Abstract: Integrity protection is used to assist in ensuring the secure transmission of wireless data within a cellular network. Instead of performing integrity protection on each packet data unit (PDU) transmitted/received within a PDU session, integrity protection is performed on a portion of PDUs transmitted within a cellular network. For instance, partial integrity protection may be performed on at least one predetermined PDU (e.g., the first, second, fourth, . . . ) that is transmitted via a Physical Downlink Shared Channel (PDSCH)/Physical Uplink Shared Channel (PUSCH) during a communication session. By performing partial integrity protection, user data may be transmitted more quickly throughout the cellular network, compared to performing full integrity protection, while still providing integrity protection.

Abstract: Systems and methods for remote SIM unlocking are disclosed. The systems and methods can include detecting that a user equipment is eligible to be unlocked. The unlocking of the user equipment may allow the use of the user equipment on another cellular network. An enterprise unlock server verifies eligibility with a policy engine, and if eligible, sends a push command to the user equipment to execute the unlock process. The user equipment, upon receipt of the command, initiates the unlock process. In some examples, the user equipment can prompt the enterprise unlock server to check if the user equipment is eligible.

Abstract: Systems and methods are described for implementing an emergency services address management system for mobile devices. A mobile device may implement “voice over Wi-Fi” or otherwise communicate via wireless networks that do not provide address or location data. An emergency services address management system may associate E911 addresses with individual access points of the wireless networks, and may provide the associated E911 address instead of a default E911 address (which may be a home or billing address that is relatively distant from the user's current location) when a user of the mobile device makes a voice call to an emergency service. The system may identify access points for which an E911 address is not known, and may obtain or generate an E911 address using information from various sources, including the user, satellite-based or cellular-based location services, or other mobile devices that have accessed the wireless network via the access point.

Abstract: Integrity protection is used to assist in ensuring the secure transmission of wireless data within a cellular network. Instead of performing integrity protection on each packet data unit (PDU) transmitted/received within a PDU session, integrity protection is performed on a portion of PDUs transmitted within a cellular network. For instance, partial integrity protection may be performed on at least one predetermined PDU (e.g., the first, second, fourth, . . . ) that is transmitted via a Physical Downlink Shared Channel (PDSCH)/Physical Uplink Shared Channel (PUSCH) during a communication session. By performing partial integrity protection, user data may be transmitted more quickly throughout the cellular network, compared to performing full integrity protection, while still providing integrity protection.

Abstract: Systems and methods for authenticating User Equipment (UE) are disclosed. The method includes a network obtaining a cross-registration status for the UE based on receiving a registration request from the UE. The network can execute a network registration response according to the cross-registration status that represents a permission given to the UE to register outside of an original network.

Abstract: A unified device design is described. In an example, a user device can be designed to be permissibly operable with at least two different service providers such that the user device is associated with static features that are applicable for each of the at least two different service providers and the dynamic features that are applicable for individual ones of the at least two different service providers. In an example, a user device can be associated with a subscriber identity module (SIM) that is associated with a service provider. Based at least in part on using a permission to determine that the service provider is one of the at least two different service providers, a subset of dynamic features that are associated with the service provider can be accessed for configuring the user device with the subset of the dynamic features corresponding to the service provider.

Abstract: A unified device design is described. In an example, a user device can be designed to be permissibly operable with at least two different service providers such that the user device is associated with static features that are applicable for each of the at least two different service providers and the dynamic features that are applicable for individual ones of the at least two different service providers. In an example, a user device can be associated with a subscriber identity module (SIM) that is associated with a service provider. Based at least in part on using a permission to determine that the service provider is one of the at least two different service providers, a subset of dynamic features that are associated with the service provider can be accessed for configuring the user device with the subset of the dynamic features corresponding to the service provider.

Abstract: Systems and methods for authenticating User Equipment (UE) are disclosed. The method includes a network obtaining a cross-registration status for the UE based on receiving a registration request from the UE. The network can execute a network registration response according to the cross-registration status that represents a permission given to the UE to register outside of an original network.

Abstract: Systems and methods for authenticating User Equipment (UE) are disclosed. The method includes a network obtaining a cross-registration status for the UE based on receiving a registration request from the UE. The network can execute a network registration response according to the cross-registration status that represents a permission given to the UE to register outside of an original network.

Abstract: Systems and methods are described for implementing an emergency services address management system for mobile devices. A mobile device may implement “voice over Wi-Fi” or otherwise communicate via wireless networks that do not provide address or location data. An emergency services address management system may associate E911 addresses with individual access points of the wireless networks, and may provide the associated E911 address instead of a default E911 address (which may be a home or billing address that is relatively distant from the user's current location) when a user of the mobile device makes a voice call to an emergency service. The system may identify access points for which an E911 address is not known, and may obtain or generate an E911 address using information from various sources, including the user, satellite-based or cellular-based location services, or other mobile devices that have accessed the wireless network via the access point.

Abstract: Systems and methods for remote SIM unlocking are disclosed. The systems and methods can include detecting that a user equipment is eligible to be unlocked. The unlocking of the user equipment may allow the use of the user equipment on another cellular network. An enterprise unlock server verifies eligibility with a policy engine, and if eligible, sends a push command to the user equipment to execute the unlock process. The user equipment, upon receipt of the command, initiates the unlock process. In some examples, the user equipment can prompt the enterprise unlock server to check if the user equipment is eligible.

Abstract: Systems and methods for remote SIM unlocking are disclosed. The systems and methods can include detecting that a user equipment is eligible to be unlocked. The unlocking of the user equipment may allow the use of the user equipment on another cellular network. An enterprise unlock server verifies eligibility with a policy engine, and if eligible, sends a push command to the user equipment to execute the unlock process. The user equipment, upon receipt of the command, initiates the unlock process. In some examples, the user equipment can prompt the enterprise unlock server to check if the user equipment is eligible.

Abstract: A user device may be authorized to access a telecommunications network, such as a cellular network, after completing a boot process that includes a device activation phase and a network activation phase. An application resident on the user device initiates, in the device activation phase, a device eligibility check over a secondary communication network such as a WLAN. Device eligibility may be determined by whether the user device was legitimately sold. If the user device fails the eligibility check, the boot process is stopped, rendering the user device inactive. If the user device passes the eligibility check, the application initiates the network activation phase in which the user device is checked against a blacklist. If the user device is blacklisted, the boot process is shut down. If the user device is not blacklisted, the boot process completes normally.

Abstract: Systems and methods for remote SIM unlocking are disclosed. The systems and methods can include detecting that a user equipment is eligible to be unlocked. The unlocking of the user equipment may allow the use of the user equipment on another cellular network. An enterprise unlock server verifies eligibility with a policy engine, and if eligible, sends a push command to the user equipment to execute the unlock process. The user equipment, upon receipt of the command, initiates the unlock process. In some examples, the user equipment can prompt the enterprise unlock server to check if the user equipment is eligible.

Abstract: A user device may be authorized to access a telecommunications network, such as a cellular network, after completing a boot process that includes a device activation phase and a network activation phase. An application resident on the user device initiates, in the device activation phase, a device eligibility check over a secondary communication network such as a WLAN. Device eligibility may be determined by whether the user device was legitimately sold. If the user device fails the eligibility check, the boot process is stopped, rendering the user device inactive. If the user device passes the eligibility check, the application initiates the network activation phase in which the user device is checked against a blacklist. If the user device is blacklisted, the boot process is shut down. If the user device is not blacklisted, the boot process completes normally.

Abstract: Systems and methods are described herein for authorizing master resets (e.g., factory resets) of mobile devices, such as smart phones, tablets, and so on. In some embodiments, the systems and methods employ a server-based authorization schema or mechanism, where at least one step or operation is performed, or caused to be performed, by a server or other system that is remote from the mobile device being reset.

Abstract: A user device may be authorized to access a telecommunications network, such as a cellular network, after completing a boot process that includes a device activation phase and a network activation phase. An application resident on the user device initiates, in the device activation phase, a device eligibility check over a secondary communication network such as a WLAN. Device eligibility may be determined by whether the user device was legitimately sold. If the user device fails the eligibility check, the boot process is stopped, rendering the user device inactive. If the user device passes the eligibility check, the application initiates the network activation phase in which the user device is checked against a blacklist. If the user device is blacklisted, the boot process is shut down. If the user device is not blacklisted, the boot process completes normally.

Abstract: Techniques are described herein for authenticating a plurality of components of a user equipment to enable one or more functionalities of the components. The techniques include receiving a component identifier corresponding to a hardware component of the user equipment; verifying that the component identifier matches a network record in a data store, the network record corresponding to the hardware component; enabling one or more functionalities of the user equipment, based at least in part on verifying the component identifier with the network record; and activating the hardware component for use on the user equipment via a communications network.

Abstract: Techniques are described herein for remotely managing profiles corresponding to various mobile network operators offering telecommunication services to target user equipment based on one or more policies. The techniques include loading at least one profile on an embedded UICC (eUICC) of a user equipment, the one of profiles including a prioritized profile. The techniques also include receiving a request that includes an embedded UICC identifier (EID) and an integrated circuit card identifier (ICCID) corresponding to the eUICC of the user equipment, wherein the request is for locking one or more functionalities of the user equipment. One or more policies are retrieved for locking the one or more functionalities from a policy database. Based at least on the one or more policies, locking instructions are sent to the user equipment. The instructions include instructions to enable the prioritized profile.

Abstract: Techniques are described herein for remotely managing profiles corresponding to various mobile network operators offering telecommunication services to target user equipment based on one or more policies. The techniques include loading at least one profile on an embedded UICC (eUICC) of a user equipment, the one of profiles including a prioritized profile. The techniques also include receiving a request that includes an embedded UICC identifier (EID) and an integrated circuit card identifier (ICCID) corresponding to the eUICC of the user equipment, wherein the request is for locking one or more functionalities of the user equipment. One or more policies are retrieved for locking the one or more functionalities from a policy database. Based at least on the one or more policies, locking instructions are sent to the user equipment. The instructions include instructions to enable the prioritized profile.