Abstract: A method for transmitting a subscription profile that includes transmitting from a POS of the MNO the unique identifier of the secure element to a SM-DP; creating or reserving the subscription profile at the SM-DP; provisioning in a D-HSS server having the first MCC/MNC the unique identifier and a temporary IMSI including a second MCC, a second MNC; provisioning in the HSS of the MNO the temporary IMSI and an ephemeral Ki; at the first attempt of the secure element to connect to the D-HSS server with its temporary profile, exchanging data in signaling messages between the secure element and the D-HSS for provisioning the secure element with the temporary IMSI; at the next attempt of the secure element to connect to the MNO network with the temporary IMSI, open an APN and send from the SM-DP to the secure element the subscription profile.

Abstract: A method for authenticating by a network server a communication apparatus, the communication apparatus contains a tamper resistant area adapted to memorize a first secret, by receiving from the communication apparatus a request message including a subscriber identifier; providing, by consulting a database accessible by the network server, a device identifier associated to the received subscriber identifier allowing to identify the communication apparatus; identifying in a secure distributed ledger a record published by a manufacturer of at least a portion of the communication apparatus, the record including a second secret attributed to the identified communication apparatus; generating a challenge message including a random number and sending it to the communication apparatus for it to generate a first result; receiving from the communication apparatus a response message including the first result, the communication apparatus being authenticated by the network server if the first result is equal to a second

Abstract: A central server for communicating with a user equipment and a cellular network is provided. The server is configured to exchange with the cellular network information relating to at least one preconfigured qualifier assigned to the user equipment and assigned to the central server. The server receives a payload item from the cellular network transmitted by the user equipment to said cellular network by means of an authentication failure message for authenticating a user equipment at a cellular network during an attach comprising the payload item, instead of receiving a SMS or establishing an IP connection with the user equipment. The payload item can result from a latest measurement data of user equipment regularly transmitting data to said central server and/or a sensor connectively coupled to the user equipment when operating as an Internet of Things (IoT) smart-metering device.

Abstract: A method for personalizing a UICC includes: i—sending from the UICC to a D-HSS an attach request message comprising an IMSI with a given MCC/MNC; ii—sending from the D-HSS to the UICC a command and first cryptographic data; iii—computing at the UICC a secret key by using the first cryptographic data; iv—sending from the UICC to the D-HSS a command and second cryptographic data; v—repeating steps ii to iv until the UICC holds the entire first cryptographic data and the D-HSS holds the entire second cryptographic data; vi—computing at the D-HSS the secret key by using the second entire cryptographic data; vii—allocating by the D-HSS a free IMSI belonging to an operator and transferring from the D-HSS to the UICC the free IMSI and other personalization data; viii—personalizing the UICC with the free IMSI, personalization data and the secret key.

Abstract: Provided is a method for establishing a bidirectional communication channel between a server and a secure element cooperating with a terminal in a cellular telecommunication network for exchanging data and commands. Provided also is an improved SM-DS+ comprising comprising a SM-OS server that provisions the HSS of a MNO with a temporary IMSI transmitted to said secure element, along with an ephemeral key contained also in said secure element. Other embodiments disclosed.

Abstract: A method for transmitting a subscription profile from an MNO to a secure element pre-provisioned with a temporary profile comprising a unique identifier, MCC and MNC, includes: —Transmitting from the MNO the unique identifier to a SM-DP; —Creating the subscription profile at the SM-DP; —Provisioning in a D-HSS server having the first MCC/MNC the unique identifier and a temporary IMSI comprising a second MCC, a second MNC; —Provisioning in the MNO the temporary IMSI and an ephemeral key; —At the first attempt of the secure element to connect to the D-HSS server, exchanging data in signaling messages for provisioning the secure element with the temporary IMSI; —At the next attempt of the secure element to connect to the MNO network with the temporary IMSI, open an APN and send from the SM-DP to the secure element the subscription profile.

Abstract: A central server for communicating with a user equipment and a cellular network is provided. The server is configured to exchange with the cellular network information relating to at least one preconfigured qualifier assigned to the user equipment and assigned to the central server. The server receives a payload item from the cellular network transmitted by the user equipment to said cellular network by means of an authentication failure message for authenticating a user equipment at a cellular network during an attach comprising the payload item, instead of receiving a SMS or establishing an IP connection with the user equipment. The payload item can result from a latest measurement data of user equipment regularly transmitting data to said central server and/or a sensor connectively coupled to the user equipment when operating as an Internet of Things (IoT) smart-metering device.

Abstract: This invention relates to a method for updating a one-time secret key Kn maintained in a subscription module implemented in a communication apparatus, a wireless communication network maintaining an identical version of said one-time secret key Kn and configured to determine a result XRES expected from the communication apparatus when an authentication function is applied by the subscription module using a random challenge and said one-time secret key Kn as an input, the method comprising the following steps: receiving from the communication network an authentication request message containing at least a random challenge RANDn; determining by the subscription module a result RES by applying the authentication function using the random number RANDn and the one-time secret key Kn as inputs; transmitting said result RES to the communication network for it to be compared with the expected result XRES determined by the communication network using the random number RANDn and the corresponding version of the one-tim

Abstract: A user equipment for wireless communication, configured to operate in a cellular network, includes a credential container. The user equipment sends a set of payload items to a central server communicatively coupled to the cellular network, wherein the user equipment is configured to send an attach request message to the cellular network comprising a preconfigured qualifier for at least one of the user equipment and the credential container. The user equipment is further configured—to retrieve an authentication request message from the cellular network comprising a random value and an authentication code, —to determine a response token comprising a preconfigured identifier stored in at least one of the user equipment and the credential container and at least one out of the set of payload items, and—to submit said response token with an authentication failure message to the cellular network for forwarding to the central server.

Abstract: The invention is a method for communication between a server and a user equipment through a set of command/response pairs. The user equipment uses an IMSI field of an Attach Request frame as defined by ETSI TS 124.008 to convey a command to the server. The server uses an Authentication parameter RAND field or an Authentication parameter AUTN field of an Authentication Request frame as defined by ETSI TS 124.008 to convey a response corresponding to the received command. The server sends the Authentication Request frame in response to the Attach Request frame.

Abstract: A method for authenticating by a network server a communication apparatus, the communication apparatus contains a tamper resistant area adapted to memorize a first secret, by receiving from the communication apparatus a request message including a subscriber identifier; providing, by consulting a database accessible by the network server, a device identifier associated to the received subscriber identifier allowing to identify the communication apparatus; identifying in a secure distributed ledger, using the device identifier, a record published by a manufacturer of at least a portion of the communication apparatus, said record comprising a second secret attributed to the identified communication apparatus; generating a challenge message comprising a random number RAND and sending it to the communication apparatus for it to generate a first result F_HWRES; receiving from the communication apparatus a response message comprising the first result F_HWRES, the communication apparatus being authenticated by the n

Abstract: The invention concerns a method for establishing a bidirectional communication channel between a server and a secure element cooperating with a terminal in a cellular telecommunication network for exchanging data and commands, the method comprising: a—Sending a first attachment request signaling message from the terminal to the server, the first message comprising a MCC and a MNC of the server, and at least a part of a unique identifier of the secure element, the server being provisioned with the unique identifier; b—Sending from the server to the secure element, in at least a firstsignaling message: At least a command; A correlation identifier if further messages have to be sent from the secure element to the server; A first payload comprising data; c—Executing at the secure element the command.

Abstract: A method for transmitting a subscription profile from an MNO to a secure element pre-provisioned with a temporary profile comprising a unique identifier, MCC and MNC, includes: —Transmitting from the MNO the unique identifier to a SM-DP; —Creating the subscription profile at the SM-DP; —Provisioning in a D-HSS server having the first MCC/MNC the unique identifier and a temporary IMSI comprising a second MCC, a second MNC; —Provisioning in the MNO the temporary IMSI and an ephemeral key; —At the first attempt of the secure element to connect to the D-HSS server, exchanging data in signaling messages for provisioning the secure element with the temporary IMSI; —At the next attempt of the secure element to connect to the MNO network with the temporary IMSI, open an APN and send from the SM-DP to the secure element the subscription profile.

Abstract: The invention concerns a method for establishing a bidirectional communication channel between a server and a secure element cooperating with a terminal in a cellular telecommunication network for exchanging data and commands, the method comprising: a—Sending a first attachment request signaling message from the terminal to the server, the first message comprising a MCC and a MNC of the server, and at least a part of a unique identifier of the secure element, the server being provisioned with the unique identifier; b—Sending from the server to the secure element, in at least a first signaling message: At least a command; A correlation identifier if further messages have to be sent from the secure element to the server; A first payload comprising data; c—Executing at the secure element the command.

Abstract: A method for personalizing a UICC includes: i—sending from the UICC to a D-HSS an attach request message comprising an IMSI with a given MCC/MNC; ii—sending from the D-HSS to the UICC a command and first cryptographic data; iii—computing at the UICC a secret key by using the first cryptographic data; iv—sending from the UICC to the D-HSS a command and second cryptographic data; v—repeating steps ii to iv until the UICC holds the entire first cryptographic data and the D-HSS holds the entire second cryptographic data—; vi—computing at the D-HSS the secret key by using the second entire cryptographic data; vii—allocating by the D-HSS a free IMSI belonging to an operator and transferring from the D-HSS to the UICC the free IMSI and other personalization data; viii—personalizing the UICC with the free IMSI, personalization data and the secret key.

Abstract: The invention is a method for updating a first secret data in a credential container including a subscriber identity module. The credential container comprises a set of secret parameters customized for a network operator and is configured to execute a symmetric mutual authentication algorithm using said set. The credential container receives from a remote server a second secret data enciphered using a second algorithm different from said symmetric mutual authentication algorithm and a subset of said secret parameters, the credential container deciphers the enciphered second secret data by using both the subset and a third algorithm and replaces the first secret data with the second secret data.

Abstract: A method for transmitting a subscription profile from an MNO to a secure element pre-provisioned with a temporary profile comprising a unique identifier, MCC and MNC, includes:—Transmitting from the MNO the unique identifier to a SM-DP;—Creating the subscription profile at the SM-DP;—Provisioning in a D-HSS server having the first MCC/MNC the unique identifier and a temporary IMSI comprising a second MCC, a second MNC;—Provisioning in the MNO the temporary IMSI and an ephemeral key;—At the first attempt of the secure element to connect to the D-HSS server, exchanging data in signaling messages for provisioning the secure element with the temporary IMSI;—At the next attempt of the secure element to connect to the MNO network with the temporary IMSI, open an APN and send from the SM-DP to the secure element the subscription profile.

Abstract: A method for an eUICC embedded into a machine type communication device to trigger the download of a subscription profile from a first network operator, the eUICC being provisioned with an eUICC identifier and a pre-loaded data set memorizing a range of International Mobile Subscription Identifiers associated to a second network operator by selecting randomly by the eUICC an IMSI number in the range memorized in the pre-loaded data set, sending an attachment request comprising the randomly selected IMSI, receiving in an authentication request message the request for getting the eUICC identifier, as a response, sending to the discovery server a authentication failure message, receiving in an authentication request message a temporary IMSI from the discovery server so that the machine type communication device is able to attach to the first network operator and download the pending subscription profile.

Abstract: This invention relates to a method for updating a one-time secret key Kn maintained in a subscription module implemented in a communication apparatus, a wireless communication network maintaining an identical version of said one-time secret key Kn and configured to determine a result XRES expected from the communication apparatus when an authentication function is applied by the subscription module using a random challenge and said one-time secret key Kn as an input, the method comprising the following steps: receiving from the communication network an authentication request message containing at least a random challenge RANDn; determining by the subscription module a result RES by applying the authentication function using the random number RANDn and the one-time secret key Kn as inputs; transmitting said result RES to the communication network for it to be compared with the expected result XRES determined by the communication network using the random number RANDn and the corresponding version of the one-tim

Abstract: A method for a credential container embedded into a wireless communication device to obtain a temporary wireless connectivity through a first wireless network, the credential container being provisioned with an identifier ID identifying the wireless communication device or the credential container and a pre-loaded subscription profile comprising a range of International Mobile Subscription Identifiers associated to a second network operator.