Abstract: A device that includes a secure element or a secure environment receives a token for authenticating a user that has an account with a service provider. The device generates, based on the token, a set of keys that include at least a private key and a public key. The device performs a key authentication procedure to compare the set of keys and a configured set of keys and selects a public key, of the set of keys or the configured set of keys, based on a result of the key authentication procedure. The device causes a device identifier of the device and the public key to be provided to another device that uses the device identifier and the public key to perform an authentication procedure to authenticate the user. The device receives, from the other device, an indication of whether the device is connected to a network.

Abstract: A device may receive a request to establish a virtualized environment to support a session for a client device in communication with the computing device over a network. The device may instantiate the virtualized environment in a trusted execution environment of the device, wherein the trusted execution environment may include one or more hardware resources that isolate the virtualized environment from a rich execution environment associated with the device. The device may cause a hardware security module associated with the device to obtain one or more cryptographic keys by communicating with a secure element of the client device, and the device may secure communication between a local operating system executing on the client device and the virtualized environment instantiated in the trusted execution environment using the one or more cryptographic keys.

Abstract: In some implementations, a device may receive a request to add a domain to a blockchain. The request may include data that indicates a public key associated with the domain and/or a unique identifier associated with the domain. The device may generate a domain information block, based on the request, that includes the public key associated with the domain and a blockchain identifier that is based on the unique identifier associated with the domain. The device may provide the domain information block to a set of blockchain nodes to add the domain information block to the blockchain.

Abstract: A device may receive, at an operating system, a request for a random number from an application. The device may provide a command to generate an entropy input, based on the request for the random number and through a driver that is isolated from the operating system, to a quantum random number generator that is isolated from one or more processors hosting the operating system. Accordingly, the device may receive the entropy input, from the quantum random number generator, using the driver, and may generate the random number based at least in part on the entropy input. The device may provide the random number to the application.

Abstract: A device may receive an identification request or a radio resource control request, and may process the identification request or the radio resource control request, with a machine learning model, to determine whether the identification request or the radio resource control request is secure. The device may permit the identification request or the radio resource control request based on the machine learning model determining that the identification request or the radio resource control request is secure, or may deny the identification request or the radio resource control request based on the machine learning model determining that the identification request or the radio resource control request is unsecure.

Abstract: A method, a device, and a non-transitory storage medium are described in which a security service of end device profiles is provided. The service may include obtaining a profile for a card of an end device from a third party device in which the profile includes first and second executables. For example, the first and second executables may each include a subscriber identification module. The first executable may initialize and subsequently perform a switching procedure that enables the second executable to replace the use of the first executable. The first executable may also generate a key that can be used to provision the second executable on the end device.

Abstract: A first wireless access device, associated with a wireless service provider, establishes a wireless local area network connection with a second wireless access device and receives a certificate including a unique identifier associated with the second wireless access device. The first wireless access device determines whether the second wireless access device is authorized to connect to the first wireless access device. For example, if the certificate is signed by a certificate authority associated with the wireless service provider and the unique identifier appears in a whitelist stored at the first wireless access device, the first wireless access device and the second wireless access device perform a mutual authentication procedure based on one or more ephemeral keys. The first wireless access device provides the second wireless access device with access to a wide area network based on successful completion of the mutual authentication procedure.

Abstract: A system described herein provide for the secure maintaining and providing of information, such as public keys used in Public Key Infrastructure (“PKI”) techniques or other techniques, using a secure distributed ledger (e.g., “blockchain”) system. A blockchain system may be utilized in lieu of a key escrow system in the exchange and/or providing of public keys in a Diffie-Hellman key exchange technique or other type of technique in which public keys are provided from one entity to another. A first entity may generate an asymmetric key pair that includes a public key and a private key, and may provide the public key to a blockchain system for retrieval by one or more other entities. For example, the entities may be engaged in a secure messaging session, in which messages are encrypted and may be decrypted using one or more keys, including the public key.

Abstract: A system described herein may provide for the dynamic and secure assignment of lockers that may be used when delivering goods in response to a fulfillment request. In some embodiments, smart tags may be used for packages provided in response to a fulfillment request. A smart locker system of some embodiments may include a set of lockers and one or more scanners that identify goods that have been delivered into a particular locker, such as by scanning smart tags placed on or in packages. The smart locker system may further receive a request from a User Equipment (“UE”), via a contactless tap, to provide the delivered goods, authenticate the UE, locate the particular locker in which the delivered goods are located, and unlock the locker.

Abstract: A network device may load, via a boot ROM application, a provider bootloader application from a memory of the network device and may calculate a first hash value based on decrypting a provider bootloader signature with a provider public key. The network device may calculate a second hash value based on the provider bootloader application and may utilize, when the first hash value and the second hash value are equivalent, the provider bootloader application to load an original equipment manufacturer (OEM) bootloader application from the memory. The network device may calculate a third hash value based on decrypting an OEM bootloader signature with one of a plurality of OEM public keys. The network device may calculate a fourth hash value based on the OEM bootloader application. The network device may complete, when the third hash value and the fourth hash value are equivalent, a boot process for the network device.

Abstract: A method, a device, and a non-transitory storage medium are described in which a third party subscription management of end device profiles service is provided. The service may include obtaining a profile for a card of an end device from a third party device in which the profile includes a temporary element. For example, the temporary element may be a temporary keyset or a temporary USIM. During initial connectivity and activation with a core network, the card logic may obtain and update the profile with a permanent element for registration and activation procedures with the core network. In this way, security exposure with a third party device relating to a profile may be eliminated or minimized.

Abstract: A device may obtain, from a pool of subscription identifiers allocated for sharing, a subscription identifier for a target device to be onboarded onto a wireless network. The device may generate a derived subscriber identification module (SIM) profile that includes the subscription identifier and a derived set of credentials. The derived set of credentials may be based on an existing set of credentials associated with the device. The device may cause the derived SIM profile to be provided to the target device to enable the target device to obtain access to the wireless network.

Abstract: One or more computing devices, systems, and/or methods are provided. In an example, a system includes a first non-quantum-resistant (NQR) device configured to generate first data and a first quantum capable proxy server configured to receive the first data, encrypt the first data using a quantum resistant (QR) protocol to generate first QR data, and communicate the first QR data to a first target device using a first QR channel. In an example, a method includes generating first data by a first non-quantum-resistant (NQR) device, communicating the first data, by the first NQR device, to a first quantum capable proxy server, encrypting the first data, by the quantum capable proxy server, using a quantum resistant (QR) protocol to generate first QR data, and communicating, by the quantum capable proxy server, the first QR data to a first target device using a first QR channel.

Abstract: In some implementations, a device may receive, at an operating system, a request for a random number from an application. The device may provide a command to generate an entropy input, based on the request for the random number and through a driver that is isolated from the operating system, to a quantum random number generator that is isolated from one or more processors hosting the operating system. Accordingly, the device may receive the entropy input, from the quantum random number generator, using the driver, and may generate the random number based at least in part on the entropy input. The device may provide the random number to the application.

Abstract: A system described herein provide for the secure maintaining and providing of information, such as public keys used in Public Key Infrastructure (“PKI”) techniques or other techniques, using a secure distributed ledger (e.g., “blockchain”) system. A blockchain system may be utilized in lieu of a key escrow system in the exchange and/or providing of public keys in a Diffie-Hellman key exchange technique or other type of technique in which public keys are provided from one entity to another. A first entity may generate an asymmetric key pair that includes a public key and a private key, and may provide the public key to a blockchain system for retrieval by one or more other entities. For example, the entities may be engaged in a secure messaging session, in which messages are encrypted and may be decrypted using one or more keys, including the public key.

Abstract: A system described herein may provide for the dynamic and secure assignment of lockers that may be used when delivering goods in response to a fulfillment request. In some embodiments, smart tags may be used for packages provided in response to a fulfillment request. A smart locker system of some embodiments may include a set of lockers and one or more scanners that identify goods that have been delivered into a particular locker, such as by scanning smart tags placed on or in packages. The smart locker system may further receive a request from a User Equipment (“UE”), via a contactless tap, to provide the delivered goods, authenticate the UE, locate the particular locker in which the delivered goods are located, and unlock the locker.

Abstract: A device receives, from an application, a request to access an attestation key stored in a secure element of the device. The device obtains an attestation policy, by which to verify an identity of the application. The device examines an application file associated with the application, to determine whether the application file satisfies the attestation policy. The device selectively generates a temporary key based on a result of examining the application file. The temporary key may be used to access the attestation key. The temporary key may be generated based on the application file satisfying the attestation policy, and may not be generated based on the application file not satisfying the attestation policy.

Abstract: A first wireless access device, associated with a wireless service provider, establishes a wireless local area network connection with a second wireless access device and receives a certificate including a unique identifier associated with the second wireless access device. The first wireless access device determines whether the second wireless access device is authorized to connect to the first wireless access device. For example, if the certificate is signed by a certificate authority associated with the wireless service provider and the unique identifier appears in a whitelist stored at the first wireless access device, the first wireless access device and the second wireless access device perform a mutual authentication procedure based on one or more ephemeral keys. The first wireless access device provides the second wireless access device with access to a wide area network based on successful completion of the mutual authentication procedure.

Abstract: A device may obtain, from a pool of subscription identifiers allocated for sharing, a subscription identifier for a target device to be onboarded onto a wireless network. The device may generate a derived subscriber identification module (SIM) profile that includes the subscription identifier and a derived set of credentials. The derived set of credentials may be based on an existing set of credentials associated with the device. The device may cause the derived SIM profile to be provided to the target device to enable the target device to obtain access to the wireless network.

Abstract: A first user device may provide, to a provisioning device, a request for a subscriber identity module (SIM) swap that causes provisioning data to be provided to a first SIM card of the first user device and from a second SIM card of a second user device. The first user device may generate a first encrypted token based on a first identifier associated with the first SIM card. The first user device may provide, to the provisioning device, the first encrypted token and a user identifier. The first user device may selectively receive the provisioning data when the first encrypted token matches a second encrypted token generated by the second user device based on a second identifier associated with the second SIM card, or receive a message indicating that the first user device cannot be provisioned, when the first encrypted token fails to match the second encrypted token.