A method and apparatus for setting profiles are provided. The profile setting method includes receiving, from a first terminal, a profile transfer request message that requests transfer of a first profile or portion thereof from a first secure element to a second secure element; configuring a second profile using the first profile or portion thereof; and sending, to a second terminal, the configured second profile.

A method of performing a switch from a first mobile network to a second mobile network by a mobile terminal comprising a secure element includes the steps of: (a) attaching to the first mobile network using a first attachment message containing a first identification data element, preferably a first IMSI, of a first subscription profile; and (b) attaching to the second mobile network by an attachment process including a second attachment message containing a second identification data element, preferably a second IMSI, of a second subscription profile. The second mobile network is configured to monitor at least parts of the attachment process, to determine the second identification data element contained therein and to forward this information to a subscription management server in order to confirm the successful attachment of the secure element to the second mobile network.

A method for activating a mobile terminal token, comprising: a cloud authentication server generates a seed generation factor according to an activation request, and acquires a server seed secret key and saves the same according to the seed generation factor, and generates an activation code according to the seed generation factor, and generates an activation verification code and transmits the same to a mobile terminal, and encrypts the activation code using the activation verification code to acquire an encrypted activation code, and a cloud authentication management platform generates a two-dimensional code image according to the received encrypted activation code and transmits the same to a client for displaying, and the mobile terminal token acquires the encrypted activation code according to the acquired two-dimensional code image, and decrypts the encrypted activation code using the acquired activation verification code to obtain an activation code, and acquires the seed generation factor from the activation code, and acquires a token seed secret key according to the seed generation factor and saves the same. The present invention can activate the token when the mobile terminal is without network, ensuring the accuracy of the seed, thus improving the token security.

A first smart card in a first wireless communication device receives a first profile that indicates a subscription to provide wireless connectivity to a user. The first profile is a copy of at least a portion of a second profile previously established by the user and stored on a second smart card in a second wireless communication device. The first wireless communication device then establishes a first wireless connection with a network using the subscription indicated by the first profile.

A network element of a core network receives a connectivity request for a first peer device. The connectivity request includes an indication for establishing a peer-to-peer connection for the first peer device to communicate data packets with a second peer device. The network element sends, to a first base station of an access network, an access network bearer setup request, which includes an address for the first peer device and serves as a request for the first base station to establish, for the peer-to-peer connection, an access network bearer in the access network for use in communicating the data packets with the second peer device without the use of a core network bearer.

A method for device ownership security is disclosed. The method includes storing an ownership record on a mobile device identifying a home network for the mobile device. The method further includes connecting, by the mobile device, to a foreign network. The method also includes receiving, from the home network, a negative communication based on an indication that the mobile device is at least one of stolen and lost as a second portion of the transaction. The method still further includes ceasing a function of the mobile device in response to the negative acknowledgment.

Methods and apparatus for activating a purchased or previously deployed device by a subscriber. In one embodiment, activation includes authenticating the device to a service provider or carrier, and providing the device with data necessary for enabling the service to the device. In one variant, a user device is activated at a retail store, with the assistance of a carrier representative. In another variant, user equipment is activated via a communications network without the assistance of a representative. In yet another variant, the user equipment is activated via the Internet without the assistance of a representative. The provision of access data includes pre-assigning eSIM from a population of unassigned eSIMs to certain devices for various carrier networks. Alternatively, the eSIM may be assigned on an as-needed basis. Unassigned and/or unused eSIMs can be released (or sold back to the vendor) and/or reused. Solutions for eSIM backup and restoration are also described.

Architecture which includes functionality in a handset and a network that automates an access point association and authorization procedure. The invention builds on a framework specified as part of a generic access network controller to enable the network to transparently and dynamically detect, control, and manage which access points are allowed for specific subscribers. The invention comprises a system that facilitates communications over a network including an access component that facilitates wireless communications over an unlicensed network that operates in an unlicensed frequency band (e.g., a home Wi-Fi network), and an authorization component that facilitates authorization of a mobile communications device (e.g., a cellular telephone) for communications over a mobile communications network (e.g., a cellular network) via the unlicensed network.

A mechanism for an apparatus in a communication network is described. The mechanism comprises receiving provisioning from a second apparatus, wherein said provisioning comprising at least a public identity and a pre-defined range of private identity associated with the public identity, receiving a request comprising a first public identity and its associated private identity from a third apparatus, determining the first public identity already exists in the apparatus, determining the received private identity is not identical to any private identity already provisioned in the apparatus, determining the received private identity is not identical to any private identity in a temporary profile, determining the received private identity is within a pre-defined range of private identity associated with the first public identity, creating a temporary private identity identical to the received private identity and a temporary profile for the received private identity.

The present disclosure relates to a method and system for the remote provisioning of an access subscription of a user to a wireless communication network, wherein at least one network operator provides communication services to mobile communication devices provided with a user UICC card. Data of a temporary subscription are generated from the data of an initial subscription which will subsequently allow generating data of a definitive subscription in a network operator and in the UICC card requesting a subscription from the former without the need of remotely transmitting sensitive data of the definitive subscription.