PRE-PERSONALIZATION OF ELECTRONIC SUBSCRIBER IDENTITY MODULES

摘要

Methods for provisioning electronic Subscriber Identity Modules (eSIMs) to electronic Universal Integrated Circuit Cards (eUICCs) are provided. One method involves a provisioning server configured to encrypt the eSIM with a symmetric key (Ke). The provisioning server, upon identifying a target eUICC, encrypts the symmetric key with a key encryption key (KEK) derived based at least in part on a private key associated with the provisioning server and a public key associated with the target eUICC. The provisioning server generates an eSIM package including the encrypted eSIM, the encrypted symmetric key, a public key corresponding to the private key associated with the provisioning server, as well as additional information that enables the target eUICC to, upon receipt of the eSIM package, identify a private key that corresponds to the public key associated with the target eUICC and used to derive the KEK.

主权项

1. A method for provisioning an electronic Subscriber Identity Module (eSIM) to a wireless communication device, the method comprising:
at a provisioning server:
encrypting the eSIM with a symmetric key (Ke) to produce an encrypted eSIM;identifying a target embedded Universal Integrated Circuit Card (eUICC) for the encrypted eSIM;generate a key encryption key (KEK) based at least in part on:
(i) a private key associated with the provisioning server, and(ii) a public key associated with the target eUICC;encrypting the Ke with the KEK to produce an encrypted Ke;generating an eSIM package that includes:
the encrypted eSIM,the encrypted Ke,the public key associated with the target eUICC, anda public key corresponding to the private key associated with the provisioning server; andproviding the eSIM package to the target eUICC.