1533 results about "Subscriber identity module" patented technology

A Mobile Station (MS) is able to vertically roam in either direction between two different network, i.e. WWAN and WLAN. The MS is equipped with a dual mode Radio for WWAN and WLAN transmissions. The WLAN Radio is linked to a WLAN Enterprise Gateway Controller (EGC) via a first air link and the WWAN Radio is linked to a WWAN Base Transceiver Station (BTS) via a second air link. The EGC is connected to a Mobile Switching Center (MSC) which is in turn connected to the BTS. An outgoing VoIP call from the WLAN Radio to a remote party on the WWAN will transition or seamlessly switch over to a WWAN connection when the MS detects packet error rates, frequent scale back or consistent signal degradation. Upon such conditions, the WLAN Radio requests the EGC to request an Explicit Call Transfer via the MSC to the MS integrated WWAN Radio portion which automatically accepts the call based on referenced information stored in the user's subscriber identification module (SIM). Once the WWAN Radio is confirmed connected to the remote party on the WWAN, the WLAN Radio drops the WLAN connection. An incoming call between the MS and a remote user via the WWAN will transition to the WLAN Radio when the MS enters WLAN coverage. The MS issues an ECT to the WLAN. After user verification by the WLAN Radio and the EGC signals acceptance of the call, the WWAN Radio connection is dropped and the call is now established between the WLAN Radio and the remote party on the WWAN.

A system for enforcing security policies on mobile communications devices is adapted to be used in a mobile communications network in operative association with a subscriber identity module. The system having a client-server architecture includes a server operated by a mobile communications network operator and a client resident on a mobile communications device on which security policies are to be enforced. The server is adapted to determine security policies to be applied on said mobile communications device, and to send thereto a security policy to be applied. The client is adapted to receive the security policy to be applied from the server, and to apply the received security policy. The server includes a server authentication function adapted to authenticate the security policy to be sent to the mobile communications device; the client is further adapted to assess authenticity of the security policy received from the server by exploiting a client authentication function resident on the subscriber identity module.

A third generation (3G) mobile communication system supports an over-the-air activation scheme utilizing a wireless packet data protocol. A subscriber identity module (SIM) is preloaded with temporary operating parameters such as a temporary international mobile subscriber identity (IMSI) that is used for initial access to a network. Once a packet data protocol communication link is established between the mobile device and a network support node, the user may remotely subscribe to a number of service terms using the mobile device. In addition, an activation procedure is carried out to assign permanent operating parameters, e.g., a permanent IMSI, to the SIM. After activation, the user can remotely modify existing terms or remotely enroll in additional service features via a wireless IP link between the mobile device and a network support node.

The present invention relates to remotely provisioning subscriber identification parameters in a device on a wireless network. A secure connection is established with the device, and a token containing the new subscriber identification parameters is forwarded over the secure connection. The device may verify the received token. In one embodiment, the subscriber identification parameters are updated to change network operators. The secure connection can be with the old network operator or the new network operator. The device on the wireless network may be a machine-to-machine device. The provisioned subscriber identification may be part of a universal subscriber identification module.

For one embodiment, a short-range, wireless communication link, such as a Bluetooth link, is established between a mobile phone and a computer system. The mobile phone transmits an access code via the link to the computer system. The access code is generated using data stored in the subscriber identity module (SIM) in the mobile phone. Access to the computer system is granted in response to receiving the access code. In this manner, the SIM is used not only to identify the user during cellular phone calls (or other long-range, wireless communication) but also to authenticate the user and to gain access to a computer system.

A mobile telephone gateway and communication routing device (MPG) (121) disclosed by the present invention is coupled through an electrical signaling transmission medium with a mobile telephone (100) operative on a first communication network in accordance with a first communication protocol, for adding communication capabilities through at least a second communication network in accordance with a second communication protocol. A mobile communication system (150) is disclosed, comprising MPG (121) placed in-between mobile phone (100) and battery (118) and Subscriber Identification Module (SIM) card (117). MPG connects to the SIM interface of mobile phone (100), using which it wraps SIM functionalities and controls call management. It connects to the data/signaling interface of mobile phone (100), using which it communicates with it, while communicating with the second network using another communication means. It may optionally connects to an accessory device interface of mobile phone (100) such as a Terminal Adapter/Terminal Equipment (TA/TE) or a USB OTG interface, thereby enabling communication between the mobile phone and wireless data terminals of the second network. In a preferred embodiment of the present invention, a MPG is provided for use with a mobile phone operative on a mobile communication network such as GSM, adding communication capabilities through a wireless communication network such as Bluetooth or Wi-Fi. Furthermore, gateway applications are provided to facilitate or support communication through at least the second network in accordance with mobile web protocols and technologies such as Mobile IP, mobile SIP, and mobile VoIP.

The invention relates to a subscriber identity module for a mobile communication terminal, comprising a processing device, a memory device, an I/O device and a wireless communication device, in particular an interrogatable transponder such as an RFID transponder. The RFID transponder is operatively controllable by said processing device, and comprises a memory which contains identification data, configurable by the processing device. The RFID-enabled subscriber identification module may be used as an authentication token. A method for providing secure communications between the subscriber identification module and an RFID interrogating device is also provided.

The present invention is related to a wireless communication system. 3G UMTS mobile phone systems rely on a protected smart card called the UMTS integrated circuit card (UICC) that provides UMTS subscriber identity module (USIM) applications as a basis or root of various security measures protecting the communication path between the 3G mobile terminal and the UMTS wireless network (or UTRAN). Disclosed is a method by which the UICC exchanges information with a terminal, such as an Internal Key Center (IKC 1250) and a Bootstrapping Server Function (BSF 1270) enables a procedure where multiple local keys specific to applications and Network Application Functions (NAFs) (Ks_local) are used for authentication and to encrypt and decrypt messages.

Methods, systems, and software for mediating SMS messages, and especially type 0 SMS messages, in a wireless mobile communications device configured to send and receive data using a GSM protocol and including a subscriber identity module (“SIM”) including electronic hardware and computer software executed by the hardware such that the SIM is configured to send, receive, and process messages using a Short Message System (“SMS”) between the wireless mobile communications device and a communications network. One aspect includes a method for mediating SMS messages comprising: configuring electronic hardware on the wireless mobile communications device to implement a firewall on the wireless mobile communications device, the firewall configured to identify and optionally mediate infrastructure SMS messages.

Embodiments of the invention include a multiple subscription subscriber identity module (SIM) card. The SIM card includes a plurality of sets of subscription parameters from which to select and activate a single set of parameters. The sets of subscription parameters each contain various information, e.g., information such as an Integrated Circuit Card Identifier (ICCID) and an International Mobile Subscriber Identity (IMSI), and are based on various criteria, e.g., different service regions of use for the electronic device on which the SIM card is installed. A set of subscription parameters is selected for a particular region of use either manually or automatically. The SIM card, which can include a software interface that provides a list of available sets of subscription parameters, is activated by updating the selected set of subscription parameters. Alternatively, a default set of subscription parameters is selected unless a different set of subscription parameters is selected manually from among the plurality of sets of subscription parameters. According to alternative embodiments of the invention, the selected set of subscription parameters can be deactivated and a different set of subscription parameters can be selected and updated to in the SIM card.

Apparatus and methods for distributing access control clients. In one exemplary embodiment, a network infrastructure is disclosed that enables delivery of electronic subscriber identity modules (eSIMs) to secure elements (e.g., electronic Universal Integrated Circuit Cards (eUICCs), etc.) The network architecture includes one or more of: (i) eSIM appliances, (ii) secure eSIM storages, (iii) eSIM managers, (iv) eUICC appliances, (v) eUICC managers, (vi) service provider consoles, (vii) account managers, (viii) Mobile Network Operator (MNO) systems, (ix) eUICCs that are local to one or more devices, and (x) depots. Moreover, each depot may include: (xi) eSIM inventory managers, (xii) system directory services, (xiii) communications managers, and/or (xiv) pending eSIM storages. Functions of the disclosed infrastructure can be flexibly partitioned and/or adapted such that individual parties can host portions of the infrastructure. Exemplary embodiments of the present invention can provide redundancy, thus ensuring maximal uptime for the overall network (or the portion thereof).

A subscriber identity module (SIM) indicative information display method of the present invention includes receiving SIM indicative information one of a SIM card detected in one of the SIM card slots, registering the SIM indicative information with a SIM identity of the SIM card, detecting a SIM indicative information request requesting the SIM indicative information of the SIM card, and displaying the SIM indicative information mapped to the SIM identity of the SIM card when a SIM indicative information request is detected.

Methods and apparatus for managing multiple user access control entities or clients. For example, in one embodiment, a “wallet” of electronic subscriber identity modules (eSIMs) may be stored and used at a user device and/or distributed to other devices for use thereon. In another embodiment, a networked server may store and distribute eSIM to a plurality of user devices in communication therewith. A database of available eSIM is maintained at the wallet entity and/or at the network which enables request for a particular eSIM to be processed and various rules for the distribution thereof to be implemented. Security precautions are implemented to protect both user and network carrier specific data as the data is transmitted between networked entities. Solutions for eSIM backup and restoration are also described.

Methods and apparatus that allow a device to migrate wireless service across multiple wireless networks. In one exemplary embodiment, the present invention enables storing and switching between multiple Electronic Subscriber Identity Modules (eSIM), where each eSIM is specific to a different carrier network. By loading the appropriate eSIM, the user device can authenticate itself with the selected carrier, rather than roaming. During roaming operation, the user equipment can load one or more of the previously stored eSIMs. Selection of the eSIM can be done manually by the user or can be driven by the user equipment based on desired context; for example, based on carrier signal strength, cost-effectiveness, etc. Support for multiple radio technologies also allows universal connectivity for wireless devices, even spanning previously incompatible technologies such as GSM (Global Standard for Mobile Communications), CDMA (Code Division Multiple Access), etc.

A policy-based framework is described. This policy-based framework may be used to specify the privileges for logical entities to perform operations associated with an access-control element (such as an electronic Subscriber Identity Module) located within a secure element in an electronic device. Note that different logical entities may have different privileges for different operations associated with the same or different access-control elements. Moreover, the policy-based framework may specify types of credentials that are used by the logical entities during authentication, so that different types of credentials may be used for different operations and/or by different logical entities. Furthermore, the policy-based framework may specify the security protocols and security levels that are used by the logical entities during authentication, so that different security protocols and security levels may be used for different operations and/or by different logical entities.

A procedure for the control of applications stored in a user's subscriber identity module (SIM) in a data communication system that includes a data communication network, a terminal device connected to the data communication network and to which the subscriber identity module is connected, and an application control server that is connected to the data communication network. The subscriber identity module contains a stored application that makes use of the data communication network and that is used by way of the terminal device. A key list comprising one or more application-specific keys is stored in the user's subscriber identity module, and a corresponding key list is also stored in the application control server which is operable to control applications stored in the subscriber identity modules of multiple users of the network. The application stored in the user's subscriber identity module is activated and/or closed through the transmission, verification and use of keys stored in the key lists at the subscriber identity module and at the application control server.

The invnetion discloses a method used to download on-air a value added service to subscriber identification module (SIM) in digital mobile phone. The STK and application program is directly downloaded to subscriber's SIM card by using CLASS 2 SIM-specific message format. The STK menu data is provided for SIM card to add new service, and the application program is used for realizing STK application. The invented method takes full advantage of existing software and hardware facility, making user apply for new service without need to replace STK card, also without need going to appointed business hall.

Apparatus and methods for managing and sharing data across multiple access control clients in devices. In one embodiment, the access control clients comprise electronic Subscriber Identity Modules (eSIMs) disposed on a embedded Universal Integrated Circuit Card (eUICC). Each eSIM contains its own data. An Advanced Subscriber Identity Toolkit application maintained within the eUICC facilitates managing and sharing multiple eSIMs' data for various purposes such as sharing phonebook contacts or facilitating automatic switch-over between the multiple eSIMs (such as based on user context).

Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.

A mobile communication device with multiple subscriptions includes a single baseband-radio frequency (BB-RF) resource chain. A first identity module, such as a subscriber identity module (SIM), a second identity module (e.g., a second SIM), and a controller are communicatively coupled to the single BB-RF resource chain. The first identity module is associated with a first subscription, and the second identity module is associated with a second subscription. The controller may be configured to arbitrate access to the single BB-RF resource chain to perform a first activity that corresponds to the first subscription or a second activity that corresponds to the second subscription. For example, the controller may interrupt a data session processed by the single BB-RF resource chain in response to receiving information indicating that a voice call is to be processed by the single BB-RF resource chain.

The invention generally relates to a tamper-resistant security device, such as a subscriber identity module or equivalent, which has an AKA (Authentication and Key Agreement) module for performing an AKA process with a security key stored in the device, as well as means for external communication. The idea according to the invention is to provide the tamper-resistant security device with an application adapted for cooperating with the AKA module and means for interfacing the AKA module and the application. The application cooperating with the AKA module is preferably a security and/or privacy enhancing application. The application is advantageously a software application implemented in an application environment of the security device. For increased security, the security device may also be adapted to detect whether it is operated in its normal secure environment or a foreign less secure environment, and set access rights to resident files or commands that could expose the AKA process or corresponding parameters accordingly.

A system for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber's identity when the first subscriber requests services from a mobile station to a core network. The system comprises authenticating means for authenticating a mobile station to an unlicensed mobile access network before higher-layer messages are sent from the mobile station, and thereafter, for authenticating the mobile station to a core network. The system also includes a mobile station with a subscriber identity module that includes an identifying means for identifying the mobile station. The system further includes a unlicensed mobile access network for connecting the mobile station to the core network and for relaying signals between the mobile station and the core network. The unlicensed mobile access network comprises checking means for ensuring that higher-layer messages passing through the unlicensed mobile access network to the core network are from the mobile station that authenticated with the unlicensed mobile access network. The system also includes the core network for implementing transaction control and user services. During authentication between the mobile station and the unlicensed mobile access network, the unlicensed mobile access network stores the identifying means that is associated with the mobile station and after authentication between the mobile station and the core network, the unlicensed mobile access network uses the checking means to examine higher-layer messages that are sent from the mobile station to the core network and to ensure that the identifying means associated with mobile station is stored in the higher-layer message.

Methods and apparatus for managing access control clients (e.g., electronic Subscriber Identity Modules (eSIMs)). In one embodiment, secure elements (e.g., electronic Universal Integrated Circuit Cards (eUICCs)) and management entities of secure elements are associated with credentials. Post-deployment managerial operations can be executed, by transmitting the requested operation with the appropriate credentials. For example, a device can receive secure software updates to electronic Subscriber Identity Modules (eSIMs), with properly credentialed network entities.

A wireless payment system allows high speed operation without user intervention with the convenience that cellular phones provide. The system being described uses a wireless stored value module attached to an ordinary cellular phone or embedded in the cellphone's Subscriber Identity Module (SIM) card. A Reader is installed in points of transaction that communicates with the module and deducts the balance stored in the module for effecting the payment. The transaction is sent by the Reader to a central database to update a copy of the module's balance and perform settlement functions at the end of the day. After every transaction, a SMS or text confirmation is received by the cellphone user which indicates the amount paid and remaining balance in the module. Re-loading of values in the module can be accomplished solely by sending text messages using a cellular phone from anywhere, any time.

An improved method and system for removing operating restrictions associated with a predetermined subscriber identity module (SIM) from a wireless device. A user is allowed to securely log onto a Web site that contains support information on subscription plans, billing, termination, penalties, and device-to-SIM unlocking. After satisfying any outstanding contract terms and payment of termination or device unlock fees, the user initiates a device-to-SIM unlock procedure. A client application on the wireless device securely transfers subscription, system, and SIM information to a device-to-SIM unlock system which uses the information to generate appropriate unlock codes. The unlock codes are then securely transferred to the client application, which processes them to remove operating restrictions associated with the predetermined SIM from the device and allow it to thereafter implement a plurality of SIMs.

The invention discloses a mobile terminal, a multi-card management method for a virtual card terminal thereof, and a server, belonging to the technical field of mobile terminals. The multi-card management method for the virtual card terminal comprises the steps of acquiring information of at least one virtual subscriber identity module (SIM) card with authority stored in a cloud server; receiving a selection command of the virtual SIM card; sending an access request signal comprising a unique identification code of the mobile terminal to an operator server, which the selected virtual SIM card belongs to; when an access permission signal returned by the operator server is received, binding the selected virtual SIM card with the mobile terminal corresponding to the unique identification code. Through adoption of the method, the restriction of a physical card terminal on a physical card is broken through. A user can store any number of SIM card due to the safe built-in memory, and does not have to worry about loss of the physical card due to the loss of a cellphone. Due to adoption of the method, the use of the SIM card of the mobile terminal achieves a new level.

A system, method, and computer product are provided for facilitating mobile communication corresponding to Multiple MSISDNs associated with Multiple IMSIs of a subscriber. The system includes a Signaling Gateway (SG) coupled to a first network. The SG receives one or more association messages from a subscriber for associating a first IMSI, corresponding to the first network, with one or more other IMSIs, corresponding to one or more VPMN networks. The first and other IMSIs are associated with the subscriber using at least one SIM. The SG associates MSISDNs corresponding to the associated IMSIs. Further, the SG facilitates mobile communication corresponding to any associated IMSI and the corresponding associated MSISDN, irrespective of the IMSI being activated in the SIM.

Methods and devices supporting the management of a plurality of electronic devices and processing of update information for updating software and/or firmware in the electronic devices. Prompting of users may be made using a language associated with the electronic device, and authorization to update an electronic device may be secured using a subscriber identity module.

Provided are an apparatus and a method for downloading Subscriber Identity Module (SIM) data in a mobile communication system, which includes an authentication server that stores authentication information and a list of registered networks; a service provider server that stores SIM data and transmits the SIM data in response to a request for the SIM data; and a mobile communication terminal that receives user authentication from the authenticating server, checks the list of the networks, allows a network, which is to be accessed, to be selected from among the list of the networks, and accesses the service provider server in the selected network so as to download the SIM data.

The invention concerns authentication to be performed in a telecommunications network, especially in an IP network. To allow a simple and smooth authentication of users of IP networks in a geographically large area, the IP network's terminal (TE1) uses a subscriber identity module (SIM) as used in a separate mobile communications system (MN), whereby a response may be determined from the challenge given to the identity module as input. The IP network also includes a special security server (SS), to which a message about a new user is transmitted when a subscriber attaches to the IP network. The subscriber's authentication information containing at least a challenge and a response is fetched from the said mobile communications system to the IP network and authentication is carried out based on the authentication information obtained from the mobile communications system by transmitting the said challenge through the IP network to the terminal, by generating a response from the challenge in the terminal's identity module and by comparing the response with the response received from the mobile communications system. Such a database (DB) may also be used in the system, wherein subscriber-specific authentication information is stored in advance, whereby the information in question need not be fetched from the mobile communications system when a subscriber attaches to the network.