Abstract: A system comprising a secure element cooperating with a telecommunication terminal is provided. The secure element or the terminal comprises files in which MCC/MNC codes of MNOs are stored. The telecommunication terminal is configured to select the files in order to attach the terminal to the telecommunication network of a MNO. The secure element or the terminal also comprise a file, called National like network file, for storing national network codes (MCC/MNC) of networks of the country of the Home PLMN of the secure element. The terminal selects the National like network file in order to try to connect the terminal to one of the networks referenced in the National like network file. Other embodiments are disclosed.

Abstract: Provided is a method to operate a subscriber identification module connected to a communication equipment configured to operate in a cellular network and communicatively coupled with a remote server. The method includes receiving from the communication equipment an information element indicating a time range relating to a suspend time of the communication equipment, receiving from the remote server a target access time information element indicating an expected time for an access request from the subscriber identification module to the remote server, and determining a suspension time period considering the suspend time range. The method includes providing to the communication equipment the suspension time period, and in case after resuming from the suspension instructed by the communication equipment the accumulated duration of at least one successive time period derived from the suspension time period exceeds the target access time, sending a polling message.

Abstract: The present disclosure relates to a method for sending a message from a remote server to a terminal, the remote server and the terminal sharing a secret key, the method comprising: i—Sending from the terminal to the remote server a first identity; ii—Retrieving at the remote server the first identity and retrieving the secret key based on the first identity; iii—At the remote server, choosing a random number and generating a second identity thanks to the first identity, the random number and the secret key; iv—At the remote server, generating a signature from the first identity, the message, a counter value, the random number and the secret key; v—At the remote server, generating a first response for the terminal, the first response being a concatenation of the message, a counter value, the signature and the random number, and ciphering the first response with the secret key and sending the first ciphered response to the terminal; vi—At the terminal, deciphering the first ciphered response with the secret

Abstract: Provided is a method for connecting a terminal cooperating with a secure element to a second network, the secure element having a subscription from a first network whilst the secure element is roaming on a third network, the secure element storing the PLMN code of the second network, called second PLMN code, and the PLMN code of the third network, called third PLMN code, the second PLMN code having a higher priority than the third PLMN code in the OPLMN roaming file, the second PLMN having no roaming agreement with the first network nor the third network, and the third network having a coverage that overlaps at least a part of the coverage of the second network, the method comprising, when it is detected that the second network has rejected the attachment request of the terminal.

Abstract: Provided is a method to operate a user equipment communicatively connected to at least two subscriber identity modules, which are at least assigned to a first and a cellular network, wherein the user equipment has assigned an independent paging identity in each of the first and second cellular networks for registration in said cellular networks. Other embodiments disclosed.

Abstract: A method for updating a terminal comprising a secure element is provided by way of an Over-the-Air (OTA) platform. The OTA receives at least a location data reflecting the location of the terminal and a request for downloading a list of preferred networks in the terminal. Each of said preferred networks may be associated with its own target roaming quota usage, at least one weighting factor associated to a given list of the set may be updated as a result of an optimization function which aims at generating one weighting factor based on a target roaming quota usage associated to each preferred network of the given list. Other embodiments are disclosed.

Abstract: Provided is a method to operate a subscriber identification module connected to a communication equipment configured to operate in a cellular network and communicatively coupled with a remote server. The method includes receiving from the communication equipment an information element indicating a time range relating to a suspend time of the communication equipment, receiving from the remote server a target access time information element indicating an expected time for an access request from the subscriber identification module to the remote server, and determining a suspension time period considering the suspend time range. The method includes providing to the communication equipment the suspension time period, and in case after resuming from the suspension instructed by the communication equipment the accumulated duration of at least one successive time period derived from the suspension time period exceeds the target access time, sending a polling message.

Abstract: The present invention relates to a method to authenticate a user having a GBA or AKMA compliant user equipment (UE) at a service provider (SR) using a GBA or AKMA protocol to communicate with a user equipment (UE), said method relying on an operator's (MNO) GBA or AKMA authentication framework while maintaining confidentiality of the communication between the user equipment (UE) and the service provider (SR) regarding the operator (MNO), said method using a Diffie-Hellman exchange between the user equipment (UE) and the service provider (SR), leading to a Diffie-Hellman session key (gxy), while establishing the GBA or AKMA protocol, said method comprising a step of calculation of a final Network or AKMA Application Function key (iNAF_key or iAApF_key) to be used in further communication between the user equipment (UE) and the service provider (SR) by derivation from the Diffie-Hellman session key (gxy) and from the GBA or AKMA protocol's service provider key (Ks_ext/int_NAF or KAF), the user authentication be

Abstract: A system comprising a secure element cooperating with a telecommunication terminal is provided. The secure element or the terminal comprises files in which MCC/MNC codes of MNOs are stored. The telecommunication terminal is configured to select the files in order to attach the terminal to the telecommunication network of a MNO. The secure element or the terminal also comprise a file, called National like network file, for storing national network codes (MCC/MNC) of networks of the country of the Home PLMN of the secure element. The terminal selects the National like network file in order to try to connect the terminal to one of the networks referenced in the National like network file. Other embodiments are disclosed.

Abstract: A system and method for authentication of a secure element cooperating with a Mobile Equipment forming a terminal in a telecommunication network is provided. The telecommunication network comprises a SEAF and a AUSF/UDM/ARPF. The method includes generating an anchor key (KSEAF_SRT) for the communication between the terminal and the SEAF according to 3GPP TS 33.501, wherein the anchor key (KSEAF_SRT) is indirectly derived from a key (KSRT) obtained by deriving from the long-term key K and a secure registration token SRT sent by the terminal to the AUSF/UDM/ARPF and concealed with the AUSF/UDM/ARPF public key along with its SUPI in the SUCI. Other embodiments are disclosed.

Abstract: A method for detecting that a removable secure element has been temporarily disconnected from a first device includes: Providing by the secure element to the first device a first Temporal Global Identity; Entering the first device in the sleeping mode; If the secure element is inserted and used by a second device during the sleeping mode of the first device, replacing in the secure element the first Temporal Global Identity by a second Temporal Global Identity and providing the second Temporal Global Identity to the second device; When getting out from the sleeping mode by the first device, reading by the first device the Temporal Global Identity stored in the secure element; If the Temporal Global Identity read is not the same than the stored Temporal Global Identity, sending to an MNO server a message to indicate that the secure element has been used by another device.

Abstract: A method for connecting a secure element to a network of a first mobile network operator using an ephemeral first IMSI, in order to get a second IMSI, from the first mobile network operator, includes: Selecting a first radio serving network, the first selected network being not listed in the Forbidden VPLMN list of the secure element; Sending a REGISTER REQUEST message comprising the first IMSI to the first selected network; If the first selected network does not route the message to the network of the first mobile network operator, stop trying to register with the first selected network and put the MCC/MNC codes of the first selected network in the Forbidden VPLMN list of the secure element; Searching for a another network to register with; and Repeat the foregoing steps until a network routes the first IMSI to the network of the first mobile network operator.

Abstract: This invention related to a method for provisioning a first communication device with a set of at least one credential required for accessing to a wireless network by using a second communication device provisioned with a cryptographic key K also known by the wireless network, the first communication device being associated with a certificate comprising a public key PK, said certificate being stored with an associated private key PrK in said first communication device, the method comprising the following steps: receiving by the second communication device a registration request from the first communication device in order to be provisioned with the set of at least one credential; transmitting to the wireless network by the second communication device the registration request to generate a set of at least one credential associated to the first communication device comprising at least a cryptographic key K?, the wireless network being adapted to generate a first random number R1 and a second random number R2; r

Abstract: The invention proposes an authentication server of a cellular telecommunication network, the authentication server being arranged for generating an authentication token to be transmitted to a telecommunication terminal, the authentication token comprising a message authentication code and a sequence number, wherein the message authentication code is equal to: MACx=KIdx XOR f1(AMF,SQNx,RAND,K) with KIdx being a key index information in the form of a bias of a MAC equal to: MAC=f1(K,AMF,SQNx,RAND) with f1 being a function, K a key, RAND a random number and SQNx a sequence counter relative to a corresponding key Kx derived from the key K and KIdx, and AMF the content of an authentication management field as defined in 3GPP TS 33.102.

Abstract: This invention relates to a method for granting, for a mobile device which is not provisioned with a subscription to access a wireless network, the establishment of an initial wireless communication over a second wireless network (Se-PLMN) operated by a second wireless network operator (Se-MNO), the mobile device belonging to a user, the method comprising the steps of: receiving (801) by the second wireless network (Se-PLMN) an identifier of the mobile device; verifying (802), in an immutable distributed database hosted by a first wireless network operator (Fi-MNO) and the second mobile network operator (Se-MNO) in which data is replicated across a plurality of compute nodes of a network, if at least a published assertion comprising said identifier of the mobile device demonstrates that the user owns a first subscription to the first mobile network operator (Fi-MNO), said subscription allowing said first operator (Fi-MANO) to be charged by the second mobile network operator (Se-MNO) for the establishment of a

Abstract: This invention relates to a method for managing the status of a connected device by publishing assertions in an immutable distributed database composed of a plurality of compute nodes, a pair of keys comprising a public key and a private key being associated with the connected device. The method comprises the steps of: receiving from a first terminal associated to a first user an instruction message; verifying that the first user is allowed to modify the status of the connected device; sending an assertion request to the immutable distributed database for publishing an assertion comprising the status information.

Abstract: This invention related to a method for provisioning a first communication device with a set of at least one credential required for accessing to a wireless network by using a second communication device provisioned with a cryptographic key K also known by the wireless network, the first communication device being associated with a certificate comprising a public key PK, said certificate being stored with an associated private key PrK in said first communication device, the method comprising the following steps: receiving by the second communication device a registration request from the first communication device in order to be provisioned with the set of at least one credential; transmitting to the wireless network by the second communication device the registration request to generate a set of at least one credential associated to the first communication device comprising at least a cryptographic key K?, the wireless network being adapted to generate a first random number R1 and a second random number R2; r

Abstract: The invention proposes an authentication server of a cellular telecommunication network, the authentication server being arranged for generating an authentication token to be transmitted to a telecommunication terminal, the authentication token comprising a message authentication code and a sequence number, wherein the message authentication code is equal to: MACx=KIdx XOR f1(AMF,SQNx,RAND,K) with KIdx being a key index information in the form of a bias of a MAC equal to: MAC=f1(K,AMF,SQNx,RAND) with f1 being a function, K a key, RAND a random number and SQNx a sequence counter relative to a corresponding key Kx derived from the key K and KIdx, and AMF the content of an authentication management field as defined in 3GPP TS 33.102.

Abstract: This invention relates to a method for managing the status of a connected device by publishing assertions in an immutable distributed database composed of a plurality of compute nodes, a pair of keys comprising a public key and a private key being associated with the connected device. The method comprises the steps of: receiving from a first terminal associated to a first user an instruction message; verifying that the first user is allowed to modify the status of the connected device; sending an assertion request to the immutable distributed database for publishing an assertion comprising the status information.

Abstract: This invention relates to a method for granting, for a mobile device which is not provisioned with a subscription to access a wireless network, the establishment of an initial wireless communication over a second wireless network (Se-PLMN) operated by a second wireless network operator (Se-MNO), the mobile device belonging to a user, the method comprising the steps of: receiving (801) by the second wireless network (Se-PLMN) an identifier of the mobile device; verifying (802), in an immutable distributed database hosted by a first wireless network operator (Fi-MNO) and the second mobile network operator (Se-MNO) in which data is replicated across a plurality of compute nodes of a network, if at least a published assertion comprising said identifier of the mobile device demonstrates that the user owns a first subscription to the first mobile network operator (Fi-MNO), said subscription allowing said first operator (Fi-MANO) to be charged by the second mobile network operator (Se-MNO) for the establishment of a