A user equipment (UE) is configured to transmit, to a cellular carrier, a request to activate the UE with the cellular carrier. The UE is also configured to, in response to receiving an authentication request for authenticating a user of the UE, transmit, to the cellular carrier, information identifying another UE and authentication information for authenticating the user ; prompt the user, via a display of the UE, to provide, to an input system of the UE, verification information transmitted to the other UE; transmit, to the cellular carrier, the verification information; and in response to validation of the verification information by the cellular carrier, receive an embedded subscriber identity module (eSIM) subscription transferred from the other UE.

Systems and methods for a publish-subscribe broker network that distributes data packets between authorized entities and includes one or more publish-subscribe brokers. Each publish-subscribe broker is reachable by an entity attempting to connect thereto via a transport network configured to transport IP packets. The publish-subscribe brokers are configured to check credentials of entities attempting to connect to the publish-subscribe broker network and ensure that first and second entities are authorized for publishing packets on the secured named channel or for receiving published packets via the secured named channel. Cipher keys are used by the first and second authorized entities to encrypt and decrypt messages distributed via the publish-subscribe broker network and the publish-subscribe brokers are configured to route encrypted messages as data packets on behalf of the first authorized entity to the second authorized entity using the secured named channel.

Systems and methods for a publish-subscribe broker network that distributes data packets between authorized entities and includes one or more publish-subscribe brokers. Each publish-subscribe broker is reachable by an entity attempting to connect thereto via a transport network configured to transport IP packets. The publish-subscribe brokers are configured to check credentials of entities attempting to connect to the publish-subscribe broker network and ensure that first and second entities are authorized for publishing packets on the secured named channel or for receiving published packets via the secured named channel. Cipher keys are used by the first and second authorized entities to encrypt and decrypt messages distributed via the publish-subscribe broker network and the publish-subscribe brokers are configured to route encrypted messages as data packets on behalf of the first authorized entity to the second authorized entity using the secured named channel.

The disclosed computer-implemented method includes applying transport protocol heuristics to selective acknowledgement (SACK) messages received at a network adapter from a network node. The transport protocol heuristics identify threshold values for operational functions that are performed when processing the SACK messages. The method further includes determining, by applying the transport protocol heuristics to the SACK messages received from the network node, that the threshold values for the transport protocol heuristics have been reached. In response to determining that the threshold values have been reached, the method includes identifying the network node as a security threat and taking remedial actions to mitigate the security threat. Various other methods, systems, and computer-readable media are also disclosed.

The disclosed computer-implemented method includes applying transport protocol heuristics to selective acknowledgement (SACK) messages received at a network adapter from a network node. The transport protocol heuristics identify threshold values for operational functions that are performed when processing the SACK messages. The method further includes determining, by applying the transport protocol heuristics to the SACK messages received from the network node, that the threshold values for the transport protocol heuristics have been reached. In response to determining that the threshold values have been reached, the method includes identifying the network node as a security threat and taking remedial actions to mitigate the security threat. Various other methods, systems, and computer-readable media are also disclosed.

A subscriber identity module for employment in a mobile device has a processor, a storage as well as a location determining device. The location determining device is adapted to determine a location of the subscriber identity module. The subscriber identity module makes a plurality of functions available.

Systems and methods enable the provisioning of security as a service for network slices. A network device stores definitions of multiple security assurance levels for network slices based on security parameters of assets used in the network slices. The network device stores multiple network slice templates, wherein the multiple network slice templates have different security assurance levels, of the multiple security assurance levels, for a Network Service Descriptor (NSD). The network device receives a request for a network slice with a requested security assurance level, of the multiple security assurance levels, for the NSD, and deploys the network slice using one of the network slice templates that has a security assurance level that corresponds to the requested security assurance level. The network device monitors the security parameters of the assets of the network slice for changes to the security assurance level of the deployed network slice.

A policy-based printing system is implemented to allow access to a private domain to print using a public domain. The private domain includes private servers that store documents. The public domain includes servers and a printing device. A public policy server uses a domain list and a protocol connection with a private authentication server to validate a user and identify which private domain to access. The public policy server receives requests from the printing device to process a print job of a document in the private domain. A mobile device is used to coordinate the retrieval and printing of the document using an application. A kiosk may be used to send the document to the printing device from the mobile device.

The present invention relates to a system (100) for operating a user device (110) with personalized identity module profiles in which identity module profiles are automatically downloaded from a subscription manager (130) onto a user device (110) upon identification of the user (120) of the user device (110), in a secure manner. The system (100) especially comprises a service system (140) for identifying the user corresponding to the derived user identity, and a subscription manager (130) for preparing personalized identity module profiles requested by the service system (140) and sending the prepared personalized identity module profiles to the user device (110).

Aspects of the subject disclosure may include, for example, a server, comprising a processing system including a processor and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations including receiving a request from a mobile device of a user having an account to access a first mobile application of a plurality of mobile applications, wherein each of the plurality of mobile applications is embedded into a single bundled application, and wherein the single bundled application is downloaded onto the mobile device, determining whether the mobile device has permissions for access to the first mobile application and whether the mobile device is executing the single bundled application, and sending permissions data to the mobile device that enables the mobile device via the account to access the first mobile application. Other embodiments are disclosed.