Abstract: Network-based device management is described. In an example, a server may receive, from a device, a request to change from a first, locked state to a second state. The server may access data associated with at least one of the device or an account associated with the device, and may compare the data with one or more predetermined rules. Satisfaction of the one or more predetermined rules may be necessary to effectuate a change from the first, locked state to the second state. The server may determine that the data satisfies the one or more predetermined rules and the server may send, to the device, an instruction to enable the device to change from the first, locked state to the second state. The instruction may direct an application on the device to effectuate a change to the subscriber identity module (SIM) card associated with the device.

Abstract: Network-based device management is described. In an example, a server may receive, from a device, a request to change from a first, locked state to a second state. The server may access data associated with at least one of the device or an account associated with the device, and may compare the data with one or more predetermined rules. Satisfaction of the one or more predetermined rules may be necessary to effectuate a change from the first, locked state to the second state. The server may determine that the data satisfies the one or more predetermined rules and the server may send, to the device, an instruction to enable the device to change from the first, locked state to the second state. The instruction may direct an application on the device to effectuate a change to the subscriber identity module (SIM) card associated with the device.

Abstract: When manufacturing, distributing, or selling mobile phones, each phone is associated with an asymmetric cryptographic key pair, comprising a public key and a private key. The private key is stored on the phone, and the public key is stored in a public key repository. When connecting to a cellular network, a phone provides its device ID to the network. The cellular network queries the public key repository to determine the public key of the phone and authenticates the phone using the phone's public key. The cellular network also provides a digital identity certificate to the phone, allowing the phone to authenticate the cellular network using a public key infrastructure (PKI).

Abstract: When manufacturing, distributing, or selling mobile phones, each phone is associated with an asymmetric cryptographic key pair, comprising a public key and a private key. The private key is stored on the phone, and the public key is stored in a public key repository. When connecting to a cellular network, a phone provides its device ID to the network. The cellular network queries the public key repository to determine the public key of the phone and authenticates the phone using the phone's public key. The cellular network also provides a digital identity certificate to the phone, allowing the phone to authenticate the cellular network using a public key infrastructure (PKI).

Abstract: When manufacturing, distributing, or selling mobile phones, each phone is associated with an asymmetric cryptographic key pair, comprising a public key and a private key. The private key is stored on the phone, and the public key is stored in a public key repository. When connecting to a cellular network, a phone provides its device ID to the network. The cellular network queries the public key repository to determine the public key of the phone and authenticates the phone using the phone's public key. The cellular network also provides a digital identity certificate to the phone, allowing the phone to authenticate the cellular network using a public key infrastructure (PKI).

Abstract: A secure operating environment for a telecommunication device is disclosed, where a trusted execution environment (TEE) can establish both first secure communication (SC) channel between the TEE and a security-enabled SIM card, and a second SC between a service provider entity and Trustlet application, which is a component of the TEE of the telecommunication device. The telecommunication device may include a processor(s), an identification module, and a memory including the TEE and a normal operating environment (NOE). The TEE can be operated by the one or more processors to establish the first SC channel, authenticate a service identifier of the identification module, and establish the second SC channel, prior to an execution of the NOE.

Abstract: A monitoring application and method in a disabled telecommunication device for monitoring communication sessions initiated by the device and detecting an emergency communication session that is initiated by the device. If an emergency communication session is detected, the monitoring application generates and transmits a message to a rating engine over a non-voice channel. The non-voice channel may be an unstructured supplementary service data (USSD) channel, a short message service (SMS) channel, or other like messaging channel. When the message is received via the non-voice channel, various callback techniques may be implemented to allow the disabled device to receive communications after the emergency communication session, even though such communications would normally be prevented as a result of a service lock.

Abstract: A secure operating environment for a telecommunication device is disclosed, where a trusted execution environment (TEE) can establish both first secure communication (SC) channel between the TEE and a security-enabled SIM card, and a second SC between a service provider entity and Trustlet application, which is a component of the TEE of the telecommunication device. The telecommunication device may include a processor(s), an identification module, and a memory including the TEE and a normal operating environment (NOE). The TEE can be operated by the one or more processors to establish the first SC channel, authenticate a service identifier of the identification module, and establish the second SC channel, prior to an execution of the NOE.

Abstract: A monitoring application and method in a disabled telecommunication device for monitoring communication sessions initiated by the device and detecting an emergency communication session that is initiated by the device. If an emergency communication session is detected, the monitoring application generates and transmits a message to a rating engine over a non-voice channel. The non-voice channel may be an unstructured supplementary service data (USSD) channel, a short message service (SMS) channel, or other like messaging channel. When the message is received via the non-voice channel, various callback techniques may be implemented to allow the disabled device to receive communications after the emergency communication session, even though such communications would normally be prevented as a result of a service lock.