Provided is a method for establishing a secure connection from a chip to a network. The method comprises sending a connection request with a decentralized identifier address, sending a request for getting a decentralized identifier, sending, to the network, the decentralized identifier, sending, to the chip, an authentication request with data, and determining and sending, to the network, authentication data, and authenticating the chip. It further include sending, to the ledger, a request for getting subscription data associated with the decentralized identifier address, verifying, whether the decentralized identifier address is associated with a subscription wallet address or a subscription address in an operator wallet sending, to the network, associated subscription data, verifying whether valid, and establishing, when valid, a connection to the chip.

The present disclosure discloses a system and method for providing multi-factor authorization for IEEE 802.1x-enabled networks. Specifically, a network device authenticates a client device to obtain access to network resources in a network via a network authentication protocol. The network device then detects a device quarantine trigger indicating an increased level of suspicion that a current user of the client device is a non-authenticated user. In response to the device quarantine trigger, the network device temporarily places the client device from an authenticated state to a quarantined state pending completion of a particular workflow by the current user. The client device has limited access to the network resources while in the quarantined state regardless of a previous successful user and/or device authentication.

When a user attempts to execute a procedure for transfer or the like from an app, user authentication is first required by a PIN code or the like. When the user authentication is successful, function limitation of an IC chip is released and a mode in which a function provided by the IC chip can be used is set. The app encrypts a procedure message describing procedure content with a private key using the function of the IC chip and creates electronic signature. The electronic signature and the procedure message are transmitted to a server of an online service via an intermediate server. The server executes a procedure of transfer or the like in accordance with the content of the procedure message.

When a user attempts to execute a procedure for transfer or the like from an app, user authentication is first required by a PIN code or the like. When the user authentication is successful, function limitation of an IC chip is released and a mode in which a function provided by the IC chip can be used is set. The app encrypts a procedure message describing procedure content with a private key using the function of the IC chip and creates electronic signature. The electronic signature and the procedure message are transmitted to a server of an online service via an intermediate server. The server executes a procedure of transfer or the like in accordance with the content of the procedure message.

According to various embodiments, an electronic device may comprise at least one embedded universal integrated circuit card (eUICC) each storing at least one subscriber identity information and at least one processor electrically connected to the eUICC. The at least one processor may control to connect with an external electronic device through communication, receive a subscription information request for subscription transfer from the external electronic device, identify at least one transferable subscription information from profile information stored in the eUICC, in response to the reception of the subscription information request, transmit the identified at least one transferable subscription information to the external electronic device, receive to-be-transferred subscription information selected from among the at least one transferable subscription information from the external electronic device, request a server to authenticate the to-be-transferred subscription selected by the external electronic device, receive information corresponding to a result of the authentication from the server, in response to the request for the authentication, and transmit information for subscription transfer including the information corresponding to the authentication result to the external electronic device.

A user equipment and wireless provisioning method and system associated with a first wireless network are provided. The wireless provisioning system includes a processor, a network interface in communication with the first wireless network, and a non-transitory memory storing a first set and a second set of information of a profile related to operation of a UE on a second wireless network. The processor transmits the first set of information to the UE for provisioning to the UE files associated with authorization and authentication of the UE on the second wireless network. The processor validates that the first set of information was provisioned to the UE and transmits the second set of information to the UE for provisioning to the UE pointer updates for updating pointers on the UE to point to the first set of information. The processor transmits an instruction for the UE to reboot.

Methods and apparatuses are described herein for registration and security for wireless transmit/receive units (WTRUs) with multiple universal subscriber identity modules (USIMs). Optimized registration and authentication procedures, that enable a WTRU to register and authenticate multiple USIMs during one registration and authentication procedure are described herein. The techniques described herein may eliminate the need for separate registration and authentication procedures for each USIM. A gateway device may inform the network in a Registration Request message that it is registering multiple devices (i.e., multiple WTRUs). The network and the gateway may then perform an authentication procedure with an aggregate challenge/response (i.e., a single challenge for each WTRU). A WTRU may inform the network in a Registration Request message that it is registering multiple USIMs. The network and the WTRU may then perform an authentication procedure with an aggregate challenge/response (i.e., a single challenge for all USIMs).

The disclosed technology is directed towards detecting suspected malicious activity involving mobile devices and subscriber identity module (SIM) cards, including discerning benign SIM swap events from likely malicious SIM swap events. In one example, call detail records, radio access network events and billing events are collected and analyzed to detect subscriber identity module swap events between mobile devices. Based on the collected data and related data sources SIM swap events are classified as benign or suspected malicious classifications. Malicious classifications can result in information representative of the suspected as malicious classification being output, e.g., as a type of fraudulent activity. A confidence level can be associated with classification output data, including for types of fraudulent activities and types of benign activities.

The disclosed technology is directed towards detecting suspected malicious activity involving mobile devices and subscriber identity module (SIM) cards, including discerning benign SIM swap events from likely malicious SIM swap events. In one example, call detail records, radio access network events and billing events are collected and analyzed to detect subscriber identity module swap events between mobile devices. Based on the collected data and related data sources SIM swap events are classified as benign or suspected malicious classifications. Malicious classifications can result in information representative of the suspected as malicious classification being output, e.g., as a type of fraudulent activity. A confidence level can be associated with classification output data, including for types of fraudulent activities and types of benign activities.

In some implementations, a device may receive a SIP invite associated with a call to a first user device from a second user device. The first user device may be associated with a first network and the second user device may be associated with a second network that is separate from the first network. The SIP invite may include an identity header that indicates a carrier identifier associated with the second network. The device may authenticate the call based on a caller identification associated with the second user device and the carrier identifier. The device may send, based on authenticating the call, the SIP invite to the first user device to indicate, in association with receiving the call and via a user interface, an authorized entity associated with the carrier identifier according to the SIP update.