During operation, a computer receives an attachment request from a radio node, where the attachment request is associated with an electronic device, and includes an identifier of the radio node, an identifier of the electronic device and an identifier of a service provider. Then, the computer determines a first entity identifier of an entity based at least in part on the identifier of the radio node and a second entity identifier of the entity based at least in part on the identifier of the electronic device. When the first entity identifier matches the second entity identifier, the computer performs authentication of the electronic device. Alternatively, if the entity identifiers are different, but the identifier of the service provider matches a stored identifier, the computer performs the authentication of the electronic device. Otherwise, the computer does not allow the electronic device to attach to a private or neutral-host network.

During operation, a computer receives an attachment request from a radio node, where the attachment request is associated with an electronic device, and includes an identifier of the radio node, an identifier of the electronic device and an identifier of a service provider. Then, the computer determines a first entity identifier of an entity based at least in part on the identifier of the radio node and a second entity identifier of the entity based at least in part on the identifier of the electronic device. When the first entity identifier matches the second entity identifier, the computer performs authentication of the electronic device. Alternatively, if the entity identifiers are different, but the identifier of the service provider matches a stored identifier, the computer performs the authentication of the electronic device. Otherwise, the computer does not allow the electronic device to attach to a private or neutral-host network.

Aspects of the subject disclosure may include, for example, responsive to a first registration request to access a mobile network, determining whether a first phone number associated with a first IMSI assigned to a first SIM of a first mobile device matches a second phone number associated with a second IMSI assigned to a second SIM of a second mobile device, determining whether the second mobile device is currently registered to the mobile network, and, in turn, sending a request for authentication to register the first mobile device and to deregister the second mobile device, determining whether a response to the request for the authentication code matches an authentication code, and responsive to the determining the response matches the authentication code, registering the first mobile device to the mobile network and deregistering the second mobile device from the mobile network. Other embodiments are disclosed.

Aspects of the subject disclosure may include, for example, responsive to a first registration request to access a mobile network, determining whether a first phone number associated with a first IMSI assigned to a first SIM of a first mobile device matches a second phone number associated with a second IMSI assigned to a second SIM of a second mobile device, determining whether the second mobile device is currently registered to the mobile network, and, in turn, sending a request for authentication to register the first mobile device and to deregister the second mobile device, determining whether a response to the request for the authentication code matches an authentication code, and responsive to the determining the response matches the authentication code, registering the first mobile device to the mobile network and deregistering the second mobile device from the mobile network. Other embodiments are disclosed.

Techniques for flexible electronic subscriber identity module (eSIM) deployment to a wireless device by a network server, including generation of multiple eSIMs using an identical eSIM identifier value, such as an identical integrated circuit card identifier (ICCID) value, and subsequent selection of an eSIM based on capabilities of the wireless device. Multiple eSIMs that correspond to different sets of wireless device capabilities are generated without knowledge of the wireless communication standards that a wireless device supports. The multiple eSIMs include a first eSIM that includes fifth generation (5G) wireless communication protocol information and a second eSIM that excludes 5G wireless communication protocol information. The network server selects an eSIM from the multiple eSIMs based on whether the wireless device is 5G capable. After selection and binding of a profile package that includes the eSIM, the remaining eSIMs that use the identical ICCID value are deleted, for security enforcement against cloning.

An illustrative embodiment disclosed herein is a non-transitory computer readable medium. In some embodiments, the medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a first message transmitted over a packet forwarding control protocol (PFCP) interface, extract a permanent ID and a first user plane tunnel endpoint identifier (TEID) from the first message, store the permanent ID and the first user plane TEID in a PFCP protocol data unit (PDU) session record, store the permanent ID in a session details record, capture a second message transmitted over a user plane interface after the first message is transmitted, extract a second user plane TEID from the second message, wherein the second user plane TEID matches the first user plane TEID, and retrieve the session details record using the second user plane TEID.

An illustrative embodiment disclosed herein is a non-transitory computer readable medium. In some embodiments, the medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a first message transmitted over a packet forwarding control protocol (PFCP) interface, extract a permanent ID and a first user plane tunnel endpoint identifier (TEID) from the first message, store the permanent ID and the first user plane TEID in a PFCP protocol data unit (PDU) session record, store the permanent ID in a session details record, capture a second message transmitted over a user plane interface after the first message is transmitted, extract a second user plane TEID from the second message, wherein the second user plane TEID matches the first user plane TEID, and retrieve the session details record using the second user plane TEID.

In some embodiments, a non-transitory computer readable medium is disclosed. In some embodiments, the medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a first message transmitted over an N11 interface, extract at least one type of session ID and a first Next Generation Application Protocol (NGAP) tunnel endpoint identifier (TEID) from the first message, store the at least one type of session ID and the first NGAP TEID in a first N11 protocol data unit (PDU) session record, capture a second message transmitted over an N3 interface, extract a general packet radio service (GPRS) tunneling protocol (GTP)-user plane (U) TEID from the second message, wherein the GTP-U TEID matches the first NGAP TIED, and retrieve information associated with session details record using the GTP-U TEID.

In some embodiments, a non-transitory computer readable medium is disclosed. In some embodiments, the medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a first message transmitted over an N11 interface, extract at least one type of session ID and a first Next Generation Application Protocol (NGAP) tunnel endpoint identifier (TEID) from the first message, store the at least one type of session ID and the first NGAP TEID in a first N11 protocol data unit (PDU) session record, capture a second message transmitted over an N3 interface, extract a general packet radio service (GPRS) tunneling protocol (GTP)-user plane (U) TEID from the second message, wherein the GTP-U TEID matches the first NGAP TIED, and retrieve information associated with session details record using the GTP-U TEID.

In some implementations, a first network device may receive an authorization request associated with a user device connecting to a network associated with first network device. The first network device may redirect the authorization request toward a second network device associated with a second service provider. The first network device may determine, based on a response to the authorization request, that the user device is subscribed to a service provided by the second service provider and that the user device is not authorized to connect to the network. The first network device may provide a temporary service to the user device to enable the user device to connect to the network for a limited period based on the user device being subscribed to the service provided by the second service provider and the user device not being authorized to connect to the network.