether the eUICC of the target device satisfies certain security requirements for the eSIMs to be transferred. The mobile wireless devices can obtain a transfer eligibility result based on communication with one or more network-based servers that can determine compatibility for eSIM transfer.

Abstract: Embodiments described herein relate to credential wrapping for secure transfer of electronic SIMs (eSIMs) between wireless devices. Transfer of an eSIM from a source device to a target device includes re-encryption of sensitive eSIM data, e.g., eSIM encryption keys, financial transaction credentials, transit authority credentials, and the like, using new encryption keys that include ephemeral elements applicable to a single, particular transfer session between the source device and the target device. The sensitive eSIM data encrypted with a symmetric key (Ks) is re-wrapped with a new header that includes a version of Ks encrypted with a new key encryption key (KEK) and information to derive KEK by the target device. The re-encrypted sensitive SIM data is formatted with additional eSIM data into a new bound profile package (BPP) to transfer the eSIM from the source device to the target device.

Abstract: Embodiments described herein relate to eligibility checking for transfer of one or more electronic subscriber identity modules (eSIMs) between two mobile wireless devices. Eligibility to transfer an eSIM to an eUICC of a target device can depend on whether the eUICC of the target device satisfies certain security requirements for the eSIMs to be transferred. The mobile wireless devices can obtain a transfer eligibility result based on communication with one or more network-based servers that can determine compatibility for eSIM transfer.

Abstract: Systems and methods for facilitating transfer of an eSIM subscription from a source device to a target device. In one embodiment, a source device includes a transceiver and a processor system. The processor system includes an eUICC configured to store an eSIM associated with an eSIM subscription. The processor system is configured to transmit, via the transceiver and to an eSIM subscription manager server, a request for an eSIM subscription transfer activation code; receive, via the transceiver and at least partly in response to the request, a server nonce; generate a signed payload using the server nonce and source device information; transmit, via the transceiver and to the eSIM subscription manager server, the signed payload; receive, via the transceiver and in response to transmitting the signed payload, the eSIM subscription transfer activation code; and provide the eSIM subscription transfer activation code to the target device or a user thereof.

Abstract: This application describes a phased approach to provision eSIM profiles to a wireless device. Credentials are preloaded to an eUICC during manufacture of the eUICC and used subsequently to load eSIM profiles to the eUICC without requiring an active, real-time connection to an MNO provisioning server. Multiple bound profile packages (BPPs) can be pre-generated and encrypted by MNO provisioning servers for an eUICC and transferred to a BPP aggregator server before assembly of the eUICC in a respective wireless device. A local provisioning server in a manufacturing facility mutually authenticates and connects to the BPP aggregator server to download and store one or more of the encrypted BPPs for later installation on the eUICC. The local provisioning server subsequently mutually authenticates and connects to the eUICC to load at least one of the one or more pre-generated, encrypted BPPs to the eUICC during assembly and/or testing of the wireless device.

Abstract: Embodiments described herein relate to eligibility checking for transfer of one or more electronic subscriber identity modules (eSIMs) between two mobile wireless devices. Eligibility to transfer an eSIM to an eUICC of a target device can depend on whether the eUICC of the target device satisfies certain security requirements for the eSIMs to be transferred. The mobile wireless devices can obtain a transfer eligibility result based on communication with one or more network-based servers that can determine compatibility for eSIM transfer.