A communication network provides over-the-air (OTA) applications and application services to wireless devices in a way that provides authentication and helps insure confidentiality and/or information integrity. An authentication center authenticates a wireless device by comparing a signed response from the device with a predicted signed response. The signed responses may be generated from a random number, the device's identification number and user key. When the wireless device is authenticated, the OTA application may be sent to the wireless device in protocol data units (PDUs). Prior to sending the PDUs, a random number may be added to one of the PDUs. When receiving the PDUs, the device may extract the random number and calculate a cipher key using the number and a user key. The OTA application may be accepted when the calculated cipher key matches a prior generated cipher key.