A communication device and system are disclosed for providing communication and data services to residents of a controlled facility. The device can be restricted to communicating only using an internet protocol so as to restrict the device communication to an internal intranet. Wireless access points may be disposed throughout the environment to route calls and data between the device and a central processing center. By converting a protocol of the communications received from the device to a protocol used by the central processing center, minimal modifications to the central processing center are needed to support a wireless communication infrastructure. Many restrictions and safeguards may be implemented within the phone and system in order to prevent improper use.

Various embodiments described herein are directed towards authenticating calls by using one or more keys associated with a specific user. In examples, the user is the sender of a call. In various embodiments, when a call is made, an identifying payload is encrypted using a private key associated with the user. The encrypted identifying payload is appended to the call data stream. The identifying payload may be decrypted with a public key. In embodiments, the identifying payload may be verified. In various embodiments, further authentication methods may be performed by using an object such as a contactless card to provide one or more components of the identifying payload and/or keys. In embodiments, a connection may be made between the sender and the intended recipient of a call based on the verification of the identifying payload.

Device-enabled embedded subscriber identity module (eSIM) profile acquisition is described. Server(s) associated with a service provider can receive, from an application of a device operated by a user, identification data including at least an identifier corresponding to an eSIM associated with the device. The server(s) can store an association between a profile and the identifier in a database. The server(s) can receive, from the device, a request for the profile, which can include the identifier. The server(s) can access the database to identify, based at least in part on the identifier, the association between the profile and the identifier and provision, to the device, the profile to cause the profile to be associated with the eSIM associated with the device.

A process for authorizing wireless service includes providing a generally rectangular flat form factor card having a first surface and opposing second surface. The process further includes providing a machine-readable activation code arranged on the first surface, wherein the machine-readable activation code is configured to authorize the wireless service when provided to a system associated with a wireless service provider, receiving the machine-readable activation code in a server, the machine-readable activation code being captured by a wireless device, and provisioning the wireless service to the wireless device from a wireless network when the machine-readable activation code is provided to the system associated with the wireless network.

Methods and systems for independent security scrubbing and billing of calls through an IP Multimedia Core Network Subsystem (IMS) are provided. The system includes a core IMS network and a security network cloud securely connected via session border controllers. The IMS network is configured to route calls to the security network cloud. The security network includes call-processing and billing servers that implement security checks on calls from OSI model layer three to seven and analyze the call to collect and generate billing data. After successful security and billing operations, the call is routed back to the IMS network for handling according to conventional workflows. Accordingly, the disclosed invention serves to enhance security for IMS traffic, improve the accuracy of customer billing and conserves IMS network resources which would otherwise be consumed by malicious attacks and billing responsibilities.

The disclosure relates to a 5.sup.th generation (5G) or pre-5G communication system for supporting a data transmission rate higher than that of a 4th generation (4G) system, such as long-term evolution (LTE). The disclosure relates to authentication and authorization for edge computing applications, and an operation method of a user equipment (UE) in a wireless communication system. The method may include transmitting, to a server, a first message including at least one of information related to the UE or a type of user agent, performing an authentication procedure for an edge computing service according to an authentication method determined based on the first message, receiving a second message indicating authority granted to the edge computing service, based on an authentication code generated by the server according to the performed authentication procedure, and using the edge computing service in a range corresponding to the granted authority.

A method of adding a value to a customer account is provided. A request to add a value to a customer account of a customer is received from a point of sale terminal. The request may comprise value identification data associated with the value and account identification data associated with the customer account. The customer account identification data may be entered at the point of sale. The request may be associated with a purchase of the value. The value may be caused to be added to the customer account. During subsequent value purchase transactions, additional value may be added to the account.

A method and system are described for enhancing the security of calls made by a member of a controlled environment to an outside party, particularly when the outside party communicates via a cellular phone. An application is provided for the cellular device, which must communicate and register with a calling platform of the controlled environment. Certain elements of personal verification data are obtained by the user of the cellular device and stored at the calling platform for later reference. Calls from the inmate to the cellular device cause the calling platform to issue a notification to the user via the application. The user verifies his/her identity using the application, after which the call can be connected. As a further security measure, certain conditions can be required and periodically checked during the call to ensure the user remains verified.

In one example, an authentication server generates a Chargeable User Identity (CUI) for a User Equipment (UE) based on a first indication of an identifier obtained from the UE based on communications of the UE over a first network interface of a system. The authentication server obtains a second indication of the identifier based on communications of the UE over a second network interface of the system. In response to obtaining the second indication of the identifier, the authentication server determines that the UE is attempting to communicate over the second network interface. In response to determining that the UE is attempting to communicate over the second network interface, the authentication server uses the CUI for further communications of the UE over the second network interface.

A method and system for the purchase and activation of services on a wireless device are provided. The method and system include the use of an airtime card with a near field communication tag with a unique identifier code used to improve a user's experience and ease of activation/provisioning of services for the wireless device. In some aspects, the unique identifier may be generated during the activation and purchase of the wireless service and it is not required that the unique identifier code be recorded in a backend system of the wireless provider prior to activation. The services to be purchased and activated may include at least one of the following: out of the box activation, device upgrades, device reactivations, wireless number changes, wireless number porting, and the addition or purchasing of services including airtime, data, and/or SMS enrollments or data content.