Abstract: In response to a transition from a previous operational state to a current operational state of a given network partition of a plurality of network partitions of a core of a cellular network, a respective entry of a registry of the plurality of network partitions is updated. Network partition selection for a terminal is effected by participating in a communication of at least one selection control message corresponding to at least one entry of the registry.

Abstract: It is presented a method, executed in a gateway, the gateway being arranged to facilitate communication between a client device and an application server. The method comprises the steps of: sending a request for an electronically transferable subscriber identity module, the request comprising an identifier based on an identity of the client device; receiving a response indicating that an electronically transferable subscriber identity module, generated based on the identifier, is available; downloading the electronically transferable subscriber identity; and storing the electronically transferable subscriber identity module with an association to the client device, along with any previously stored electronically transferable subscriber identity modules. A corresponding gateway, computer program and computer program product are also presented.

Abstract: A method (10) for generating operating entropy is provided. The method (10) is performed by a cloud computing entity (2) run on shared underlying resources (3). The method (10) comprises: sending (11) a respective entropy request to one or more servers (5a, 5b, 5c), inserting in each entropy request a respective timestamp, receiving (12) a response from each of the one or more servers (5a, 5b, 5c), each response payload comprising random bytes of unknown amount of entropy, verifying (13) validity of each response by comparing the respective timestamp in each response to a corresponding stored timestamp, and generating (14) the operating entropy based on at least one of the received responses. A cloud computing entity (2), a computer program and a computer program product are also provided.

Abstract: It is provided a method performed in a gateway and comprises the steps of: receiving a first client request from the client device, the first client request comprising a first fully qualified domain name, FQDN; transmitting a gateway request to the application server; receiving an application server response from the application server, the application server response indicating a need to provide authentication; generating a second FQDN, based on the first FQDN and an identifier of the client device; generating a client specific shared key based on the second FQDN and a shared key; generating a redirect message comprising the second FQDN, an authentication request, a context identifier and the client specific shared key; transmitting the redirect message to the client device; receiving a second client request from the client device; and generating an authentication response in case the second client request fails to comprise an authentication response.

Abstract: There is provided mechanisms for handling acknowledgements from nodes in a wireless radio ad-hoc network. A method is performed by a gateway of the wireless radio ad-hoc network. The method comprises transmitting radio signalling to nodes in the wireless radio ad-hoc network. The transmitted radio signalling is addressed to, and requiring acknowledgement from, at least one node in the wireless radio ad-hoc network. The method comprises receiving radio signalling from a node in the wireless radio ad-hoc network. The received radio signalling comprises one in-packet Bloom Filter comprising acknowledgement of the transmitted radio signalling from at least one of the nodes.

Abstract: A method performed by a machine-to-machine, M2M, server for managing communication with a M2M device is disclosed. The method comprising configuring the M2M device with a finite number of predetermined states and predetermined transitions for moving the M2M device into one of its predetermined states, and sending a message to the M2M device for executing at least one of the predetermined transitions.

Abstract: A method (10) for generating operating entropy is provided. The method (10) is performed by a cloud computing entity (2) run on shared underlying resources (3). The method (10) comprises: sending (11) a respective entropy request to one or more servers (5a, 5b, 5c), inserting in each entropy request a respective timestamp, receiving (12) a response from each of the one or more servers (5a, 5b, 5c), each response payload comprising random bytes of unknown amount of entropy, verifying (13) validity of each response by comparing the respective timestamp in each response to a corresponding stored timestamp, and generating (14) the operating entropy based on at least one of the received responses. A cloud computing entity (2), a computer program and a computer program product are also provided.

Abstract: The present disclosure relates to methods and arrangements for protecting the integrity of subscribers to personal area networks. This object is obtained by a method, performed in a service subscribing node of a personal area network, for discovering a service providing node. The method comprises obtaining a service identity resolving key. A discovery signal is received from a service publishing node, and a service identifier of the service providing node is determined from a service identity comprised in the received discovery signal using the service identity resolving key.

Abstract: It is disclosed a method of establishing a secure connection between a device and a network-based entity, NAF, via an access gateway, where the device and a network-based bootstrapping server, BSF, have a pre-established trust relationship. The method comprises the access gateway acting as a proxy between the device and the BSF. A reference to a NAF received from the BSF is used to securely authenticate the device to the NAF. An identity of the access gateway is sent to the NAF and the identity is used to authorise the device to use the access gateway. The access gateway identity is authenticated at the BSF and/or the NAF. The access gateway may relay messages to the device over a non-HTTP link.

Abstract: A method performed by a communications system, for authenticating a station, STA, to access a network is provided. The STA is capable of communicating with a light source. The method includes sending, by a management server to a controller of the light source, network access information, sending, by the light source to the STA, the received network access information, which network access information is sent to the STA via a Visual Light Communication (VLC) channel. The VLC channel is emitted from the light source and received by a light detector in the STA. The STA is authenticated to the network by sending the received network access information to an Access Point (AP) operating in the network in which the STA communicates with the AP via a communication channel.

Abstract: A method is provided for registration of a device as a Network Application Function, NAF, in a Generic Bootstrapping Architecture, GBA. The device performs a GBA bootstrap operation with a Bootstrapping Server Function, BSF, and sends to a NAF registration function a request to register as a NAF. The device receives NAF registration information from the NAF registration function, and performs a NAF registration with the BSF. The NAF registration function receives from the device a request to register as a NAF, confirms that that the device is authorised to act as a NAF, and transmits the NAF registration information to the device.

Abstract: A method (200) of establishing a secure connection (213) between a master device (101) and a slave device (102), sharing at least a first communication channel, is provided. The method comprises transmitting (201) an identifier IDM of the master device over the first communication channel, generating (202) a proof-of-possession Xs of a key Ks, using Ks, IDM, and a first identifier I DSi of the slave device, generating (202) a key MKS using IDM, I DSi, and Ks, storing (204) MKS, and transmitting (203) I DSi and Xs to the master device. The method further comprises transmitting (205) IDSi, Xs, and IDM, to a bootstrapping server, acquiring (206) Ks using IDSi, and generating (207) a proof-of-possession XB of Ks using Ks, IDM, and IDsi. The method further comprises, if XB and Xs are identical (208), generating (210) a key MKB using IDM, I DSi, and Ks, and transmitting (211) MKB to the master device where it is stored (212).

Abstract: A process automation platform and method for automating business processes are disclosed. The method can include defining a business process in metadata, and, based on that metadata, selecting microbots to perform micro-operations included in the business process. An event engine initiates execution of the business process using the microbots and manages data dependencies of the microbots within the process. Each of the plurality of microbots includes microbot metadata defining a micro-operation performed by the microbot, and execution of each of the plurality of microbots is initiated independently of the others of the plurality of microbots.

Abstract: It is provided a method performed in a gateway and comprises the steps of: receiving a first client request from the client device, the first client request comprising a first fully qualified domain name, FQDN; transmitting a gateway request to the application server; receiving an application server response from the application server, the application server response indicating a need to provide authentication; generating a second FQDN, based on the first FQDN and an identifier of the client device; generating a client specific shared key based on the second FQDN and a shared key; generating a redirect message comprising the second FQDN, an authentication request, a context identifier and the client specific shared key; transmitting the redirect message to the client device; receiving a second client request from the client device; and generating an authentication response in case the second client request fails to comprise an authentication response.

Abstract: Embodiments are directed to using an authentication server (140) to program and reprogram network elements, such as a network node (150), in accordance with software-defined networking techniques in order to establish a traffic flow rule for a communication device (110) or user of the communication device (110). After successfully authenticating a communication device (110) or user, the authentication server (140) and/or network node (150) may use an identifier received at the authentication server (140) in connection with the authentication procedure in order to obtain a traffic flow rule for the communication device (110). The traffic flow rule may be established at the network node (140) or forwarded to a second network node configured to receive network packets from the communication device (110). The first identifier may be any one of a user identifier identifying a user, an application identifier identifying an application, and a device identifier unique to the communication device (110).

Abstract: A method, performed by an EAP authenticator in a communication network, is disclosed. An identification of at least one EAP method supported by an EAP authentication server providing an EAP authentication service to the EAP authenticator is obtained, wherein the identification is obtained from a network entity of the communication network or from inspection of traffic through the EAP authenticator. The identification of at least one EAP method is provided to a device operable to request communication network access from the EAP authenticator. Also disclosed is a method, performed in an EAP authentication server in a communication network. A request for identification of EAP methods supported by the EAP authentication server is received, and a response to the request is sent identifying at least one EAP method supported by the EAP authentication server. An EAP authenticator. EAP authentication server and computer program are also disclosed.

Abstract: The present disclosure relates to methods and arrangements for protecting the integrity of subscribers to personal area networks. This object is obtained by a method, performed in a service subscribing node of a personal area network, for discovering a service providing node. The method comprises obtaining a service identity resolving key. A discovery signal is received from a service publishing node, and a service identifier of the service providing node is determined from a service identity comprised in the received discovery signal using the service identity resolving key.

Abstract: A method performed by a machine-to-machine, M2M, server for managing communication with a M2M device is disclosed. The method comprising configuring the M2M device with a finite number of predetermined states and predetermined transitions for moving the M2M device into one of its predetermined states, and sending a message to the M2M device for executing at least one of the predetermined transitions.

Abstract: There is provided mechanisms for handling acknowledgements from nodes in a wireless radio ad-hoc network. A method is performed by a gateway of the wireless radio ad-hoc network. The method comprises transmitting radio signalling to nodes in the wireless radio ad-hoc network. The transmitted radio signalling is addressed to, and requiring acknowledgement from, at least one node in the wireless radio ad-hoc network. The method comprises receiving radio signalling from a node in the wireless radio ad-hoc network. The received radio signalling comprises one in-packet Bloom Filter comprising acknowledgement of the transmitted radio signalling from at least one of the nodes.

Abstract: According to a first aspect, it is presented a method, executed in a gateway, the gateway being arranged to facilitate communication between a client device and an application server. The method comprises the steps of: receiving a client request from the client device, the client request comprising at least a portion being bound for the application server; sending an application server request to the application server; receiving an application server response from the application server, the application server response indicating a need to provide authentication; establishing at least one authentication credential using an authentication server for a connection between the client device and the application server; and sending a client response to the client device, the client response being based on the application server response and comprising the at least one authentication credential. An associated gateway, client device, vehicle, computer program and computer program product are also presented.