Abstract: Methods, systems, and platforms for managing machine learning models are described. A model registry system receives first data including a model and second data including metadata and at least one metric of the model. Via a local network, the first data is stored to a data storage device and the second data is sent to an application programming interface (API). The first data is retrieved from the data storage device to a model use case program operating in a software development environment native to where the model registry system stores the model. The second data, including the metadata and the at least one metric of the model, is sent to a user interface (UI) via the API. The stored model can be deployed from the model use case program via the API.

Abstract: The disclosed system and method relate to automatically detecting empty spaces on retail store shelves, identifying the missing product(s) and causing the space to be replenished or restocked. For example, stores may use shelf-mounted imaging devices to capture images of shelves across the aisle from the imaging devices. The images captured by the imaging devices may be pre-processed to de-warp, de-skew images and stitch together multiple images in order to retrieve an image that captures a full width of a shelf. The pre-processed images can then be used to detect products on the shelf, identify the detected products. An iterative projection algorithm or product fingerprint matching algorithm can be used to identify the products. When an incorrect product listing or an empty shelf space is encountered, a message may be sent to the store employee to remedy the issue.

Abstract: According to one aspect is provided a method for establishing a secure connection between a client device and a network gateway. The method is performed by an access point. The method comprises establishing a first secure connection between the access point and the network gateway. The method comprises establishing a second secure connection serving as a virtual private network tunnel between the client device and the network gateway. There is also provided corresponding methods as performed by the client device and the network gateway.

Abstract: A Bluetooth device (702) is disclosed, the Bluetooth device being provisioned with a security credential (710) that is shared with an authentication server (706). The Bluetooth device comprises processing circuitry configured to use a Bluetooth pairing mechanism to establish a pairing with a Bluetooth gateway (704a-c) by establishing a shared secret key with the Bluetooth gateway and to perform an Extensible Authentication Protocol (EAP) authentication method towards the authentication server using the security credential, wherein performing the EAP authentication method comprises using the paired Bluetooth gateway to forward messages to and from the authentication server. The processing circuitry is further configured to bind the pairing established with the paired Bluetooth gateway to the performed EAP authentication method. Also disclosed are a Bluetooth gateway and methods performed by a Bluetooth device and a Bluetooth gateway.

Abstract: A method, performed by an EAP authenticator in a communication network, is disclosed. An identification of at least one EAP method supported by an EAP authentication server providing an EAP authentication service to the EAP authenticator is obtained, wherein the identification is obtained from a network entity of the communication network or from inspection of traffic through the EAP authenticator. The identification of at least one EAP method is provided to a device operable to request communication network access from the EAP authenticator. Also disclosed is a method, performed in an EAP authentication server in a communication network. A request for identification of EAP methods supported by the EAP authentication server is received, and a response to the request is sent identifying at least one EAP method supported by the EAP authentication server. An EAP authenticator, EAP authentication server and computer program are also disclosed.

Abstract: Systems and methods for increasing the value of trash. By increasing the value of trash, persons have an incentive to collect litter and deposit the collected litter at an appropriate trash collection site (e.g., garbage can, reverse vending machine, recycling center, etc.). In one aspect, a financial instrument (e.g., a Bitcoin, Bitcoin-like value, account identifier, or any other financial instrument) or a pointer to a financial instrument is attached to the object itself or placed inside of the object in a way that is not easily extracted before appropriate time.

Abstract: Using an authentication server to program network elements, such as a network node, in accordance with software-defined networking techniques in order to establish a traffic flow rule for a communication device or user of the communication device. After successfully authenticating a communication device or user, the authentication server and/or network node may use an identifier received at the authentication server in connection with the authentication procedure in order to obtain a traffic flow rule for the communication device. The traffic flow rule may be established at the network node or forwarded to a second network node configured to receive network packets from the communication device. The first identifier may be any one of a user identifier identifying a user, an application identifier identifying an application, and a device identifier unique to the communication device.

Abstract: A method is provided for registration of a device as a Network Application Function, NAF, in a Generic Bootstrapping Architecture, GBA. The device performs a GBA bootstrap operation with a Bootstrapping Server Function, BSF, and sends to a NAF registration function a request to register as a NAF. The device receives NAF registration information from the NAF registration function, and performs a NAF registration with the BSF. The NAF registration function receives from the device a request to register as a NAF, confirms that that the device is authorised to act as a NAF, and transmits the NAF registration information to the device.

Abstract: A process automation platform and method for automating business processes are disclosed. The method can include defining a business process in metadata, and, based on that metadata, selecting microbots to perform micro-operations included in the business process. An event engine initiates execution of the business process using the microbots and manages data dependencies of the microbots within the process. Each of the plurality of microbots includes microbot metadata defining a micro-operation performed by the microbot, and execution of each of the plurality of microbots is initiated independently of the others of the plurality of microbots.

Abstract: In response to a transition from a previous operational state to a current operational state of a given network partition of a plurality of network partitions of a core of a cellular network, a respective entry of a registry of the plurality of network partitions is updated. Network partition selection for a terminal is effected by participating in a communication of at least one selection control message corresponding to at least one entry of the registry.

Abstract: A process automation platform and method for automating business processes are disclosed. The method can include defining a business process in metadata, and, based on that metadata, selecting microbots to perform micro-operations included in the business process. An event engine initiates execution of the business process using the microbots and manages data dependencies of the microbots within the process. Each of the plurality of microbots includes microbot metadata defining a micro-operation performed by the microbot, and execution of each of the plurality of microbots is initiated independently of the others of the plurality of microbots.

Abstract: Secure, authenticated communication is enabled between an initiator (12) (e.g., a user equipment) and a responder (14) (e.g., an authentication server function, AUSF, or a subscription de-concealing function, SIDF). The initiator (12) transmits a message (20) to the responder (14) over a secure communication channel (16). The message (20) may include information indicating a third party (18) whose signing of data (e.g., bound to the secure communication channel (16)) will authenticate the responder (14) to the initiator (12). The responder (14) correspondingly retrieves from the third party (18) data that is signed by the third party (18) and transmits a response (24) to the initiator (12) that includes the retrieved data. The initiator (12) receives this response (24) and determines whether or not the responder (14) is authenticated by determining whether or not the response (24) includes data that is signed by the third party (18).

Abstract: In response to a transition from a previous operational state to a current operational state of a given network partition of a plurality of network partitions of a core of a cellular network, a respective entry of a registry of the plurality of network partitions is updated. Network partition selection for a terminal is effected by participating in a communication of at least one selection control message corresponding to at least one entry of the registry.

Abstract: It is presented a method, executed in a gateway, the gateway being arranged to facilitate communication between a client device and an application server. The method comprises the steps of: sending a request for an electronically transferable subscriber identity module, the request comprising an identifier based on an identity of the client device; receiving a response indicating that an electronically transferable subscriber identity module, generated based on the identifier, is available; downloading the electronically transferable subscriber identity; and storing the electronically transferable subscriber identity module with an association to the client device, along with any previously stored electronically transferable subscriber identity modules. A corresponding gateway, computer program and computer program product are also presented.

Abstract: A method (10) for generating operating entropy is provided. The method (10) is performed by a cloud computing entity (2) run on shared underlying resources (3). The method (10) comprises: sending (11) a respective entropy request to one or more servers (5a, 5b, 5c), inserting in each entropy request a respective timestamp, receiving (12) a response from each of the one or more servers (5a, 5b, 5c), each response payload comprising random bytes of unknown amount of entropy, verifying (13) validity of each response by comparing the respective timestamp in each response to a corresponding stored timestamp, and generating (14) the operating entropy based on at least one of the received responses. A cloud computing entity (2), a computer program and a computer program product are also provided.

Abstract: It is provided a method performed in a gateway and comprises the steps of: receiving a first client request from the client device, the first client request comprising a first fully qualified domain name, FQDN; transmitting a gateway request to the application server; receiving an application server response from the application server, the application server response indicating a need to provide authentication; generating a second FQDN, based on the first FQDN and an identifier of the client device; generating a client specific shared key based on the second FQDN and a shared key; generating a redirect message comprising the second FQDN, an authentication request, a context identifier and the client specific shared key; transmitting the redirect message to the client device; receiving a second client request from the client device; and generating an authentication response in case the second client request fails to comprise an authentication response.

Abstract: There is provided mechanisms for handling acknowledgements from nodes in a wireless radio ad-hoc network. A method is performed by a gateway of the wireless radio ad-hoc network. The method comprises transmitting radio signalling to nodes in the wireless radio ad-hoc network. The transmitted radio signalling is addressed to, and requiring acknowledgement from, at least one node in the wireless radio ad-hoc network. The method comprises receiving radio signalling from a node in the wireless radio ad-hoc network. The received radio signalling comprises one in-packet Bloom Filter comprising acknowledgement of the transmitted radio signalling from at least one of the nodes.

Abstract: A method performed by a machine-to-machine, M2M, server for managing communication with a M2M device is disclosed. The method comprising configuring the M2M device with a finite number of predetermined states and predetermined transitions for moving the M2M device into one of its predetermined states, and sending a message to the M2M device for executing at least one of the predetermined transitions.

Abstract: A method (10) for generating operating entropy is provided. The method (10) is performed by a cloud computing entity (2) run on shared underlying resources (3). The method (10) comprises: sending (11) a respective entropy request to one or more servers (5a, 5b, 5c), inserting in each entropy request a respective timestamp, receiving (12) a response from each of the one or more servers (5a, 5b, 5c), each response payload comprising random bytes of unknown amount of entropy, verifying (13) validity of each response by comparing the respective timestamp in each response to a corresponding stored timestamp, and generating (14) the operating entropy based on at least one of the received responses. A cloud computing entity (2), a computer program and a computer program product are also provided.

Abstract: The present disclosure relates to methods and arrangements for protecting the integrity of subscribers to personal area networks. This object is obtained by a method, performed in a service subscribing node of a personal area network, for discovering a service providing node. The method comprises obtaining a service identity resolving key. A discovery signal is received from a service publishing node, and a service identifier of the service providing node is determined from a service identity comprised in the received discovery signal using the service identity resolving key.