Provided is a method, performed by an electronic device, of managing keys for accessing a plurality of services in an integrated manner to improve interoperability and secure security. The method includes transmitting, by a secure domain (SD) in a secure area of the electronic device, a certificate of the SD to a plurality of service providers (SPs); receiving, by an application installed in the electronic device, a certificate of each of the plurality of SPs from the plurality of SPs; receiving, by the application, first signed data from a first SP among the plurality of SPs; authenticating, by the application, the first signed data by using a certificate of the first SP received from the first SP and obtaining an encrypted key of the first SP from the first signed data; decrypting, by the SD, the encrypted key of the first SP by using a private key of the SD; and storing the decrypted key of the first SP in a first instance corresponding to the first SP among a plurality of instances of the SD.

A mobile device can detect an idle state and, in response, initiate an access monitoring function to covertly monitor activity involving a human interaction with the mobile device. The covert monitoring is undetectable by a user of the mobile device. The mobile device can then detect a human interaction with the mobile device and, in response, cause the mobile device to covertly capture and log one or more human interactions with the mobile device. An authorized user of the mobile device is enabled to review the log of human interactions with the mobile device.

A wireless access device can be configured to determine a list of accessory groups corresponding to accessories connected to a network managed by the wireless access device. The wireless access device may also be configured to identify at least one firmware update that corresponds to at least one accessory group of the list of accessory groups and request all firmware updates that correspond to the at least one accessory group. The wireless access device can also be configured to receive one or more firmware updates that corresponds to at least one of the accessories of the at least one accessory group for which a respective firmware update is available and transmit at least one firmware update of the received one or more firmware updates to at least one corresponding accessory of the at least one accessory group.

A wireless access device can be configured to determine a list of accessory groups corresponding to accessories connected to a network managed by the wireless access device. The wireless access device may also be configured to identify at least one firmware update that corresponds to at least one accessory group of the list of accessory groups and request all firmware updates that correspond to the at least one accessory group. The wireless access device can also be configured to receive one or more firmware updates that corresponds to at least one of the accessories of the at least one accessory group for which a respective firmware update is available and transmit at least one firmware update of the received one or more firmware updates to at least one corresponding accessory of the at least one accessory group.

The present application is directed a computer-implemented technique for enhancing security and preventing cyber-attacks on a network. The technique includes receiving information from user equipment, selecting a first VPN server from a VPN service provider based upon a traffic-type of the user equipment, creating a policy to prevent cyber-attacks such that traffic associated with the received information of the user equipment is routed to the first VPN server, provisioning the first VPN server to last a predetermined amount of time based on the policy, coordinating the policy with a router on the network, with the traffic being sent to the VPN server via the router, and sending, after a predetermined condition is met, a request to the VPN service provider to transmit a second VPN server, and where the first VPN server terminates.

The present application is directed a computer-implemented technique for enhancing security and preventing cyber-attacks on a network. The technique includes receiving information from user equipment, selecting a first VPN server from a VPN service provider based upon a traffic-type of the user equipment, creating a policy to prevent cyber-attacks such that traffic associated with the received information of the user equipment is routed to the first VPN server, provisioning the first VPN server to last a predetermined amount of time based on the policy, coordinating the policy with a router on the network, with the traffic being sent to the VPN server via the router, and sending, after a predetermined condition is met, a request to the VPN service provider to transmit a second VPN server, and where the first VPN server terminates.

A device may receive a secure signal message from an IoT device provided in a first security zone, and may provide the secure signal message from the first security zone to a second security zone, via a first secure data layer. The device may generate two processed secure signal messages from the secure signal message, and may provide the two processed secure signal messages from the second security zone to a third security zone, via a second secure data layer. The device may calculate a secure analytics message, that includes a graph, based on the two processed secure signal messages, and may provide the secure analytics message from the third security zone to a fourth security zone, via a third secure data layer. The device may store the secure analytics message in a data structure associated with the fourth security zone.

Systems, methods, and devices for secure and configurable control of user equipment (UE) devices associated with enterprise accounts are disclosed herein. Each enterprise account is associated with a plurality of UE devices, which may access networked assets associated with the enterprise. In order to manage UE device access to enterprise assets and to other networks via an internet connection through a wireless telecommunications network, data associated with different enterprise accounts is virtually separated at the edge routers and maintained as separate data streams to distinct virtual environments associated with the enterprise accounts at one or more asset hosting servers. The virtual environments on the assets hosting servers further facilitate enterprise-specific control of mobile assets, such as enforcing security policies relating to access, connections, filtering, or encryption.

Systems, methods, and devices for secure and configurable control of user equipment (UE) devices associated with enterprise accounts are disclosed herein. Each enterprise account is associated with a plurality of UE devices, which may access networked assets associated with the enterprise. In order to manage UE device access to enterprise assets and to other networks via an internet connection through a wireless telecommunications network, data associated with different enterprise accounts is virtually separated at the edge routers and maintained as separate data streams to distinct virtual environments associated with the enterprise accounts at one or more asset hosting servers. The virtual environments on the assets hosting servers further facilitate enterprise-specific control of mobile assets, such as enforcing security policies relating to access, connections, filtering, or encryption.

The invention is a method for managing a tamper-proof device comprising first and second software containers, said tamper-proof device being included in a host device comprising a baseband unit. Said first software container is designed to emulate an eUICC and is in a deactivated state. The second software container comprises a set of rules. The baseband unit comprises an activator agent which retrieves both location data broadcasted by a telecom network and the set of rules from the second software container. The activator agent checks if activation of the first software container is authorized by one of said rules for the location data and requests activation of the first software container only in case of successful checking.