A method for managing an application in a short-range communication device according to some embodiments of the present disclosure includes receiving application installation request information from an administrator of the short-range communication device, generating authentication information for installing the application by using the received application installation request information, requesting a first server to verify the authentication information, downloading application installation data based on a verification of the authentication information, and installing the application in an application platform region of the short-range communication device using the application installation data, and installing an applet for interworking with the application in a secure element of the short-range communication device.

A method for managing an application in a short-range communication device according to some embodiments of the present disclosure includes receiving application installation request information from an administrator of the short-range communication device, generating authentication information for installing the application by using the received application installation request information, requesting a first server to verify the authentication information, downloading application installation data based on a verification of the authentication information, and installing the application in an application platform region of the short-range communication device using the application installation data, and installing an applet for interworking with the application in a secure element of the short-range communication device.

A method by an access device comprising obtaining a first biometric sample of a user; generating a first biometric template or a derivative thereof from the first biometric sample; transmitting the first biometric template or the derivative thereof to a mobile device, wherein the mobile device or the user determines if the access device is an authentic access device; receiving a confirmation of a match between the first biometric template and a second biometric template on the mobile device; and conducting a transaction between the access device and the mobile device, after the mobile device or the user determines that the access device is authentic.

A method by an access device comprising obtaining a first biometric sample of a user; generating a first biometric template or a derivative thereof from the first biometric sample; transmitting the first biometric template or the derivative thereof to a mobile device, wherein the mobile device or the user determines if the access device is an authentic access device; receiving a confirmation of a match between the first biometric template and a second biometric template on the mobile device; and conducting a transaction between the access device and the mobile device, after the mobile device or the user determines that the access device is authentic.

A method, performed by a terminal, of negotiating an embedded universal integrated circuit card (eUICC) version in a wireless communication system includes: establishing a hypertext transfer protocol over secure socket layer (HTTPS) connection with a server; transmitting eUICC information including information about the eUICC version to the server through the HTTPS connection; and receiving server information corresponding to the eUICC information from the server, wherein the information about the eUICC version includes a minimum eUICC version and a maximum eUICC version that are available when the terminal accesses the server.

Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.

Techniques for applying context-based security over interfaces in O-RAN environments in mobile networks are disclosed. In some embodiments, a system/process/computer program product for applying context-based security over interfaces in O-RAN environments in mobile networks includes monitoring network traffic on a mobile network at a security platform to identify a GTP-U tunnel session setup message associated with a new session; extracting a plurality of parameters from the GTP-U tunnel session setup message and from F1AP traffic to extract contextual information at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to apply context-based security to the network traffic transported between O-RAN Distributed Unit (O-DU) and O-RAN Centralized Unit Control Plane (O-CU-CP) nodes in an O-RAN environment in the mobile network.

Techniques for applying context-based security over interfaces in O-RAN environments in mobile networks are disclosed. In some embodiments, a system/process/computer program product for applying context-based security over interfaces in O-RAN environments in mobile networks includes monitoring network traffic on a mobile network at a security platform to identify a GTP-U tunnel session setup message associated with a new session; extracting a plurality of parameters from the GTP-U tunnel session setup message and from F1AP traffic to extract contextual information at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to apply context-based security to the network traffic transported between O-RAN Distributed Unit (O-DU) and O-RAN Centralized Unit Control Plane (O-CU-CP) nodes in an O-RAN environment in the mobile network.

The present application is at least directed to an apparatus. The apparatus includes a non-transitory memory including instructions stored thereon for configuring a service. The apparatus also includes a processor operably coupled to the non-transitory memory may be configured to execute the instructions of (i) receiving first information for accessing an exposure function; (ii) receiving a request for the service via an application; (iii) creating a request for the service based on the first information; (iv) sending the created request to the exposure function; and (v) receiving a response from the exposure function. The service may include any one or more of buffering, a background data transfer, a communication pattern configuration, sponsored services, reachability, a mobile originating/paging-off mode or value added services. Moreover, the received request includes parameters to configure the service. Further, the second information includes parameters selected from desired time window, desired data transfer size, desire quality of service, indication whether flow is sponsored, maximum cost basis, qualitative measurements and combinations thereof.

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for validating interactions with false rendered elements. In one aspect, a method includes receiving a rendering notification and a declaration of a rendered element defined in an active window on a client device, detecting interaction with the rendered element at the client device, determining whether the interaction occurred at a declared location of the rendered element within the active window, and processing the interaction including: in response to determining that the interaction occurred: capturing a screenshot of the active window on the client device; verifying a visual appearance of the rendered element in the screenshot with a declared appearance of the rendered element, and generating an interaction attestation, thereby validating the interaction. In response to determining that the interaction did not occur, refraining from generating the interaction attestation.