Abstract: A user equipment for wireless communication, configured to operate in a cellular network, includes a credential container. The user equipment sends a set of payload items to a central server communicatively coupled to the cellular network, wherein the user equipment is configured to send an attach request message to the cellular network comprising a preconfigured qualifier for at least one of the user equipment and the credential container. The user equipment is further configured—to retrieve an authentication request message from the cellular network comprising a random value and an authentication code, —to determine a response token comprising a preconfigured identifier stored in at least one of the user equipment and the credential container and at least one out of the set of payload items, and—to submit said response token with an authentication failure message to the cellular network for forwarding to the central server.

Abstract: A method to attach a mobile device to a server, using a protocol having data size encoding constraints which prevents using traditional ciphering, includes an initialization phase using a range of ephemeral IMSIs stored in a batch of credential containers of mobile devices and an associated group master key shared by the server and credential containers having the same range of ephemeral IMSIs to initiate a session using a server random value. The initialization phase uses limited payload in a mobile device-to-server message to send a randomly chosen rIMSI among the range of IMSIs to enable the server to generate keys to initiate a secured communication phase, then using individual keys stored in the mobile device and retrieved by the server with an identifier of the credential container sent in a mobile device-to-server message and with an individualization master key owned by the server.

Abstract: The invention concerns a method for establishing a bidirectional communication channel between a server and a secure element cooperating with a terminal in a cellular telecommunication network for exchanging data and commands, the method comprising: a—Sending a first attachment request signaling message from the terminal to the server, the first message comprising a MCC and a MNC of the server, and at least a part of a unique identifier of the secure element, the server being provisioned with the unique identifier; b—Sending from the server to the secure element, in at least a firstsignaling message: At least a command; A correlation identifier if further messages have to be sent from the secure element to the server; A first payload comprising data; c—Executing at the secure element the command.

Abstract: A method for transmitting a subscription profile from an MNO to a secure element pre-provisioned with a temporary profile comprising a unique identifier, MCC and MNC, includes: —Transmitting from the MNO the unique identifier to a SM-DP; —Creating the subscription profile at the SM-DP; —Provisioning in a D-HSS server having the first MCC/MNC the unique identifier and a temporary IMSI comprising a second MCC, a second MNC; —Provisioning in the MNO the temporary IMSI and an ephemeral key; —At the first attempt of the secure element to connect to the D-HSS server, exchanging data in signaling messages for provisioning the secure element with the temporary IMSI; —At the next attempt of the secure element to connect to the MNO network with the temporary IMSI, open an APN and send from the SM-DP to the secure element the subscription profile.

Abstract: The invention concerns a method for establishing a bidirectional communication channel between a server and a secure element cooperating with a terminal in a cellular telecommunication network for exchanging data and commands, the method comprising: a—Sending a first attachment request signaling message from the terminal to the server, the first message comprising a MCC and a MNC of the server, and at least a part of a unique identifier of the secure element, the server being provisioned with the unique identifier; b—Sending from the server to the secure element, in at least a first signaling message: At least a command; A correlation identifier if further messages have to be sent from the secure element to the server; A first payload comprising data; c—Executing at the secure element the command.

Abstract: A method for personalizing a UICC includes: i—sending from the UICC to a D-HSS an attach request message comprising an IMSI with a given MCC/MNC; ii—sending from the D-HSS to the UICC a command and first cryptographic data; iii—computing at the UICC a secret key by using the first cryptographic data; iv—sending from the UICC to the D-HSS a command and second cryptographic data; v—repeating steps ii to iv until the UICC holds the entire first cryptographic data and the D-HSS holds the entire second cryptographic data—; vi—computing at the D-HSS the secret key by using the second entire cryptographic data; vii—allocating by the D-HSS a free IMSI belonging to an operator and transferring from the D-HSS to the UICC the free IMSI and other personalization data; viii—personalizing the UICC with the free IMSI, personalization data and the secret key.

Abstract: A method for transmitting a subscription profile from an MNO to a secure element pre-provisioned with a temporary profile comprising a unique identifier, MCC and MNC, includes:—Transmitting from the MNO the unique identifier to a SM-DP;—Creating the subscription profile at the SM-DP;—Provisioning in a D-HSS server having the first MCC/MNC the unique identifier and a temporary IMSI comprising a second MCC, a second MNC;—Provisioning in the MNO the temporary IMSI and an ephemeral key;—At the first attempt of the secure element to connect to the D-HSS server, exchanging data in signaling messages for provisioning the secure element with the temporary IMSI;—At the next attempt of the secure element to connect to the MNO network with the temporary IMSI, open an APN and send from the SM-DP to the secure element the subscription profile.

Abstract: A method for an eUICC embedded into a machine type communication device to trigger the download of a subscription profile from a first network operator, the eUICC being provisioned with an eUICC identifier and a pre-loaded data set memorizing a range of International Mobile Subscription Identifiers associated to a second network operator by selecting randomly by the eUICC an IMSI number in the range memorized in the pre-loaded data set, sending an attachment request comprising the randomly selected IMSI, receiving in an authentication request message the request for getting the eUICC identifier, as a response, sending to the discovery server a authentication failure message, receiving in an authentication request message a temporary IMSI from the discovery server so that the machine type communication device is able to attach to the first network operator and download the pending subscription profile.

Abstract: A method for a credential container embedded into a wireless communication device to obtain a temporary wireless connectivity through a first wireless network, the credential container being provisioned with an identifier ID identifying the wireless communication device or the credential container and a pre-loaded subscription profile comprising a range of International Mobile Subscription Identifiers associated to a second network operator.

Abstract: A user equipment for wireless communication, configured to operate in a cellular network, includes a credential container. The user equipment sends a set of payload items to a central server communicatively coupled to the cellular network, wherein the user equipment is configured to send an attach request message to the cellular network comprising a preconfigured qualifier for at least one of the user equipment and the credential container. The user equipment is further configured—to retrieve an authentication request message from the cellular network comprising a random value and an authentication code,—to determine a response token comprising a preconfigured identifier stored in at least one of the user equipment and the credential container and at least one out of the set of payload items, and—to submit said response token with an authentication failure message to the cellular network for forwarding to the central server.

Abstract: A method for transmitting a subscription profile from an MNO to a secure element pre-provisioned with a temporary profile comprising a unique identifier, MCC and MNC, includes:—Transmitting from the MNO the unique identifier to a SM-DP;—Creating the subscription profile at the SM-DP;—Provisioning in a D-HSS server having the first MCC/MNC the unique identifier and a temporary IMSI comprising a second MCC, a second MNC;—Provisioning in the MNO the temporary IMSI and an ephemeral key;—At the first attempt of the secure element to connect to the D-HSS server, exchanging data in signaling messages for provisioning the secure element with the temporary IMSI;—At the next attempt of the secure element to connect to the MNO network with the temporary IMSI, open an APN and send from the SM-DP to the secure element the subscription profile.

Abstract: A method for a credential container embedded into a wireless communication device to obtain a temporary wireless connectivity through a first wireless network, the credential container being provisioned with an identifier ID identifying the wireless communication device or the credential container and a pre-loaded subscription profile comprising a range of International Mobile Subscription Identifiers associated to a second network operator.

Abstract: The invention related to a method for an eUICC embedded into a machine type communication device to trigger the download of a subscription profile from a first network operator, the eUICC being provisioned with an eUICC identifier and a pre-loaded data set memorizing a range of International Mobile Subscription Identifiers-associated to a second network operator, the method comprising the steps of: selecting randomly by the eUICC an IMSI number in the range memorized in the pre-loaded data set; sending an attachment request comprising the randomly selected IMSI; receiving in an authentication request message the request for getting the eUICC identifier; as a response, sending to the discovery server a authentication failure message; receiving in an authentication request message a temporary IMSI from the discovery server so that the machine type communication device is able to attach to the first network operator and download the pending subscription profile.

Abstract: The invention concerns a method for establishing a bidirectional communication channel between a server and a secure element cooperating with a terminal in a cellular telecommunication network for exchanging data and commands, the method comprising: a—Sending a first attachment request signaling message from the terminal to the server, the first message comprising a MCC and a MNC of the server, and at least a part of a unique identifier of the secure element, the server being provisioned with the unique identifier; b—Sending from the server to the secure element, in at least a first signaling message: At least a command; A correlation identifier if further messages have to be sent from the secure element to the server; A first payload comprising data; c—Executing at the secure element the command.

Abstract: A method of controlling access to a cellular communication network, for a terminal (MT) identified by a terminal identifier (IMEI) with a subscription identified by a subscription identifier (IMSI), characterized in that it comprises the following steps: creation in a database (DB), of at least one record comprising at least one subscription identifier with at least one terminal identifier, checking that said terminal (MT) together with said subscription are indeed authorized to use the cellular communication network, by verifying the presence in the database (DB) of at least one record comprising the subscription identifier (IMSI) of said subscription associated with the terminal identifier (IMIE) said verification being performed at the time of each attempt at connection of said terminal (MT) or of said subscription, authorization of access or refusal of access of said terminal (MT) to said network according to the result of the verification step.

Abstract: The invention proposes in particular a method of managing the connectivity of a terminal connectable to a cellular communication network characterized in that it comprises the following steps carried out in the terminal: if the terminal is already connected to the network: on completion of the dispatching of messages or after a predetermined duration following the dispatching of messages, determining whether conditions of configurations required in order to maintain a connection of the terminal to the network are all satisfied, maintaining the connection of the terminal to the network and authorizing the dispatching of the messages only if the conditions of configurations required to establish a connection of the terminal to the network are all satisfied, otherwise interrupting the connection of the terminal to the network, receiving from a management module remote from the terminal a signalling message ordering a disconnection of the terminal.

Abstract: The invention prevents robots from browsing a Web site beyond a welcome page. When an initial request from an undefined originator is received, the Web site responds to it with a welcome page including a challenge. Then, on receiving a further request from the undefined originator, the Web site can check whether the challenge is fulfilled or not. If fulfilled, the undefined originator is assumed to be a human being and authorized to go on. If the challenge is not fulfilled, the undefined originator is assumed to be a robot, in which case site access is further denied. The invention prevents Web site contents from being investigated by robots while not requiring users to have to log on.

Abstract: A Module connected through a communication network to at least a measuring mobile terminal, at least a mobile switch center and at least a machine to machine application, the module includes: a home location register configured to provide on demand, for a given measuring mobile terminal, an address of the mobile switch center through which the measuring mobile terminal is connected to the cellular communication network, an authentication center authenticating a given measuring mobile terminal, at least one short message service center configured to transmit the message towards a measuring mobile terminal, a short message service center interfaced between the cellular communication network and the machine to machine application, the home location register, the authentication center, the short message service center and the short message service center being embedded in a single physical structure forming at least in part the module.

Abstract: The invention prevents robots from browsing a Web site beyond a welcome page. When an initial request from an undefined originator is received, the Web site responds to it with a welcome page including a challenge. Then, on receiving a further request from the undefined originator, the Web site can check whether the challenge is fulfilled or not. If fulfilled, the undefined originator is assumed to be a human being and authorized to go on. If the challenge is not fulfilled, the undefined originator is assumed to be a robot, in which case site access is further denied. The invention prevents Web site contents from being investigated by robots while not requiring users to have to log on.

Abstract: The invention prevents robots from browsing a Web site beyond a welcome page. When an initial request from an undefined originator is received, the Web site responds to it with a welcome page including a challenge. Then, on receiving a further request from the undefined originator, the Web site can check whether the challenge is fulfilled or not. If fulfilled, the undefined originator is assumed to be a human being and authorized to go on. If the challenge is not fulfilled, the undefined originator is assumed to be a robot, in which case site access is further denied. The invention prevents Web site contents from being investigated by robots while not requiring users to have to log on.