Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

A tamper resistant device can be used for an integrated circuit card. The device includes memory storing a first security domain that includes a telecommunication profile and a second security domain that includes an application profile. A first physical interface is configured to be coupled to a baseband processor configured to operate with a mobile telecommunications network. A second physical interface configured to be coupled to an application processor. The first physical interface configured to allow the baseband processor to access the telecommunication profile and the second physical interface is configured to allow the application processor to access the application profile. The tamper resistant device is configured to enable accessibility to the application profile if corresponding commands are received at the first interface and to enable accessibility to the telecommunication profile if corresponding commands are received at the second interface.

In an aspect of the disclosure, a method, a computer-readable medium, and one or more apparatuses are provided. The apparatuses may be one or more thin clients. Each of the one or more thin clients wirelessly connects with at least one peripheral. Each of the one or more thin clients establishes a remote session with a remote machine. The one or more thin clients are placed in an environment that is isolated from the at least one peripheral of each of the thin clients.

In one example, an Access Point (AP) configures a first mapping of a first cellular network connection to a first local access network group, and further configures a second mapping of a second cellular network connection to a second local access network group. The AP determines whether a user device is authorized to use the first cellular network connection or the second cellular network connection. If the user device is authorized to use the first cellular network connection, the AP associates, for the user device, a first user device identifier with the first local access network group. If the user device is authorized to use the second cellular network connection, the AP associates, for the user device, a second user device identifier with the second local access network group.

Internet of Things (IoT) system and method of interfacing arbitrary non-network connected devices to wireless computer networks. The invention provides a configurable wireless communications module, in either fixed or removable formats, with wireless (e.g. WiFi) network connectivity. The invention uses at least one internal processor, which is configured to operate as a sandbox or virtual machine manner to isolate the code used to operate the arbitrary non-network connected device from the code used to operate the communications module.

Internet of Things (IoT) system and method of interfacing arbitrary non-network connected devices to wireless computer networks. The invention provides a configurable wireless communications module, in either fixed or removable formats, with wireless (e.g. WiFi) network connectivity. The invention uses at least one internal processor, which is configured to operate as a sandbox or virtual machine manner to isolate the code used to operate the arbitrary non-network connected device from the code used to operate the communications module.

A method performed by a wireless device (130) for handling configuration of the wireless device (130). The wireless device (130) operates in a communications network (10). The wireless device (130) sends (203) an indication to a network node (110) operating in the communications network (10). The indication comprises a configuration object in Constrained Application Protocol (CoAP). The configuration object comprises one or more configuration parameters of the wireless device (130) in the communications network (10). The wireless device (130) then receives (204) another indication from the network node (110). The another indication comprises a first instruction to configure the wireless device (130) to use at least one changed configuration parameter of the one or more configuration parameters. The at least one changed configuration parameter id adapted to one or more policies of the communications network (10) for the wireless device (130).

Systems and methods of managing a plurality of Wi-Fi networks via a cloud service include communicating to a plurality of access points in the plurality of Wi-Fi networks, wherein the plurality of access points are deployed in a location that includes any of a multi-dwelling unit (MDU), office space, retail space, mixed-use space, and common areas; providing end user management access to a plurality of end users each associated with one of the plurality of Wi-Fi networks; providing property manager management access to a property manager associated with the location and with any additional locations; and providing service provider management access to a service provider associated with the location.

A method of user equipment (UE) implemented network slice security protection is disclosed. The method comprises the UE receiving a request to initialize an application, querying a UE Route Selection Policy (URSP) stored on the UE, and receiving traffic descriptors and security descriptors in response to the querying. The traffic descriptors identify a network slice for the application. The security descriptors comprise a security flag and a virtualization container ID. The method also comprises the UE initiating the application within a virtualization container corresponding to the virtualization container ID based on the security flag indicating that the network slice is secure and binding traffic for the application in the virtualization container to a PDU session based on the traffic descriptors. The method further comprises communicating, by the application executing within the virtualization container, with a core network over the PDU session via the network slice bound to the virtualization container.