The present invention discloses methods and systems for communicating at a cellular router between a first wireless communication module and a first subscriber identity module (SIM). The cellular router receives a first request from a first wireless communication module and encapsulates the first request in a first modified request. The cellular router then sends the first modified request to a first SIM card in a first communication apparatus and waits for a first modified reply. While waiting for the first modified reply the cellular router sends at least one halt message to the first wireless communication module after a first time threshold. After receiving the first modified reply, the cellular router decapsulates the first modified reply to retrieve a first reply and sends the first reply to the first wireless communication module where the first modified reply is a reply to the first modified request.

Some embodiments provide a method for establishing a secured session with backward security between a first device and a second device. In some embodiments, the method establishes a communication session between the first and second devices using shared keys stored at the first and second devices. The method exchanges encrypted data between the first and second devices as a part of the communication session. The method, upon completion of the communication session, modifies the shared key at the first device in a predictable way. The shared key is modified at the second device in the same predictable way. The method then stores the modified shared key at the first device. The modified shared key cannot be used to decrypt any portion of the encrypted data of the current and previous communication sessions.

Apparatus and methods to transfer user preferences for cellular wireless service associated credentials transferred from a source device to a target device. Transfer of credentials can include physically moving a physical subscriber identity module (SIM) card between devices, transfer of cellular wireless service from a first SIM card at the source device to a second SIM card at the target device, and/or transfer of cellular wireless services for one or more electronic SIMs (eSIMs) from the source device to the target device. Preferences associated with some or all of the transferred SIMs/eSIMs can be applied at the target device when certain matching criteria are satisfied. Exemplary matching criteria include matching identifiers, such as integrated circuit card identifier (ICCID) values, mobile station international subscriber directory number (MSISDN) values, and/or mappings thereof. Transfer of preferences can occur via a local peer-to-peer connection, a secure cloud-based service, and/or a backup and restore process.

A method for authenticating a circuit switched (CS) call on a virtual subscriber identity module (VSIM) includes: authenticating the VSIM for a packet switched (PS) call connection using authentication information obtained from a remote server through a software subscriber identity module (soft-SIM) connection to the remote server; initiating a call connection on a CS radio access technology (RAT) between the VSIM and a first communication network; and authenticating the VSIM CS call connection to the first communication network through the VSIM PS connection in response to an authentication request for the call connection on the CS RAT.

The present invention discloses methods and systems for communicating at a cellular router between a first wireless communication module and a first subscriber identity module (SIM). The cellular router receives a first request from a first wireless communication module and encapsulates the first request in a first modified request. The cellular router then sends the first modified request to a first SIM card in a first communication apparatus and waits for a first modified reply. While waiting for the first modified reply the cellular router sends at least one halt message to the first wireless communication module after a first time threshold. After receiving the first modified reply, the cellular router decapsulates the first modified reply to retrieve a first reply and sends the first reply to the first wireless communication module where the first modified reply is a reply to the first modified request.

A method comprises detecting, by a subscription management application of the coordinator device, a trigger event that triggers wireless devices in a cluster to activate a subscription profile, determining, by the subscription management application, at least one of coordinator location data describing a location of the coordinator device or coordinator network data describing a network characteristic of a network accessed by the coordinator device, receiving, by the subscription management application, at least one of companion location data describing a location of the companion device or companion network data describing a network characteristic of a network accessed by the companion device, and determining, by the subscription management application, the subscription profile based on at least one of the coordinator location data, the coordinator network data, the companion location data, or the companion network data.

A wireless communication device for establishing two different user equipment (UE) radio access network (RAN) attachments. The wireless communication device comprises an application processor; a baseband processor; a non-transitory memory; a virtual user equipment (UE) application stored in the non-transitory memory that, when executed by the application processor as a first virtual UE instance accesses a first eSIM profile stored in the non-transitory memory, establishes a first UE attachment to a radio access network based on credentials accessed from the first eSIM profile, and conducts a first wireless communication session via the first UE attachment, and when executed by the application processor as a second virtual UE application instance accesses a second eSIM profile stored in the non-transitory memory, establishes a second UE attachment to a radio access network based on credentials accessed from the second eSIM profile, and conducts a second wireless communication session via the second UE attachment.

A communication device with a virtual subscriber identify module (SIM) for operating over multiple wireless telephone and internet protocol (IP) networks includes a processor and a virtual subscriber identify module (SIM), which mimics the operation of a physical SIM card. The virtual SIM includes a plurality of mobile network operator (MNO) profiles each MNO profile including a unique telephone network identifier and a unique IP network identifier. The processor is configured to switch mobile network operators for the wireless telephone and internet protocol (IP) networks by changing the MNO profile from a first one of the plurality of MNO profiles to a second one of the plurality of MNO profiles simultaneously enabling communicating over a second one of the plurality of mobile telephone networks and a second one of the plurality of IP networks.

A communication device with a virtual subscriber identify module (SIM) for operating over multiple wireless telephone and internet protocol (IP) networks includes a processor and a virtual subscriber identify module (SIM), which mimics the operation of a physical SIM card. The virtual SIM includes a plurality of mobile network operator (MNO) profiles each MNO profile including a unique telephone network identifier and a unique IP network identifier. The processor is configured to switch mobile network operators for the wireless telephone and internet protocol (IP) networks by changing the MNO profile from a first one of the plurality of MNO profiles to a second one of the plurality of MNO profiles simultaneously enabling communicating over a second one of the plurality of mobile telephone networks and a second one of the plurality of IP networks.

Embodiments described herein relate to transfer of credentials between two mobile wireless devices that are within proximity of each other, via a secure local connection, or via a network-based cloud service, where the two mobile wireless devices are not in proximity to each other. Transfer of credentials can include communication between a source device, a target device, and/or one more network-based servers, which can include mobile network operator (MNO) managed servers, such as an entitlement server, a web-sheet server, an authentication server, a provisioning server, a subscription management data preparation (SM-DP+) server, a home subscriber server (HSS), and/or an authentication server, as well as third-party managed servers, such as a cloud service server and/or an identification services server. Authentication can be based at least in part on one or more tokens and/or a trust flag obtained by the source device and provided to the target device.