A method, apparatus, and computer program product provide for updating configuration parameters of a universal integrated circuit card via dedicated network functions in a 5G system. In the context of a method, the method receives an encapsulation request from a unified data management module, the encapsulation request comprising data for at least one configuration parameter associated with a universal integrated circuit card of a user device. The method generates, in response to the encapsulation request, a secure packet comprising the at least one configuration parameter and a secure packet header. The method also provides the secure packet to the unified data management module for delivery to the user device.

Provided is a method, performed by an electronic device, of managing keys for accessing a plurality of services in an integrated manner to improve interoperability and secure security. The method includes transmitting, by a secure domain (SD) in a secure area of the electronic device, a certificate of the SD to a plurality of service providers (SPs); receiving, by an application installed in the electronic device, a certificate of each of the plurality of SPs from the plurality of SPs; receiving, by the application, first signed data from a first SP among the plurality of SPs; authenticating, by the application, the first signed data by using a certificate of the first SP received from the first SP and obtaining an encrypted key of the first SP from the first signed data; decrypting, by the SD, the encrypted key of the first SP by using a private key of the SD; and storing the decrypted key of the first SP in a first instance corresponding to the first SP among a plurality of instances of the SD.

A method of authenticating a secondary communication device based on authentication of a primary mobile communication device is disclosed. Trust is established with the primary mobile communication device by a device authentication server (DAS). The DAS receives an authorization code request from a secondary application operating on the secondary communication device, and transmits an authorization code to the secondary communication device. The DAS receives the authorization code from a primary application operating on the primary mobile communication device. The DAS authorizes the secondary application based on the trust with the primary mobile communication device and the authorization code from the primary application. The DAS transmits a secondary token to the secondary application at the secondary communication device to allow initialization of a communication session from the secondary application on behalf of the primary mobile communication device.

A device can (i) operate a primary platform (PP) within a tamper resistant element (TRE) and (ii) receive encrypted firmware images for operating within the primary platform. The TRE can store in nonvolatile memory of the TRE (i) a PP static private key (SK-static.PP), (ii) a server public key (PK.IDS1), and (iii) a set of cryptographic parameters. The TRE can generate a one-time PKI key pair of SK-OT1.PP and PK-OT1.PP and send the public key PK-OT1.PP to a server. The TRE can receive a one-time public key from the server comprising PK-OT1.IDS1. The TRE can derive a ciphering key using an elliptic curve Diffie Hellman key exchange and the SK-static.PP, SK-OT1.PP, PK.IDS1, and PK-OT1.IDS1 keys. The TRE can decrypt the encrypted firmware using the derived ciphering key. The primary platform can comprise a smart secure platform (SSP) and the decrypted firmware can comprise a virtualized image for the primary platform.

A method (500) for toggling multi-network connectivity of a mobile device (110) includes, for the mobile device simultaneously connected to one or more carrier-mediated wireless networks (120) associated with a network operator (70), executing a graphical user interface that renders a status graphic (320) indicating the mobile device is currently connected to at least one carrier-mediated wireless network associated with the network operator, and an interactive graphic (330) for selecting between disabling and enabling connections (122) between the mobile device and carrier-mediated wireless networks associated with the network operator. The method includes receiving a user input indication (312) indicating selection of the interactive graphic and in response, disconnecting the mobile device from each of the carrier-mediated wireless networks associated with the network operator and updating the status graphic to indicate that the mobile device is not currently connected to any carrier-mediated wireless networks associated with the network operator.

A method of computer authentication of a user request for a Subscriber Identity Module (SIM) card transfer by a biometric signature from a user equipment (UE) comprising assigning a risk score, by a mobile service provider, to a user account based on user activity in the user account, wherein the user activity includes a SIM card transfer authorization. The mobile service provider then sends a message requesting a biometric signature from an authentication application executing in memory on the UE. The authentication application on the UE then proceeds capturing a biometric signature, encrypting the biometric signature, and sending an encrypted biometric signature to the mobile service provider using a wireless communication protocol. The mobile service provider then compares the biometric signature to an authorized signature and modifies the risk score based on the comparison.

Embodiments described herein relate to eligibility checking for transfer of one or more electronic subscriber identity modules (eSIMs) between two mobile wireless devices. Eligibility to transfer an eSIM to an eUICC of a target device can depend on whether the eUICC of the target device satisfies certain security requirements for the eSIMs to be transferred. The mobile wireless devices can obtain a transfer eligibility result based on communication with one or more network-based servers that can determine compatibility for eSIM transfer.

An electronic device according to an embodiment of the disclosure may include a communication module, a subscriber identification module, and at least one processor. The at least one processor may identify identification information of the subscriber identification module stored in the subscriber identification module when the subscriber identification module is identified as being first inserted, may configure a network service provider based on the identified identification information, may generate a signature by using lock information of the subscriber identification module, may identify network lock information when the signature is identified as being valid, and may set up a network lock function of the communication module based on the identified network lock information.

An electronic device is provided. The electronic device includes a UICC in which a first profile is installed, an eUICC, and a processor electrically connected with the UICC and the eUICC. The processor requests a second profile to be installed in the eUICC from a first server based on the first profile, receives the second profile from a second server associated with the first server, and installs the received second profile in the eUICC. The second profile and the first profile include the same subscriber identification information.

A subscriber authentication system prevents a change from being applied to a subscriber account until the subscriber approves of the change at the network core. The subscriber authentication system identifies one or more subscriber accounts for a network, each subscriber account being associated with a subscriber. The subscriber authentication system receives an indication that a change is requested for a subscriber account. The subscriber authentication system receives, within a network core, authentication information and data indicating whether the change is to be made to the subscriber account. The subscriber authentication system authenticates, within the network core, that the data was received from the subscriber based on the authentication information. The subscriber authentication system causes the change to be made based on the data indicating whether the change is to be made and the result of the