The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.

A user equipment (“UE”) in a wireless communication network can generate a padded identifier by inserting a padding bitstring in a field of an identifier associated with the UE. The UE can further encrypt the padded identifier to generate a concealed padded identifier. The UE can further transmit the concealed padded identifier to a network node operating in the wireless communication network.

A user equipment (“UE”) in a wireless communication network can generate a padded identifier by inserting a padding bitstring in a field of an identifier associated with the UE. The UE can further encrypt the padded identifier to generate a concealed padded identifier. The UE can further transmit the concealed padded identifier to a network node operating in the wireless communication network.

A private network system based on a mobile communication network, includes: a packet data processing system of a mobile communication core network to which a user terminal is attached; a traffic management device configured to retain an attachment policy that is set in advance; and a packet analysis device, configured to receive a packet that requests network attachment from the packet data processing system, extract attachment information of the user terminal from the packet, and compare the attachment information with the attachment policy of the traffic management device to control intranet or Internet attachment. The attachment policy includes at least one of a whitelist defining a target whose traffic is allowed or a blacklist defining a target whose traffic is blocked, and the packet data processing system is included in a private network system that is not controlled by a control policy device of the mobile communication core network.

The invention is a method for managing a tamper-proof device comprising first and second software containers, said tamper-proof device being included in a host device comprising a baseband unit. Said first software container is designed to emulate an eUICC and is in a deactivated state. The second software container comprises a set of rules. The baseband unit comprises an activator agent which retrieves both location data broadcasted by a telecom network and the set of rules from the second software container. The activator agent checks if activation of the first software container is authorized by one of said rules for the location data and requests activation of the first software container only in case of successful checking.

A system and method includes mobile device, a SIM associated with mobile device, an MNO computer, a computer associated with an owner of the mobile device, a first set of keys stored in the SIM for securely communicating with the MNO computer, and a second set of keys for securely communicating with the computer associated with the owner of the mobile device, to exchange application information. The SIM can be configured to determine when updated information related to the second set of keys is required, securely send a request to the MNO computer for updated information related to the second set of keys using the first set of keys, and responsively receive the updated information related to the second set of keys from the MNO computer, the updated information being provisioned by the computer associated with the owner of the mobile device. The mobile device is configured to utilize the updated information related to the second set of keys to establish data communication between an application running on the mobile device and the computer associated with the owner of the mobile device.

This Application sets forth techniques for cloud-based cellular service management for a set of associated mobile wireless devices, including maintenance of information for one or more subscriber identity modules (SIMS) and/or electronic SIMs (eSIMs) used by the set of mobile wireless devices.

According to various embodiments, a cellular architecture for enhanced privacy regarding identity and location of a computing device is disclosed. The architecture includes a next generation core (NGC). The NGC includes an authentication server function (AUSF) configured to determine whether the computing device contains a valid subscriber identity module (SIM) card, and a user plane function (UPF) configured to allow a computing device to connect to the Internet. The architecture further includes a gateway connected to the UPF, the gateway configured to authenticate the computing device while hiding the identity of the computing device by verifying authentication tokens that represent units of access.

According to various embodiments, a cellular architecture for enhanced privacy regarding identity and location of a computing device is disclosed. The architecture includes a next generation core (NGC). The NGC includes an authentication server function (AUSF) configured to determine whether the computing device contains a valid subscriber identity module (SIM) card, and a user plane function (UPF) configured to allow a computing device to connect to the Internet. The architecture further includes a gateway connected to the UPF, the gateway configured to authenticate the computing device while hiding the identity of the computing device by verifying authentication tokens that represent units of access.

A telecommunication includes a computing device and a mobile device. The computing device is in communication with a blockchain network, a subscription manager data preparation (SM-DP) platform, and the mobile device. The computing device is configured to perform a first set of operations. The first set of operations includes retrieving an identity token from the blockchain network. The identity token is a first non-fungible token uniquely identifying a user of the mobile device. The first set of operations further includes retrieving, from the SM-DP platform, an embedded subscriber identity module (eSIM) profile for the identity token from the blockchain network. The first set of operations further includes generating, via the blockchain network, a second non-fungible token. The second non-fungible token includes the eSIM profile. The mobile device is in communication with the blockchain network.