This invention provides secure, policy-based separation of data and applications on computer, especially personal computers that operate in different environments, such as those including personal applications and corporate applications, so that both types of applications can run simultaneously while complying with all required policies. The invention enables employees to use their personal devices for work purposes, or work devices for personal purposes. The secure, policy-based separation is created by dividing the data processing device into two or more “domains,” each with its own policies. These policies may be configured by the device owner, an IT department, or other data or application owner.

Method and systems for transitioning a wireless device between client-less connectivity and client-based connectivity are disclosed. In an embodiment, a method for transitioning a wireless device between client-less connectivity and client-based connectivity involves forwarding traffic from a wireless device through a SASE domain, receiving a request for information related to a SASE gateway in the SASE domain from the wireless device, transmitting information related to the SASE gateway from the SASE domain to the wireless device in response to the request, and transitioning the wireless device between client-less connectivity to the SASE gateway and client-based connectivity to the SASE gateway.

Method and systems for transitioning a wireless device between client-less connectivity and client-based connectivity are disclosed. In an embodiment, a method for transitioning a wireless device between client-less connectivity and client-based connectivity involves forwarding traffic from a wireless device through a SASE domain, receiving a request for information related to a SASE gateway in the SASE domain from the wireless device, transmitting information related to the SASE gateway from the SASE domain to the wireless device in response to the request, and transitioning the wireless device between client-less connectivity to the SASE gateway and client-based connectivity to the SASE gateway.

Usage-limited passcodes support authentication when onboarding new employees, when recovering access after an enrolled device is lost or temporarily unavailable, or when registering passwordless authentication methods for new devices during an out of the box setup, among other scenarios. Usage-limited passcodes are also referred to as “temporary access passes” or TAPs. TAP usage may be limited to a specific number of uses, particular kinds of uses, certain time periods, or a combination thereof. A TAP includes a code string and an implementation of corresponding tokens, rights, and other identity aspects within an enhanced access control infrastructure. TAP usage may supplement or replace other authentication, and in particular may replace authentication through a username and password combination, thereby enhancing both usability and security. Self-service identity confirmation may be used to obtain a TAP. Redirection to a federated domain identity provider may be avoided during TAP authentication.

According to an example aspect of the present invention, there is provided an apparatus configured to function as a network function repository, and transmit to a network function consumer an access token authorizing access to a service provided by a network function producer, the access token comprising an at least one of: indication of a fully qualified domain name of the network function consumer, an indication of a domain from which access to the network function producer is allowed and an indication of a stand-alone non-public network from which access to the network function producer is allowed.

Provided is a method for discovering security information. A first device sends a broadcast or multicast message to M second devices in a network where the first device is located, M is an integer greater than or equal to 1, and the broadcast or multicast message contains a request for performing security domain discovery; the first device receives representations of security domain resources fed back by N second devices, wherein N is an integer greater than or equal to 1 and less than or equal to M; the first device obtains L pieces of security domain information on the basis of the representations of the security domain resources fed back by the N second devices, and displays the L pieces of security domain information, L is an integer greater than or equal to 1, and the security domain information comprises a security domain identification (ID) and a security domain name.

A user equipment and wireless provisioning method and system associated with a first wireless network are provided. The wireless provisioning system includes a processor, a network interface in communication with the first wireless network, and a non-transitory memory storing a first set and a second set of information of a profile related to operation of a UE on a second wireless network. The processor transmits the first set of information to the UE for provisioning to the UE files associated with authorization and authentication of the UE on the second wireless network. The processor validates that the first set of information was provisioned to the UE and transmits the second set of information to the UE for provisioning to the UE pointer updates for updating pointers on the UE to point to the first set of information. The processor transmits an instruction for the UE to reboot.

An information processing method is provided. The method includes: acquiring first identity information of a first security domain; obtaining first discovery request information on the basis of the first identity information, wherein the first discovery request information is used for requesting a target resource of a target device that matches the first identity information; and sending the first discovery request information.

An access point and a communication connection method are provided. The access point includes a communication apparatus for supporting a wireless communication network, a memory that stores a plurality of passwords for connection to the wireless communication network and authority information for each of the plurality of passwords, and a processor that, when an electronic device requests connection including one of the plurality of passwords for connection to the wireless communication network, grants the electronic device an authority corresponding to the password through which connection has been made, on the basis of the stored authority information.

Novel tools and techniques are provided for implementing customer resource telemetry and use as a service. In various embodiments, a computing system might receive, from a user, a request to access at least one network-accessible resource associated with a customer of a service provider, the user being unassociated and unrelated with the customer; might identify at least one of a user identification, a company, or a class of user associated with the user; might determine whether at least one resource record associated with the customer indicates that the user has permission to access the at least one network-accessible resource, based on the identification. If so, the computing system might provide the user with access to the at least one network-accessible resource associated with the customer. If not, the computing system might deny, to the user, access to the at least one network-accessible resource associated with the customer.