Abstract: Broadly speaking, embodiments of the present technique provide methods, apparatuses and systems for operating a server in communication with a network-attachable electronic device, comprising: storing, in storage accessible by the server, a device registration and a registration lifetime value for the device; receiving at least one message from the device; analysing the message to derive a confidence modifier associated with a message type associated with that message; applying the derived confidence modifier to a calculation of a confidence score for the device; and responsive to the calculation, determining whether a stored registration lifetime value for the device is to be adjusted based upon the confidence score.

Abstract: Broadly speaking, the present techniques relate to a machine-implemented method for registering a device with a server, the method performed at the device comprising: applying a data-reducing function to at least one object, object instance, resource and/or resource instance at the device to generate resource data comprising compressed data representative of the at least one object object instance, resource and/or resource instance; transmitting a registration message comprising said resource data to register said device with server.

Abstract: Broadly speaking, the present techniques relate to a computer implemented method comprising: receiving, at a first server, one or more device identifiers from a device; determining, with the first server, the availability of a resource template for the device based on or in response to the one or more device identifiers; when the resource template is available for the device: provisioning, from the first server to the device, a template identifier to enable the device to register with a second server using the template identifier.

Abstract: A method of establishing a communications path between devices comprising: receiving, at a first device, data, the data comprising: a first resource having a first identifier for a second device remote from the first device; a second resource having a second identifier for the second device; addressing the second device with the first identifier; generating, at the first device, first connection data based on the second identifier; transmitting, from the first device to the second device, the first connection data; receiving, at the first device, second connection data; validating, at the first device, the second connection data; establishing the communications path between the first device and second device responsive to valid second connection data.

Abstract: A computer implemented method of initiating a communication session between a client device and a server using an authentication key exchange protocol comprising: including the steps of receiving at the server from the client device a first communication to initiate the communication session, the first communication comprising a first session resumption indicator to indicate whether or not session resumption is required to be used by the client device; and establishing, at the server, a session resumption state for the client device based on or in response to a value of the first session resumption indicator.

Abstract: Broadly speaking, embodiments of the present technique provide methods, apparatuses and systems for controlling device resource subscriptions by an LwM2M server, comprising receiving at said LwM2M server a registration request message from a LwM2M client device, the message comprising an enumeration of a plurality of subscribable elements of an object hierarchy of the device; storing, using the LwM2M server, an association between the device and the plurality of subscribable elements; and sending from the LwM2M server to the LwM2M client device a subscription message comprising a unitary compressed expression representing plural ones of said plurality of subscribable elements associated with said device.

Abstract: Aspects of the present disclosure relate to an apparatus comprising first interface circuitry to communicate with relying party circuitry, the first interface circuitry being configured to receive, from the relying party circuitry, an attestation request in respect of a processing operation requested by attester circuitry to be performed by the relying party circuitry; second interface circuitry to communicate with the attester circuitry, the second interface circuitry being configured to: transmit the attestation request to the attester circuitry; and receive, from the attester circuitry, evidence data associated with the processing operation, and third interface circuitry to communicate with verifier circuitry, the third interface circuitry being configured to: transmit the evidence data to the verifier circuitry; and receive, from the verifier circuitry, attestation result data indicative of a verification of the evidence data, wherein the first interface circuitry is configured to transmit the attestation

Abstract: A computer implemented method for managing a connection between a device and a server resource, the method comprising: establishing the connection between the device and a first server of the server resource; registering a connection identifier relating to the connection between the device and the first server in a first database entry of a database arrangement; pre-computing, at the first server, an encrypted alert for the device, the alert being provided with a pre-defined future communication sequence number; and transmitting the alert from the first server to the database arrangement for storage in association with the first database entry of the database arrangement.

Abstract: A first plurality (201) of network nodes (120-123, 130-133) of a network (100) is associated with a first cryptographic keying material and the multicast IP address. A second plurality (202) of network nodes (120-123, 130-133) of the network (100) is associated with a second cryptographic keying material and the multicast IP address. The first cryptographic keying material has a different secret than the second cryptographic keying material.

Abstract: A computer implemented method of initiating a communication session between a client device and a server using an authentication key exchange protocol comprising: including the steps of receiving at the server from the client device a first communication to initiate the communication session, the first communication comprising a first session resumption indicator to indicate whether or not session resumption is required to be used by the client device; , and establishing, at the server, a session resumption state for the client device based on or in response to a value of the first session resumption indicator.

Abstract: An authentication device is used to create a secure connection between an Internet of Things (IoT) device and a service provider, so that the IoT device is not limited to only the services of one specific provider or the specific services of the provider of the IoT device. In addition, multiple IoT devices purchased from several different providers can all be connected to the same service provider.

Abstract: Access to a resource controlled by a resource server (6, 8) is provided using a validity token issued by a validation server (4). When a resource request from a user (12) is received at the resource server (6, 8), then the resource server (6, 8) determines if the resource request satisfies a policy. If the resource request satisfies the policy, then access to the resource may be permitted without confirming the validity of the validation token with the validation server (4). Conversely, if the resource request does not satisfy the policy, then validation of the validation token with the validation server (4) is performed before the access requested is permitted.

Abstract: Broadly speaking, embodiments of the present technique provide methods, apparatuses and systems for performing a TLS/DTLS handshake process between machines in a manner that reduces the amount of data sent during the handshake process.

Abstract: A method of establishing a communications path between devices comprising: receiving, at a first device, data, the data comprising: a first resource having a first identifier for a second device remote from the first device; a second resource having a second identifier for the second device; addressing the second device with the first identifier; generating, at the first device, first connection data based on the second identifier; transmitting, from the first device to the second device, the first connection data; receiving, at the first device, second connection data; validating, at the first device, the second connection data; establishing the communications path between the first device and second device responsive to valid second connection data.

Abstract: A first plurality (201) of network nodes (120-123, 130-133) of a network (100) is associated with a first cryptographic keying material and the multicast IP address. A second plurality (202) of network nodes (120-123, 130-133) of the network (100) is associated with a second cryptographic keying material and the multicast IP address. The first cryptographic keying material has a different secret than the second cryptographic keying material.

Abstract: An authentication device is used to create a secure connection between an Internet of Things (IoT) device and a service provider, so that the IoT device is not limited to only the services of one specific provider or the specific services of the provider of the IoT device. In addition, multiple IoT devices purchased from several different providers can all be connected to the same service provider.

Abstract: Access to a resource controlled by a resource server (6, 8) is provided using a validity token issued by a validation server (4). When a resource request from a user (12) is received at the resource server (6, 8), then the resource server (6, 8) determines if the resource request satisfies a policy. If the resource request satisfies the policy, then access to the resource may be permitted without confirming the validity of the validation token with the validation server (4). Conversely, if the resource request does not satisfy the policy, then validation of the validation token with the validation server (4) is performed before the access requested is permitted.

Abstract: Services are provided for terminal devices, each having a TPM module. The TPM module of a terminal device transmits a service request with an ID assertion signed by a configurable credential to a server for the purpose of accessing the services of the server.

Abstract: There is provided an intra-realm AAA (authentication, authorization and accounting) fallback mechanism, wherein the single global realm may be divided in one or more sub-realms. The thus presented mechanism exemplarily comprises detecting a failure of an authentication server serving at least one authentication client within a first sub-realm of a single-realm authentication system, and routing authentication messages of the at least one authentication client to a fallback authentication server within a second sub-realm of the single-realm authentication system, wherein routing may exemplarily comprise sub-realm based source routing.

Abstract: A method provides service quality in a WiMAX communication network, and a method selects an access transport resource control function by a guideline decision-making function in a communication network. According to a method for providing service quality on an air interface of an access network in a WiMAX communication network by an application function, the application function aims to provide a user of the WiMAX communication network with a service quality-related application. The desired service quality is signaled by an authentication, authorization and accounting infrastructure of the WiMAX communication network.