A system is disclosed for managing a communication network subscription identifier associated with a device. The system comprises a Core Network node configured to provide a subscription identifier for the device to a Device Management node with management responsibility for the device. The system further comprises a Verification node configured to receive from the Device Management node the subscription identifier and a characteristic of the device, and to bind the subscription identifier to the characteristic such that the subscription identifier is uniquely associated with the characteristic. The system further comprises a Network Access node configured to obtain the subscription identifier from the device. The Verification node, Network Access node and Core Network node are configured to cooperate to verify that the device from which the Network Access node obtained the subscription identifier is in possession of the characteristic that is bound to the subscription identifier.

A method and a wireless communication device for providing communication service to devices connected to the wireless communication device. By establishing a starter wireless carrier connection using a starter SIM from a plurality of local SIMs, the wireless communication device establishes one or more logical data connections with one or more SIM banks. Remote-SIMs are selected from the one or more SIM banks and used to establish further wireless carrier connections to allow communication service to be provided to the devices over wireless carrier connections.

Example embodiments relate to performing activation techniques for contactless cards. For example, embodiments may include performing a near-field communication (NFC) exchange with a contactless card, processing a message comprising data to activate the contactless card, communicating the data to a server to activate the contactless card; and receiving a response from the server, the response to indicate whether the contactless card is successfully activated or not successfully activated.

Systems, methods, apparatuses, and computer program products for dynamically updating routing identifiers (IDs) are provided. One method may include deciding, at a network node, to update a routing identifier for at least one user equipment. The method may then include obtaining or generating a new routing identifier to be assigned to the at least one user equipment along with authentication vectors, and transmitting the new routing identifier to an authentication entity.

Techniques for flexible electronic subscriber identity module (eSIM) deployment to a wireless device by a network server, including generation of multiple eSIMs using an identical eSIM identifier value, such as an identical integrated circuit card identifier (ICCID) value, and subsequent selection of an eSIM based on capabilities of the wireless device. Multiple eSIMs that correspond to different sets of wireless device capabilities are generated without knowledge of the wireless communication standards that a wireless device supports. The multiple eSIMs include a first eSIM that includes fifth generation (5G) wireless communication protocol information and a second eSIM that excludes 5G wireless communication protocol information. The network server selects an eSIM from the multiple eSIMs based on whether the wireless device is 5G capable. After selection and binding of a profile package that includes the eSIM, the remaining eSIMs that use the identical ICCID value are deleted, for security enforcement against cloning.

A method of providing a communication function in a user equipment includes receiving, at the user equipment, a login request to log the user in to the user equipment; determining, by the user equipment, based on the login, whether the user equipment has a communication profile associated with the user; if it is determined that the user equipment has a communication profile associated with the user, enabling the stored communication profile; if it is determined that the user equipment does not have a communication profile associated with the user stored: sending, by the user equipment, a first request to a first server to request support information for obtaining a communication profile associated with the user; receiving, at the user equipment, the support information from the first server; and obtaining, by the user equipment, the communication profile from the first server or a second server based on the support information.

A method of providing an electronic subscriber identity module (eSIM) profile to a wireless communication device. The method comprises receiving an eSIM profile provisioning request by a subscription manager-data preparation+ (SM-DP+) server, wherein the provisioning request comprises an embedded UICC identifier (EID) number, a private identity code, and wireless communication service subscription information; building an eSIM profile package by the SM-DP+ server based in part on the wireless communication service subscription information, wherein the eSIM profile package comprises an eSIM profile, the EID number, and the private identity code; sending a notification of the availability of the eSIM profile by the SM-DP+ server to a subscription manager-discovery server (SM-DS server), wherein the notification comprises the EID number and the private identity code; and transmitting the eSIM profile package by the SM-DP+ server to the wireless communication device.

A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.

A method includes receiving, by an embedded universal integrated circuit card (eUICC), first information from a local profile assistant (LPA), where the first information includes a first certificate issuer (CI) public key identifier, and the first CI public key identifier is a CI public key identifier that the eUICC does not have. The method further includes sending, by the eUICC, second information to an OPS, where the second information includes the first CI public key identifier. The method further includes receiving, by the eUICC, a patch package from the OPS, where the patch package includes at least a first CI public key corresponding to the first CI public key identifier. The method further includes updating, by the eUICC, a CI public key of the eUICC by using the first CI public key.

A method, apparatus, and computer program product provide for updating configuration parameters of a universal integrated circuit card via dedicated network functions in a 5G system. In the context of a method, the method receives an encapsulation request from a unified data management module, the encapsulation request comprising data for at least one configuration parameter associated with a universal integrated circuit card of a user device. The method generates, in response to the encapsulation request, a secure packet comprising the at least one configuration parameter and a secure packet header. The method also provides the secure packet to the unified data management module for delivery to the user device.