The invention is a method for managing a tamper-proof device comprising first and second software containers, said tamper-proof device being included in a host device comprising a baseband unit. Said first software container is designed to emulate an eUICC and is in a deactivated state. The second software container comprises a set of rules. The baseband unit comprises an activator agent which retrieves both location data broadcasted by a telecom network and the set of rules from the second software container. The activator agent checks if activation of the first software container is authorized by one of said rules for the location data and requests activation of the first software container only in case of successful checking.

A method and system for controlling access to external networks by an air-gapped endpoint is provided. The method includes providing, on the air-gapped endpoint, a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using a hypervisor; selecting one security zone of the plurality of isolated security zones; and tunneling a traffic from the selected security zone to a designated network location, wherein the tunneling is through a virtual private network (VPN).

A method and system for controlling access to external networks by an air-gapped endpoint is provided. The method includes providing, on the air-gapped endpoint, a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using a hypervisor; selecting one security zone of the plurality of isolated security zones; and tunneling a traffic from the selected security zone to a designated network location, wherein the tunneling is through a virtual private network (VPN).

A server includes a processor core including system memory, and a cryptographic engine storing a key data structure. The data structure is to store multiple keys for multiple secure domains. The core receives a request to program a first secure domain into the cryptographic engine. The request includes first domain information within a first wrapped binary large object (blob). In response a determination that there is no available entry in the data structure, the core selects a second secure domain within the data structure to de-schedule and issues a read key command to read second domain information from a target entry of the data structure. The core encrypts the second domain information to generate a second wrapped blob and stores the second wrapped blob in a determined region of the system memory, which frees up the target entry for use to program the first secure domain.

In one embodiment, a method in a multi-tenant wireless network comprises determining a first user private network (UPN) for a first device of a first user. The first UPN provides discovery, by the first device, of other devices on the wireless network to a first subset of other devices on the wireless network. The method further comprises determining a second UPN for the first device of the first user. The second UPN provides discovery, by the first device, of other devices on the wireless network to a second subset of other devices on the wireless network. The method further comprises providing discovery of the first subset and second subset of other devices on the wireless network to the first device of the first user. Discovery of the second subset is provided dynamically based on a current location of the first device.

In one embodiment, a method in a multi-tenant wireless network comprises determining a first user private network (UPN) for a first device of a first user. The first UPN provides discovery, by the first device, of other devices on the wireless network to a first subset of other devices on the wireless network. The method further comprises determining a second UPN for the first device of the first user. The second UPN provides discovery, by the first device, of other devices on the wireless network to a second subset of other devices on the wireless network. The method further comprises providing discovery of the first subset and second subset of other devices on the wireless network to the first device of the first user. Discovery of the second subset is provided dynamically based on a current location of the first device.

Systems and methods for activating an interface device for use at a premises are described. An interface device may be activated for a security system at the premises. The interface device may communicate with a remote server to request activation. The remote server may also be in communication with a user device. A correspondence of a first address of the interface device and a second address of the user device may be used to authorize the interface device for activation. The interface device may receive an activation message and begin communicating with and controlling a security system and other devices at the premises.

Systems and methods for activating an interface device for use at a premises are described. An interface device may be activated for a security system at the premises. The interface device may communicate with a remote server to request activation. The remote server may also be in communication with a user device. A correspondence of a first address of the interface device and a second address of the user device may be used to authorize the interface device for activation. The interface device may receive an activation message and begin communicating with and controlling a security system and other devices at the premises.

A method for applying or overriding a preferred-locality attribute during network function (NF) discovery includes, at a service communications proxy (SCP) or security edge protection proxy (SEPP) including at least one processor, receiving, from an NF, an NF discovery request including a preferred-locality attribute or lacking a preferred-locality attribute. The method further includes selecting, by the SCP or SEPP, a value for the preferred-locality attribute for the NF discovery request. The method further includes inserting, by the SCP or SEPP, the value for the preferred-locality attribute into the NF discovery request. The method further includes transmitting, by the SCP or SEPP, the NF discovery request to a network function repository function (NRF).

A method for applying or overriding a preferred-locality attribute during network function (NF) discovery includes, at a service communications proxy (SCP) or security edge protection proxy (SEPP) including at least one processor, receiving, from an NF, an NF discovery request including a preferred-locality attribute or lacking a preferred-locality attribute. The method further includes selecting, by the SCP or SEPP, a value for the preferred-locality attribute for the NF discovery request. The method further includes inserting, by the SCP or SEPP, the value for the preferred-locality attribute into the NF discovery request. The method further includes transmitting, by the SCP or SEPP, the NF discovery request to a network function repository function (NRF).