Methods and systems for controlling permissions of a UE for accessing a network. A method disclosed herein includes initiating, by a User Equipment (UE), a registration procedure with a serving network for accessing a selected network, wherein the selected network includes one of at least one CAG cell of an NPN and a VPLMN. The registration procedure indicates a network selection mode using which the UE has selected the network and the network selection mode includes one of an automatic mode and a manual mode. The method further incudes determining, by the serving network, a reject mode for rejecting the registration request of the UE based on the network selection mode indicated in the registration request, when the permissions of the UE to access the selected network have not been verified, wherein the reject mode includes a protected reject mode and an unprotected reject mode.

A tracking device stores identification values unique to the tracking device for use in authenticating the tracking device. When activated, the tracking device provides a first identification value to a first owner and a different identification value to a tracking system. The identification of the tracking device can only be authenticated by combining the identification values given to the owner and tracking system. If a second owner resets the tracking device, the tracking device stores a second version the identification values for use in authenticating the tracking device. In the case that the second owner is illegitimate, (for instance, the tracking device is stolen by the second owner) the first owner can report the tracking device stolen. Upon being reported stolen, the identification value provided to the first owner is transmitted to the tracking system for use with the tracking system identification value to authenticate the first owner, enabling the first owner to locate and recover their stolen device.

A tracking device stores identification values unique to the tracking device for use in authenticating the tracking device. When activated, the tracking device provides a first identification value to a first owner and a different identification value to a tracking system. The identification of the tracking device can only be authenticated by combining the identification values given to the owner and tracking system. If a second owner resets the tracking device, the tracking device stores a second version the identification values for use in authenticating the tracking device. In the case that the second owner is illegitimate, (for instance, the tracking device is stolen by the second owner) the first owner can report the tracking device stolen. Upon being reported stolen, the identification value provided to the first owner is transmitted to the tracking system for use with the tracking system identification value to authenticate the first owner, enabling the first owner to locate and recover their stolen device.

A method performed by a resolver in a core network of a wireless communication system, where the method comprise: receiving, from a requester in the core network, a request to resolve a provided identifier that is one of a subscription identifier and a pseudonym identifier serving in the core network as a pseudonym for the subscription identifier; and transmitting, to the requester as a response to the request, a resolved identifier that is the other of the subscription identifier and the pseudonym identifier.

A method performed by a resolver in a core network of a wireless communication system, where the method comprise: receiving, from a requester in the core network, a request to resolve a provided identifier that is one of a subscription identifier and a pseudonym identifier serving in the core network as a pseudonym for the subscription identifier; and transmitting, to the requester as a response to the request, a resolved identifier that is the other of the subscription identifier and the pseudonym identifier.

Various systems, computer-readable media, and computer-implemented methods of providing improved data privacy, anonymity and security by enabling subjects to which data pertains to remain “dynamically anonymous,” i.e., anonymous for as long as is desired—and to the extent that is desired—are disclosed herein. Embodiments include systems that create, access, use, store and/or erase data with increased privacy, anonymity, and security—thereby facilitating the availability of more qualified and accurate information. When personal data is authorized by data subjects to be shared with third parties, embodiments described herein may facilitate the sharing of information in a dynamically-controlled manner that also enables the delivery of temporally-, geographically-, and/or purpose-limited information to the receiving party. In one example, the disclosed techniques may be used to functionally separate geospatial information, such that it remains “dynamically anonymous,” i.e., anonymous for as long as is desired—and to the extent or degree that is desired.

Systems, methods and devices are provided for provisioning a computerized device. The system may include a distributor computer that is connected to the computerized device and is operable to receive a first digital asset and transmit it to the computerized device, and a server that is connected to the distributor computer, and that transmits the first digital asset to the distributor computer when a first authorizing condition is met, the first digital asset being configured to cause the computerized device to become partially provisioned, wherein the server transmits a second digital asset to the computerized device, and the computerized device is functional after the second digital asset is transmitted to the computerized device.

According to one method, the method occurs at a network node configured to relay network message information or derivative information to avoid resource contentions between user equipment (UE). The method includes receiving a first temporary UE identifier (TUEI) associated with a first UE for requesting a radio resource within a serving cell; assigning, using the first TUEI, the radio resource to the first UE; generating, using at least a conversion algorithm, a second value based on the first TUEI, wherein the second value has a higher entropy characteristic than the first TUEI, thereby reducing the likelihood of the second value including an encoded message decodable by a second UE when relayed by the network node; and broadcasting a message including the second value to a plurality of UEs including the second UE.

A wireless client device communicates, to an access point over a secure channel, a mapping of a dynamic device address to a stable device address. By communicating the mapping, the access point is able to determine that packets received from two different device addresses originate from a common device. The access point is then able to maintain an association between the originating device and other network resources assigned or allocated to the originating device, such as IP addresses or infrastructure station address, which is used to identify the originating device to other devices outside the network in some embodiments.

A terminal for performing an onboarding procedure for remote provisioning through steps of: receiving an onboarding enabled indication from at least one onboarding network; selecting an onboarding network based on the onboarding enabled indication and onboarding network selection information; and attempting registration for the selected onboarding network is provided.