Abstract: Disclosed are techniques for determining data relationships between privacy-restricted datapoints, sourced over a computer network, which require data privacy measures concealing at least some datapoints from other clients in the network that the datapoint respectively do not originate from. A first client encrypts a first datapoint with a public key of a public/private encryption scheme and communicates it to the second client along with the public key. The second client encrypts a corresponding second datapoint with the public key, then determines a relationship between the two encrypted datapoints, and communicates the determined relationship to a central client along with the public key. Random noise is encrypted by the central client and added to the determined relationship, then sent together to the first client, followed by decryption by the first client using the private key. The central client extracts the random noise after receiving the decrypted determined relationship.

Abstract: A stopped vehicle information remote retrieval method includes an emergency personnel or first responder vehicle (FRV) establishing a vehicle connection between an infotainment system of a stopped vehicle and the FRV. The FRV sends a vehicle information request to the infotainment system of the stopped vehicle, via the vehicle connection, seeking release of vehicle information. The FRV obtains authentication of the vehicle information received in response to the vehicle information request. The FRV determines occupant status based on the vehicle information. The FRV communicates the passenger status to a first responder.

Abstract: Generating network identifier information and authentication information for wireless communication with a controller includes accessing, by the controller, identity information associated with the controller. The controller obfuscates the identity information and generates the network identifier information and the authentication information associated with the controller using the obfuscated identity information. The controller is configured for wireless communication using the generated network identifier information and the generated authentication information.

Abstract: A communication terminal (10) includes control means for generating a subscription concealed identifier (SUCI) including a subscription permanent identifier (SUPI) concealed using a predetermined protection scheme, and a protection scheme identifier identifying the protection scheme, and transmission means for sending the SUCI to a first network apparatus during a registration procedure, the SUCI being sent for a second network apparatus to de-conceal the SUPI from the SUCI based on the protection scheme used to generate the SUCI.

Abstract: A method for performing service authorization for private networks based on an enhanced PLMN identifier. The method includes receiving an attach request from a user equipment device (UE) via a private network, where the attach request includes an international mobile subscriber identity value (IMSI). The method further includes determining, based on the IMSI, an organization identifier and a token associated with the private network, where the token is included in an enhanced PLMN for granting the UE access to resources in the private network. The method further includes sending the token to the UE and a network proxy within the private network.

Abstract: A computer-implemented method for improving security of a biometrics-based authentication system comprises receiving, by one or more servers, enrolled biometric samples of an enrolled user during an enrollment stage of the biometrics-based authentication system. Augmented biometric samples are created by adding learned perturbations to the enrolled biometric samples of the enrolled user. During a request for authentication, submitted biometric samples are received from a second user. The submitted biometric samples of the second user are compared to the enrolled biometric samples and to the augmented biometric samples of the enrolled user based on predefined metrics. Based on the comparison it is determined whether the submitted biometric samples of the second user have been modified to impersonate the enrolled user.

Abstract: A portable terminal device (1) sets a security level for each application in accordance with position, and stores the level in a memory (102). The security level determines whether each application is displayed or made executable on a display portion (114a) in locked state and unlocked state. A control unit (101) refers to the security level and determines the application displayed on the display portion (114a) in accordance with position information acquired by a position information acquisition unit (GPS reception unit) (104), and makes executable the application selected by the user. Thus, the portable terminal device (1) offers user-friendliness while ensuring security strength.

Abstract: A method for federative learning of an artificial neural network model on a plurality of sets of training data. The learning method used a plurality of data suppliers each having a distinct set of training data and a symmetric key, and an aggregation platform aggregating partial models trained on a sub-plurality of these sets, in each iteration. In each iteration, the platform selects a sub-plurality of data suppliers and supplies the parameters of the model to them, in homomorphically encrypted form. Each training data supplier decrypts these parameters, trains the model on his own data set and returns the parameters of the partial model thus obtained, encrypted by his symmetric key, to the platform. The aggregation platform then transcrypts these partial models in the homomorphic domain, and combines them in the homomorphic domain to obtain a global model.

Abstract: In accordance with one embodiment, a method of modifying data in a telecommunication system can be implemented by receiving a communication comprising voice data and non-voice data at a first processor; sending the non-voice data from the first processor to a second processor; sending the voice data from the first processor to a third processor; receiving a sensitive-data-alert-message at the second processor from a fourth processor; and, in response to the sensitive-data-alert-message from the fourth processor, producing a set of modified-non-voice data at the second processor by removing a set of sensitive data contained within the non-voice data.

Abstract: An authentication/authorization server that manages access to a resource server is provided. The server comprises a management unit that manages an expected completion time of a change to an access destination authentication/authorization server with respect to a client for which the access destination authentication/authorization server is to be changed; an issuing unit that issues an access token for accessing the resource server, the token having an expiration time; and a response unit that returns the access token to the client, wherein if an expected completion time of the change to the access destination authentication/authorization server is managed with respect to the client that is the source of the token issuance request, the issuing unit sets the expiration time of the access token that has been issued to expire no later than the expected completion time of the change.

Abstract: The subject matter of this specification can be embodied in, among other things, a computer system that includes a first processor system configured to communicate with a network, a second processor system configured to control a process, and a third processor system configured to selectively operate in a first configuration and a second configuration, wherein the third processor system is configured to selectively block predetermined types of communications from the first processor system to the second processor system in the first configuration, and the third processor system is configured to permit the predetermined types of communications from the first processor system to the second processor system in the second configuration.

Abstract: The present disclosure discloses a method and system for data ownership confirmation based on encryption. The method comprises following steps: determining whether data is open; and if the data can be open, encrypting, by a data owner, the data by using a private key of the data owner to complete ownership declaration, and ending a process; or if the data cannot be open, determining whether the data is shared; and if the data cannot be shared, encrypting, by the data owner, the data by using a public key of the data owner to complete data protection, and ending a process; or if the data can be shared, proceeding to ownership declaration and protection steps. The method achieves data ownership confirmation, technically ensures proprietary of data ownership, and implements unique ownership of the data owner for the data, laying a foundation for data responsibility, right, and profit allocation.

Abstract: A stopped vehicle information remote retrieval method includes an emergency personnel or first responder vehicle (FRV) establishing a vehicle connection between an infotainment system of a stopped vehicle and the FRV. The FRV sends a vehicle information request to the infotainment system of the stopped vehicle, via the vehicle connection, seeking release of vehicle information. The FRV obtains authentication of the vehicle information received in response to the vehicle information request. The FRV determines occupant status based on the vehicle information. The FRV communicates the passenger status to a first responder.

Abstract: The present invention provides a secure technique that allows two communication apparatus that perform encrypted communication to have a common initial solution. A large number of user apparatuses all have a function of generating the same solution under the same condition as far as the user apparatuses have the same initial solution, and can perform encrypted communication using solutions successively generated in synchronization from the same initial solution. All the user apparatuses and a server share the same initial solution and have a function of generating the same solution under the same condition and thus can generate synchronized solutions. The server generates synchronization information, which is information required to generate the initial solution but is not the initial solution itself (S2002), and transmits the synchronization information to at least one of two user apparatuses performing encrypted communication (S2003).

Abstract: An identity verification method and a verifying device, where the verifying device receives an account for requesting password reset. When the account is invalid, the verifying device sends a fake identification and a first verification request to a requesting device. The verification request mentioned requests a user to determine whether to send verification information to a first communication address. The fake identification and the first communication address are associated with the first account.

Abstract: Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported.

Abstract: Systems and methods for provisioning user privacy parameters necessary for network security in 5G telecommunication networks are provided, such as the subscriber permanent identifier (SUPI), the routing indicator, the protection scheme identifier, or the home network key. In order to protect the user privacy parameters, the techniques disclosed herein use private and public key encryption, as well as integrity protection offered by 5G telecommunications protocols. Such techniques use registration response messages, update location requests, or update notification request messages to provide end-to-end or end-to-middle security in the provisioning process. Unlike existing over-the-air (OTA) techniques, the techniques described herein provision user privacy parameters or other similar data in a secure and verifiable manner.

Abstract: Embodiments of the prevent disclosure provide a network access authentication method and device. The method includes: receiving an authentication request message sent by a first serving network, the authentication request message carrying a user equipment alias identifier generated by user equipment; determining whether a local user equipment alias identifier is asynchronous with the user equipment alias identifier generated by the user equipment; and when the determination result is positive, obtaining an encrypted International Mobile Subscriber Identification Number IMSI for performing network access authentication on the user equipment.

Abstract: Provided is an arrangement for monitoring, a monitoring device and intermediary device and method for monitoring an encrypted connection between a client and an access point in a network, wherein—an Extensible Authentication Protocol is used for access authentication of the client to the network on an authentication server, and—a transport layer security protocol having a key disclosure function is executed within the Extensible Authentication Protocol, in which security information for the cryptographic protection of the connection is provided to an intermediary device and is transmitted from the intermediary device to a monitoring device for monitoring the connection. Also provided is a computer program product of the same.

Abstract: A method and console are provided to create and manage dispatch unit identities on multiple independent communications systems. A console server receives a first dispatch unit list from a first radio system. The first dispatch unit list includes a first plurality of dispatch unit IDs from the first radio system. The console server receives a second dispatch unit list from a second radio system. The second dispatch unit list includes a second plurality of dispatch unit IDs from the second radio system. The console server creates a first role that includes at most one dispatch unit ID from each radio system. Multiple roles can be created by the console server. Upon authenticating a dispatcher at the console server, the console server presents a menu of roles available to the dispatcher. The menu of roles can include all roles on the console server or only the roles that the dispatcher is allowed to choose and that are currently available.