A provider system is connected to readers disposed at distances from the provider system. A secure local connection is established between the client device and the provider system via one of the readers. Before the client reaches an access touchpoint, the provider system receives from the client device a request for client access, the provider system sends to the client device a request for identification information of the client, and the client device sends client information associated with a first mobile identification credential (MIC) which the client device received from an authorizing party system (APS), the client having consented to release the client information to the provider system, and the client information having been verified. The provider system uses the verified client information associated with the first MIC to verify or not verify the identity of the client before granting or denying the request to the client.

A provider system is connected to readers disposed at distances from the provider system. A secure local connection is established between the client device and the provider system via one of the readers. Before the client reaches an access touchpoint, the provider system receives from the client device a request for client access, the provider system sends to the client device a request for identification information of the client, and the client device sends client information associated with a first mobile identification credential (MIC) which the client device received from an authorizing party system (APS), the client having consented to release the client information to the provider system, and the client information having been verified. The provider system uses the verified client information associated with the first MIC to verify or not verify the identity of the client before granting or denying the request to the client.

Disclosed examples include accessing a search term from a client device; accessing a first identifier, the first identifier corresponding to a first database proprietor, the first identifier to access first user information corresponding to a user of the client device; accessing a second identifier, the second identifier corresponding to a second database proprietor, the second identifier to access second user information corresponding to the user of the client device; providing the search term, the first identifier, and the second identifier in a message; and transmitting the message to a server.

In a method for conducting communications, a first terminal device in a vehicle-to-vehicle (V2V) network sends a first request message to a server of the V2V network to request the server to allocate an encryption key corresponding to a first service. The first request message includes an identifier of the first service and an identifier of the first terminal device. The first terminal device receives from the server a first response message that includes an encryption key corresponding to the first service. The first terminal device uses the encryption key to encrypt first information related to the first terminal device in the V2V network, and broadcasts a broadcast message that includes the encrypted first information to the V2V network.

Embodiments of apparatus and method for random access are disclosed. In an example, a user equipment can include at least one processor and at least one memory including computer program code. The at least one memory and the computer program code can be configured to, with the at least one processor, cause the user equipment at least to send a trigger message and unique identifier in a first message from the user equipment to a network node. The at least one memory and the computer program code can also be configured to, with the at least one processor, cause the user equipment at least to receive an acknowledgement at the user equipment in a second message from the network node using the user equipment's unique identifier. Contention resolution for the user equipment can be concluded with only the first message and the second message.

During operation, a computer receives an attachment request from a radio node, where the attachment request is associated with an electronic device, and includes an identifier of the radio node, an identifier of the electronic device and an identifier of a service provider. Then, the computer determines a first entity identifier of an entity based at least in part on the identifier of the radio node and a second entity identifier of the entity based at least in part on the identifier of the electronic device. When the first entity identifier matches the second entity identifier, the computer performs authentication of the electronic device. Alternatively, if the entity identifiers are different, but the identifier of the service provider matches a stored identifier, the computer performs the authentication of the electronic device. Otherwise, the computer does not allow the electronic device to attach to a private or neutral-host network.

During operation, a computer receives an attachment request from a radio node, where the attachment request is associated with an electronic device, and includes an identifier of the radio node, an identifier of the electronic device and an identifier of a service provider. Then, the computer determines a first entity identifier of an entity based at least in part on the identifier of the radio node and a second entity identifier of the entity based at least in part on the identifier of the electronic device. When the first entity identifier matches the second entity identifier, the computer performs authentication of the electronic device. Alternatively, if the entity identifiers are different, but the identifier of the service provider matches a stored identifier, the computer performs the authentication of the electronic device. Otherwise, the computer does not allow the electronic device to attach to a private or neutral-host network.

Authorization for access to an application server and associated communication service can be desirably managed. When a device attempts to access an application server and service, an authorization server generates an encrypted token, comprising device identifier information, and communicates the token to the device. The device communicates the token to the application server. The application server communicates the token to the authorization server. The authorization server determines whether the device is validated to access the application server and service based on the encrypted token, private decryption key, and initialization vector, and based on subscriber-related information. The authorization server does not share the private decryption key or initialization vector with the application server. If validated, the authorization server communicates validation-related information, including a permitted portion of subscriber-related information, to the application server. If not validated, the authorization server communicates not-validated information to the application server.

Techniques for flexible electronic subscriber identity module (eSIM) deployment to a wireless device by a network server, including generation of multiple eSIMs using an identical eSIM identifier value, such as an identical integrated circuit card identifier (ICCID) value, and subsequent selection of an eSIM based on capabilities of the wireless device. Multiple eSIMs that correspond to different sets of wireless device capabilities are generated without knowledge of the wireless communication standards that a wireless device supports. The multiple eSIMs include a first eSIM that includes fifth generation (5G) wireless communication protocol information and a second eSIM that excludes 5G wireless communication protocol information. The network server selects an eSIM from the multiple eSIMs based on whether the wireless device is 5G capable. After selection and binding of a profile package that includes the eSIM, the remaining eSIMs that use the identical ICCID value are deleted, for security enforcement against cloning.

A provider system is connected to readers disposed at distances from the provider system. A secure local connection is established between the client device and the provider system via one of the readers. Before the client reaches an access touchpoint, the provider system receives from the client device a request for client access, the provider system sends to the client device a request for identification information of the client, and the client device sends client information associated with a first mobile identification credential (MIC) which the client device received from an authorizing party system (APS), the client having consented to release the client information to the provider system, and the client information having been verified. The provider system performs a liveness check of the client using live-captured biometric information at the access touchpoint, determines whether the liveness check is valid, and grants the request if the liveness check is valid.