A subscriber authentication system prevents a change from being applied to a subscriber account until the subscriber approves of the change at the network core. The subscriber authentication system identifies one or more subscriber accounts for a network, each subscriber account being associated with a subscriber. The subscriber authentication system receives an indication that a change is requested for a subscriber account. The subscriber authentication system receives, within a network core, authentication information and data indicating whether the change is to be made to the subscriber account. The subscriber authentication system authenticates, within the network core, that the data was received from the subscriber based on the authentication information. The subscriber authentication system causes the change to be made based on the data indicating whether the change is to be made and the result of the

According to one configuration, a communication management resource such as a SIM provisioning platform receives input from a mobile communication device to activate use of the mobile communication device in a private wireless network. The communication management resource authenticates use of the mobile communication device in the private wireless network. Subsequent to authentication, the communication management resource populates an access file such as private SIM (Subscriber Identity Module) information for use by the mobile communication device to access the private wireless network. The access file is populated with information such as a unique cell identifier value, encryption information, identification of supported services, etc. The communication management resource communicates the newly generated access file (such as SIM information) to the mobile communication device, enabling the mobile communication device use of the private wireless network.

According to one configuration, a communication management resource such as a SIM provisioning platform receives input from a mobile communication device to activate use of the mobile communication device in a private wireless network. The communication management resource authenticates use of the mobile communication device in the private wireless network. Subsequent to authentication, the communication management resource populates an access file such as private SIM (Subscriber Identity Module) information for use by the mobile communication device to access the private wireless network. The access file is populated with information such as a unique cell identifier value, encryption information, identification of supported services, etc. The communication management resource communicates the newly generated access file (such as SIM information) to the mobile communication device, enabling the mobile communication device use of the private wireless network.

Described herein are a cash register and a ticket vending mechanism that require little or no merchant infrastructure resulting in dramatic cost reduction for merchants. These are made possible through a payer-centric payment paradigm where the payer—as opposed to the merchant—completes the payment transaction without depending on the merchant, resulting in increased payer convenience and payment security.

Described herein are a cash register and a ticket vending mechanism that require little or no merchant infrastructure resulting in dramatic cost reduction for merchants. These are made possible through a payer-centric payment paradigm where the payer—as opposed to the merchant—completes the payment transaction without depending on the merchant, resulting in increased payer convenience and payment security.

Methods are disclosed for provisioning and/or controlling operator profiles in terminals, each having an integrated circuit card identified by an integrated circuit card identifier. According to one aspect, a discovery server is configured with an authorization table including associations of integrated circuit card identifier, service provider identifier, and operator identifier(s). The discovery server receives, from a data preparation node, an event registration request that includes a number of elements. The discovery server determines whether the event is authorized. If so, the event is registered. This enables a terminal to seek to retrieve the event, to contact the data preparation node, and to eventually perform the profile operation. Some embodiments enable the network-initiated provisioning and/or controlling of operator profiles in machine-to-machine devices.

A method includes receiving a request to provision an embedded subscriber identity module (eSIM) profile to an eSIM-enabled device. The request includes a proxy eSIM identifier (EID) prefix. The eSIM profile is associated with a service provider of a mobile communication service a user of the device subscribes to. The method also includes determining whether the proxy EID prefix includes an address of a target discovery server the device is configured to connect to, and when the proxy EID prefix includes the address the method includes extracting the address of the target discovery server from the proxy EID prefix. Using the extracted address of the target discovery server, the method also includes registering a discovery event with the target discovery server indicating that the service provider has reserved the eSIM profile to the proxy EID or an actual EID assigned to the device.

An illustrative embodiment disclosed herein is a non-transitory computer readable medium. In some aspects, the non-transitory computer readable medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a transaction transmitted over an N12 interface, extract, from the transaction, one of an expected response (XRES) or an authentication token (AUTN), a user identifier (ID), and a cipher key, capture a first message transmitted over an N1 interface, and determine that the first message is associated with the user ID and the cipher key extracted from the transaction.

An authentication method performed by an authentication system that is equipped with a communication apparatus to which an authentication information storage apparatus for recording authentication information is connected, and an information apparatus that communicates with the communication apparatus includes executing first authentication processing for authenticating the information apparatus, executing any one of second authentication processing for authenticating, by the information apparatus, the communication apparatus and relaying communication of second authentication processing for authenticating, by the information apparatus, the authentication information storage apparatus, and performing specific information processing when authentication is performed in both the first authentication processing and the second authentication processing.

Method for improving user authentication efficiency performed by a communication device belonging to an authentication system. The communication device includes a local machine learning engine having a set of N artificial neural network ANN1,i adapted to process N different types of input signals. The method includes the steps: receiving a first set of N input signals S_1(i) for authentication purpose; determining respectively for each of the N input signals S_1(i) by the N artificial neural networks ANN1,i, N estimations LH(i) of the likelihood that a given input signal is provided by a legitimate user; determining based on a risk scoring established using the N estimations LH(i) if the requesting user is authenticated as the legitimate user; if the requested user is authenticated, determining if at least one likelihood estimation determined for a given input signal S_1(j) is below a predetermined threshold T.sub.C,i, and if it is the case: transmitting the input signal S_1 (j) to a remote server implementing a server machine learning engine adapted to process said N different types of input signals and trained to identify a user U_C; receiving an input signal S_2(j) associated to the closest candidate U_C and executing by the local machine learning engine an additional learning phase using the input signal S_2(j) as an input signal that is not associated to the requesting user.