US 12207094

US patent 12207094, titled "Embedded universal integrated circuit card supporting two-factor authentication," was filed on January 18, 2024, and issued on January 21, 2025. The original assignee was Network 1 Technologies Inc, with the current assignee listed as M2M and IoT Technologies LLC, and Network-1 Technologies, Inc. (with several reassignments noted). The inventor is John A. Nix.

The abstract of US12207094B2 describes methods and systems for an embedded universal integrated circuit card (eUICC) that supports two-factor authentication. The system allows an eUICC subscription manager to send an encrypted profile to a module. This profile includes a first network module identity and a first key K. The eUICC decrypts the profile, enabling the module to perform an initial authentication with a mobile network operator (MNO) using the first key K. After this first authentication, the MNO conducts a second factor authentication with a user or service provider associated with the module. Upon successful completion of the second factor authentication, the MNO sends a symmetric key to the module, which is used by the eUICC to decrypt a second portion of the profile containing a second network module identity and a second key K. The module then disconnects and reconnects to the wireless network using this second, more securely obtained key, enhancing overall security. The patent also describes an alternative where the second key K is derived using a key derivation algorithm without electronic transfer, further increasing security.

A plain-language overview of the independent claims is as follows:

Independent Claim 1: This claim describes a method for a module with an eUICC to authenticate with a wireless network using two factors. It involves the module receiving an encrypted eUICC profile and decrypting a first part of it using an eUICC profile key to get initial network credentials (first network module identity and first key K). The module then uses these credentials for a first authentication with the wireless network. After this, a second authentication occurs involving a user or service provider, performed by the mobile network operator (MNO). Once this second authentication is successful, the MNO sends a symmetric key to the module. The module uses this symmetric key to decrypt a second part of the profile, revealing new, more secure network credentials (second network module identity and second key K). Finally, the module disconnects from the network and re-authenticates using these new second credentials.

Independent Claim 10: This claim describes a module configured to perform the method of claim 1. It specifies that the module includes an eUICC, a processing unit, a memory, a physical interface (like a radio or Ethernet port), and an operating system. The module is set up to receive and decrypt an encrypted eUICC profile, perform the two-factor authentication steps, and then use the more securely obtained second key K for subsequent network connections, as detailed in claim 1.

Independent Claim 14: This claim outlines a method for a mobile network operator (MNO) to manage authentication for a module with an eUICC. The MNO first provides an encrypted eUICC profile that includes initial network credentials (first network module identity and first key K) to a subscription manager. The MNO then authenticates the module based on the first key K. After this, the MNO performs a second factor authentication to verify a user or M2M service provider associated with the module. If this second authentication is successful, the MNO sends a symmetric key to the module. This symmetric key allows the eUICC to access a second, more secure key (second key K) from the profile. The MNO then expects and performs subsequent authentications of the module using this second key K.

Independent Claim 15: This claim describes a mobile network operator (MNO) system configured to perform the method of claim 14. The system includes a server, a processing unit, and a memory. It is equipped to provide the encrypted eUICC profile, perform the initial and second-factor authentications, and then facilitate the module's use of the more secure second key K for ongoing network access.

Regarding CAFC 2026 dockets, a search of publicly available information for May 2026 did not specifically list patent number 12207094 in any scheduled cases. However, the Google Patents information for US12207094B2 notes that "Family has litigation" and specifies a "PTAB case IPR2026-00118 filed (Pending)". It also indicates a "US case filed in Texas Eastern District Court" for case 2:25-cv-00667. The status for these is "Pending" and there is a "First worldwide family litigation filed". Therefore, while no specific CAFC 2026 docket appears immediately in the search results, there is ongoing litigation related to this patent, including a PTAB IPR case and a district court case. There is no authoritative information directly linking patent 12207094 to a specific CAFC 2026 docket at this time through the performed search.## US12207094B2: Embedded Universal Integrated Circuit Card Supporting Two-Factor Authentication

Title: Embedded universal integrated circuit card supporting two-factor authentication

Assignee: The original assignee for US12207094B2 was Network 1 Technologies Inc. Current assignees are listed as M2M and IoT Technologies LLC and Network-1 Technologies, Inc., following several reassignments.

Inventors: John A. Nix

Filing Date: January 18, 2024

Issue Date: January 21, 2025

Abstract:
The patent describes methods and systems for an embedded universal integrated circuit card (eUICC) that supports two-factor authentication. An encrypted profile containing a first network module identity and a first key K is sent from an eUICC subscription manager to a module. The eUICC decrypts this initial portion, allowing the module to perform a first authentication with a mobile network operator (MNO) using the first key K. Following this, the MNO conducts a second-factor authentication with an associated user or M2M service provider. Upon successful completion of the second authentication, the MNO provides a symmetric key to the module. This key enables the eUICC to decrypt a second portion of the profile, revealing a more secure second network module identity and a second key K. The module then disconnects and re-authenticates with the wireless network using these enhanced credentials. An alternative embodiment allows for the derivation of the second key K using a key derivation algorithm without direct electronic transfer, further bolstering security.

Plain-Language Overview of Independent Claims:

Independent Claim 1: Method for Module Authentication
This claim details a two-factor authentication process for a device (module) equipped with an embedded Universal Integrated Circuit Card (eUICC).

1. Initial Profile Reception and Decryption: The module receives an encrypted eUICC profile. The eUICC inside the module uses a pre-stored "eUICC profile key" to decrypt a first part of this profile. This decrypted part contains basic network access information: a "first network module identity" and a "first key K."
2. First Authentication: The module uses this "first network module identity" and "first key K" to perform an initial authentication with a wireless network operated by a mobile network operator (MNO).
3. Second Factor Authentication: After the initial authentication, the MNO conducts a separate, "second factor" authentication. This step verifies the identity of a user or a machine-to-machine (M2M) service provider linked to the module. This second authentication often occurs outside the direct eUICC process, potentially through a web interface, phone call, or external data exchange.
4. Symmetric Key Delivery and Second Profile Decryption: If the second factor authentication is successful, the MNO sends a "symmetric key" to the module. The eUICC then uses this symmetric key, along with a "symmetric ciphering algorithm," to decrypt a previously inaccessible second part of the received profile. This second decrypted part contains more secure network access information: a "second network module identity" and a "second key K."
5. Re-authentication with Enhanced Security: Finally, the module disconnects from the wireless network and then reconnects and performs a second authentication using the newly obtained "second network module identity" and "second key K." This ensures that the module uses a key securely released only after a complete two-factor authentication.

Independent Claim 10: Module for Two-Factor Authentication
This claim describes the physical device (module) itself, designed to carry out the method outlined in Claim 1. It specifies that the module includes:

• An eUICC: The embedded universal integrated circuit card.
• A processing unit (e.g., CPU).
• A memory (e.g., RAM, nonvolatile memory) for storing data and instructions.
• A physical interface (e.g., a radio for wireless communication or an Ethernet port for wired).
• An operating system.
  The module is specifically configured through its hardware and software to perform all the steps described in Claim 1, including receiving and decrypting the eUICC profiles, executing both phases of authentication, receiving the symmetric key, and re-authenticating with the more secure second key.

Independent Claim 14: Mobile Network Operator Method for Authentication
This claim focuses on the process from the perspective of the Mobile Network Operator (MNO) in enabling the two-factor authentication for a module with an eUICC.

1. Profile Provisioning: The MNO provides an encrypted eUICC profile, containing the "first network module identity" and "first key K," to an eUICC subscription manager. This profile also includes an encrypted "second network module identity" and "second key K."
2. First Module Authentication: The MNO authenticates the module based on the "first network module identity" and "first key K" supplied by the module's eUICC. This is the initial, less secure authentication step.
3. Second Factor Authentication of User/Provider: The MNO then performs a "second factor" authentication to verify the identity of a user or an M2M service provider associated with that specific module. This is a crucial step for enhanced security, as the MNO verifies the entity controlling the module.
4. Symmetric Key Release: Upon successful completion of this second-factor authentication, the MNO sends the "symmetric key" to the module. This key is necessary for the module's eUICC to decrypt the second, more secure part of the profile.
5. Second Module Authentication Expectation: The MNO subsequently expects and performs future authentications of the module using the "second network module identity" and the "second key K," which were made accessible to the module only after the complete two-factor authentication.

Independent Claim 15: Mobile Network Operator System for Authentication
This claim describes the MNO's system designed to implement the method outlined in Claim 14. The system comprises:

• A server.
• A processing unit.
• A memory.
  This MNO system is specifically configured to perform all the steps detailed in Claim 14, including providing the eUICC profiles, conducting both the module's initial authentication and the user/service provider's second-factor authentication, releasing the symmetric key, and managing subsequent authentications using the more secure second key.

Litigation Notes:

US Patent 12207094B2 is currently active and is involved in litigation. Google Patents indicates that a PTAB case, IPR2026-00118, has been filed and is pending. Additionally, a US case has been filed in the Texas Eastern District Court (case 2:25-cv-00667), and the patent family also has a first worldwide family litigation filed. As of April 26, 2026, a targeted search of CAFC 2026 dockets did not reveal any scheduled cases specifically listing patent number 12207094.