In some embodiments, an exemplary access controlling network architecture may include: a computing device, configured to: receive application program instruction to display an access controller interface element and a multi-part multi-functional access control, where the access controller interface element is: communicatively coupled to a cellular network hosted access controlling schema and operationally linked to at least one access-restricted digital resource; where the multi-part multi-functional access control sequence includes: a symbol, an access code, and a particular access control digital key; transmit an access request having: the multi-part multi-functional access control sequence and an identity linked to the computing device; receive, in response to the access request, a program instruction to unlock the at least one access-restricted digital resource for accessing via the computing device after the access code has been accepted by the cellular network hosted access controlling schema and the particular access control digital key matches an expected access control digital key.

A method of securing functionalities of an integrated subscriber identification module (iSIM) on an information handling system may include with an embedded controller (EC), detecting a powering-up process at the information handling system and determine a chain of trust access keys during bootup; with the execution of the EC, detecting and activating a wireless wide area network (WWAN) module; with the execution of the EC, detecting and accessing an integrated subscriber identity module (iSIM); with the execution of the EC, authenticating access to iSIM content including authorization information and carrier profile information with the chain of trust access keys generated from encryption keys based on digital signatures; and sending the authorization information and carrier profile information form the iSIM to the WWAN module for authentication, wirelessly, with a switched multimegabit data service (SM-DS) server associated with the carrier profile.

Methods and systems are provided for establishing dynamic and secure peer-to-peer communications channels between terminals. A network device may intercept a connection request transmitted from a first terminal to a second terminal, over a secure network, with the connection request including a first parameter that identifies the first terminal and a second parameter that identifies the second terminal, with the first parameter and the second parameter relating to a network interface that operates according to a security protocol. The network device may then send instructions to the first terminal to establish peer-to-peer communications with the second terminal over a secured ad-hoc public network, using one or more keys provided by a central unit of that network. The keys may include an authentication key, which may be used in authenticating one or both of the terminals, and/or an encryption key, which may be used in encrypting the peer-to-peer communications.

Certain aspects provide a method for wireless communication. The method generally includes deriving a network specific identifier (NSI) in a network access identifier (NAI) format, the NSI including a network identifier (NID) stored at the UE, generating a subscription concealed identifier (SUCI) based on the NSI for authentication of the UE with a non-public network (NPN), and sending the SUCI to a network entity for the authentication of the UE with the NPN.

Methods and systems are provided for establishing dynamic peer-to-peer communications channels between terminals. A connection request for establishing a communications channel between a first terminal and second terminal may be intercepted. The first terminal and the second terminal may be connectable over secured communications channels to a secured network. Based on the intercepted connection request and/or network parameters obtained from the first and the second terminals, the terminals may be instructed to establish a peer-to-peer communications channel over a network distinct from the secured network. Security of the peer-to-peer communications channel may be maintained, such as by use of authentication and/or encryption in one or both of the first terminal and the second terminal.

Systems and methods for identification of a controlled-environment facility resident in possession of a contraband communications device capture or otherwise accept managed access data and/or contraband communications device assessment data for contraband communications devices operating in the controlled-environment facility. Controlled-environment facility resident call data for each resident of the controlled-environment facility is gathered from the controlled-environment facility resident communications system. Correlations in the managed access data and/or assessment data with the controlled-environment facility resident communications system call data are analyzed to identify each resident of the controlled-environment facility in possession of a contraband communications device.

Protecting a mobile device is provided. A first set of IoT devices in a first domain at a first geographic location is established by communicating with respective members of the first set of IoT devices. Respective ones of the first set of IoT devices are identified within the first domain as registered to a user corresponding to a mobile device based on a list of registered devices generating a registered subset of IoT devices that includes the mobile device. It is determined that the mobile device is in an unsecure environment based on establishing proximity to unknown IoT devices that are not members of the registered subset of IoT devices. A self-protection mode of operation is launched on the mobile device in response to determining that the mobile device is in the unsecure environment based on establishing proximity to the unknown IoT devices.

An approach is provided for controlling access to contents displayed on a mobile device. Based on a security rule, the contents are divided into first and second sets. A first user is authorized to access the first set and not authorized to access the second set. The first set is displayed on a physical, transparent, touch functionality-enabled first layer of a display of the mobile device. The second set is displayed on a physical, opaque, touch functionality-lacking second layer of the display. A security level of a second user is determined after the first user stops using and the second user starts using the mobile device. Based on the security level, the contents are modified so that item(s) are removed from the first set and placed in the second set and/or other item(s) are removed from the second set and placed in the first set.

A file protection method, to resolve a problem that privacy of a file cannot be ensured by manually hiding the file or manually encrypting the file, is presented. The method includes obtaining, by a terminal device, a target file; determining, by the terminal device, whether the target file satisfies a preset file condition; when the target file satisfies the preset file condition, determining, by the terminal device, whether the target file satisfies a corresponding preset protection condition; and when the target file satisfies the preset protection condition, applying, by the terminal device, a corresponding protection solution to the target file. The embodiments of the present disclosure further provide a corresponding file protection apparatus.

There is provided an authentication method and system where protection of user equipment (UE) privacy and network security can be improved. The system includes a third party communicatively trusted by and connected to the UE and one or more network entities, the third party configured to obtain identity information indicative of identity of the UE or the network entities and verify the UE and the network entities on whether the UE and the network entities are authorized to perform communications in the communication network. The third party is further configured to create mapping information, the mapping information including mappings between each identity indicated by the identity information and a respective temporary authentication identifier (ID) and according to the mapping information, transmit the respective temporary authentication ID to each of the UE and the network entities that are verified successfully by the third party. The system further includes the one or more network entities to which the UE is authenticated to access, each of the network entities configured to communicate with the UE or other network entities based on their respective temporary authentication ID.