Abstract: A wireless telecommunications device user's home telecommunications service provider determines that the user is traveling or about to travel to a foreign jurisdiction where telecommunications services are provided by a different telecommunications service provider, and proactively provides the user with options for selecting or upgrading telecommunications service and receives a selection from the user before the user leaves the home jurisdiction or ceases contact with the home service provider. When the user arrives in the foreign jurisdiction, upgraded service per the user's selection is established or soon ready to become active. The home service provider can determine the user's travel based on one or more of the user's electronic communications, calendar entries, current location, trending geographical movement, or patterns of past travels.

Abstract: An anti-theft protection disablement solution is provided to authorized users and authorized customer service representatives. An anti-theft protection disablement request message from a recovery application on a user device may be received via a cloud messaging service or a binary messaging service. In turn, an anti-theft protection disablement message may be transmitted to the user device via the cloud messaging service or the binary messaging service when the anti-theft protection disablement request message is authenticated. The anti-theft protection disablement message may disable an anti-theft protection function on the user device that calls for an input of an anti-theft protection authentication credential for a factory reset of the user device.

Abstract: An anti-theft protection disablement solution is provided to authorized users and authorized customer service representatives. An anti-theft protection disablement request message from a recovery application on a user device may be received via a cloud messaging service or a binary messaging service. In turn, an anti-theft protection disablement message may be transmitted to the user device via the cloud messaging service or the binary messaging service when the anti-theft protection disablement request message is authenticated. The anti-theft protection disablement message may disable an anti-theft protection function on the user device that calls for an input of an anti-theft protection authentication credential for a factory reset of the user device.

Abstract: A card engine may dynamically configure content for display via user equipment (UE). A rules engine may provide constructs to the card engine in the form of card definitions, which the card engine may evaluate using facts obtained from a facts controller. The card engine may create a hierarchy of containers, which are logical abstracts for containing cards. The containers in the hierarchy, which may be organized as a tree, may contain card definitions according to respective themes determined by the card engine. Variants may be assigned weights which can be changed dynamically based on factors such as user behavior, account condition, promotions or offerings. The card having the highest weight within its container is advanced up the tree. When a card reaches the top level of the tree, it may be formatted for display via the user interface and transmitted to the UE accordingly.

Abstract: A card engine may dynamically configure content for display via user equipment (UE). A rules engine may provide constructs to the card engine in the form of card definitions, which the card engine may evaluate using facts obtained from a facts controller. The card engine may create a hierarchy of containers, which are logical abstracts for containing cards. The containers in the hierarchy, which may be organized as a tree, may contain card definitions according to respective themes determined by the card engine. Variants may be assigned weights which can be changed dynamically based on factors such as user behavior, account condition, promotions or offerings. The card having the highest weight within its container is advanced up the tree. When a card reaches the top level of the tree, it may be formatted for display via the user interface and transmitted to the UE accordingly.

Abstract: A rules engine may provide constructs to a card engine in the form of card definitions, which the card engine may evaluate using facts obtained from a facts controller. The evaluated card definitions are cards that may be output for presentation via user equipment. Variants may be assigned weights which can be set or changed dynamically by the card engine substantively and in real time based on factors such as user behavior, account condition, promotions or offerings. The presentation of the cards may be changed substantively and in real time in accordance with the setting or changes in variants.

Abstract: An anti-theft protection disablement solution is provided to authorized users and authorized customer service representatives. An anti-theft protection disablement request message from a recovery application on a user device may be received via a cloud messaging service or a binary messaging service. In turn, an anti-theft protection disablement message may be transmitted to the user device via the cloud messaging service or the binary messaging service when the anti-theft protection disablement request message is authenticated. The anti-theft protection disablement message may disable an anti-theft protection function on the user device that calls for an input of an anti-theft protection authentication credential for a factory reset of the user device.

Abstract: The network communication activity of a dual-subscriber identification module (SIM) user device is monitored as the dual-SIM user device communicates with a default wireless carrier network using a default SIM and a first baseband processor of the user device. A first set of key performance indicators (KPIs) for the network communication activity on the default wireless carrier network is determined. A simulation of the network communication activity on an alternative wireless carrier network is then initiated using an alternative SIM and a second baseband processor of the dual-SIM user device. A second set of KPIs for the simulation of the network communication activity on the alternative wireless carrier network is determined. The first and second set of KPIs are then compared to determine one or more network performance features of the alternative wireless carrier network that are superior to the corresponding network performance features of the default wireless carrier network.

Abstract: A method and system of restoring a functionality of a mobile user device. A lock screen is displayed on the display of the user device. An international mobile subscriber identity (IMSI) of a subscriber identity module (SIM) card presently installed in the user device is determined. The IMSI is sent to a Remote Recovery Server (RRS). A message is received from the RRS indicating whether the IMSI is authorized for the user device and whether an account of the user device is replenished at least in part. Upon determining that the IMSI is authorized for the user device and the account of the user device is replenished at least in part, at least one function that was previously restricted is restored.

Abstract: A smart address book service configured to provide contextual information from a user's address book or contacts database so that when a user enters information into a device such as a smart phone, the service can correlate information from the contacts database with the user's entered information, look at additional context of what the user is doing/has done, and provide action options for the user to select. Thus, the service can discern what the user is likely trying to achieve based on contextual information provided by or through the smart phone, and pull corresponding data from the user's contacts database (on the user's equipment, e.g., smart phone, and/or from an address book associated with the user and stored on servers of the user's telecommunications service provider) as well as from the Internet to provide information necessary for the user to achieve the objective.

Abstract: A secure device access token allows a server to verify that a device presenting the token for access to the server is an authorized device and that an application presenting the token is an authorized application as it purports to be. The secure device access token is unique to the device and to the application attempting to access the server. The secure device access token differs from a bearer token in that it is unique to the device and to the application.

Abstract: A smart address book service configured to provide contextual information from a user's address book or contacts database so that when a user enters information into a device such as a smart phone, the service can correlate information from the contacts database with the user's entered information, look at additional context of what the user is doing/has done, and provide action options for the user to select. Thus, the service can discern what the user is likely trying to achieve based on contextual information provided by or through the smart phone, and pull corresponding data from the user's contacts database (on the user's equipment, e.g., smart phone, and/or from an address book associated with the user and stored on servers of the user's telecommunications service provider) as well as from the Internet to provide information necessary for the user to achieve the objective.

Abstract: A network terminal, e.g., a smartphone, can retrieve, from a datastore, a cryptographically-signed configuration record including a device identifier of the terminal. The terminal can transmit a request message comprising the configuration record and the device identifier. A network device can verify authenticity of the device identifier and a match between the identifier in the record and the identifier in the message. In response to confirmation of the request by a policy engine, the network device can determine a reply message comprising a cryptographically-signed second configuration record that includes a second device identifier. The terminal can verify that the signature is valid and that the second device identifier matches the device identifier. In response, the terminal can modify data in the datastore according to the second configuration record. The configuration record can lock or unlock the terminal, or determine permitted services or network peers.

Abstract: Techniques are described for using two tokens to request access to a secure server. The tokens allow the server to verify, without an external call, that the requesting device is one identified in the request and that the requesting device is authorized by a trusted identity provider. A first token is an authentication token issued by the trusted identity provider and including a client device public key. The second token is a proof-of-possession token that is signed by a client device using a client device private key corresponding to the client device public key. The server obtains the client device public key from the authentication token, and then uses the client device public key to validate the proof-of-possession token. The authentication token can be re-used by a server creating its own proof-of-possession token for presentation to a second server to access a secure service on the second server.

Abstract: A network terminal, e.g., a smartphone, can retrieve, from a datastore, a cryptographically-signed configuration record including a device identifier of the terminal. The terminal can transmit a request message comprising the configuration record and the device identifier. A network device can verify authenticity of the device identifier and a match between the identifier in the record and the identifier in the message. In response to confirmation of the request by a policy engine, the network device can determine a reply message comprising a cryptographically-signed second configuration record that includes a second device identifier. The terminal can verify that the signature is valid and that the second device identifier matches the device identifier. In response, the terminal can modify data in the datastore according to the second configuration record. The configuration record can lock or unlock the terminal, or determine permitted services or network peers.

Abstract: Mobile security techniques may protect information stored on a subscriber identity module (SIM) card as well as services that are accessible through the SIM card from unauthorized use. The techniques include receiving a service request to perform a security function at a server. The security function may affect a service provided to a mobile device by a telecommunication network, in which the mobile device obtains the service using a SIM card. The techniques further include performing the security function. The performance of the SIM function may be terminated in response to the server receiving a reversion command or an expiration of a predetermined time period.

Abstract: A telecommunication device configured to build a list of cells of a telecommunication network that are associated with a specific network type is described herein. The list of cells may be stored locally on the telecommunication device. Also, the telecommunication device may be configured to determine that the cells are associated with the specific network type based on a data connection and to continue displaying an indicator associated with the specific network type despite interruption or completion of the data connection. Additionally, the list of cells may be built by a cloud service and provided to the telecommunication device.

Abstract: Techniques are described for using two tokens to request access to a secure server. The tokens allow the server to verify, without an external call, that the requesting device is one identified in the request and that the requesting device is authorized by a trusted identity provider. A first token is an authentication token issued by the trusted identity provider and including a client device public key. The second token is a proof-of-possession token that is signed by a client device using a client device private key corresponding to the client device public key. The server obtains the client device public key from the authentication token, and then uses the client device public key to validate the proof-of-possession token. The authentication token can be re-used by a server creating its own proof-of-possession token for presentation to a second server to access a secure service on the second server.

Abstract: A method and system of detecting a delinquent mobile user device. An international mobile subscriber identity (IMSI) of a subscriber identity module (SIM) card of the user device is determined by the user device. The IMSI is sent to a Remote Recovery Server (RRS). A message is received from the RRS as to whether the IMSI is authorized for the user device. Upon determining that the IMSI is not authorized for the user device, a notification is displayed on a display of the user device.

Abstract: A secure device access token allows a server to verify that a device presenting the token for access to the server is an authorized device and that an application presenting the token is an authorized application as it purports to be. The secure device access token is unique to the device and to the application attempting to access the server. The secure device access token differs from a bearer token in that it is unique to the device and to the application.