Abstract: In a processing entity receiving one or more streams of data points from at least one data generating device; receiving, from a client device, a stream request indicating at least one of the data streams and including information indicating a stream modification; translating the information indicating a stream modification to selection criteria relative to the data points of the at least one data stream; modifying the at least one data stream by filtering the data stream based on the translated selection criteria; and providing the modified data stream to the client device.

Abstract: Methods and apparatus for congestion mitigation in telecommunications networks. In an exemplary apparatus, a network node (314, 500; 302, 400) in a telecommunications network is provided, the node comprising: a receiver (504; 404) configured to receive congestion data identifying a congested area (A-H) and one or more user equipments, UE, (a-j; 312) affected by the congested area; an alternative network determiner (516; 420) configured to determine one or more switchable UEs, amongst the identified UEs, that may be offloaded to an alternative access network (1-3); and a network switcher (518; 422) configured to control a transmitter (502; 402) to transmit an instruction for one or more of the switchable UEs to switch to an alternative access network.

Abstract: Methods and apparatus for congestion mitigation in telecommunications networks. In an exemplary apparatus, a network node (314, 500; 302, 400) in a telecommunications network is provided, the node comprising: a receiver (504; 404) configured to receive congestion data identifying a congested area (A-H) and one or more user equipments, UE, (a-j; 312) affected by the congested area; an alternative network determiner (516; 420) configured to determine one or more switchable UEs, amongst the identified UEs, that may be offloaded to an alternative access network (1-3); and a network switcher (518; 422) configured to control a transmitter (502; 402) to transmit an instruction for one or more of the switchable UEs to switch to an alternative access network.

Abstract: According to the present invention there is provided a method of facilitating a communication session between a user terminal and an Application Function over an IP Connectivity Access Network in which a mobile IP-based mobility protocol is used. The method comprises, if it is determined that the Quality of Service rules for the communication session cannot be installed or enforced due to a limitation on the resources available in the Access Network, reporting this to the Application Function together with information on the available resources.

Abstract: Upon a user switching-on an appliance with an appliance SIM card of a home telecommunication network, the appliance attaches to the home telecommunication network. The user sets the appliance for association of the user with the appliance. The appliance requests a token to the home telecommunication network. The request includes an appliance identifier of the card. An Identity Linking Function server of the home telecommunication network generates the token, associates the token and the appliance identifier of the card, and provides the token. The user registers a user name and password. The appliance media site server creates a user account for the user with the user name and password. The user submits an identifier of the home telecommunication network, and the appliance media site server redirects the user towards the home telecommunication network with information for further return.

Abstract: In a processing entity receiving one or more streams of data points from at least one data generating device; receiving, from a client device, a stream request indicating at least one of the data streams and including information indicating a stream modification; translating the information indicating a stream modification to selection criteria relative to the data points of the at least one data stream; modifying the at least one data stream by filtering the data stream based on the translated selection criteria; and providing the modified data stream to the client device.

Abstract: In a method, a consumer (100), being a software application or web site accessing a service provider (200) on behalf of a user, transmits (s10) to a service provider (200), being a software application or web site providing access to protected resources, a request for authorization to access by the consumer (100) on behalf of a delegatee (410) the protected resources of a delegator (420). The service provider (200) transmits (s20) to a controller (300) the request for authorization. A request token is also transmitted, which is a value used by the service provider (200) to register a requested authorization. The controller (300) determines (s30) whether the requested authorization meets policy settings governing the access to the delegator's protected resources. If so, the service provider (200) grants the authorization registered by the request token, and a third message including the request token is transmitted (s50) to the consumer (100).

Abstract: A controller (12) is used for privacy management in an identity network (10) for a principal (20). An identity network (10) is a computer network including at least an identity provider (14), a discovery service provider (16), and a service provider (18) with which the principal (20) can make transactions. A principal (20) is a system entity whose identity can be authenticated. An identity resource (14) is either data related to an identity or group of identities, or a service associated with an identity or group of identities. The controller (12) queries a discovery service provider to obtain information regarding available identity resources (14), it receives back addressing information for addressing attributes of the identity resources (14), and it then interacts, based on the addressing information, with a service provider (18) to create, read, modify or delete a privacy attribute governing the use of an identity resource (14).

Abstract: Upon a user switching-on an appliance with an appliance SIM card of a home telecommunication network, the appliance attaches to the home telecommunication network. The user sets the appliance for association of the user with the appliance. The appliance requests a token to the home telecommunication network. The request includes an appliance identifier of the card. An Identity Linking Function server of the home telecommunication network generates the token, associates the token and the appliance identifier of the card, and provides the token. The user registers a user name and password. The appliance media site server creates a user account for the user with the user name and password. The user submits an identifier of the home telecommunication network, and the appliance media site server redirects the user towards the home telecommunication network with information for further return.

Abstract: A method carried out by a controller is disclosed. The method includes receiving (s10) a message including a request token. A request token is a value used by a consumer (300) to request authorization from a user to access protected resources from a service provider (400). A service provider (400) is at least one of a software application and web site that is configured to provide access to protected resources. A consumer {300} is at least one of a software application and a web site that is configured to access a service provider (400) on behalf of a user. The method further includes determining (s20) whether the message meets policy settings governing the access to protected resources; and, if it is determined (s30) that the message does not meet the policy settings, preventing (s34) the request token from being forwarded to the service provider (400) associated with the request token.

Abstract: A method is carried out by a controller (100), a social network (200), a provider (300) and a terminal (400) of a primary user (450). After a trust relationship is set up (s10) between the controller (300) and social network (200), the terminal (400) accesses (s20) the provider (300). The provider (300) transmits (s30) to the terminal (400) a proposal to provide information relating to the provider (300) to secondary users of the primary user in the social network (200). If the terminal (400) accepts (s40) the proposal, the provider (300) transmits (s30) to the controller (100) a message including the information relating to the provider (300). The controller (300) obtains identification of the primary user (450) to whom the message relates and triggers (s70) transmission, to the secondary users, of the information relating to the provider (300). A controller (100), a system (500) and computer programs are also disclosed.

Abstract: A method of storing data in a database, the database defining a table and the data comprising at least one record. Each record comprises values for at least one field. The method comprises storing a plurality of schemas, each schema defining a respective set of fields associated with said table, wherein each of said records is associated with identification data identifying one of said schemas.

Abstract: In a method, a consumer (100), being a software application or web site accessing a service provider (200) on behalf of a user, transmits (s10) to a service provider (200), being a software application or web site providing access to protected resources, a request for authorization to access by the consumer (100) on behalf of a delegatee (410) the protected resources of a delegator (420). The service provider (200) transmits (s20) to a controller (300) the request for authorization. A request token is also transmitted, which is a value used by the service provider (200) to register a requested authorization. The controller (300) determines (s30) whether the requested authorization meets policy settings governing the access to the delegator's protected resources. If so, the service provider (200) grants the authorization registered by the request token, and a third message including the request token is transmitted (s50) to the consumer (100).

Abstract: According to the present invention there is provided a method of facilitating a communication session between a user terminal and an Application Function over an IP Connectivity Access Network in which a mobile IP-based mobility protocol is used. The method comprises, if it is determined that the Quality of Service rules for the communication session cannot be installed or enforced due to a limitation on the resources available in the Access Network, reporting this to the Application Function together with information on the available resources.

Abstract: A method carried out by a controller is disclosed. The method includes receiving (s10) a message including a request token. A request token is a value used by a consumer (300) to request authorization from a user to access protected resources from a service provider (400). A service provider (400) is at least one of a software application and web site that is configured to provide access to protected resources. A consumer {300} is at least one of a software application and a web site that is configured to access a service provider (400) on behalf of a user. The method further includes determining (s20) whether the message meets policy settings governing the access to protected resources; and, if it is determined (s30) that the message does not meet the policy settings, preventing (s34) the request token from being forwarded to the service provider (400) associated with the request token.

Abstract: A controller (12) is used for privacy management in an identity network (10) for a principal (20). An identity network (10) is a computer network including at least an identity provider (14), a discovery service provider (16), and a service provider (18) with which the principal (20) can make transactions. A principal (20) is a system entity whose identity can be authenticated. An identity resource (14) is either data related to an identity or group of identities, or a service associated with an identity or group of identities. The controller (12) queries a discovery service provider to obtain information regarding available identity resources (14), it receives back addressing information for addressing attributes of the identity resources (14), and it then interacts, based on the addressing information, with a service provider (18) to create, read, modify or delete a privacy attribute governing the use of an identity resource (14).

Abstract: The present invention is aimed to provide a mechanism whereby any person can have user's attributes in a web service provider for sharing with a web service consumer, even if such person is not enabled to provide user's consent to share such user's attributes, and provided that other persons at a hierarchically higher position are enabled to provide such user's consent instead of the owner of the user's attributes, whilst respecting high requirements on privacy for both. Therefore, the present invention provides for a number of cooperating entities and a new method, the cooperating entities being configurable in such manner that delegation modules comprising different relationships of user's consent may be distributed among some of the cooperating entities, and transmitted between the number of cooperating entities, depending on the required level of privacy set on a per network basis and on a per user basis.

Abstract: A Principal Referencing method is described herein which enables an inviting principal-A to have access control over their shared resources by introducing a pair of user identifiers associated with an invited principal-B which are created and delivered during an invitation process. Each identifier is shared between two parties. The first identifier is shared between the Discovery Services (DS-A and DS-B) of both principals, invited and inviting. The second identifier identifies the invited principal-B as well, but it is shared between the inviting principal's web service provider (WSP-A) and the DS-A. Thus, the DS-A is the identifier switching point which isolates both identifier planes. The purpose of these two identifiers is to enable the invited principal-B to be referenced/identified during a discovery and access process without compromising her/his privacy by allowing anyone identifier to be shared between more than two parties.

Abstract: The invention refers to a system, apparatus and method for carrying out a SIM-based authentication of a user accessing a WLAN, without having provided yet an IP connectivity, along with a layer-2 encryption mechanism for protecting the path between the Terminal Equipment and the Mobile network. Therefore, the invention provides a method for establishing a PPP-tunneling for AKA dialogues between the terminal and an Access Controller for accessing the mobile network owning the SIM. The invention also provides an Access Controller (AC) comprising a Point-to-Point over Ethernet (PPPoE) server for tunneling AKA dialogues from a PPP-client installed in the terminal for the same purpose, and also comprising a Traffic Router and a RADIUS-client. The AC thus including a RADIUS-client is interposed between a RADIUS-proxy accessed from the access points (AP) in the WLAN and the mobile network where SIM-based authentication is carried out.

Abstract: Method, apparatuses and computer programs for handling the storage of data. A first information server (120) receives a message (M1, M4) comprising a first identifier and sends a response (M2, M5) comprising a second identifier which identifies a second information server (162) handling data stored in relationship with the first identifier. If there is not a second identifier related to the first identifier, the first server sends a message (MR) requesting to store in a second server data in relationship with the first identifier. The first server then stores an identifier of the second server attending the request as the second identifier related to said first identifier. Accordingly, the relationships between a plurality of first and corresponding second identifiers can become auto-configured in the first server.