Abstract: Mechanisms for establishing forward secrecy during digest access authentication are provided. A method is performed by a client device. The method includes performing digest access authentication with a server device. The digest access authentication includes sending a first request towards the server device for accessing a resource; and receiving a first response. The first response includes a challenge and a public component of an asymmetric key pair for a key exchange with the server device. The digest access authentication includes calculating, using a digest algorithm, a response parameter based at least on the challenge and the public component of the asymmetric key pair; and sending a second request towards the server device for accessing the resource. The second request includes the calculated response parameter. The digest access authentication includes receiving a second response from the server device that indicates successful digest access authentication with the server device.

Abstract: A method comprising a client device performing digest access authentication with a server device. The digest access authentication comprises sending a first request towards the server device for accessing a resource. The digest access authentication comprises receiving a first response from the server device. The first response comprises at least two challenges and indications of as many different digest algorithms, one digest algorithm is associated with each challenge. The digest access authentication comprises calculating a response to one of the challenges using the digest algorithm associated with said one of the challenges. The response to said one of the challenges is indicative of all of the different digest algorithms. The digest access authentication comprises sending a second request towards the server device for accessing the resource. The second request comprises the response to said one of the challenges.

Abstract: Methods and apparatus are provided. In an example aspect, a method of authorization in a network node is provided. The method comprises receiving, from an authorization node, an indication that a User Equipment, UE, is authorized to access a resource, and receiving, from the authorization node, an indication of network access parameters for the UE for accessing the resource.

Abstract: Methods for enabling end-to-end security for a communication session between a user equipment (UE), registered with a Mobile Network Operator (MNO) network, and a gateway and/or service of an external network are disclosed. In the methods additional keys are generated based on keys obtained in a secondary authentication between the UE and an entity and/or service. An entity, a UE, computer programs and computer program products are also disclosed.

Abstract: The present disclosure relates to a flexible computing resource cluster allocation system and method, wherein a user who needs to complete a task which requires an amount of computing power, may define a cluster of computing resources to complete the task via a local workspace. Clusters may be created in a computing platform (related to the enterprise or provided by a third party) according to the defined configuration details. A cluster may be created for a single task which is to be completed one time. After the task is complete, the resources that make up the cluster may be de-allocated automatically, and therefore returned to the platform to be available to be reallocated to another user. A user may also create recurring task that requires a certain amount of computing resources on a repeating basis.

Abstract: A platform for data collection, and in particular image collection, and model building therefrom is disclosed. In examples, received media content data, including image data, may be assigned a context category, and one or more context-specific models may be used to automatically annotate the image. Accuracy monitoring of the image annotations may indicate a need to manually annotate images for subsequent training. A priority may be assigned to one or more images, such that images may be queued for additional annotation. Such additional annotations may be used for model retraining. In some instances, a separate classification model may be used to identify a context category for image data from among predetermined contexts.

Abstract: Methods and means for providing a UE access to an external network are disclosed. In the methods it is determined that a that a secondary authentication procedure is required in order for the UE to access the external network, and then providing, to an entity of the external network, information relating to the UE. The UE related information is included in a message in relation to the secondary authentication procedure between the UE and the entity of the external network.

Abstract: Secure, authenticated communication is enabled between an initiator (12) (e.g., a user equipment) and a responder (14) (e.g., an authentication server function, AUSF, or a subscription de-concealing function, SIDF). The initiator (12) transmits a message (20) to the responder (14) over a secure communication channel (16). The message (20) may include information indicating a third party (18) whose signing of data (e.g., bound to the secure communication channel (16)) will authenticate the responder (14) to the initiator (12). The responder (14) correspondingly retrieves from the third party (18) data that is signed by the third party (18) and transmits a response (24) to the initiator (12) that includes the retrieved data. The initiator (12) receives this response (24) and determines whether or not the responder (14) is authenticated by determining whether or not the response (24) includes data that is signed by the third party (18).

Abstract: Methods, systems, and platforms for managing machine learning models are described. A model registry system receives first data including a model and second data including metadata and at least one metric of the model. Via a local network, the first data is stored to a data storage device and the second data is sent to an application programming interface (API). The first data is retrieved from the data storage device to a model use case program operating in a software development environment native to where the model registry system stores the model. The second data, including the metadata and the at least one metric of the model, is sent to a user interface (UI) via the API. The stored model can be deployed from the model use case program via the API.

Abstract: The disclosed system and method relate to automatically detecting empty spaces on retail store shelves, identifying the missing product(s) and causing the space to be replenished or restocked. For example, stores may use shelf-mounted imaging devices to capture images of shelves across the aisle from the imaging devices. The images captured by the imaging devices may be pre-processed to de-warp, de-skew images and stitch together multiple images in order to retrieve an image that captures a full width of a shelf. The pre-processed images can then be used to detect products on the shelf, identify the detected products. An iterative projection algorithm or product fingerprint matching algorithm can be used to identify the products. When an incorrect product listing or an empty shelf space is encountered, a message may be sent to the store employee to remedy the issue.

Abstract: According to one aspect is provided a method for establishing a secure connection between a client device and a network gateway. The method is performed by an access point. The method comprises establishing a first secure connection between the access point and the network gateway. The method comprises establishing a second secure connection serving as a virtual private network tunnel between the client device and the network gateway. There is also provided corresponding methods as performed by the client device and the network gateway.

Abstract: A Bluetooth device (702) is disclosed, the Bluetooth device being provisioned with a security credential (710) that is shared with an authentication server (706). The Bluetooth device comprises processing circuitry configured to use a Bluetooth pairing mechanism to establish a pairing with a Bluetooth gateway (704a-c) by establishing a shared secret key with the Bluetooth gateway and to perform an Extensible Authentication Protocol (EAP) authentication method towards the authentication server using the security credential, wherein performing the EAP authentication method comprises using the paired Bluetooth gateway to forward messages to and from the authentication server. The processing circuitry is further configured to bind the pairing established with the paired Bluetooth gateway to the performed EAP authentication method. Also disclosed are a Bluetooth gateway and methods performed by a Bluetooth device and a Bluetooth gateway.

Abstract: A method, performed by an EAP authenticator in a communication network, is disclosed. An identification of at least one EAP method supported by an EAP authentication server providing an EAP authentication service to the EAP authenticator is obtained, wherein the identification is obtained from a network entity of the communication network or from inspection of traffic through the EAP authenticator. The identification of at least one EAP method is provided to a device operable to request communication network access from the EAP authenticator. Also disclosed is a method, performed in an EAP authentication server in a communication network. A request for identification of EAP methods supported by the EAP authentication server is received, and a response to the request is sent identifying at least one EAP method supported by the EAP authentication server. An EAP authenticator, EAP authentication server and computer program are also disclosed.

Abstract: Systems and methods for increasing the value of trash. By increasing the value of trash, persons have an incentive to collect litter and deposit the collected litter at an appropriate trash collection site (e.g., garbage can, reverse vending machine, recycling center, etc.). In one aspect, a financial instrument (e.g., a Bitcoin, Bitcoin-like value, account identifier, or any other financial instrument) or a pointer to a financial instrument is attached to the object itself or placed inside of the object in a way that is not easily extracted before appropriate time.

Abstract: Using an authentication server to program network elements, such as a network node, in accordance with software-defined networking techniques in order to establish a traffic flow rule for a communication device or user of the communication device. After successfully authenticating a communication device or user, the authentication server and/or network node may use an identifier received at the authentication server in connection with the authentication procedure in order to obtain a traffic flow rule for the communication device. The traffic flow rule may be established at the network node or forwarded to a second network node configured to receive network packets from the communication device. The first identifier may be any one of a user identifier identifying a user, an application identifier identifying an application, and a device identifier unique to the communication device.

Abstract: A method is provided for registration of a device as a Network Application Function, NAF, in a Generic Bootstrapping Architecture, GBA. The device performs a GBA bootstrap operation with a Bootstrapping Server Function, BSF, and sends to a NAF registration function a request to register as a NAF. The device receives NAF registration information from the NAF registration function, and performs a NAF registration with the BSF. The NAF registration function receives from the device a request to register as a NAF, confirms that that the device is authorised to act as a NAF, and transmits the NAF registration information to the device.

Abstract: A process automation platform and method for automating business processes are disclosed. The method can include defining a business process in metadata, and, based on that metadata, selecting microbots to perform micro-operations included in the business process. An event engine initiates execution of the business process using the microbots and manages data dependencies of the microbots within the process. Each of the plurality of microbots includes microbot metadata defining a micro-operation performed by the microbot, and execution of each of the plurality of microbots is initiated independently of the others of the plurality of microbots.

Abstract: In response to a transition from a previous operational state to a current operational state of a given network partition of a plurality of network partitions of a core of a cellular network, a respective entry of a registry of the plurality of network partitions is updated. Network partition selection for a terminal is effected by participating in a communication of at least one selection control message corresponding to at least one entry of the registry.

Abstract: A process automation platform and method for automating business processes are disclosed. The method can include defining a business process in metadata, and, based on that metadata, selecting microbots to perform micro-operations included in the business process. An event engine initiates execution of the business process using the microbots and manages data dependencies of the microbots within the process. Each of the plurality of microbots includes microbot metadata defining a micro-operation performed by the microbot, and execution of each of the plurality of microbots is initiated independently of the others of the plurality of microbots.

Abstract: Secure, authenticated communication is enabled between an initiator (12) (e.g., a user equipment) and a responder (14) (e.g., an authentication server function, AUSF, or a subscription de-concealing function, SIDF). The initiator (12) transmits a message (20) to the responder (14) over a secure communication channel (16). The message (20) may include information indicating a third party (18) whose signing of data (e.g., bound to the secure communication channel (16)) will authenticate the responder (14) to the initiator (12). The responder (14) correspondingly retrieves from the third party (18) data that is signed by the third party (18) and transmits a response (24) to the initiator (12) that includes the retrieved data. The initiator (12) receives this response (24) and determines whether or not the responder (14) is authenticated by determining whether or not the response (24) includes data that is signed by the third party (18).