A computing device can include an embedded universal integrated circuit card (eUICC) in order to receive and decrypt an encrypted profile, where the encrypted profile includes network access credentials. The eUICC can record a first private key and a set of cryptographic parameters. The computing device can use the eUICC to authenticate with a server. The computing device can receive (i) a signal for deriving a second private key and corresponding public key, and (ii) a nonce as user input. The eUICC can use the first private key to process a digital signature for the corresponding public key and the nonce. The eUICC can use at least the second private key, the set of cryptographic parameters, and an elliptic curve Diffie Hellman key exchange in order to derive a symmetric ciphering key. The eUICC can receive the encrypted profile and decrypt with at least the derived symmetric ciphering key.