Abstract: A Near-Field Communication (NFC)-enabled constrained device (100) is provided. The constrained device (100) comprises a processing circuit (111) operative to implement a functionality of the constrained device (100), an NFC-interface circuit (115) configured to harvest power transmitted by an NFC-enabled control device (200) and to enable exchange of data with the control device (200), when the devices are in proximity, and a restart circuit (121) configured to accumulate electrical charge using the harvested power received from the NFC-interface circuit (115), and to trigger restart of the processing circuit (111) when the accumulated electrical charge exceeds a threshold level. Further provided is an NFC-enabled control device (200) for restarting the NFC-enabled constrained device (100).

Abstract: A method (800) for access control. The method includes receiving (s802), at an authorization server (106), an indication that the user (101) has used or intends to use a key (102) in an attempt to gain access to a property (112), wherein access to the property is controlled by an access controller (104). The method also includes, after receiving the indication, the authorization server transmitting (s804) a first challenge to a first device associated with the user. The method also includes the authorization server receiving (s806) from the first device a response to the first challenge. The method also includes using the response to the first challenge, the authorization server determining (s808) whether the user is authorized to access to the property. The method further includes the authorization server sending (s810) a message indicating whether or not the user is authorized to access the property.

Abstract: A method for providing information exchange between a primary communication device and a secondary communication device, where the method, when executed in the primary communication device, comprises: determining that functionality of the primary communication device is malfunctioning; recognizing at least one indication, each being received from a secondary communication device, indicating that the respective secondary communication device is capable of providing substitute functionality for the malfunctioning functionality; setting up a connection between the primary and the secondary communication device, and executing a command, received from the substitute functionality of the secondary communication device.

Abstract: There is provided techniques for verifiable location estimation of a UE. A method is performed by the UE. The method comprises determining a first estimate of the location of the UE. The method comprises providing a request to a serving mobile network for the serving mobile network to forward the first estimate to an AF entity. The method comprises receiving a signed token from the AF entity. The signed token comprises either a second estimate of the location of the UE as determined by the serving mobile network in response to an MT-LR having been triggered by the AF entity or the first estimate of the location. The method comprises storing the signed token.

Abstract: A method is executable by a first communication device, where the method comprise listening to satellite transmissions, which is transmitting conditions for allowing the first communication device to exchange data with a second communication device, recognizing conditions for allowing exchange of data between the first and the second communication devices, determining requirements for data exchange under the mentioned conditions, and determining according to the conditions, a time interval within which the second communication device is expected to be located within device-to-device, D2D, communication range of the first communication device, after which data is exchanged between the first and the second communication device, within the determined time interval.

Abstract: The application discloses methods and corresponding systems and network devices and/or nodes for enabling user equipment belonging to a home network to access data communication services in a visited network of a wireless communication system. By way of example, there is provided a method that comprises the step of obtaining at least one cryptographic token originating from a network node of the home network of the user equipment and cryptographically signed by a private key associated with the home network, wherein the at least one cryptographic token represents means for accessing data communication services via user data transport functions of the visited network.

Abstract: There are provided methods and corresponding systems for supporting protected collection of measurement data, representative of usage of network capabilities within a communication network, related to at least two logical and/or physical entities or nodes, also referred to as managed entities, managed by a management system associated with the communication network. By way of example, there is provided a method comprising the step of combining measurement data related to a set of at least two of the managed entities according to a controllable and/or detectable pattern. The controllable pattern is defining at least the order of managed entities in which the combining of measurement data is to be performed. The method also comprises enabling the combined measurement data to be collected for validation of existence of the controllable pattern in the combined measurement data.

Abstract: It is provided a method for enabling a user device to verify data integrity. The method is performed in a network node and includes: obtaining measurement data indicating resource usage by the user device; obtaining a session identifier; generating a measurement indicator using a one-way function, based on the measurement data; generating an asymmetric cryptographic signature of the session identifier and the measurement indicator, the asymmetric cryptographic signature being based on a private key of a cryptographic key pair of the network node; and storing, in a distributed ledger database, a set of data comprising the asymmetric cryptographic signature, the session identifier and the measurement indicator.

Abstract: A method for providing information exchange between a primary communication device and a secondary communication device, where the method, when executed in the primary communication device, comprises: determining that functionality of the primary communication device is malfunctioning; recognizing at least one indication, each being received from a secondary communication device, indicating that the respective secondary communication device is capable of providing substitute functionality for the malfunctioning functionality; setting up a connection between the primary and the secondary communication device, and executing a command, received from the substitute functionality of the secondary communication device.

Abstract: A geofencing system (310) that does not rely on a GNSS or other like system. The geofencing system comprises a group of two or more fence-pole devices, FPDs, that define a geofenced area (399). Each FPD in the group is capable of making its own determination as to whether or not a certain communication device (377, 378) appears to be within the geofenced area. In one embodiment, if all of the FPDs have determined that the communication device appears to be within the geofenced area, then it is decided that the communication device is within the geofenced area. In another embodiment, if the group of FPDs consists of N FPDs and at least N?1 of the FPDs have determined that the communication device appears to be within the geofenced area, then it is decided that the communication device is within the geofenced area.

Abstract: A method in a communication device, and a communication device, for executing a software updating process at the communication device is suggested, where the method is executed by acquiring data captured by at least one sensor which is accessible to the communication device, by comparing the acquired data to predefined conditions for initiating a software updating process, and by initiating the software updating process at the communication device in response to determining that the acquired data meet with predefined conditions for updating software at the communication device.

Abstract: A Near-Field Communication (NFC)-enabled constrained device (100) is provided. The constrained device (100) comprises a processing circuit (111) operative to implement a functionality of the constrained device (100), an NFC-interface circuit (115) configured to harvest power transmitted by an NFC-enabled control device (200) and to enable exchange of data with the control device (200), when the devices are in proximity, and a restart circuit (121) configured to accumulate electrical charge using the harvested power received from the NFC-interface circuit (115), and to trigger restart of the processing circuit (111) when the accumulated electrical charge exceeds a threshold level. Further provided is an NFC-enabled control device (200) for restarting the NFC-enabled constrained device (100).

Abstract: The application discloses methods and corresponding systems and network devices and/or nodes for enabling user equipment belonging to a home network to access data communication services in a visited network of a wireless communication system. By way of example, there is provided a method that comprises the step of obtaining at least one cryptographic token originating from a network node of the home network of the user equipment and cryptographically signed by a private key associated with the home network, wherein the at least one cryptographic token represents means for accessing data communication services via user data transport functions of the visited network.

Abstract: It is provided a method for enabling a user device to verify data integrity. The method is performed in a network node and includes: obtaining measurement data indicating resource usage by the user device; obtaining a session identifier; generating a measurement indicator using a one-way function, based on the measurement data; generating an asymmetric cryptographic signature of the session identifier and the measurement indicator, the asymmetric cryptographic signature being based on a private key of a cryptographic key pair of the network node; and storing, in a distributed ledger database, a set of data comprising the asymmetric cryptographic signature, the session identifier and the measurement indicator.

Abstract: A method is executable by a first communication device, where the method comprise listening to satellite transmissions, which is transmitting conditions for allowing the first communication device to exchange data with a second communication device, recognizing conditions for allowing exchange of data between the first and the second communication devices, determining requirements for data exchange under the mentioned conditions, and determining according to the conditions, a time interval within which the second communication device is expected to be located within device-to-device, D2D, communication range of the first communication device, after which data is exchanged between the first and the second communication device, within the determined time interval.

Abstract: It is presented a method performed in a deployment server being configured to deploy a software container. The method comprises the steps of: receiving a trigger to deploy a software container; obtaining an image intended for the software container comprising a set of at least one module; injecting a security module in the image; obtaining a container specification of the image; configuring the security module to forward incoming communication to the set of at least one module in accordance with the obtained container specification; modifying the container specification such that the at least one service is accessed externally only via the security module and that all outgoing communication, from the set of at least one module, is directed via the security module; publishing the modified container specification in a service discovery repository; and deploying the software container on at least one execution server.

Abstract: It is presented a method performed by a first software container comprising an implanted agent, which is configured to run in said first software container. The method comprise the steps, performed by the implanted agent, of: resolving an Internet Protocol, IP, address and a port of the first software container; and registering a microservice identity, the IP address and the port of the first software container in a first distributed hash table for enabling a second implanted agent running in a second software container to configure a reverse proxy running in the second software container.

Abstract: It is provided a method for managing a lifecycle of a software container announced in a distributed peer-to-peer repository, wherein the method is performed in a server. The method comprises the steps of: initialising execution of the software container in the server; setting the software container in a standby state; receiving a start message from a remote device, the start message comprising at least one start parameter for the software container; and starting a main process of the software container and applying the at least one start parameter for the main process, to progress the software container to a running state.

Abstract: It is provided a method for allocating a software container executing on a server of a set of servers. The method is performed in a container allocator and comprising the steps of: receiving a request to invoke a software container for a client; calculating a lookup key associated with the software container; performing a lookup in a distributed peer-to-peer repository using the lookup key, giving a result set of active software containers; selecting one software container from the set of software containers; and connecting to the selected software container to allocate the selected software container to the client.

Abstract: It is presented a method performed in a deployment server being configured to deploy a software container. The method comprises the steps of: receiving a trigger to deploy a software container; obtaining an image intended for the software container comprising a set of at least one module; injecting a security module in the image; obtaining a container specification of the image; configuring the security module to forward incoming communication to the set of at least one module in accordance with the obtained container specification; modifying the container specification such that the at least one service is accessed externally only via the security module and that all outgoing communication, from the set of at least one module, is directed via the security module; publishing the modified container specification in a service discovery repository; and deploying the software container on at least one execution server.