Handling Lost or Stolen Devices

Handling Lost or Stolen Devices: Reassigning SIM/eSIM Access on Our Private CBRS Network at EOB8

Security is a top priority for our private Citizens Broadband Radio Service (CBRS) network at EOB8. If a device with a provisioned SIM card (physical) or eSIM is lost or reported stolen, quick action prevents unauthorized access while allowing legitimate users to regain connectivity on a replacement device. This process leverages our centralized SIM management system, which supports remote profile control in line with industry standards from the OnGo Alliance, GSMA (for eSIMs), and private LTE/5G best practices.

The key advantage of private networks like ours is full administrative control: We can remotely suspend/disable access tied to the original IMSI (from our IBN 0148 block) and reassign equivalent access to a new device—often using the same or a new IMSI—without disrupting the broader network.

Step-by-Step Process for Lost or Stolen Devices

  1. Immediate Reporting and Suspension
  • Report the loss/theft to the EOB8 IT/network team right away (include device details like IMEI, last known location if available, and user info).
  • We will immediately suspend the affected subscriber profile in our core network (HSS/UDM equivalent). This blocks authentication for that IMSI, preventing the device from attaching to our network—even if someone tries to use it.
    • For physical SIMs: Suspension stops network access; the SIM itself can’t be remotely erased (as it’s removable hardware), but credentials are invalidated network-side.
    • For eSIMs: We can remotely disable or delete the profile via our Remote SIM Provisioning (RSP) platform (GSMA-compliant SM-DP+), making it inactive on the lost device. This is more secure since eSIMs can’t be physically removed.
  • Additional steps: If the device supports features like “Find My Device” (Android) or “Find My” (iOS), use those to lock, track, or remotely erase the device for extra protection.
  1. Reassigning Access to a New Device
  • Provide the replacement device details (e.g., IMEI, model, and whether it supports physical SIM or eSIM).
  • We re-provision access using our SIM management platform:
    • Option 1: Reuse the same IMSI (common for continuity, especially in private networks). We generate a new authentication profile with the original IMSI and keys, then deliver it to the new device. This keeps user identity and policies intact without assigning a new IMSI from our block.
    • Option 2: Assign a new IMSI from our IBN 0148 pool (if preferred for security, e.g., to fully orphan the old one). This creates a fresh subscriber entry.
  • For physical SIMs: Issue a new programmable SIM card pre-loaded with the (re)assigned IMSI and credentials, or update via a SIM writer if hardware supports it.
  • For eSIMs (recommended for quick recovery): Use remote provisioning to push a new or updated profile OTA. The user scans a QR code, uses a portal/app, or we trigger download automatically—no physical swap needed.
  • The new profile includes our PLMN (315-010), allowed TACs (from IBN 0148 plus 60052/60053), and any custom policies (e.g., QoS, access groups).
  1. Verification and Activation
  • Once provisioned, insert the new SIM (or install the eSIM profile) on the replacement device.
  • The device scans for our PLMN (315010), authenticates via standard LTE/5G protocols (e.g., AKA/EAP-AKA), and registers using one of our TACs.
  • We verify successful attachment in our management system and test connectivity.
  • Any previous sessions or data tied to the old profile remain inaccessible.
  1. Post-Incident Management
  • We log the event for compliance and auditing.
  • Update device inventories and policies as needed (e.g., add restrictions for high-risk users).
  • If the lost device is recovered, we can re-evaluate reactivation (rare, as credentials are typically invalidated permanently for security).

Why This Works Seamlessly in Our Private CBRS Setup

  • Private networks give us direct control over subscriber data in the core—no reliance on public carriers for blacklisting.
  • eSIMs shine here: Remote management (suspend, delete, re-provision) happens over-the-air, reducing downtime and logistics.
  • IMSI reassignment is straightforward since our IBN provides a pool of unique identities; we avoid public network complexities like number porting.
  • All actions comply with FCC Part 96, OnGo Alliance guidelines, and GSMA RSP standards for secure handling.

Prevention Tips

  • Enable device-level security (PINs, biometrics, remote wipe).
  • Use eSIMs where possible for faster remote control.
  • Report issues immediately—delays increase risk.

If a device is lost or stolen, contact our IT/network team promptly with details. We’ll guide you through suspension and reassignment to minimize disruption and keep your access secure. Questions about this process or device compatibility? Reach out—we’re committed to making private wireless reliable and protected!