Abstract: Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.

Abstract: Techniques are disclosed relating to sharing access to electronically-secured property. In some embodiments, a first computing device having a first secure element receives, from a second computing device associated with an owner of the electronically-secured property, an indication that the second computing device has transmitted a token to server computing system, the token permitting a user of the first computing device access to the electronically-secured property. Based on the received indication, the first computing device sends a request for the transmitted token to the server computing system and, in response to receiving the requested token, securely stores the received token in the first secure element of the first computing device. The first computing device subsequently transmits the stored token from the first secure element of the first device to the electronically-secured property to obtain access to the electronically-secured property based on the token.

Abstract: Techniques for flexible electronic subscriber identity module (eSIM) deployment to a wireless device by a network server, including generation of multiple eSIMs using an identical eSIM identifier value, such as an identical integrated circuit card identifier (ICCID) value, and subsequent selection of an eSIM based on capabilities of the wireless device. Multiple eSIMs that correspond to different sets of wireless device capabilities are generated without knowledge of the wireless communication standards that a wireless device supports. The multiple eSIMs include a first eSIM that includes fifth generation (5G) wireless communication protocol information and a second eSIM that excludes 5G wireless communication protocol information. The network server selects an eSIM from the multiple eSIMs based on whether the wireless device is 5G capable.

Abstract: This disclosure relates to dynamic baseband management for a wireless device. The wireless device may be an accessory device. The accessory device may determine whether it has a short-range wireless communication link with a companion device. The accessory device may determine one or more proximity metrics relating to the companion device. The accessory device may further determine one or more metrics associated with user settings, user activity and/or application activity at the wireless device. The wireless device may select a (e.g., full, limited, or off) baseband operating mode based on any or all of these considerations.

Abstract: Disclosed herein are techniques for enabling a user to activate a new device with a Mobile Network Operator (MNO) without requiring the user to provide MNO authentication credentials that are easily forgotten. The user activates the new device using credentials from an existing device (associated with the user) that is trusted by the MNO and also using a trust score provided by a third-party server that has knowledge of associations between the user and the existing device. The new device can be a supplemental device, such as a wearable device to a cellular phone, where both devices remain capable of accessing services provided by the MNO after the new device is activated with the MNO. The new device can also be a replacement device, such as a new phone, tablet, or wearable device, where the new device supplants access to services provided by the MNO for an existing device.

Abstract: Described are methods that allow credentials of a first client station to authenticate a second client station. An exemplary method includes associating a first client station with a second client station, the first client station including credential information, the associating authorizing the second client station to use the credential information, transmitting, by the second client station, an association request to a network, the network utilizing the credential information to authorize a connection, the second client station configured to perform a proxy functionality for requests received from the network to be forwarded to the first client station and responses received from the first client station to be forwarded to the network, determining, by the network, whether the credential information received from the second client station is authenticated and establishing a connection between the second client station and the network using the credential information of the first client station.

Abstract: Methods and apparatus to manage communication sessions to handover between a direct connection at a secondary wireless device and a relayed connection to the secondary wireless device via a primary wireless device. A connection manager of a secondary wireless device can trigger transfer of a communication session based on measurements of performance metrics for the communication session. Upon detection of performance degradation in a local connection or a backhaul connection or both, the connection manager of the secondary wireless device can determine proximity of and/or capabilities for connections of the primary wireless device and instigate transfer of the communication session between different connection types, such as between a direct connection and a relayed connection. The transfer of the communication session can occur without user intervention or in response to input from the user without interrupting or reestablishing the communication session.

Abstract: This disclosure relates to wireless connection management for an accessory device. A companion device and the accessory device may establish a wireless link. The companion device may associate with a Wi-Fi access point. The companion device may determine whether the Wi-Fi access point supports access by the accessory device to a wide area network. The companion device may determine whether to provide association information for the Wi-Fi access point to the accessory device based at least in part on whether the Wi-Fi access point supports access by the accessory device to the wide area network. The companion device may monitor whether the Wi-Fi access point continues to support access by the accessory device to the wide area network, and may indicate to the accessory device to disassociate with the Wi-Fi access point if the Wi-Fi access point no longer supports access by the accessory device to the wide area network.

Abstract: Apparatus and methods to support access to services of multiple wireless networks by a single-radio, multiple subscriber identity module (SIM)/electronic SIM (eSIM) wireless device are disclosed. To send or receive voice communications for multiple SIMs/eSIMs, when an active voice connection for a first SIM/eSIM uses wireless circuitry to connect to a first cellular wireless network via a first radio access network, the single-radio, multi-SIM/eSIM wireless device uses alternative data transports, such as via a wireless local area network (WLAN) or by tunneling through the first radio access network of the first cellular wireless network to connect to services of additional cellular wireless networks associated with the multiple SIMs/eSIMs.

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract: The described embodiments set forth techniques for managing inactive (disabled) electronic subscriber identity modules (eSIMs) on secure elements, e.g., Universal Integrated Circuit Cards (UICCs) and/or embedded UICCs (eUICCs), of a wireless device, including retrieving information from an inactive eSIM, obtaining authentication tokens from an inactive eSIM, authenticating the inactive eSIM with a network-based Mobile Network Operator (MNO) server, retrieving status information for a subscription account associated with the inactive eSIM, and/or performing an account management operation on the inactive eSIM.

Abstract: Methods and systems are disclosed for performing seamless voice call handover and data handoff between a cellular network and a non-cellular (e.g., Wi-Fi) network, by a link budget limited user equipment device (UE) in standalone mode. The cellular radio may be maintained in a non-communication mode when not in use, to prevent power and peak power issues that may be unique to link budget limited devices. In response to poor non-cellular performance in support of a voice call, the UE may transition the cellular radio from the non-communication state to an online state. If the cellular network indicates that packet-switched calls are supported, then the UE may initiate handover of the voice call to the cellular network. Various methods for seamless handoff of data communications are also disclosed, in both the presence and the absence of a voice call. Various metrics are disclosed to enhance handoff determinations.

Abstract: This disclosure relates to dynamic baseband management for a wireless device. The wireless device may be an accessory device. The accessory device may determine whether it has a short-range wireless communication link with a companion device. The accessory device may determine one or more proximity metrics relating to the companion device. The accessory device may further determine one or more metrics associated with user settings, user activity and/or application activity at the wireless device. The wireless device may select a (e.g., full, limited, or off) baseband operating mode based on any or all of these considerations.

Abstract: Embodiments provided herein determine if an electronic subscriber identity module (eSIM) associated with a requested service can be installed in a secure element (SE) housed in a wireless device. Before requesting deployment of an eSIM suitable for the requested service from an eSIM delivery server, a carrier server asks that an original equipment manufacturer (OEM) server validate that an eSIM corresponding to a customer request should be deployed. The OEM server obtains information about the wireless device and information about the SE. When the carrier server requests validation, the OEM server evaluates the wireless device information and/or the SE information. If the OEM server indicates that deployment of the eSIM should proceed, the OEM server also indicates the eSIM type that is compatible with the wireless device and with the SE housed in the device.

Abstract: Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.

Abstract: This disclosure relates to dynamic baseband management for a wireless device. The wireless device may be an accessory device. The accessory device may determine whether it has a short-range wireless communication link with a companion device. The accessory device may determine one or more proximity metrics relating to the companion device. The accessory device may further determine one or more metrics associated with user settings, user activity and/or application activity at the wireless device. The wireless device may select a (e.g., full, limited, or off) baseband operating mode based on any or all of these considerations.

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract: Methods and systems are disclosed for performing seamless voice call handover and data handoff between a cellular network and a non-cellular (e.g., Wi-Fi) network, by a link budget limited user equipment device (UE) in standalone mode. The cellular radio may be maintained in a non-communication mode when not in use, to prevent power and peak power issues that may be unique to link budget limited devices. In response to poor non-cellular performance in support of a voice call, the UE may transition the cellular radio from the non-communication state to an online state. If the cellular network indicates that packet-switched calls are supported, then the UE may initiate handover of the voice call to the cellular network. Various methods for seamless handoff of data communications are also disclosed, in both the presence and the absence of a voice call. Various metrics are disclosed to enhance handoff determinations.

Abstract: Disclosed herein are techniques for enabling a user to activate a new device with a Mobile Network Operator (MNO) without requiring the user to provide MNO authentication credentials that are easily forgotten. The user activates the new device using credentials from an existing device (associated with the user) that is trusted by the MNO and also using a trust score provided by a third-party server that has knowledge of associations between the user and the existing device. The new device can be a supplemental device, such as a wearable device to a cellular phone, where both devices remain capable of accessing services provided by the MNO after the new device is activated with the MNO. The new device can also be a replacement device, such as a new phone, tablet, or wearable device, where the new device supplants access to services provided by the MNO for an existing device.

Abstract: Some embodiments relate to methods for provisioning a secondary wireless device with an eSIM for wireless communication and activating multi-SIM functionality between the secondary wireless device and a primary wireless device having a subscribed SIM. The primary wireless device may act as a proxy in obtaining the eSIM for the secondary wireless device. The primary wireless device may then provide, to the cellular network, identifiers of the SIMs of the primary and secondary wireless devices. The primary wireless device may then request initiation of multi-SIM functionality for the two SIMs, and receive an indication that the multi-SIM functionality has been initiated. As an example, the multi-SIM functionality may be implemented by mapping the SIM of the primary wireless device and the SIM of the secondary wireless device (e.g., the provisioned eSIM) to the same Mobile Directory Number (MDN).