Abstract: There is provided mechanisms for subscription profile download. A method is performed by a communication device. The communication device is configured with a first authorization secret. The method comprises receiving, as part of performing a subscription profile download procedure, second authorization information from a subscription management entity. The second authorization information is generated using a second authorization secret. The method comprises downloading the subscription profile only if the second authorization information, according to a matching criterion, matches the first authorization secret.

Abstract: There is provided mechanisms for handling credentials of an IoT SAFE applet. A method is performed by a communication device. The communication device stores the IoT SAFE applet in a first security domain of a subscription module in the communication device. The first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profiles. The IoT SAFE applet is independent from any MNO. The communication device is without credentials for the IoT SAFE applet for establishing secure communication for the communication device with a network node. The method comprises obtaining credentials for the IoT SAFE applet from the network node. The method comprises storing the credentials in the first security domain of the subscription module. The credentials are, after successful storage, accessible only from within the first security domain.

Abstract: There is provided mechanisms for profile handling of a communication device. A method is performed by a subscription server. The method comprises obtaining device type information of the communication device from a proxy server. The method comprises determining a profile handling action for the communication device according to at least one localization rule. According to which of the localization rule the profile handling action is determined depends on a mapping between the device type information and the localization rule. The method comprises notifying the proxy server of the profile handling action.

Abstract: There is provided mechanisms for creating a subscription profile for a subscriber entity. A method is performed by a subscription provisioning server. The method comprises obtaining, from the subscriber entity, a request for download of the subscription profile. The request comprises capability information of the subscriber entity. The method comprises creating the subscription profile based on the capability information as obtained from the subscriber entity.

Abstract: The invention relates to a method, device (24) in a network node of a communication network (N), a computer program and a computer program product for investigating the correctness of a communication aspect of a data flow (DF1) passing through the network, where the data flow is provided in relation to a user terminal (10) connected to the network. The device (24) obtains at least one network generated event data record (EDR1; EDR3) of a first type and a network generated event data record (EDR2; EDR4) of a second type, compares the event data records of the first type with the event data record of the second type, determines the correctness of the communication aspect based on the comparison and sends alarm messages (AMI, AM2) in relation to the communication aspect if the two types of event data records indicate differences in the communication aspect.

Abstract: The invention relates to a method, device (24) in a network node of a communication network (N), a computer program and a computer program product for investigating the correctness of a communication aspect of a data flow (DF1) passing through the network, where the data flow is provided in relation to a user terminal (10) connected to the network. The device (24) obtains at least one network generated event data record (EDR1; EDR3) of a first type and a network generated event data record (EDR2; EDR4) of a second type, compares the event data records of the first type with the event data record of the second type, determines the correctness of the communication aspect based on the comparison and sends alarm messages (AMI, AM2) in relation to the communication aspect if the two types of event data records indicate differences in the communication aspect.

Abstract: According to the present invention a telecommunication network with a first domain (PLMN-A) comprising at least one mobile application part protocol instance is connected to a gateway node (MSEGA) which is adapted to send and receive mobile application part messages and which is connectable to a second domain. The telecommunication network is remarkable in that the gateway node (MSEGA) is adapted to receive a mobile application part message from the first domain, to convert the received mobile application part message obtaining a secured mobile application part message, and to send the obtained message to the second domain. The gateway node (MSEGA) is further adapted to receive a secured mobile application part message from the second domain, to extract an unsecured mobile application part message from the received secured mobile application part message and to send the extracted message to the first domain.

Abstract: According to the present invention a telecommunication network with a first domain (PLMN-A) comprising at least one mobile application part protocol instance is connected to a gateway node (MSEGA) which is adapted to send and receive mobile application part messages and which is connectable to a second domain. The telecommunication network is remarkable in that the gateway node (MSEGA) is adapted to receive a mobile application part message from the first domain, to convert the received mobile application part message obtaining a secured mobile application part message, and to send the obtained message to the second domain. The gateway node (MSEGA) is further adapted to receive a secured mobile application part message from the second domain, to extract an unsecured mobile application part message from the received secured mobile application part message and to send the extracted message to the first domain.

Abstract: According to the present invention a telecommunication network with a first domain (PLMN-A) comprising at least one mobile application part protocol instance is connected to a gateway node (MSEGA) which is adapted to send and receive mobile application part messages and which is connectable to a second domain. The telecommunication network is remarkable in that the gateway node (MSEGA) is adapted to receive a mobile application part message from the first domain, to convert the received mobile application part message obtaining a secured mobile application part message, and to send the obtained message to the second domain. The gateway node (MSEGA) is further adapted to receive a secured mobile application part message from the second domain, to extract an unsecured mobile application part message from the received secured mobile application part message and to send the extracted message to the first domain.

Abstract: A SS7 network component (e.g., Signaling Transfer Point (STP)) and a method are described herein which function to add a security parameter and if desired encrypt the user data in a traditional Signaling Connection Control Part (SCCP) message to create a secure SCCP message that can be safely transmitted through one or more transport SS7 networks to a destination SS7 network. The destination SS7 network has a SS7 network component (e.g., STP) that can function to transform the secure SCCP message back into the traditional SCCP message.