A method is disclosed in which a defined vendor specific extension is used to store an enterprise network identifier within a subscriber identity module (SIM). The use of the vendor specific extension makes it easier to provision a SIM (Subscriber Identity Module) profile with an enterprise identifier. The vendor specific extension allows the high level operating system (HLOS) of a UE (User Equipment) to obtain an enterprise identifier without impacting the baseband implementation of the UE. The same enterprise identification can be reused in equipment of both 4th Generation Long Term Evolution (LTE) and 5th Generation New Radio (NR) networks.

This application provides a slice authentication method and an apparatus. One example method includes: initiating, by a first network function (NF), slice authentication between a terminal device and an authentication server for a slice; sending, by the first NF, identification information of a first network, identification information of the slice, and identification information of the terminal device to the authentication server, wherein the first NF is an NF in the first network; and receiving, by the first NF, a slice authentication result for the slice, the identification information of the slice, and the identification information of the terminal device from the authentication server.

Systems and methods for configuring industrial devices through a secured wireless side channel may include a compute device. The compute device may have primary communication circuitry configured to communicate through a network and side channel communication circuitry configured to communicate through a wireless side channel that is different from the network. The compute device may additionally include circuitry configured to obtain, via the wireless side channel, configuration data indicative of a configuration for one or more operations of an industrial device of an industrial process plant. Additionally the circuitry may be configured to configure, in response to obtaining the configuration data, the one or more operations of the industrial device.

A wearable device including a skin sensor and a processor is provided. The processor is configured to receive an authentication data for authenticating a user when a wearing state of the wearable device is adjacent to a skin surface of the user, execute a predetermined function in response to a request when the authentication data matches a pre-stored data and the skin sensor determines that the wearable device does not leave the skin surface after the authentication data is received, and reject or ignore the request when the skin sensor determines that the wearable device leaves the skin surface before the predetermined function is executed. The processor further calculates blood pressures according to PPG signals detected by a PPG sensor of the skin sensor.

A tamper resistant device can be used for an integrated circuit card. The device includes memory storing a first security domain that includes a telecommunication profile and a second security domain that includes an application profile. A first physical interface is configured to be coupled to a baseband processor configured to operate with a mobile telecommunications network. A second physical interface configured to be coupled to an application processor. The first physical interface configured to allow the baseband processor to access the telecommunication profile and the second physical interface is configured to allow the application processor to access the application profile. The tamper resistant device is configured to enable accessibility to the application profile if corresponding commands are received at the first interface and to enable accessibility to the telecommunication profile if corresponding commands are received at the second interface.

An application gateway including application service programming positioned at a user premises can provide voice controlled and managed services to a user and one or more endpoint devices associated with the application gateway. The application gateway can be controlled remotely by the application service provider through a service management center and configured to execute an application service provided from the application service provider. The application gateway can execute the application service at the user premises upon voice command by a user and independent of application services executing on the application service provider's network. An application service logic manager can communicate with an application service enforcement manager to verify that the request conforms with the policy and usage rules associated with the application service in order to authorize execution of the application service on the application gateway, either directly or through endpoint devices.

A method for obtaining a command relating to a network access profile of an eUICC security module incorporated into a communication device and associated with a physical identifier. The communication terminal: obtains the physical identifier and an anonymous identifier of the security module is calculated from the physical identifier and a random parameter; transmits a request to obtain the command, via an “operator server”, to a “preparation server”, the request to obtain including the anonymous identifier of the security module; obtains the random parameter and calculates the anonymous identifier from the physical identifier of the security module and the random parameter; and sends, to a “discovery server”, a request to obtain information intended to obtain the command, this request to obtain information including the anonymous identifier, in order to obtain, in response, from the discovery server, an address of the preparation server.

An electronic device includes a communication module, an embedded-subscriber identification module (eSIM) in which at least one profile is stored, and a processor. The processor is configured to, when accessing a server and succeeding in authentication for a first profile among at least one profile stored in the eSIM, receive an authentication token indicating successful authentication for the first profile from the server, when establishing communication with a first electronic device through the communication module, inform the first electronic device that the first profile is transmittable data, and when transmission of the first profile is requested from the first electronic device, transmit, to the first electronic device, the authentication token for downloading a second profile corresponding to the first profile from the server.

A method (200) for operating a User Equipment (UE) is disclosed, the UE configured to connect to a communication network. The method comprises: indicating to the communication network an Integrity Protection for User Plane (IPUP) mode supported by the UE when requesting registration with the communication network (202). The IPUP mode comprises one of: use of Integrity Protection for User Plane data exchanged with the UE (202a), non-use of Integrity Protection for User Plane data exchanged with the UE (202b), or use of Integrity Protection for User Plane data, and non-use of Confidentiality Protection for User Plane data (202c). Also disclosed are an apparatus for operating a UE, methods and apparatus for operating a radio access node and a core node of a communication network, and a computer program operable to carry out methods for operating a UE, a radio access node and/or a core node of a communication network.

A device may receive data relating to a site plan and image data relating to a network device. The device may determine a device identifier based on the image data, associate the device identifier with the site plan based on a common attribute between the network device and the site plan, and cause a certificate to be generated based on an authentication request to a network controller. The authentication request may cause the network controller to generate the certificate based on the device identifier and/or the site plan. The device may cause an Internet protocol (IP) address to be assigned to the network device based on the certificate, a location of the network device, and/or another related parameter, cause a node configuration to be generated based on the IP address, the device identifier, and/or the site plan, and provision the network device according to the node configuration.