Abstract: A method for managing personal data of a user of a user device is provided. The user device is adapted to have installed thereon an application (APP). The APP is configured to require access to the personal data when running on the user device. The method comprises creating a certification for the APP, the certification being based on a corresponding statement providing information regarding the relationship between the APP and personal data; associating the certification to the APP for certifying the APP; allowing the user to provide user-defined policies about exploiting the user personal data; checking whether the user-defined policies provided by the user are compatible with requirements of the APP defined in the corresponding statement. If the user-defined policies are compatible with the requirements of the APP defined in the statement, the method executes operations when the APP running on the user device requires to access personal data.

Abstract: A method for managing personal data of a user of a user device is provided. The user device is adapted to have installed thereon an application (APP). The APP is configured to require access to the personal data when running on the user device. The method comprises creating a certification for the APP, the certification being based on a corresponding statement providing information regarding the relationship between the APP and personal data; associating the certification to the APP for certifying the APP; allowing the user to provide user-defined policies about exploiting the user personal data; checking whether the user-defined policies provided by the user are compatible with requirements of the APP defined in the corresponding statement. If the user-defined policies are compatible with the requirements of the APP defined in the statement, the method executes operations when the APP running on the user device requires to access personal data.

Abstract: A system for executing services in a distributed way, the execution of each service involving the processing of a plurality of tasks of predetermined types, each task type to be processed being represented by a corresponding type of tuples of data relating to the task type, wherein: the system includes a plurality of peer entities; each peer entity being adapted to store and execute a plurality of worker modules, each worker module being adapted to process at least one task type; each peer entity including tuple handling modules that, for a tuple of a type T, are adapted: a) to check if at least one of the plurality of the worker modules in the peer entity is adapted to process the task represented by the tuple, b) in the positive case of a), to take charge of the processing of the task represented by the tuple, and c) in the negative case of a), to execute a forwarding procedure for forwarding the tuple to another peer entity of the plurality of peer entities of the system.

Abstract: A method and system for out-of-band authentication of messages transmitted, e.g. as packets, on a communication network, whereby a first stream of data is received by a sender control module from a sender; the first stream of data is transmitted over a first channel, e.g. a non-secure data channel, toward a receiver control module; the sender control module generates authentication data of the first stream of data; the authentication data are transmitted from the sender control module to the receiver control module on a second channel, e.g. a secure data channel, distinct from the first channel; and a stream of data received by the receiver control module is checked using the authentication data. Before sending the authentication data, the sender control module transmits a control message including synchronization data to the receiver control module over the second channel.

Abstract: A telecommunications service to be obtained for a user is split into a plurality of service components. A telecommunications terminal determines the most appropriate service provider for each service component; each of the service components is obtained by a corresponding service provider; and the telecommunications terminal invokes the functionality of each service component according to the service to be obtained. This is particularly useful for wireless mobile telecommunications terminals.

Abstract: A communications method for a packet-switched network includes: a) receiving at a routing module operating in a low layer of a layered model defining communications on the network, a packet including an identifier associated to a protocol to be employed at a high layer of the model which is higher than the low layer; b) inspecting the received packet at an inspection module so as to identify the protocol associated to the identifier; c) selecting at a selection module a first device, operating in the high layer associated with the identified protocol; d) sending the packet toward the first device; e) processing the packet by applying at the first device a procedure of the high layer to produce a processed packet; f) sending the processed packet from the first device to the routing module; and g) transmitting the processed packet from the routing module toward the network.

Abstract: A system and method for authenticating a subscriber of a first network to access application services through a second network, wherein the second network is a packet data network.

Abstract: A system for executing services in a distributed way, the execution of each service involving the processing of a plurality of tasks of predetermined types, each task type to be processed being represented by a corresponding type of tuples of data relating to the task type, wherein: the system includes a plurality of peer entities; each peer entity being adapted to store and execute a plurality of worker modules, each worker module being adapted to process at least one task type; each peer entity including tuple handling modules that, for a tuple of a type T, are adapted: a) to check if at least one of the plurality of the worker modules in the peer entity is adapted to process the task represented by the tuple, b) in the positive case of a), to take charge of the processing of the task represented by the tuple, and c) in the negative case of a), to execute a forwarding procedure for forwarding the tuple to another peer entity of the plurality of peer entities of the system.

Abstract: A communications method for a packet-switched network includes: a) receiving at a routing module operating in a low layer of a layered model defining communications on the network, a packet including an identifier associated to a protocol to be employed at a high layer of the model which is higher than the low layer; b) inspecting the received packet at an inspection module so as to identify the protocol associated to the identifier; c) selecting at a selection module a first device, operating in the high layer associated with the identified protocol; d) sending the packet toward the first device; e) processing the packet by applying at the first device a procedure of the high layer to produce a processed packet; f) sending the processed packet from the first device to the routing module; and g) transmitting the processed packet from the routing module toward the network.

Abstract: A telecommunications service to be obtained for a user is split into a plurality of service components. A telecommunications terminal determines the most appropriate service provider for each service component; each of the service components is obtained by a corresponding service provider; and the telecommunications terminal invokes the functionality of each service component according to the service to be obtained. This is particularly useful for wireless mobile telecommunications terminals.

Abstract: A method and system for out-of-band authentication of messages transmitted, e.g. as packets, on a communication network, whereby a first stream of data is received by a sender control module from a sender; the first stream of data is transmitted over a first channel, e.g. a non-secure data channel, toward a receiver control module; the sender control module generates authentication data of the first stream of data; the authentication data are transmitted from the sender control module to the receiver control module on a second channel, e.g. a secure data channel, distinct from the first channel; and a stream of data received by the receiver control module is checked using the authentication data. Before sending the authentication data, the sender control module transmits a control message including synchronization data to the receiver control module over the second channel.

Abstract: A system and method for authenticating a subscriber of a first network to access application services through a second network, wherein the second network is a packet data network.

Abstract: A method and a system for accessing services provided by network resources in communication networks. Access to service capabilities is controlled at the application level by controlling the access through a gateway wherein an object-oriented service architecture based on abstracted application programming interfaces is implemented. Preferably, the service architecture is defined in OSA/Parlay standards. Access control is carried out by means of a logical entity, the service reference monitor, which is linked to the gateway and configured so that it intercepts all the communications passing between the client applications and the gateway. The service reference monitor captures the object reference to the service capability and assigns to the object reference a lifetime. At the expiration of the lifetime, the service reference monitor destroys the service capability. The probability of a malicious attack is lowered by limiting the time window of the life of access to a service.

Abstract: Software applications are provided access to web services, such as Parlay X web services, by providing a Parlay gateway permitting access to web services and including a Parlay framework. A set of modules having service interfaces for the software applications is provided, the modules in the set acting as proxies in order to perform requests for access to web services on the framework of the Parlay gateway on behalf of the software applications.