Embodiments described herein relate to credential wrapping for secure transfer of electronic SIMs (eSIMs) between wireless devices. Transfer of an eSIM from a source device to a target device includes re-encryption of sensitive eSIM data, e.g., eSIM encryption keys, financial transaction credentials, transit authority credentials, and the like, using new encryption keys that include ephemeral elements applicable to a single, particular transfer session between the source device and the target device. The sensitive eSIM data encrypted with a symmetric key (K.sub.s) is re-wrapped with a new header that includes a version of K.sub.s encrypted with a new key encryption key (KEK) and information to derive KEK by the target device. The re-encrypted sensitive SIM data is formatted with additional eSIM data into a new bound profile package (BPP) to transfer the eSIM from the source device to the target device.

A network access method includes: establishing a BLUETOOTH connection to a BLUETOOTH terminal; receiving, using the BLUETOOTH connection, a network access request from the BLUETOOTH terminal; and when the BLUETOOTH terminal is an authorized device, activating a BLUETOOTH network sharing function automatically and forwarding the network access request to a wide area network.

Secure communication in accessing a network is described herein. An example apparatus can include a memory and a processor coupled to the memory. The processor can be configured to receive an identity public key from the identity device. The identity public key can be received in response to providing, to the identity device, a request to modify content of the identity device. The processor can be further configured to encrypt data corresponding to subscriber information using the identity public key, provide (to the identity device) the encrypted data to store the subscriber information in the identity device, and access a network operated by a network operator via the data stored in the identity device.

A method of operating a moving object having a plurality of identity devices is provided. The method includes generating data in the moving object, transmitting first data of a plurality of data to a first node through a first identity device of the moving object and transmitting second data of the plurality of data to a second node through a second identity device of the moving object, receiving the first data from the first node and receiving the second data from the second node, and operating the moving object based on the first data and the second data.

Systems and methods described herein provide a private network management service for enterprise networks with wireless access. The systems and methods receive, within a provider network and from a user of a private network, parameters for multiple subscription profiles; associate the multiple subscription profiles with an identifier for the private network to create private network subscription profiles; store the private network subscription profiles; and provide at least a portion of the private network subscription profiles from a core network of the provider network to an authentication proxy in the private network. The authentication proxy performs authentication for end devices locally based on the private network subscription profiles.

Systems and methods described herein provide a private network management service for enterprise networks with wireless access. The systems and methods receive, within a provider network and from a user of a private network, parameters for multiple subscription profiles; associate the multiple subscription profiles with an identifier for the private network to create private network subscription profiles; store the private network subscription profiles; and provide at least a portion of the private network subscription profiles from a core network of the provider network to an authentication proxy in the private network. The authentication proxy performs authentication for end devices locally based on the private network subscription profiles.

A network connection method, a hotspot terminal, and a management terminal are provided. A hotspot terminal receives an Internet access request sent by a mobile terminal, sends an input request to the mobile terminal according to the received Internet access request; receives user identity information sent by the mobile terminal; receives a permission confirmation instruction that is entered by an administrator according to the user identity information; determines Internet access permission of the mobile terminal according to the received permission confirmation instruction. According to the network connection method provided in the embodiments of the present application, the tedious and complex process where a mobile terminal logging into a remote network by using a hotspot terminal is significantly improved.

This document discusses, among other things, a wireless personal-area network (PAN) underlying a cellular wide-area network (WAN). The PAN includes a wearable user equipment (UE-W) and a user equipment aggregation node (UE-AN). The UE-W includes processing circuitry to process data for communication with a network of the WAN through the UE-AN, and radio interface circuitry to communicate with the UE-AN through a first air interface. The UE-AN includes processing to process data for communication between the network of the WAN and the UE-W, and radio interface circuitry to communicate with the network of the WAN through the first air interface and with the UE-W through a second air interface. The UE-W and the UE-AN can share a network credential, appearing as a single device to the WAN.

This document discusses, among other things, a wireless personal-area network (PAN) underlying a cellular wide-area network (WAN). The PAN includes a wearable user equipment (UE-W) and a user equipment aggregation node (UE-AN). The UE-W includes processing circuitry to process data for communication with a network of the WAN through the UE-AN, and radio interface circuitry to communicate with the UE-AN through a first air interface. The UE-AN includes processing to process data for communication between the network of the WAN and the UE-W, and radio interface circuitry to communicate with the network of the WAN through the first air interface and with the UE-W through a second air interface. The UE-W and the UE-AN can share a network credential, appearing as a single device to the WAN.

A method and an apparatus for secure interaction between terminals, where the method includes indicating or indirectly indicating, by a companion terminal with an embedded Universal Integrated Circuit Card (eUICC), a Hypertext Transfer Protocol (HTTP) over Secure Socket Layer (HTTPS) Uniform Resource Locator (URL) including security information to a primary terminal such that the primary terminal initiates establishment of a local Transport Layer Security (TLS) connection according to the HTTPS URL, receiving, by the companion terminal, an HTTP request from the primary terminal using the local TLS connection, completing establishment of an HTTPS session when the companion terminal determines that the HTTP request includes the security information, and receiving, by the companion terminal, an operation instruction for the eUICC from the primary terminal using the HTTPS session.