Abstract: In method of protecting signaling messages in a hop-by-hop network communication link between a source node and a destination node, a source node public digital signature verification key and a respective source node private digital signature key associated with said public digital signature verification key are provided to the source node. The source node public digital signature verification key associated with the source node private digital signature key is also provided to the destination node. The source node builds a message including a sequence of Information Elements, and calculates, for each Information Element, an Information Element hash value. The source node also calculates a sequence hash value of a concatenation of the calculated Information Element hash values, and generates a source node digital signature by digitally signing the calculated sequence hash value. An intermediate node receives and forwards the signaling message to the destination node.

Abstract: In method of protecting signaling messages in a hop-by-hop network communication link between a source node and a destination node, a source node public digital signature verification key and a respective source node private digital signature key associated with said public digital signature verification key are provided to the source node. The source node public digital signature verification key associated with the source node private digital signature key is also provided to the destination node. The source node builds a message including a sequence of Information Elements, and calculates, for each Information Element, an Information Element hash value. The source node also calculates a sequence hash value of a concatenation of the calculated Information Element hash values, and generates a source node digital signature by digitally signing the calculated sequence hash value. An intermediate node receives and forwards the signaling message to the destination node.

Abstract: A method of protecting the exchange of privacy-sensitive data in a wireless communication network, the method including generating and providing a public cryptographic key to a first entity, possessing the data to be sent to the network through a wireless connection; generating and providing a private secret cryptographic key to a second entity, being the intended recipient of the data, the private key being bound to the public key and being associated to privacy support context information to identify the network; having the network send to the first entity respective wireless network privacy support context information; having the first entity receive the information and encrypt the data using the public key and the received information to obtain protected, encrypted privacy-sensitive data; having the first entity send to the second entity through the network the encrypted data; and having the second entity decrypt the encrypted data exploiting the private key.

Abstract: A users' data profiling network implementing a method of dynamic pseudonymization of users for ensuring user privacy, including: receiving at a data node new input data related to a user along with an associated new user pseudonym and an old user pseudonym; in the data node, finding user data record, corresponding to the received new input data, having stored therein a dynamic input user pseudonym equal to the old user pseudonym received together with the new input data or to one user pseudonym; temporarily storing, in the found user data record, the new input data; setting the dynamic input user pseudonym stored in the user data record equal to the last received new user pseudonym associated with the received input data related to the user; computing and storing an output user data profile in the user data record, and then erasing accumulated new input data from the user data record.

Abstract: A method and device for transforming data with a secret parameter in an elliptic curve cryptosystem based on an elliptic curve defined over an underlying prime field, includes multiplying a point of the elliptic curve; representing the data to be transformed, by a scalar representing the secret parameter, wherein the multiplying includes performing at least one point addition operation and at least one point doubling operation on points of the elliptic curve; providing a representation in affine coordinates of the elliptic curve point to be multiplied and a representation in projective coordinates of intermediate elliptic curve points obtained during the multiplying; performing both the point addition operation and the point doubling operation by means of a sequence of elementary prime field operation types, the elementary prime field operation types including: a first type of prime field operations including field multiplication and field squaring of coordinates of the elliptic curve points and a second type

Abstract: A users' data profiling network implementing a method of dynamic pseudonymization of users for ensuring user privacy, including: receiving at a data node new input data related to a user along with an associated new user pseudonym and an old user pseudonym; in the data node, finding user data record, corresponding to the received new input data, having stored therein a dynamic input user pseudonym equal to the old user pseudonym received together with the new input data or to one user pseudonym; temporarily storing, in the found user data record, the new input data; setting the dynamic input user pseudonym stored in the user data record equal to the last received new user pseudonym associated with the received input data related to the user; computing and storing an output user data profile in the user data record, and then erasing accumulated new input data from the user data record.

Abstract: A method of detecting anomalies in a communication system includes: providing a first packet flow portion and a second packet flow portion; extracting samples of a symbolic packet feature associated with a traffic status of the first and second packet flow portions; computing from the extracted samples a first statistical concentration quantity and a second statistical concentration quantity of the symbolic feature associated with the first and second packet flow portions, respectively; computing from the concentration quantities a variation quantity representing a concentration change from the first packet flow portion to the second packet flow portion; comparing the variation quantity with a comparison value; and detecting an anomaly in the system in response to the comparison.

Abstract: Symmetric-key encryption method for transforming a sequence of plaintext symbols into a sequence of ciphertext symbols, includes an iterative encryption process including: computing an altered current internal state by combining a current internal state with a current memory symbol; computing a next internal state from the altered current internal state; generating a keystream symbol from the next internal state; verifying whether the generated keystream symbol satisfies a condition related to data-format/syntax rules; iteratively computing next internal states and iteratively generating keystream symbols; and iteratively encrypting plaintext symbols by employing next keystream symbols to obtain the sequence of ciphertext symbols.

Abstract: A method of detecting anomalies in a communication system, includes: providing a first packet flow portion and a second packet flow portion; extracting samples of a numerical feature associated with a traffic status of the first and second packet flow portions; computing from said extracted samples a first statistical dispersion quantity and a second statistical dispersion quantity of the numerical feature associated with the first and second packet flow portions, respectively; computing from the dispersion quantities a variation quantity representing a dispersion change from the first packet flow portion to the second packet flow portion; comparing the variation quantity with a comparison value; and detecting an anomaly in the system in response to said comparison.

Abstract: A biometric user authentication method, includes enrolling a user based on user's biometric samples to generate user's reference data; and authenticating the user based on a user's live biometric sample and the user's reference data; wherein enrolling a user includes acquiring the user's biometric samples; extracting an enrollment feature vector from each user's biometric sample; computing a biometric reference template vector as a mean vector based on the enrollment feature vectors; computing a variation vector based on the enrollment feature vectors and the mean vector; randomly generating an enrollment secret vector; computing an enrollment code vector based on the enrollment secret vector and the variation vector; computing a difference vector as a wrap-around difference between the enrollment code vector and the mean vector; computing an error correction vector based on the enrollment secret vector to enable error correction during the user authentication phase according to a given error tolerance level,

Abstract: A method for transforming data with a secret parameter in an elliptic curve cryptosystem based on an elliptic curve defined over an underlying binary polynomial field, includes multiplying a point of the elliptic curve, and representing the data to be transformed by a scalar representing the secret parameter, wherein the multiplying includes performing at least one point addition operation and at least one point doubling operation on points of the elliptic curve. The point addition operation includes a first sequence of elementary field operations, and the point doubling operation includes a second sequence of elementary field operations, both the first and the second sequences of elementary field operations including a field inversion of coordinates of the elliptic curve points. A representation of the elliptic curve points in affine coordinates is provided and the first and second sequences of elementary field operations are balanced.

Abstract: An apparatus for generating random data includes a raw random sequence source adapted to generate a raw random sequence and a digital post processor adapted to process the raw random sequence to generate the random data, wherein the digital post-processor includes a synchronous finite state machine having at least one input adapted to repeatedly receive a current value of the raw random sequence and at least one output to provide a current output value depending on previous values of the raw random sequence.

Abstract: Symmetric-key encryption method for transforming a sequence of plaintext symbols into a sequence of ciphertext symbols, includes an iterative encryption process including: computing an altered current internal state by combining a current internal state with a current memory symbol; computing a next internal state from the altered current internal state; generating a keystream symbol from the next internal state; verifying whether the generated keystream symbol satisfies a condition related to data-format/syntax rules; iteratively computing next internal states and iteratively generating keystream symbols; and iteratively encrypting plaintext symbols by employing next keystream symbols to obtain the sequence of ciphertext symbols.

Abstract: A random binary sequence generator for generating a random binary sequence adapted to be used for producing random numbers, includes at least one logic circuit corresponding to an associated finite-state machine having a state-transition function including states arranged to form cycles of states, wherein the at least one logic circuit has a set of logic circuit inputs and a set of logic circuit outputs fed back to the logic circuit inputs; the associated finite-state machine is autonomous and asynchronous; the state-transition function is void of loops; and any of the cycles of states has either a minimum length equal to three states, in case the cycle is stable, or a minimum length of two states, in case the cycle is meta-stable.

Abstract: A method for secure conversion between two different random markings used for cryptographic functions, converts a first binary data word, masked by a binary mask word according to a first masking process, into a corresponding second binary data word, masked by said binary mask word according to a second masking process, the first and second binary data words and the binary mask word including corresponding pluralities of bits, wherein each of the pluralities of the bits includes a least significant bit, a first bit, and at least one i-th bit i?2.

Abstract: A combinatorial key-dependent network suitable for the encryption/decryption of data on buses and in memories of data-processing devices, has a number of layers, where each layer has a number of elementary building blocks operating on very small block sizes. A generic building block acts on a small number of input data bits, which are divided into two groups of m and n bits, respectively. The m input bits, which are passed to the output intact, are used to select k out of 2mk key bits by a multiplexer circuit; the k bits are then used to select an (n×n)-bit reversible transformation acting on the remaining n input bits to produce the corresponding n output bits. The total number of the key bits in the building block is thus 2mk, which can easily he made larger that m+n. An inverse building block is the same except that the reversible transformations are replaced by their inverses.

Abstract: A method of detecting anomalies in a communication system includes: providing a first packet flow portion and a second packet flow portion; extracting samples of a symbolic packet feature associated with a traffic status of the first and second packet flow portions; computing from the extracted samples a first statistical concentration quantity and a second statistical concentration quantity of the symbolic feature associated with the first and second packet flow portions, respectively; computing from the concentration quantities a variation quantity representing a concentration change from the first packet flow portion to the second packet flow portion; comparing the variation quantity with a comparison value; and detecting an anomaly in the system in response to the comparison.

Abstract: A method of detecting anomalies in a communication system, includes: providing a first packet flow portion and a second packet flow portion; extracting samples of a numerical feature associated with a traffic status of the first and second packet flow portions; computing from said extracted samples a first statistical dispersion quantity and a second statistical dispersion quantity of the numerical feature associated with the first and second packet flow portions, respectively; computing from the dispersion quantities a variation quantity representing a dispersion change from the first packet flow portion to the second packet flow portion; comparing the variation quantity with a comparison value; and detecting an anomaly in the system in response to said comparison.

Abstract: A biometric user authentication method, includes enrolling a user based on user's biometric samples to generate user's reference data; and authenticating the user based on a user's live biometric sample and the user's reference data; wherein enrolling a user includes acquiring the user's biometric samples; extracting an enrollment feature vector from each user's biometric sample; computing a biometric reference template vector as a mean vector based on the enrollment feature vectors; computing a variation vector based on the enrollment feature vectors and the mean vector; randomly generating an enrollment secret vector; computing an enrollment code vector based on the enrollment secret vector and the variation vector; computing a difference vector as a wrap-around difference between the enrollment code vector and the mean vector; computing an error correction vector based on the enrollment secret vector to enable error correction during the user authentication phase according to a given error tolerance level,

Abstract: A method and device for transforming data with a secret parameter in an elliptic curve cryptosystem based on an elliptic curve defined over an underlying prime field, includes multiplying a point of the elliptic curve; representing the data to be transformed, by a scalar representing the secret parameter, wherein the multiplying includes performing at least one point addition operation and at least one point doubling operation on points of the elliptic curve; providing a representation in affine coordinates of the elliptic curve point to be multiplied and a representation in projective coordinates of intermediate elliptic curve points obtained during the multiplying; performing both the point addition operation and the point doubling operation by means of a sequence of elementary prime field operation types, the elementary prime field operation types including: a first type of prime field operations including field multiplication and field squaring of coordinates of the elliptic curve points and a second type