Abstract: Method, apparatus, and computer program are disclosed for operating drones or other mobile computers in sensitive environments, where the drones are exposed to attacks with updates, incorrect/malicious commands or even being joined by malicious drones pretending to be part of the drone swarm or group. The method includes leveraging both trusted computing capabilities and that each individual drone can decide on the level of assurance and trust of any other drone we can construct a consensus algorithm such that if a drone wishes to perform a sensitive operation then all drones can attest that drone and decided on its level of assurance.

Abstract: The application relates to an apparatus, method and computer program for adjusting output signals. The apparatus comprising means for receiving at least a first measurement signal from a first movement sensor and receiving at least a second measurement signal from a second movement sensor wherein the first movement sensor and the second movement sensor are provided on the same structure. The means are also for identifying one or more correlations between the measurement signals and using the identified one or more correlations to adjust at least one output signal provided by at least one detector.

Abstract: An apparatus, method and computer program is described comprising: sending one or more requests to an attestation server, wherein each request requests security attributes corresponding to one of one or more network elements of a security slice of a system; receiving the requested security attributes from the attestation server; and processing the received security attributes to determine a security status of the security slice.

Abstract: Methods and apparatus are disclosed for unified security configuration management. A method may comprise: determine a security configuration to be executed; determine at least one security application which is installed on at least one node and is associated with the security configuration; format for the security configuration, instructions corresponding to each of the at least one security application, respectively; and send the instructions to the at least one node for respective configuration for each of the at least one security application.

Abstract: Real-time data transfer from a device is secured by: receiving data items from a data source, buffering and continually sending same to a data collector; generating by a root of trust a cryptographically verifiable integrity claim based on current hardware and software configuration of the apparatus; forming second data by combining at least the cryptographically verifiable integrity claim and an amount of the data items; forming a hash from at least the second data; obtaining a stamp; causing the root of trust circuitry to form a first signature from at least the hash; forming third data by combining at least the second data, the hash and the first signature; and providing the data collector with a secured transmission comprising the third data.

Abstract: An apparatus, method and computer program is described comprising: receiving (41) a control signal from a user-operated control apparatus for controlling a remote apparatus, extracting (42) a user noise signal from the received control signal, determining (43) if the user noise signal meets one or more predetermined criteria and authenticating (44) a user of the control apparatus at least partially based on the user noise signal determination.

Abstract: A method for protection of virtualized network functions may comprise: obtaining security orchestration information for one or more virtualized network functions; determining network interfaces relevant to protection of the one or more virtualized network functions based at least in part on network topology information, in response to the security orchestration information; and issuing a security instruction for the protection of the one or more virtualized network functions, according to the determined network interfaces.

Abstract: The application relates to an apparatus, method and computer program for adjusting output signals. The apparatus comprising means for receiving at least a first measurement signal from a first movement sensor and receiving at least a second measurement signal from a second movement sensor wherein the first movement sensor and the second movement sensor are provided on the same structure. The means are also for identifying one or more correlations between the measurement signals and using the identified one or more correlations to adjust at least one output signal provided by at least one detector.

Abstract: According to an example aspect of the present invention, there is provided a cryptoprocessor comprising physical unclonable function circuitry comprising at least one physical unclonable function, and at least one processing core configured to process a challenge received from outside the cryptoprocessor by at least deriving a response to the challenge by providing the challenge as input to the physical unclonable function circuitry, using the response as an encryption key to encrypt a second encryption key, and by causing the encrypted second encryption key to be provided to a party which issued the challenge.

Abstract: An approach is provided for consent document management. The consent platform causes, at least in part, a creation of one or more consent document objects representing one or more consent documents, metadata associated with the consent documents, or a combination thereof. Next, the consent platform processes and/or facilitates a processing of one or more responses to the one or more consent documents to cause, at least in part, a creation of one or more user response objects, wherein the one or more user response objects record the one or more responses on a per user basis.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a random access memory device, at least one processing core coupled via a first interface with the random access memory device, and a secure hardware element, comprising hash function circuitry, and coupled directly via a second interface with the random access memory device, the secure hardware element configured to obtain as input data from a memory space of the random access memory device, to produce as output a hash value of the input, and to cryptographically sign the hash value using a physically unclonable function value of the apparatus.

Abstract: An approach is provided for determining device compatibility using alerts and information spaces. A link redirector receives a request from a device for a required type of service. The link redirector alerts the device compatibility service and the export control interface about the potential request or stores the request information in an information space while searching for a suitable service for the device. Therefore, the device compatibility service and the export control interface can start preparing information about device compatibility and export control before the information is requested by the service determined.

Abstract: This document discloses a solution for detecting and mitigating anomalies such as signalling storms in a radio access network of a wireless communication system. According to an aspect, there is disclosed a method including receiving, in a first local traffic analysis module, configuration parameters from a second local traffic analysis module or from a central traffic analysis module connected to a plurality of local traffic analysis modules; monitoring, by a first traffic analysis module by using the received configuration parameters, traffic in a radio access network of a wireless communication system; detecting, in the monitored traffic on the basis of the configuration parameters, an anomaly causing a control plane signalling load; and in response to said detecting, taking an action to mitigate the anomaly and reporting information on the anomaly to the central traffic analysis module.

Abstract: There are provided measures for malicious network activity mitigation. Such measures exemplarily comprise determining a boundary enclosing a first group of target virtual network functions including at least one target virtual network function, identifying, on the basis of said boundary, a first group of communication paths between said first group of target virtual network functions and respective network entities outside said boundary, said first group of communication paths including a first communication path, and initiating setup of a first wrapper virtual network function corresponding to said first communication path, said first wrapper virtual network function monitoring network traffic on said first communication path.

Abstract: An apparatus of a communication network system, which routes data packets and stores trusted routes between different communication network systems in a database, detects (S12) that a data packet requires a route with a specific level of trust, determines (S13), from the trusted routes stored in the database, a specific trusted route towards a destination as indicated in the data packet, and sets (S15) the data packet on the specific trusted route towards the destination.

Abstract: An approach is provided for personal asset management. The approach involves causing, at least in part, a determination of one or more devices to be part of one or more groups. The approach further involves processing and/or facilitating a processing of a determination of one or more datasets to be stored on the one or more devices. The approach also involves causing, at least in part, the one or more datasets to be synchronized among the one or more devices that are part of the one or more groups. The approach additionally involves causing, at least in part, a cryptographic connection between the one or more devices to be established.

Abstract: There is provided a method comprising: receiving, by an apparatus of a data center, a request message from a server computer of said data center, the apparatus and the server computer being physically separate entities communicatively coupled with each other, said message requesting data center specific information stored into a read-only memory area of the apparatus; initiating deciphering of the request message in response to receiving the request message; and as a response to successfully deciphering the request message, transmitting a response message to the server computer, said message comprising the data center specific information acquired from the read-only memory area of the apparatus.

Abstract: A method for protection of virtualized network functions may comprise: obtaining security orchestration information for one or more virtualized network functions; determining network interfaces relevant to protection of the one or more virtualized network functions based at least in part on network topology information, in response to the security orchestration information; and issuing a security instruction for the protection of the one or more virtualized network functions, according to the determined network interfaces.

Abstract: An approach for maintaining user privacy information is described. A privacy management platform determines a request, from one or more applications, for access to local data associated with a device. The platform then determines and processes one or more privacy profile objects associated with the local data to determine one or more privacy policies associated with the local data, the device, or a combination thereof. Enforcement of the one or more privacy policies is then caused for granting access to the local data.

Abstract: There is provided a method comprising: receiving, by an apparatus of a data center, a request message from a server computer of said data center, the apparatus and the server computer being physically separate entities communicatively coupled with each other, said message requesting data center specific information stored into a read-only memory area of the apparatus; initiating deciphering of the request message in response to receiving the request message; and as a response to successfully deciphering the request message, transmitting a response message to the server computer, said message comprising the data center specific information acquired from the read-only memory area of the apparatus.