A method includes receiving, by an embedded universal integrated circuit card (eUICC), first information from a local profile assistant (LPA), where the first information includes a first certificate issuer (CI) public key identifier, and the first CI public key identifier is a CI public key identifier that the eUICC does not have. The method further includes sending, by the eUICC, second information to an OPS, where the second information includes the first CI public key identifier. The method further includes receiving, by the eUICC, a patch package from the OPS, where the patch package includes at least a first CI public key corresponding to the first CI public key identifier. The method further includes updating, by the eUICC, a CI public key of the eUICC by using the first CI public key.

Methods and devices for determining whether a mobile device has been compromised. File tree structure information for the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in a portion of memory. The file tree structure information is analyzed to determine that the mobile device has been compromised, has not been compromised, or might be compromised. Based on determining that the mobile device might be compromised, the mobile device is instructed to execute a restricted action. If the restricted action occurs on the mobile device then it is determined that the mobile device has been compromised. Based on that determination, an action is taken.

Methods and devices for determining whether a mobile device has been compromised. File tree structure information for the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in a portion of memory. The file tree structure information is analyzed to determine that the mobile device has been compromised, has not been compromised, or might be compromised. Based on determining that the mobile device might be compromised, the mobile device is instructed to execute a restricted action. If the restricted action occurs on the mobile device then it is determined that the mobile device has been compromised. Based on that determination, an action is taken.

A method is for a first-time startup of a not fully personalized secure element, which serves for the use of services of a mobile communication network, in a mobile terminal. In the method, the secure element is started and requested to transmit a status message. The secure element transmits a status message in which it is stated whether the secure element: S1) contains only a bootloader but as yet no firmware image for the secure element; S2) contains a firmware image for the secure element but is not yet fully personalized; or S3) is fully personalized. The secure element is accepted in the cases S1), S2) and S3) and rejected in other cases. In the case S1), a download for a firmware image of the secure element is initiated for a first-time startup.

The disclosure provides systems and methods for identifying a mobile device when requesting a secure transaction. In a method conducted at a transaction server access to stored location data having been periodically received relating to a mobile device and stored with an identifier of the mobile device is provided. Historical location data having been stored locally at a mobile device is received from the mobile device when requesting a secure transaction. The historical location data received from the mobile device is matched to a subset of the stored location data to obtain or verify an identifier of the mobile device requesting the secure transaction. The mobile device requesting the secure transaction is associated with the identifier so as to identify or verify the identity of the mobile device requesting the secure transaction.

The disclosure provides systems and methods for identifying a mobile device when requesting a secure transaction. In a method conducted at a transaction server access to stored location data having been periodically received relating to a mobile device and stored with an identifier of the mobile device is provided. Historical location data having been stored locally at a mobile device is received from the mobile device when requesting a secure transaction. The historical location data received from the mobile device is matched to a subset of the stored location data to obtain or verify an identifier of the mobile device requesting the secure transaction. The mobile device requesting the secure transaction is associated with the identifier so as to identify or verify the identity of the mobile device requesting the secure transaction.

Systems, methods, and related technologies for device software monitoring and device software updating are described. In certain aspects, a device is selected based on being a smart device and a software version of associated with the software of the device is determined. The device software may then be automatically updated if newer software is available.

Systems, methods, and software for authorizing an application in User Equipment (UE) for direct discovery. In one embodiment, an authorization mechanism receives information (e.g., application ID) for a discovery request sent by an application in a UE. In response to the discovery request, the authorization mechanism challenges the UE for information regarding security parameters that are mapped to the application ID. Based on the information provided by the UE, the authorization mechanism determines whether the application is authorized for direct discovery.

Systems, methods, and software for authorizing an application in User Equipment (UE) for direct discovery. In one embodiment, an authorization mechanism receives information (e.g., application ID) for a discovery request sent by an application in a UE. In response to the discovery request, the authorization mechanism challenges the UE for information regarding security parameters that are mapped to the application ID. Based on the information provided by the UE, the authorization mechanism determines whether the application is authorized for direct discovery.

A method and apparatus for supporting security in a radio resource control (RRC) inactive state in a wireless communication system is provided. A user equipment (UE) receives information on multiple security variables, of which each variable is mapped to each of multiple counter values, respectively. The UE calculates a security parameter and/or updating a UE identifier (ID) based on a security variable among the security variables which is mapped to a corresponding counter value among the multiple counter values, and transmits a radio resource control (RRC) resume request message including the calculated security parameter and/or the updated UE ID. The counter value may be increase whenever a timer expires or an RRC reject message is received as a response to the RRC resume request message.