There is provided mechanisms for remote provisioning of a SIM profile to a subscriber entity. A method is performed by a remote SIM provisioning server. The method comprises obtaining a request from an MNO entity for generation of the SIM profile. The method comprises generating the SIM profile. The method comprises providing, to a storage entity, a key-value pair of the SIM profile. The key-value pair comprises a unique identifier comprising at least one profile specific element of the SIM profile as key and binding information of the at least one profile specific element as value. The unique identifier comprising at least one profile specific element of the SIM profile is represented by profile/subscription unique data elements for the SIM profile. The binding information of the at least one profile specific element is represented by an BID of the subscriber entity, ICCID of the SIM profile, IMSI, and an MNO identifier. The method comprises providing, to the subscriber entity requesting download of the SIM profile, the SIM profile.

This application describes a phased approach to provision eSIM profiles to a wireless device. Credentials are preloaded to an eUICC during manufacture of the eUICC and used subsequently to load eSIM profiles to the eUICC without requiring an active, real-time connection to an MNO provisioning server. Multiple bound profile packages (BPPs) can be pre-generated and encrypted by MNO provisioning servers for an eUICC and transferred to a BPP aggregator server before assembly of the eUICC in a respective wireless device. A local provisioning server in a manufacturing facility mutually authenticates and connects to the BPP aggregator server to download and store one or more of the encrypted BPPs for later installation on the eUICC. The local provisioning server subsequently mutually authenticates and connects to the eUICC to load at least one of the one or more pre-generated, encrypted BPPs to the eUICC during assembly and/or testing of the wireless device.

A terminal for performing an onboarding procedure for remote provisioning through steps of: receiving an onboarding enabled indication from at least one onboarding network; selecting an onboarding network based on the onboarding enabled indication and onboarding network selection information; and attempting registration for the selected onboarding network is provided.

A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

A method for session creation is provided. The method includes: reading from a secure unit application descriptors1 of a first application, where the application descriptors1 is bound to a signing certificate of the first application or a digital fingerprint of the signing certificate; and creating a session by using the application descriptors1 as application descriptors in a UE route selection policy (URSP) rule.

An authorization process employs a network ID as a possession factor for a secure account, such as a bank account or e-mail account, and determines one or more risk indicators associated with the possession factor. The authorization process is successfully completed when a risk score that is based on the risk indicators is less than a certain risk threshold. The risk indicators include a device history of the network ID and/or at least one attribute of a cellular account associated with the network ID. The device history identifies other mobile devices and/or SIM cards, if any, that have been previously activated with the network ID, while the one or more attributes can further indicate potentially fraudulent activity associated with the cellular account through which wireless services for the network ID are currently provided.

A method of managing and verifying a certificate of a terminal is provided. The method includes obtaining certificate information that is usable when downloading and installing a specific bundle corresponding to at least one of a secondary platform bundle family identifier or a secondary platform bundle family custodian identifier, transmitting, to a secondary platform bundle manager, the certificate information corresponding to the at least one of the secondary platform bundle family identifier or the secondary platform bundle family custodian identifier of the specific bundle, and receiving, from the secondary platform bundle manager, at least one of a certificate of the secondary platform bundle manager, certificate information to be used by a smart secure platform (SSP), the secondary platform bundle family identifier, or the secondary platform bundle family custodian identifier.

This Application sets forth techniques for cloud-based cellular service management for a set of associated mobile wireless devices, including maintenance of information for one or more subscriber identity modules (SIMs) and/or electronic SIMs (eSIMs) used by the set of mobile wireless devices.

A subscriber identity module (SIM) includes a profile area for storing a profile that is used to utilize a line of a mobile network operator, and an application area for storing an application. The profile area and the application area are separated.

A subscriber identity module (SIM) includes a profile area for storing a profile that is used to utilize a line of a mobile network operator, and an application area for storing an application. The profile area and the application area are separated.