Devices, methods, use user equipment (UE), core network devices, evolved node B (eNB), and storage media for UE provisioning are described. In one embodiment, processing circuitry of a mobility management entity (MME) decodes a non-access stratum (NAS) message comprising a detach request associated with a first user equipment (UE) and determines that the detach request is received from the UE without integrity protection. The MME then analyzes one or more additional criteria associated with the detach request in response to confirmation that the detach request message is received from the UE without the integrity protection, and manages an evolved packet system (EPS) mobility management (EMM) registration state for the first UE based on analysis of the one or more additional criteria. Various different criteria and associated EMM registration state management operations are described. Additional corresponding UE operations are also described.

Specific connection request is refused responsive to a match on the MAC ban list. If not on the MAC ban list, and a station has MAC randomization enabled, the specific connection requests is also checked against the hostname ban list, wherein the specific connection request is refused responsive to a match on the hostname ban list. The specific new connection request is allowed to proceed responsive to not matching the MAC ban list and not matching the hostname ban list.

An illustrative embodiment disclosed herein is a non-transitory computer readable medium. In some aspects, the non-transitory computer readable medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a transaction transmitted over an N12 interface, extract, from the transaction, one of an expected response (XRES) or an authentication token (AUTN), a user identifier (ID), and a cipher key, capture a first message transmitted over an N1 interface, and determine that the first message is associated with the user ID and the cipher key extracted from the transaction.

A system and method for encrypting a data frame of a low-power communication protocol. The method includes providing an input data frame, the input date frame includes a random number, a unique identifier, and a payload data, encrypting the payload data, generating a Message Integrity Code (MIC), generating a rotating identifier by encrypting the unique identifier, and generating an output frame based on the generated rotating identifier, the generated MIC, and the encrypted payload data.

One or more devices may include a credentials server. The credentials server may be configured to: receive primary Standalone Non-Public Network (SNPN) credentials for a User Equipment device (UE) and SNPN information. The primary SNPN credentials and the SNPN information are associated with the UE and an SNPN. The devices may be configured to generate temporary SNPN credentials based on the primary SNPN credentials and the SNPNN information. The devices may forward the temporary SNPN credentials to the SNPN.

One or more devices may include a credentials server. The credentials server may be configured to: receive primary Standalone Non-Public Network (SNPN) credentials for a User Equipment device (UE) and SNPN information. The primary SNPN credentials and the SNPN information are associated with the UE and an SNPN. The devices may be configured to generate temporary SNPN credentials based on the primary SNPN credentials and the SNPNN information. The devices may forward the temporary SNPN credentials to the SNPN.

According to various embodiments, a cellular architecture for enhanced privacy regarding identity and location of a computing device is disclosed. The architecture includes a next generation core (NGC). The NGC includes an authentication server function (AUSF) configured to determine whether the computing device contains a valid subscriber identity module (SIM) card, and a user plane function (UPF) configured to allow a computing device to connect to the Internet. The architecture further includes a gateway connected to the UPF, the gateway configured to authenticate the computing device while hiding the identity of the computing device by verifying authentication tokens that represent units of access.

Systems and methods for accountless device control are disclosed. For example, a smart device may be acquired and plugged in for use. The smart device may gain network connectivity and a system associated with the smart device may request enablement of an application for use with the smart device from another system, such as a system associated with a voice-enabled device. The other system may generate and send user identifier data, and the system associated with the smart device may generate a shadow account in association with the user identifier data. The application may be enabled in association with the shadow account, and access credentials may be exchanged to securely send and receive information associated with operation of the access device.

A radio device includes a storage unit, a group call control unit, and a cipher key generation unit. The storage unit is configured to store therein a plurality of primary cipher keys, a plurality of pieces of device information, and a plurality of pieces of group information. The group call control unit is configured to perform a group call with radio devices belonging to a first group using a primary cipher key. The cipher key generation unit is configured to generate a secondary cipher key that is different from the primary cipher key when one or more radio devices belonging to the first group are selected during the group call. The group call control unit performs a temporary group call with the selected radio devices by switching the primary cipher key to the secondary cipher key.

A radio device includes a storage unit, a group call control unit, and a cipher key generation unit. The storage unit is configured to store therein a plurality of primary cipher keys, a plurality of pieces of device information, and a plurality of pieces of group information. The group call control unit is configured to perform a group call with radio devices belonging to a first group using a primary cipher key. The cipher key generation unit is configured to generate a secondary cipher key that is different from the primary cipher key when one or more radio devices belonging to the first group are selected during the group call. The group call control unit performs a temporary group call with the selected radio devices by switching the primary cipher key to the secondary cipher key.