A method and a device for performing communication by using a virtual subscriber identity module are used to provide a mode in which the device can perform communication without a SIM card. The method includes: receiving, by a first device, a virtual subscriber identity module data package sent by a second device by using a short range communications protocol, where the virtual subscriber identity module data package carries a virtual subscriber identity, and the virtual subscriber identity is used to uniquely identify a user using the first device when the first device performs communication in a network provided by a mobile communications operator; obtaining, by the first device, the virtual subscriber identity by using the virtual subscriber identity module data package; and communicating, by the first device by using the virtual subscriber identity, with another device in the network provided by the mobile communications operator.

A method and a device for performing communication by using a virtual subscriber identity module are used to provide a mode in which the device can perform communication without a SIM card. The method includes: receiving, by a first device, a virtual subscriber identity module data package sent by a second device by using a short range communications protocol, where the virtual subscriber identity module data package carries a virtual subscriber identity, and the virtual subscriber identity is used to uniquely identify a user using the first device when the first device performs communication in a network provided by a mobile communications operator; obtaining, by the first device, the virtual subscriber identity by using the virtual subscriber identity module data package; and communicating, by the first device by using the virtual subscriber identity, with another device in the network provided by the mobile communications operator.

Embodiments described herein relate to credential wrapping for secure transfer of electronic SIMs (eSIMs) between wireless devices. Transfer of an eSIM from a source device to a target device includes re-encryption of sensitive eSIM data, e.g., eSIM encryption keys, financial transaction credentials, transit authority credentials, and the like, using new encryption keys that include ephemeral elements applicable to a single, particular transfer session between the source device and the target device. The sensitive eSIM data encrypted with a symmetric key (K.sub.s) is re-wrapped with a new header that includes a version of K.sub.s encrypted with a new key encryption key (KEK) and information to derive KEK by the target device. The re-encrypted sensitive SIM data is formatted with additional eSIM data into a new bound profile package (BPP) to transfer the eSIM from the source device to the target device.

A device may obtain, from a pool of subscription identifiers allocated for sharing, a subscription identifier for a target device to be onboarded onto a wireless network. The device may generate a derived subscriber identification module (SIM) profile that includes the subscription identifier and a derived set of credentials. The derived set of credentials may be based on an existing set of credentials associated with the device. The device may cause the derived SIM profile to be provided to the target device to enable the target device to obtain access to the wireless network.

A device may obtain, from a pool of subscription identifiers allocated for sharing, a subscription identifier for a target device to be onboarded onto a wireless network. The device may generate a derived subscriber identification module (SIM) profile that includes the subscription identifier and a derived set of credentials. The derived set of credentials may be based on an existing set of credentials associated with the device. The device may cause the derived SIM profile to be provided to the target device to enable the target device to obtain access to the wireless network.

Embodiments of the present invention disclose a network connection method, a hotspot terminal, and a management terminal. A hotspot terminal receives an Internet access request sent by a mobile terminal. The hotspot terminal sends an input request to the mobile terminal according to the received Internet access request. The hotspot terminal receives user identity information sent by the mobile terminal. The hotspot terminal receives a permission confirmation instruction that is entered by an administrator according to the user identity information. The hotspot terminal determines Internet access permission of the mobile terminal according to the received permission confirmation instruction. According to the network connection method provided in the embodiments of the present invention, a problem that a process in which a mobile terminal logs in to a remote network by using a hotspot terminal is tedious and complex is resolved.

A method for obtaining a profile for access to a communication network by a secondary terminal via a main terminal. The main terminal includes a security element having an authentication key, the authentication key being used by the network and by the main terminal to generate at least one session master key specific to the main terminal. The secondary terminal: provides its identifier to the main terminal; receives from the main terminal a temporary key specific to the secondary terminal, a temporary identifier of the secondary terminal, and an identifier of the network for access to the network. The temporary key is based on the temporary identifier of the secondary terminal and the session master key of the main terminal. The temporary key, the temporary identifier, the identifier of the secondary terminal, and the identifier of the access network are included in an profile for access to the network.

A networkable device is coupled to a wireless IP gateway or paired to a personal area network (PAN) via the use of a sonic tone, which may be a human audible tone, which encodes a symbol sequence representing a binary message useful for implementing connection to a wireless IP gateway or pairing with a PAN. In one embodiment the sonic tone conveys a media access controller (MAC) address, to facilitate connection and/or pairing. Alternatively, or in addition, the sonic tone may encode a Service Set Identifier (SSID) and password for connection to a wireless network (Wi-Fi), or a BLUETOOTH (IEEE 802.15.1) identifier and/or PIN for connection to a BLUETOOTH (IEEE 802.15.1) PAN. In particular implementation of this embodiment the tone is produced by the IP gateway and used to initiate Wi-Fi connection, and/or the tone is produced by the master device of a PAN to initiate BLUETOOTH (IEEE 802.15.1) connection.

The present document proposes enablers for multiple user identities per UE. It defines user identity profiles for the users sharing the same UE and it allows for these user identity profiles to be provisioned in the UE's subscription information. The proposal enables multi user UEs to register at the same time for one or more users that are sharing the UE with optional extra user-specific authentication and authorisation. When registered, such a multi user UE can initiate per user PDU Session establishment and also can be paged for per user (one or more users) mobile terminated services.

A security establishment method includes generating a pair of keys via mutual authentication between a terminal device (110) and a serving network, and the terminal device (110) and the serving network sharing K.sub.ASME by using the generated pair of keys (Steps S50 and S100), the terminal device (110) and a roaming destination network of the terminal device (110) generating, by using the K.sub.ASME, K.sub.SEAF mapped with SEAF (50) (Steps S140 and S150), and the terminal device (110) and the roaming destination network generating, by using at least the K.sub.SEAF and SUPI used to recognize a subscriber in the serving network, K.sub.AMF mapped with AMF (60) (Steps S140 and S150).