Methods and devices for provisioning a secure application on an electronic device with first issuer data for a first issuer are described. In an embodiment, the provisioning system receives and stores first issuer records. The example provisioning system receives a provisioning request to provision the secure application with the first issuer data. The provisioning request includes identifying information. The example provisioning system evaluates the provisioning request based on at least one of the first issuer evaluation criteria, the first issuer records and the identifying information in the provisioning request. When the provisioning request satisfies the first issuer evaluation criteria, the example provisioning system generates a signal using the communication module to provide the first issuer data to the electronic device to provision the secure application on the electronic device.

A method for controlling access to a restricted resource is provided. The method may include receiving, by a cloud server, an identifier from a user device over a long range wireless channel. Further, the method may include comparing the identifier with a plurality of identifiers registered with an access control device. Further, the method may include authenticating the user device based on the comparing and subsequently transmitting a code to the user device upon successful authenticating. Thereafter, the user device may transmit the code to the access control device over a short range wireless channel. Further, the access control device may be configured to provide access to the restricted resource based on receiving of the code. Further, the method may include transmitting the code to the access control device over a long range wireless channel so that the access control device may authenticate the user device.

A method for controlling access to a restricted resource is provided. The method may include receiving, by a cloud server, an identifier from a user device over a long range wireless channel. Further, the method may include comparing the identifier with a plurality of identifiers registered with an access control device. Further, the method may include authenticating the user device based on the comparing and subsequently transmitting a code to the user device upon successful authenticating. Thereafter, the user device may transmit the code to the access control device over a short range wireless channel. Further, the access control device may be configured to provide access to the restricted resource based on receiving of the code. Further, the method may include transmitting the code to the access control device over a long range wireless channel so that the access control device may authenticate the user device.

In some examples, an electronic device includes a plurality of network interfaces to communicate over respective different networks, and a storage medium to store information associating a first application of the electronic device with a first profile, and associating a second application of the electronic device with a second profile. The first profile selects a first network interface of the plurality of network interfaces to use for communications, and the second profile selects a second network interface of the plurality of network interfaces to use for communications.

Methods and devices for establishing a communication between a first and a second terminal are described. The disclosed technology can be implemented in or by a server or a terminal in communication with the server. The first terminal can to the server, using a first calling identity, a request including connection information and an identifier of the first terminal. Using the identifier, the server can obtain from a database a pair of calling identities including one certified and one non-certified, the pair comprising the first calling identity and a second calling identity. The server can determine, from one of the calling identities and from the connection information, a connectivity mode of the terminal, and determine a routable number on which the terminal can send a communication to the server. The server can route the communication towards the second terminal by presenting a calling identity of the pair and sending the routable number to the first terminal.

An authentication system and an authentication method are provided. The electronic device of the authentication system includes a controller, a processor and a key module, wherein the processor performs an application program. In a binding phase, the application device generates a digest file according to key factor information and a selection strategy, and stores the digest file in a digest table of the electronic device. In a checking phase, the application program determines whether the controller corresponds to a binding device according to the digest file and the key factor information. If the controller corresponded to the binding device, in an authentication phase, the controller performs an authentication operation of a U2F service with a server device according to the digest file corresponding to the binding device in response to a pressing of the key module.

Techniques for mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile user identity and/or SIM-based IOT identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.

Techniques for mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile user identity and/or SIM-based IOT identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.

There is provided mechanisms for remote provisioning of a SIM profile to a subscriber entity. A method is performed by a remote SIM provisioning server. The method includes obtaining a request from an MNO entity for generation of the SIM profile. The method includes generating the SIM profile. The method includes providing, to a storage entity, a key-value pair of the SIM profile. The key-value pair includes a unique identifier including at least one profile specific element of the SIM profile as key and binding information of the at least one profile specific element as value. The unique identifier including at least one profile specific element of the SIM profile is represented by an ICCID of the SIM profile. The binding information of the at least one profile specific element is represented by an EID and profile/subscription unique data elements for the SIM profile.

An electronic device is provided. The electronic device includes at least one wireless communication circuit, a processor operatively connected with the at least one wireless communication circuit, and a memory operatively connected to the processor, wherein the memory stores instructions that, when executed, cause the processor to detect an event related to transmission of identification information through the at least one wireless communication circuit, in response to the detection of the event, perform a first authentication procedure for obtaining access right to the identification information, relay a second authentication procedure between an external electronic device and a server through the at least one wireless communication circuit, and receive the identification information that is stored in the external electronic device from the server through the at least one wireless communication circuit.