Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract: A device implementing a user configurable direct transfer system may include at least one processor configured to receive, from an electronic device associated with a user account, a request to establish a type of transfer between a first account associated with an entity and a second account associated with the user account, the request including an entity identifier and a transfer type identifier. The at least one processor may be further configured to generate a transfer alias that is stored in association with the entity identifier, a second account identifier, and the transfer type identifier, and provide the transfer alias to the electronic device and a server associated with the entity to facilitate the type of transfer between the first account associated with the entity and the second account associated with the user account.

Abstract: A device implementing multi-scheme transaction credentials for a mobile transaction system includes a processor configured to transmit, to a mobile transaction system server, a request to provision a transaction credential on a device secure element. The processor is further configured to receive, from the mobile transaction system server, a provisioning script that, when executed by the device secure element, provisions, on the device secure element, a first applet corresponding to a first transaction network for the transaction credential and a second applet corresponding to a second transaction network for the transaction credential, the first and second applets being provisioned as an applet group having a shared life cycle. The processor is configured to, upon execution of the provisioning script, provide, for display, a single representation of the transaction credential corresponding to both the first and second applets.

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract: Systems, methods, and computer-readable media for provisioning multiple credentials of a multi-scheme card on an electronic device for selective use in a secure transaction are provided.

Abstract: Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a PCF, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification to the PCF when it is determined the PCF package is valid.

Abstract: A device implementing notification based provisioning of card accounts may include at least one processor configured to receive, from a service provider, an indication of a card account of a user, and to determine whether the card account is eligible to be added to a first device of the user for use in a wireless transaction system. The at least one processor is further configured to, when the card account is determined to be eligible to be added to the first device, transmit a notification to the first device for display, the notification indicating that the card account is eligible to be added to the first device for use in the transaction system, and initiate provisioning, on a secure element of the first device, of an applet corresponding to the card account when an approval for adding the card account to the first device is received responsive to the notification.

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

Abstract: Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a POE, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification to the PCF when it is determined the PCF package is valid.

Abstract: Systems, methods, and computer-readable media for managing secure transactions between electronic devices and service providers. In one embodiment, an administration entity system may receive device order data from an electronic device, wherein the received device order data is indicative of an order for an item of value of a service provider system to be stored on the electronic device, transmit administration order data to the service provider system based on the received device order data, wherein the administration order data is indicative of the order for the item of value, receive service provider fulfillment data from the service provider system based on the transmitted administration order data, wherein the service provider fulfillment data includes the item of value, and transmit administration fulfillment data to the electronic device based on the received service provider fulfillment data, wherein the administration fulfillment data includes the item of value.

Abstract: Methods and apparatus for large scale distribution of electronic access control clients. In one aspect, a tiered security software protocol is disclosed. In one exemplary embodiment, a server electronic Universal Integrated Circuit Card (eUICC) and client eUICC software comprise a so-called “stack” of software layers. Each software layer is responsible for a set of hierarchical functions which are negotiated with its corresponding peer software layer. The tiered security software protocol is configured for large scale distribution of electronic Subscriber Identity Modules (eSIMs).

Abstract: Methods and apparatus for the deployment of financial instruments and other assets are disclosed. In one embodiment, a security software protocol is disclosed that guarantees that the asset is always securely encrypted, that one and only one copy of an asset exists, and the asset is delivered to an authenticated and/or authorized customer. Additionally, exemplary embodiments of provisioning systems are disclosed that are capable of, among other things, handling large bursts of traffic (such as can occur on a so-called “launch day” of a device).

Abstract: Systems, methods, and computer-readable media for personalizing program credentials are provided. For example, a program credential (e.g., loyalty pass) associated with a program provider (e.g., an issuer) subsystem may be customized using personal data. The personal data can be collected from an electronic device before provisioning the customized program credential on the electronic device for use in a suitable transaction. However, such personal data may not be collected unless an administration entity subsystem is first able to validate the program provider subsystem. The administration entity subsystem can generate tracking data that may be used during the validation and/or provisioning in order to track when program credentials are personalized.

Abstract: Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a PCF, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification to the PCF when it is determined the PCF package is valid.

Abstract: A policy-based framework is described. This policy-based framework may be used to specify the privileges for logical entities to perform operations associated with an access-control element (such as an electronic Subscriber Identity Module) located within a secure element in an electronic device. Note that different logical entities may have different privileges for different operations associated with the same or different access-control elements. Moreover, the policy-based framework may specify types of credentials that are used by the logical entities during authentication, so that different types of credentials may be used for different operations and/or by different logical entities. Furthermore, the policy-based framework may specify the security protocols and security levels that are used by the logical entities during authentication, so that different security protocols and security levels may be used for different operations and/or by different logical entities.

Abstract: Disclosed herein is a technique for revoking a root certificate from at least one client device. In particular, the technique involves causing a secure element—which is included in the at least one client device and is configured to store the root certificate as well as at least one backup root certificate—to permanently disregard the root certificate and prevent the at least one client device from utilizing the specific root certificate. According to one embodiment, this revocation occurs in response to a receiving a revocation message that directly targets the root certificate, where the message includes at least two levels of authentication that are verified by the secure element prior to carrying out the revocation. Once the root certificate is revoked, the secure element can continue to utilize the at least one backup root certificate, while permanently disregarding the revoked root certificate.

Abstract: Methods and apparatus for the deployment of financial instruments and other assets are disclosed. In one embodiment, a security software protocol is disclosed that guarantees that the asset is always securely encrypted, that one and only one copy of an asset exists, and the asset is delivered to an authenticated and/or authorized customer. Additionally, exemplary embodiments of provisioning systems are disclosed that are capable of, among other things, handling large bursts of traffic (such as can occur on a so-called “launch day” of a device).

Abstract: Systems, methods, and computer-readable media for provisioning multiple credentials of a multi-scheme card on an electronic device for selective use in a secure transaction are provided.

Abstract: Representative embodiments described herein set forth techniques for optimizing large-scale deliveries of electronic Subscriber Identity Modules (eSIMs) to mobile devices. Specifically, instead of generating and assigning eSIMs when mobile devices are being activated—which can require significant processing overhead—eSIMs are pre-generated with a basic set of information, and are later-assigned to the mobile devices when they are activated. This can provide considerable benefits over conventional approaches that involve generating and assigning eSIMs during mobile device activation, especially when new mobile devices (e.g., smartphones, tablets, etc.) are being launched and a large number of eSIM assignment requests are to be fulfilled in an efficient manner.