Abstract: A particular authentication-based service is implemented via a physical authentication device. A service description of the particular authentication-based service is read from the physical authentication device via a user terminal; and based thereon, a service request is generated, which specifies a capability description of the user terminal. A communication node receives the service request and checks this against a database containing information about which node in a set of nodes that stores downloadable software for implementing which authentication-based services on which types of user terminals. If a match is found between at least one node and the particular authentication-based service, a download identification message is sent to the user terminal, which specifies at least one address string uniquely identifying a respective location for the downloadable software stored in the matching node(s).

Abstract: It is disclosed a method and trusted execution environments (TEE) of assigning a selected identifier to an application. A request is received to load or install, within or outside a profile domain, of an application with a selected identifier. It is checked that the selected identifier is not already stored in an application registry entry outside the profile registry 230, 302. If it is requested to load or install the application in the selected profile domain, the selected identifier is assigned to said application if the selected identifier is not already stored in an application entry of a profile domain registry associated with the selected profile domain. If it is requested to load or install the application outside any profile domain, the selected identifier is assigned to said application if the selected identifier is not already stored in an application entry of any of at least two profile domain registries.

Abstract: A particular authentication-based service is implemented via a physical authentication device. A service description of the particular authentication-based service is read from the physical authentication device via a user terminal; and based thereon, a service request is generated, which specifies a capability description of the user terminal. A communication node receives the service request and checks this against a database containing information about which node in a set of nodes that stores downloadable software for implementing which authentication-based services on which types of user terminals. If a match is found between at least one node and the particular authentication-based service, a download identification message is sent to the user terminal, which specifies at least one address string uniquely identifying a respective location for the downloadable software stored in the matching node(s).

Abstract: It is disclosed a method and trusted execution environments (TEE) of assigning a selected identifier to an application. A request is received to load or install, within or outside a profile domain, of an application with a selected identifier. It is checked that the selected identifier is not already stored in an application registry entry outside the profile registry 230, 302. If it is requested to load or install the application in the selected profile domain, the selected identifier is assigned to said application if the selected identifier is not already stored in an application entry of a profile domain registry associated with the selected profile domain. If it is requested to load or install the application outside any profile domain, the selected identifier is assigned to said application if the selected identifier is not already stored in an application entry of any of at least two profile domain registries.

Abstract: It is disclosed methods and trusted execution environments (TEE) of enabling one of at least two profile domains. An authorisation token for authorising a TEE application to request one of the at least two profile domains to be enabled, is received (816, 1102). The validity of the authorization token is checked (818, 1104). If the authorization token is valid, information about the TEE application being authorised to request one of the at least two profile domains to be enabled, is stored (820, 1106). If receiving (822) a command requesting the authorised TEE application to request (824, 1108) one of the at least two profile domains to be enabled, said one of the at least two profile domains is enabled (826, 1110). A TEE comprises a processor and a memory storing a computer program comprising computer program code for executing the method when the code is run in the processor.