A physical access control system enables acceptable portal entry codes upon receiving each physical access request by operating on the elapsed time from a previous physical access request to generate a temporal credential. The controller receives a plurality of physical access requests from a plurality of mobile application devices. Upon authenticating the first access request, the controller eliminates repetition from the space of acceptable successor requests from each mobile application device. Monotonic nonces advance the range of temporal code matches. Entry code generation is decentralized to distributed application devices and is inherently unknowable until a successor access request is initiated by the same application device.

An electronic device according to an embodiment of the disclosure may include a communication module, a subscriber identification module, and at least one processor. The at least one processor may identify identification information of the subscriber identification module stored in the subscriber identification module when the subscriber identification module is identified as being first inserted, may configure a network service provider based on the identified identification information, may generate a signature by using lock information of the subscriber identification module, may identify network lock information when the signature is identified as being valid, and may set up a network lock function of the communication module based on the identified network lock information.

An electronic device according to an embodiment of the disclosure may include a communication module, a subscriber identification module, and at least one processor. The at least one processor may identify identification information of the subscriber identification module stored in the subscriber identification module when the subscriber identification module is identified as being first inserted, may configure a network service provider based on the identified identification information, may generate a signature by using lock information of the subscriber identification module, may identify network lock information when the signature is identified as being valid, and may set up a network lock function of the communication module based on the identified network lock information.

A subscriber authentication system prevents a change from being applied to a subscriber account until the subscriber approves of the change at the network core. The subscriber authentication system identifies one or more subscriber accounts for a network, each subscriber account being associated with a subscriber. The subscriber authentication system receives an indication that a change is requested for a subscriber account. The subscriber authentication system receives, within a network core, authentication information and data indicating whether the change is to be made to the subscriber account. The subscriber authentication system authenticates, within the network core, that the data was received from the subscriber based on the authentication information. The subscriber authentication system causes the change to be made based on the data indicating whether the change is to be made and the result of the

A subscriber authentication system prevents a change from being applied to a subscriber account until the subscriber approves of the change at the network core. The subscriber authentication system identifies one or more subscriber accounts for a network, each subscriber account being associated with a subscriber. The subscriber authentication system receives an indication that a change is requested for a subscriber account. The subscriber authentication system receives, within a network core, authentication information and data indicating whether the change is to be made to the subscriber account. The subscriber authentication system authenticates, within the network core, that the data was received from the subscriber based on the authentication information. The subscriber authentication system causes the change to be made based on the data indicating whether the change is to be made and the result of the

Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (K.sub.IMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (K.sub.IMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.

Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (K.sub.IMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (K.sub.IMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.

Provided are systems and methods for verifying an identity of a user based on a data mesh created from various sources of truth. In one example, a method may include establishing, via a host platform, a first and a authenticated communication channel between a host server of a user account and a host server of a second user account, retrieving, via the first and second authenticated communication channels, PII of the user from the first and second user accounts and combining the PII into a meshed data set, determining a difference between the PII within the meshed data set, and verify an identity of the user based on the determined difference between the PII within the meshed data set and transmitting the verification to a computer system.

A technique for relaying control messages between a core network entity of a communications network and radio devices served by the base station of the communications network is described. As to a method aspect of the technique, each of the control messages is relayed from one of the radio devices to the core network entity or from the core network entity to one of the radio devices. Each of the relayed control messages comprises an identifier that is indicative of at least one of the respective one of the radio devices and a user thereof. The control messages are stored at the base station, wherein the identifier is replaced in each of the stored control messages by a placeholder value that is independent of at least one of the respective one of the radio devices and the user thereof.

In some embodiments, the present disclosure is directed to an exemplary process including: displaying, by a processor of a computing device, an access controller interface element and an access code on a screen of the computing device; where the access controller interface element is: communicatively coupled to a cellular network hosted access controlling schema and operationally linked to an access-restricted digital resource; transmitting, by the processor of the computing device, in response to the at least one activity, an access request having data that includes: the access code and an identity linked to the computing device; where at least one part of the data is configured to be accepted by the cellular network hosted access controlling schema; accessing, by the processor of the computing device, the access-restricted digital resource after the at least one part of the data has been accepted by the cellular network hosted access controlling schema.