Abstract: A system that incorporates the subject disclosure may perform, for example, providing an upload request to a mobile communication device to cause a secure device processor of the mobile communication device to perform a modification of data according to a data protection key to generate modified data and to perform an encryption of the modified data according to an upload transport key to generate encrypted modified data where the secure device processor is separate from and in communication with a secure element of the mobile communication device, and where the secure element receives master keys from a remote management server and stores the master keys to enable the upload transport key and the data protection key to be generated by the secure element without providing the master keys to the secure device processor. Other embodiments are disclosed.

Abstract: A system that incorporates the subject disclosure may perform, for example, receiving an over-the-air programming message that is utilizing a hypertext transfer protocol where the over-the-air programming message including programming data for use by the mobile communication device, converting the over-the-air programming message to a short message service transport protocol to generate an adjusted message that includes the programming data, and providing the adjusted message to a universal integrated circuit card of the mobile communication device via a baseband proxy operating in a device processor of the mobile communication device. Other embodiments are disclosed.

Abstract: A system that incorporates the subject disclosure may perform, for example, providing an upload request to a mobile communication device to cause a secure device processor of the mobile communication device to perform a modification of data according to a data protection key to generate modified data and to perform an encryption of the modified data according to an upload transport key to generate encrypted modified data where the secure device processor is separate from and in communication with a secure element of the mobile communication device, and where the secure element receives master keys from a remote management server and stores the master keys to enable the upload transport key and the data protection key to be generated by the secure element without providing the master keys to the secure device processor. Other embodiments are disclosed.

Abstract: A system that incorporates the subject disclosure may include, for example, instructions which when executed cause a device processor to perform operations comprising sending a service request to a remote management server; receiving from the management server an authentication management function and an encryption key generator for execution by a secure element and an encryption engine for execution by a secure device processor, sending a request to establish a communication session with a remote device; and communicating with the remote device via a channel established using an application server. The secure element and the secure device processor authenticate each other using a mutual authentication keyset. The secure element, the secure device processor and the device processor each have a security level associated therewith; the security level associated with the secure device processor is intermediate between that of the secure element and that of the device processor. Other embodiments are disclosed.

Abstract: A system that incorporates the subject disclosure may perform, for example, operations including receiving an encrypted secure token from a secure token application function that is remote from the communication device, storing the encrypted secure token in a secure element memory of the secure element, accessing user input requesting the encrypted secure token where the secure device processor is separate from the secure element and is in communication with the secure element, generating a modified secure token by adding identification information to the encrypted secure token and by performing a second encryption of the encrypted secure token with the identification information, receiving the modified secure token from the secure element, and providing the modified secure token to a receiving device. Other embodiments are disclosed.

Abstract: A system that incorporates the subject disclosure may perform, for example, providing an upload request to a mobile communication device to cause a secure device processor of the mobile communication device to perform a modification of data according to a data protection key to generate modified data and to perform an encryption of the modified data according to an upload transport key to generate encrypted modified data where the secure device processor is separate from and in communication with a secure element of the mobile communication device, and where the secure element receives master keys from a remote management server and stores the master keys to enable the upload transport key and the data protection key to be generated by the secure element without providing the master keys to the secure device processor. Other embodiments are disclosed.

Abstract: A system that incorporates the subject disclosure may include, for example, instructions which when executed cause a device processor to perform operations comprising sending a service request to a remote management server; receiving from the management server an authentication management function and an encryption key generator for execution by a secure element and an encryption engine for execution by a secure device processor, sending a request to establish a communication session with a remote device; and communicating with the remote device via a channel established using an application server. The secure element and the secure device processor authenticate each other using a mutual authentication keyset. The secure element, the secure device processor and the device processor each have a security level associated therewith; the security level associated with the secure device processor is intermediate between that of the secure element and that of the device processor. Other embodiments are disclosed.

Abstract: A system that incorporates the subject disclosure may perform, for example, operations including receiving an encrypted secure token from a secure token application function that is remote from the communication device, storing the encrypted secure token in a secure element memory of the secure element, accessing user input requesting the encrypted secure token where the secure device processor is separate from the secure element and is in communication with the secure element, generating a modified secure token by adding identification information to the encrypted secure token and by performing a second encryption of the encrypted secure token with the identification information, receiving the modified secure token from the secure element, and providing the modified secure token to a receiving device. Other embodiments are disclosed.

Abstract: A system that incorporates the subject disclosure may perform, for example, providing an upload request to a mobile communication device to cause a secure device processor of the mobile communication device to perform a modification of data according to a data protection key to generate modified data and to perform an encryption of the modified data according to an upload transport key to generate encrypted modified data where the secure device processor is separate from and in communication with a secure element of the mobile communication device, and where the secure element receives master keys from a remote management server and stores the master keys to enable the upload transport key and the data protection key to be generated by the secure element without providing the master keys to the secure device processor. Other embodiments are disclosed.

Abstract: A system that incorporates the subject disclosure may perform, for example, receiving an over-the-air programming message that includes programming data for use by the mobile communication device, decrypting the over-the-air programming message utilizing a first keyset to generate a decrypted over-the-air programming message, determining a schedule for providing messages from a secure device processor to a secure element of the mobile communication device where the secure device processor is separate from the secure element and in communication with the secure element, and providing the decrypted over-the-air programming message to the secure element according to the schedule. Other embodiments are disclosed.

Abstract: Concepts and technologies are disclosed herein for providing and using a deep packet inspection virtual function. A control system can detect a service request. The control system can analyze a policy to determine a function of a service to which the service request relates, a virtual machine that will host the function, and a deep packet inspection virtual function associated with the service. The control system can trigger loading of an image to the virtual machine and instantiation of the virtual machine. The image can include the function of the service and the deep packet inspection virtual function. The control system can validate the service and the deep packet inspection virtual function.

Abstract: Concepts and technologies are disclosed herein for creating and using service control functions. The service control functions can detect a message via an adapter function. The message can relate to a service controlled by the service control functions. Service policies can be accessed. The service policies can include message handling policies and can be accessed to determine if a policy relating to the message exists. If a determination is made that the policy exists, the message and the policy can be analyzed to determine an action to take with respect the message, and the action can be initiated.

Abstract: Concepts and technologies are disclosed herein for creating services using service modules. A control system can detect a service creation request. The control system can identify service modules to be included in a service requested by the service creation request. A service control function can be created to manage the service requested by the service creation request. The service modules can be coupled together, and the service requested by the service creation request can be output.

Abstract: A system that incorporates the subject disclosure may perform, for example, receiving an over-the-air programming message that includes programming data for use by the mobile communication device, decrypting the over-the-air programming message utilizing a first keyset to generate a decrypted over-the-air programming message, determining a schedule for providing messages from a secure device processor to a secure element of the mobile communication device where the secure device processor is separate from the secure element and in communication with the secure element, and providing the decrypted over-the-air programming message to the secure element according to the schedule. Other embodiments are disclosed.

Abstract: Concepts and technologies are disclosed herein for service creation and management. A processor can detect an event relating to a service, and access a service creation database to identify a recipe associated with the service. The recipe can define a resource to be used to provide the service. The processor can access an inventory to determine if the resource is available, identify a service control to control the service, instruct an infrastructure control to allocate virtual machines to host components of the service, and issue instructions to the service control. The instructions can instruct the service control to load service functions to the virtual machines.

Abstract: A system that incorporates the subject disclosure may perform, for example, receive secret information and non-secret information from a secure download application function, provide a request for a first verification to a secure element where the first verification is associated with access to content and/or an application that is accessible via the secure download application function, receive the first verification which is generated by the secure element based on the secret information without providing the secret information to the secure device processor, receive the non-secret information from the secure element, and generate a second verification for the access based on the non-secret information, where the content and/or application is accessible from the secure download application function responsive to the first and second verifications. Other embodiments are disclosed.

Abstract: A separate domain selection function is utilized as the first function in a communication path for a communication that is to be connected to a user device registered in a first network or a second network. If a result of the domain selection function indicates call control should be maintained by first network (e.g., user device is registered with first network or a network with which first network has a control relationship), call control of the communication remains with first network. If the result of the domain selection function indicates the user device is registered with second network, call control is suspended by the first network, which allows the communication to bypass the first network.

Abstract: A system that incorporates the subject disclosure may perform, for example, receiving a baseline credential and an external credential, mapping the external credential to the baseline credential in a secure element memory, receiving a request for an authentication from a secure device processor of the communication device where the request for the authentication includes a user credential inputted into the communication device, comparing the user credential with the baseline credential to verify the authentication, and providing the authentication and the external credential to the secure device processor without providing the baseline credential to enable the secure device processor to provide the external credential to an external entity device that is remote from the communication device. Other embodiments are disclosed.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a first agent function that routes first messages for exchanging subscriber information and enabling registration where the first agent function maintains transaction state without maintaining session state, a second agent function that routes second messages for enforcing policy control where the second agent function maintains transaction and session state, and a third agent function that maintains transaction and session state and that routes a portion of the first and second messages to an external network. Other embodiments are disclosed.

Abstract: A system that incorporates the subject disclosure may include, for example, a system for receiving a request to modify a universal integrated circuit card, generating a package comprising configuration data for modifying the universal integrated circuit card, encrypting the package with a transport key to generate an encrypted package, transmitting the encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card, and providing a mobile network operator trusted service manager system information relating to the configuration data to enable the mobile network operator trusted service manager system to manage content and memory allocation of the universal integrated circuit card. Other embodiments are disclosed.