Abstract: Data in various formats can be protected in a distributed tokenization environment. Examples of such formats include date and time data, decimal data, and floating point data. Such data can tokenized by a security device that instantiates a number of tokenization pipelines for parallel tokenization of the data. Characteristics of such data can be used to tokenize the data. For instance, token tables specific to the data format can be used to tokenized the data. Likewise, a type, order, or configuration of the operations within each tokenization pipeline can be selected based on the data format or characteristics of the data format. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The tokenization pipeline outputs are combined, producing tokenized data, which can be provided to a remote system for storage or processing.

Abstract: Unicode data can be protected in a distributed tokenization environment. Data to be tokenized can be accessed or received by a security server, which instantiates a number of tokenization pipelines for parallel tokenization of the data. Unicode token tables are accessed by the security server, and each tokenization pipeline uses the accessed token tables to tokenization a portion of the data. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The outputs of the tokenization pipelines are combined, producing tokenized data, which can be provided to a remote computing system for storage or processing.

Abstract: A process is defined for consumer-controllable ML model provisioning and training in a wireless communication network. The process comprises two procedures, which respectively correspond to the two phases of an ML model provisioning process in, e.g., 5GC, i.e., the preparation/provisioning phase and the training execution phase. For the preparation/provisioning phase, new parameters are added to the request from the ML model consumer to the ML model generator (e.g., NWDAF), so that the latter can conduct the ML model provisioning according to the consumer requirements. For the training execution phase, interactions between the ML model consumer and generator(s) are considered, and the corresponding procedure for a consumer controlling the ML model training execution phase is defined.

Abstract: When the consumer NWDAF requests a trained machine learning model from a producer NWDAF for a set of Analytic IDs associated with a plurality of UEs, the consumer NWDAF may include a reliability requirement in the model provisioning request to indicate a required accuracy for the machine learning model. The reliability requirement may be expressed in terms of a number of UEs, a percentage of UEs. or an accuracy target. The producer NWDAF determines whether it can provide a trained model satisfying the reliability requirement and responds accordingly. If a trained model meeting the reliability requirement is available, the producer NWDAF provides the location the trained model to the consumer NWDAF.

Abstract: Data in various formats can be protected in a distributed tokenization environment. Examples of such formats include date and time data, decimal data, and floating point data. Such data can tokenized by a security device that instantiates a number of tokenization pipelines for parallel tokenization of the data. Characteristics of such data can be used to tokenize the data. For instance, token tables specific to the data format can be used to tokenized the data. Likewise, a type, order, or configuration of the operations within each tokenization pipeline can be selected based on the data format or characteristics of the data format. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The tokenization pipeline outputs are combined, producing tokenized data, which can be provided to a remote system for storage or processing.

Abstract: A computer-implemented method, performed by a first node. The method is for handling an ongoing distributed machine-learning or federated learning (DML/FL) process for which the first node acts an aggregator of data or analytics from a first group of second nodes. The first node operates in a communications system. The first node obtains one or more first indications about one or more third nodes. The one or more first indications include respective information about the third nodes. The respective information indicates that the third nodes are eligible to be selected to participate in the ongoing DML/FL process. The one or more first indications are obtained during the ongoing DML/FL process. The first node then provides, to a fourth node operating in the communications system, an output of the ongoing DML/FL process based on the obtained one or more first indications.

Abstract: Data in various formats can be protected in a distributed tokenization environment. Examples of such formats include date and time data, decimal data, and floating point data. Such data can tokenized by a security device that instantiates a number of tokenization pipelines for parallel tokenization of the data. Characteristics of such data can be used to tokenize the data. For instance, token tables specific to the data format can be used to tokenized the data. Likewise, a type, order, or configuration of the operations within each tokenization pipeline can be selected based on the data format or characteristics of the data format. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The tokenization pipeline outputs are combined, producing tokenized data, which can be provided to a remote system for storage or processing.

Abstract: A gateway device for implementing data security is described herein. The gateway device is coupled between a client device and a server device, and is configured to receive encoded data and a set of operations from the server device in response to a request for cloud services from the client device. The gateway device is configured to decode the encoded data, and to provide the decoded data and the set of operations to the client device. The client device is configured to perform the set of operations on the decoded data, and to incorporate the operation results into an application or interface corresponding to the requested cloud service. The gateway device is configured to encode the operation result data, and to provide the encoded operation result data to the server device for storage.

Abstract: Unicode data can be protected in a distributed tokenization environment. Data to be tokenized can be accessed or received by a security server, which instantiates a number of tokenization pipelines for parallel tokenization of the data. Unicode token tables are accessed by the security server, and each tokenization pipeline uses the accessed token tables to tokenization a portion of the data. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The outputs of the tokenization pipelines are combined, producing tokenized data, which can be provided to a remote computing system for storage or processing.

Abstract: Data in various formats can be protected in a distributed tokenization environment. Examples of such formats include date and time data, decimal data, and floating point data. Such data can tokenized by a security device that instantiates a number of tokenization pipelines for parallel tokenization of the data. Characteristics of such data can be used to tokenize the data. For instance, token tables specific to the data format can be used to tokenized the data. Likewise, a type, order, or configuration of the operations within each tokenization pipeline can be selected based on the data format or characteristics of the data format. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The tokenization pipeline outputs are combined, producing tokenized data, which can be provided to a remote system for storage or processing.

Abstract: A gateway device for implementing data security is described herein. The gateway device is coupled between a client device and a server device, and is configured to receive encoded data and a set of operations from the server device in response to a request for cloud services from the client device. The gateway device is configured to decode the encoded data, and to provide the decoded data and the set of operations to the client device. The client device is configured to perform the set of operations on the decoded data, and to incorporate the operation results into an application or interface corresponding to the requested cloud service. The gateway device is configured to encode the operation result data, and to provide the encoded operation result data to the server device for storage.

Abstract: Embodiments include methods for a data consumer network function (NF) of a communication network. These methods include sending, to a network repository function (NRF) of the communication network, a request for an access token for the following: a service provided by a 5 data collection coordination function (DCCF) of the communication network, and data to be collected via the DCCF service. These methods include receiving from the NRF at least one access token for the DCCF service and for the data to be collected via the DCCF service and, using the at least one access token, collecting the data from a data producer NF of the communication network via the DCCF service. Other embodiments include complementary methods for DCCFs 0 and NRFs, as well as data consumer NFs, DCCFs, and NRFs configured to perform such methods.

Abstract: Data in a database can be protected, for instance by tokenizing the entries of the database using one or more token tables. To enable searching data within the database without first detokenizing the tokenized database entries, bigrams of each data entry can also be tokenized and stored in association with the tokenized data entry. When a query term is received, the query term can be parsed into bigrams, and each bigram can be tokenized. The tokenized query bigrams can be used to query the database, and tokenized database entries corresponding to tokenized bigrams that match the tokenized query bigrams can be identified and returned as search results.

Abstract: A method implemented in a data collector node (DCN) is described. The DCN is configured to communicate at least with a network node and a data source node (DSN). The method includes determining a data collection coordination. The determined data collection coordination is associated with the DSN and includes determining whether any DCN is registered as a data collection coordinator of for the DSN. Upon determining there is no registered data collection coordinator of for the DSN, a request to register as the data collection coordinator of the DSN is transmitted to the network node. Upon determining the DCN is itself the data collection coordinator, data collection from the DSN is coordinated. Further, upon determining a second DCN is registered as the data collection coordinator, a subscription request for data collection from the DSN is transmitted to the second DCN.

Abstract: Data in a database can be protected, for instance by tokenizing the entries of the database using one or more token tables. To enable searching data within the database without first detokenizing the tokenized database entries, bigrams of each data entry can also be tokenized and stored in association with the tokenized data entry. When a query term is received, the query term can be parsed into bigrams, and each bigram can be tokenized. The tokenized query bigrams can be used to query the database, and tokenized database entries corresponding to tokenized bigrams that match the tokenized query bigrams can be identified and returned as search results.

Abstract: A data collection coordination function, DCCF, network node receives (1a) a request for data from a data consumer, determines (2) a data source for the requested data, verifies (3a, 3b) with a network node that the data consumer and the DCCF are authorized by the data source, receives (3b) a message container for the data consumer from the network node, the message container for the data consumer including a data encryption key KE and a data integrity key Ki, and receives (3b) a message container for the data source from the network node, the message container for the data source including the data encryption key KE and the data integrity key Ki. The DCCF network node transmits (4a) the message container for the data consumer to the data consumer and transmits (5) the message container for the data source to the data source.

Abstract: The invention relates to a method for a data consumer network function, NF, of a communication network to collect data from a data producer NF, the method comprising: o sending (810), to a network repository function, NRF, in the communication network, a request for an access token for a service provided by a data collection coordination function, DCCF, in the communication network; o receiving (820), from the NRF, at least one access token for the service provided by the DCCF; and o using (830) the at least one access token, collecting data from the data producer NF in the communication network via the DCCF service.

Abstract: The present disclosure relates to a vaultless format-preserving tokenization system and method that securely converts sensitive data into a non-sensitive format while maintaining the original structure. The process includes encoding the original data, generating a secure modification based on a predetermined format by encoding another input and combining it with a unique hashing key, applying a special encryption technique that incorporates the encoded data, secure modification, and a unique encryption key to produce an encoded version of the data, and finally creating a token from the encoded data to be used in place of the original sensitive information.

Abstract: A method for distributed tokenization of sensitive strings of characters, such as social security numbers, credit card numbers and the like, in a local server is disclosed. The method comprises the steps of receiving from a central server at least one, and preferably at least two, static token lookup tables, and receiving a sensitive string of characters. In a first tokenization step, a first sub string of characters is substituted with a corresponding first token from the token lookup table(s) to form a first tokenized string of characters, wherein the first sub string of characters is a substring of the sensitive string of characters. Thereafter, in a second step of tokenization, a second sub string of characters is substituted with a corresponding second token from the token lookup table(s) to form a second tokenized string of characters, wherein the second substring of characters is a substring of the first tokenized string of characters. Optionally, one or more additional tokenization steps is/are used.

Abstract: Data in various formats can be protected in a distributed tokenization environment. Examples of such formats include date and time data, decimal data, and floating point data. Such data can tokenized by a security device that instantiates a number of tokenization pipelines for parallel tokenization of the data. Characteristics of such data can be used to tokenize the data. For instance, token tables specific to the data format can be used to tokenized the data. Likewise, a type, order, or configuration of the operations within each tokenization pipeline can be selected based on the data format or characteristics of the data format. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The tokenization pipeline outputs are combined, producing tokenized data, which can be provided to a remote system for storage or processing.