Abstract: A method and device for optimal coexistence of a first cellular Time-Division Duplex, TDD, system and a second TDD system operating in the same frequency band. The proposed solution is capable of minimizing interferences without modifying the (RF and SW) characteristics of the second system, while at the same time achieving flexibility in UL:DL traffic ratio.

Abstract: The present invention proposes a method, device and system for protecting the connection to a wireless network (a WiFi network) by users of electronic communications devices, even the first time the user device connects to the network. The proposed method, device and system provides an improved security when connecting to a WiFi network, avoiding attacks that may jeopardize the security, confidentiality, integrity and availability of WiFi users and WiFi infrastructure. In the proposed solution, the network will be certified by the user device before connecting to an access point for accessing the wireless network.

Abstract: A system and method for training and validating ML algorithms in real networks, including: generating synthetic traffic and receiving it along with real traffic; aggregating the received traffic into network flows by using metadata and transforming them to generate a first dataset readable by the ML algorithm, comprising features defined by the metadata; labelling the traffic and selecting a subset of the features from the labelled dataset used in an iterative training to generate a trained model; filtering out a part of real traffic to obtain a second labelled dataset; and selecting a subset of features from the second labelled dataset used for validating the trained model by comparing predicted results for the trained model and the labels; repeating the steps with a different subset of features to generate another trained model until results are positive in terms of precision or accuracy.

Abstract: The present invention relates to the detection of malicious software in electronic documents and comprises: detecting an executable code in the electronic document provided to a client module; extracting information from the electronic document comprising the executable code and metadata of the electronic document; creating a binary vector associated with the electronic document; comparing, in a classifier module (200), the binary vector with one or more groups of vectors previously classified and stored in a database (400); classifying the vector in one of the groups, where each group has associated therewith a verdict about the presence of malicious software; and determining that the document contains malicious software depending on the verdict associated with the group in which its associated vector has been classified.

Abstract: Method for managing eSIM profiles in a user's device (110, 230) comprising an embedded UICC, eUICC, the method performed by a portable secure element, SE, server implemented in a portable device (100, 200) local to the user's device (110, 230), the portable SE sever comprising Subscription Manager, SM, functionalities, the method comprises the portable SE server establishing off-line communication with the user's device (100) using local data transport protocols in a secured mode, the portable SE server implementing first SM functionalities (140) for performing secure downloading of the eSIM profiles in the user's device (110) and the portable SE server implementing second SM functionalities (160) for performing end-to-end securing of the eSIM profiles after installation in the eUICC of the user's device (110, 230).

Abstract: It is provided a method for transferring and managing data packages between a first portable secure element, SE, server implemented in a portable device (100, 200) and a second portable SE server implemented in an embedded UICC, eUICC (120, 240), comprised in a user's device (110, 230) which is local to the portable device (100, 200), the first and second portable SE severs comprising Subscription Manager, SM, functionalities, the method comprises the first and the second portable SE servers establishing off-line communication using local data transport protocols in a secured mode, the first or the second portable SE server implementing first transfer functionalities (140) for performing secure transfer of the data packages and the first or the second portable SE server implementing second transfer functionalities (140) for performing end-to-end securing of the data packages after the secure transfer of the data packages.

Abstract: Method and system to dynamically associate spatial layers to beams in a FWA network operating in the millimeter-wave frequency range. A base station and a CPE are willing to wirelessly transmit and receive data through a wireless channel of the FWA network, the base station having beamforming capabilities henceforth generating multiple wireless beams. The base station performs all baseband wireless functions related for creating, keeping and managing the connections between the base station and the CPE at baseband level, wherein information is handled in the form of up to M spatial layer signals, and with no built-in capabilities for creation, detection or management of the beams. The base station also performs all necessary RF functions at millimeter-wave frequencies, including beamforming and conversion from complex baseband signals to RF signals and vice versa, and also couples the RF signals to the wireless channel.

Abstract: A computer implemented method for automatically certifying documents with integrity and authenticity guarantees and computer programs thereof.

Abstract: A system and method for validating proof of transit of network traffic through network nodes (N), the node (N) comprising a set of input interfaces (20) receiving incoming packets, a first module (A) to identify a matching route within a routing table (23) and storing means (22) to provide next modules (B, C, D) with two private keys if the packet is matched and/or the packet metadata includes OPoT information. The second module (B) decrypts the OPoT metadata using the first private key associated to the link of the node from which the incoming packets are received. The node (N) has SSS metadata to be processed by a third module (C) for the correct generation of cumulative validation parameters. When the SSS process is finished by the third module (C), the fourth module (D) re-encrypts the OPoT metadata using the second private key before packet forwarding to the subsequent node in the path through output interfaces (21).

Abstract: A method and transmitter for generating broadcast beam patterns in massive MIMO systems, the transmitter comprising a rectangular antenna array with a number N1 of antenna elements in the horizontal direction and a number N2 of antenna elements in the vertical direction. The MIMO transmitter generates broadcast beam patterns with determined beam widths in horizontal and vertical dimensions to cover a sector area of a cell by the rectangular antenna array radiating N1×N2 radiofrequency signals at a carrier frequency, the sector area being where a user equipment requests from the MIMO transmitter access to the cell. The beam widths in horizontal and vertical directions are determined by using an optimum set of complex excitation coefficients calculated from a discretized continuous-space array factor ?(?,?), which is based on a discretization over the elevation angle ? and the azimuth angle ? of the antenna elements.

Abstract: Method and system which provides an increase in the basic security, performance, and trust of consensus algorithms in distributed systems based on the use of quantum technology (quantum computing mechanisms). In order to do that, it is built a quantum trust network layer using quantum entanglement between nodes to avoid the current problems in consensus algorithms.

Abstract: A system and a method for user authentication and/or authorization, including a passive card to encode a first portion of an authentication or authorization code for a user via capacitive points, and a portable computing device with a capacitive screen to encode a second portion of the code. Each capacitive point is connected to an electronic circuit, being activable by physical contact of the user or with an electrical ground. Once the user has requested access to a specific service or operation, and when at least some of the passive points are activated and the passive card is in contact with the capacitive screen, the device reads the capacitive points, decoding the first portion of the code, and cryptographically signs the decoded portion using the second portion, providing the code, which is used as cryptographic key to grant access to the service or operation.

Abstract: A method for watermarking documents comprising: identifying and locating spaces in a received original document (10) by a location analysis (110) module which distinguishes between intra-word spaces and inter-word spaces; minimizing an error probability of interference between intra-word spaces and inter-word spaces in the watermarked document (20) by an optimization module (111); encoding (113) the message (30) into codewords and encoding (114) the codewords into the watermark; embedding the watermark to generate (115) the watermarked document (20) by modifying the intra-word spaces and inter-word spaces of the original document (10).

Abstract: The invention relates to a computer-implemented method for generating passwords and to computer program products of same. The method comprises: accessing, by a user (100), by means of a first computation device (200), for the first time, a webpage or website identified by a web domain that requires the Identification of the user (100) on the webpage or website; and generating, by means of a password generator, a password required by the webpage or website, based on the use of a result obtained from the execution of a cryptographic function using password policies related to the domain, the use of a master password (101) known only to the user (100) and the use of an Id_Hash (208).

Abstract: A method for determining an identity of a URL visited by a user from a vantage point in a network in which network traffic is encrypted includes determining a host to model, generating a list of URLs hosted by the host to model, repeatedly retrieving web resources referenced by the list of URLs hosted by the host to model and generating a network traffic signature upon each retrieval, generating a data feature for each of the generated network traffic signatures, and training, using the generated data features, a classifier corresponding to the host to model, wherein the classifier is configured to determine an identity of the visited URL from a signature of network traffic produced by the retrieval of a resource referenced by the visited URL.

Abstract: It is proposed a technical solution to leverage the level of trust in scenarios with a high number of independent computing nodes from independent and heterogeneous DLT networks. This solution defines the technical modules required to implement a self-governed decentralized infrastructure that ensures that every participant node (computing node) in a DLT network connected to the proposed system (implementing the proposed method) can exploit additional validation and consensus policies in their transactions and smart contracts. Through the proposed mechanism they can enjoy an equivalent level of trust as if all the nodes from the connected networks were part of a single common DLT network. The proposed solution enables the implementation of dedicated validation policies to leverage the level of trust of any of the connected networks without the need of dedicated infrastructure.

Abstract: The present invention proposes a method, device and system for protecting the connection to a wireless network (a WiFi network) by users of electronic communications devices, even the first time the user device connects to the network. The proposed method, device and system provides an improved security when connecting to a WiFi network, avoiding attacks that may jeopardize the security, confidentiality, integrity and availability of WiFi users and WiFi infrastructure. In the proposed solution, the network will be certified by the user device before connecting to an access point for accessing the wireless network.

Abstract: The system includes a passive card (10) configured to store a first portion of an authentication or authorization code via a set of capacitive points (11) included on its surface; and a portable computing device (20) having a capacitive screen and being configured to store a second portion of said authentication or authorization code. Such that, once the user (1) has requested access to a specific service or to a specific operation and when the passive card (10) is in contact with the capacitive screen, the portable computing device (20) is further configured to read at least some of the set of capacitive points (11), decoding the first portion, and cryptographically signing the decoded first portion using said stored second portion, providing the authentication or authorization code, which is used as cryptographic key to grant access to said specific service or specific operation to the user (1).

Abstract: A method to provide robustness against noise and interference in wireless communications, a transmitter and computer program products, involving sending to a receiver (13), through a wireless channel (12), information using a constant-envelope waveform with complex baseband representation of the form s[n]=Ac exp{j?[n]}.

Abstract: The invention relates to a method for anonymization of event data collected within a system or network providing a service for subscribers/customers wherein each event data set is related to an individual subscriber/customer of the system/network and includes at least one attribute wherein the method counts the number of event data sets related to varying individual subscribers having identical or nearly identical values for at least one attribute. The invention further relates to a method for anonymization of static data related to individual subscribers of a mobile communication network wherein each static data set consist of different attributes and the method identifies specific profiles derivable form the static data and drops one or more respective attribute of the static data sets and/or classifies two or more static data sets to a certain group having at least one matching attribute.