A system including a device operable to intercept a PMS request from the PMS to the encoder to obtain card data from the encoder, then send the card data to a credential service to provision a mobile phone with a virtual key. A method of provisioning credentials for a mobile device, the method including generating a request from a Property Management Systems (PMS); sending the request to an encoder through a device; determining if the request is for a virtual card at the device; and using an encoder 0 feature to check-in a guest from the encoder in response to a request for a virtual card.

A passive authentication method includes, in response to receiving a requested action from a first user, obtaining a set of sensor data and categorizing first sensor data of the set of sensor data into a first modality of a set of modalities. The method includes, for the first modality of the set of modalities, determining a distance value by applying a first modality model to the first sensor data and comparing the distance value to a first verified value of the first user for the first modality. The method includes, based on the comparison, determining a first authentication decision of the distance value. The method includes, in response to the first authentication decision indicating the first sensor data corresponds to the first user, performing the requested action.

A passive authentication method includes, in response to receiving a requested action from a first user, obtaining a set of sensor data and categorizing first sensor data of the set of sensor data into a first modality of a set of modalities. The method includes, for the first modality of the set of modalities, determining a distance value by applying a first modality model to the first sensor data and comparing the distance value to a first verified value of the first user for the first modality. The method includes, based on the comparison, determining a first authentication decision of the distance value. The method includes, in response to the first authentication decision indicating the first sensor data corresponds to the first user, performing the requested action.

Methods and devices for provisioning a secure application on an electronic device with first issuer data for a first issuer are described. In an embodiment, the provisioning system receives and stores first issuer records. The example provisioning system receives a provisioning request to provision the secure application with the first issuer data. The provisioning request includes identifying information. The example provisioning system evaluates the provisioning request based on at least one of the first issuer evaluation criteria, the first issuer records and the identifying information in the provisioning request. When the provisioning request satisfies the first issuer evaluation criteria, the example provisioning system generates a signal using the communication module to provide the first issuer data to the electronic device to provision the secure application on the electronic device.

Embodiments of the present invention are directed to a centralized trusted service manager system in the form of a trusted service manager interconnectivity service hub, which facilitates and provides communications between entities involved I mobile contactless payment systems. One embodiment is directed to a method for processing a message related to a mobile payment application on a secure element of a mobile communication device through an interconnectivity services hub including receiving the message from a first entity in a first protocol and determining a trusted service manager associated with the secure element from among a plurality of trusted service managers using a routing table comprising routing information. Then the method continues by determining a second protocol corresponding to the trusted service manager associated with the secure element, translating the message into the second protocol, and sending the translated message to the trusted service manager which communicates with the secure element.

Authentication processes to counter subscriber identity module swapping fraud attacks is disclosed. A method can comprise receiving location data representative of a tower device of a group of tower devices; receiving duration data representing a time period during which the mobile device has been traversing through a transmission region monitored by the tower device; as a function of the identification data, the location data, and the duration data, formulating a challenge query for the mobile device to answer; and sending the challenge query to the tower device.

Authentication processes to counter subscriber identity module swapping fraud attacks is disclosed. A method can comprise receiving location data representative of a tower device of a group of tower devices; receiving duration data representing a time period during which the mobile device has been traversing through a transmission region monitored by the tower device; as a function of the identification data, the location data, and the duration data, formulating a challenge query for the mobile device to answer; and sending the challenge query to the tower device.

A method and apparatus for setting profiles are provided. The profile setting method includes receiving, from a first terminal, a profile transfer request message that requests transfer of a first profile or portion thereof from a first secure element to a second secure element; configuring a second profile using the first profile or portion thereof; and sending, to a second terminal, the configured second profile.

Federated multi-access edge computing availability notifications may be provided by: transmitting, from a User Equipment (UE) to an Access Point (AP) of a wireless network, an attach request for the wireless network that includes authentication credentials for an identity provider independent from the wireless network to authenticate the UE to the wireless network; receiving, at the UE via the AP, an authentication success message for the wireless network from the independent identity provider; transmitting, from the UE to the AP, a Multi-access Edge Computing (MEC) query; and receiving, at the UE from the AP, a MEC response that identifies MEC resources that are available to the UE based on an identity for the UE confirmed by the identity provider to the wireless network.

System, methods, and computer program products are provided for interfacing between one of a plurality of service provider (SP) trusted service managers (TSM) and one of a plurality of secure elements (SE). A first request to renew a service is received from an SP system over a communications network. The first request includes a service qualifier associated with the service. A secure element corresponding to the service qualifier is determined. A second request to delete data associated with the service qualifier from the secure element is transmitted to the secure element. A third request to install an application on the secure element is transmitted to the secure element. A fourth request to activate the application on the secure element is transmitted to the secure element.