Abstract: A method for executing by a circuit a bit permutation operation by which bits of an input data are mixed to obtain an output data including at least two words, may include: generating a mask set including mask parameters, the mask set having one word column per word of the input data; generating an input set by combining the input data with each mask parameter of the mask set by Exclusive OR (XOR) operations; and computing an output set including output data resulting from the application of the bit permutation operation to each data in the input set, where the mask set may be generated such that the output set includes columns of output words, and each word column of the mask set an the output set including a same number of occurrences of all possible values of one input data word and respectively one output word.

Abstract: A method of executing a program operating on data encrypted by a homomorphic encryption. Execution of a program instruction includes the homomorphic evaluation of an associated function in the ciphertext space, homomorphic masking of the result of the evaluation with a previously encrypted random sequence, decryption of the evaluation result thus masked followed by a new encryption and then homomorphic unmasking in the ciphertext space. The result of execution of the instruction does not appear in plain text at any time during execution of the instruction.

Abstract: Indirect fire protocol according to several embodiments of the present invention can include the initial step establishing a grid and locating a forward observer (FO) and a firing unit (FU) in the grid. The FO can estimate the bearing and range to a High Value Target (HVT) within the grid, and can homomorphically encrypting said HVT estimated position data. FO can then transmit the encrypted HVT estimated position data over cloud network architecture to a Fire Direction Center (FDC), using the FDC's Keypublic. The FDC can outsource the calculation of an absolute position of said HVT in said grid to non-secure internet cloud architecture, but with encrypted HVT estimation data and the FO position data in the grid (which the FDC knows). Once calculated, the HVT encrypted absolute position data can be decrypted, and then transmitted from FDC to a FU, using the FU's Keypublic.

Abstract: A cryptographic system is provided comprising multiple configuration servers (200, 201, 202) arranged to configure multiple network devices (300, 350, 360) for key sharing. Each configuration server comprising a computation unit (220) arranged to compute local key material for the network device from root key material specific to the configuration server and the network device identity number of the network device that is being configured. At least two configuration servers of the multiple configuration servers provide computed local key material to said network device. The network devices are configured to determine a shared key with any one of multiple network devices. A network device comprises a shared key unit (330) arranged to derive a shared key from another network device's identity number and at least two of the multiple local key materials of the network device.

Abstract: An entity authentication method includes: an entity A generates and sends NA to an entity B; the entity B generates NB and ZSEEDB, computes a key MKA?KEIA and first encrypted authentication data AuthEncDataB, and sends the NB?NA?AuthEncDataB to the entity A for verification; the entity A generates ZSEEDA, computes second encrypted authentication data AuthEncDataA, a shared key seed Z, a master key MK and a first message authentication identifier MacTagA, and sends the NA?NB?AuthEncDataA?MacTagA to the entity B for verification; the entity B computes Z, MK and MacTagA, compares the MacTagA with the received MacTagA, and if the two are equal, considers that the entity A is valid; the entity B computes and sends a second message authentication identifier MacTagB to the entity A; and the entity A computes MacTagB, compares the MacTagB with the received MacTagB, and if the two are equal, considers that the entity B is valid.

Abstract: Processing circuitry includes key store hardware that stores a plurality of encryption keys. Key stream generator hardware generates a plurality of key streams from the plurality of encryption keys, wherein each key stream comprises a repeating stream of key data. Key river generator hardware generates a key river by parallelizing the plurality of key streams as key river symbols, wherein bits from each key river symbol are selected from each key stream as individual bits from differing ones of the plurality of encryption keys. Binary processor hardware generates a key path as a sequence of binary digits generated from at least one binary function of the key river.

Abstract: A protected machine. The machine includes an enclave. An enclave includes a protected area of an application address space for which access is prevented for any application code not resident in the enclave itself, except that keys can be provided by one or more management enclaves into the enclave. The machine further includes a management enclave coupled to the enclave. The management enclave is configured to provide a key to the enclave. The management enclave is a protected area of an application address space for which access is prevented for any application code not resident in the management enclave itself.

Abstract: In response to determining that an encryption operation request includes no indication of a cryptographic key, an encryption service module performs an encryption operation using a current cryptographic key retrieved by the encryption service module, and creates and stores an encrypted data object that includes the resulting ciphertext and a key identifier that uniquely identifies the cryptographic key and the associated cryptographic algorithm used to perform the encryption. A subsequent decryption operation request to the encryption service module that indicates the encrypted data object is processed by retrieving the cryptographic key and identifying the associated cryptographic using the key identifier contained in the encrypted data object. The encrypted data object may also include an initialization vector used to generate the ciphertext contained in the encrypted data object, as well as an integrity check value generated across the ciphertext and initialization vector.

Abstract: A system for a system for automated recording and storage of encrypted messaging service conversations. The system enables access to unencrypted versions of a monitored user's encrypted messaging feeds, and allows for the recording, storage, indexing, cataloging, and searching thereof. The monitored user is able to select which conversations in the messaging feeds may be so accessed.

Abstract: One embodiment described herein provides a system and method for establishing a secure communication channel between a client and a server. During operation, the client generates a service request comprising a first dynamic message, transmits the first service request to the server, which authenticates the client based on the first dynamic message, and receives a second dynamic message from the server in response to the first dynamic message. The client authenticates the server based on the second dynamic message, and negotiates, via a quantum-key-distribution process, a secret key shared between the client and the server. The client and server then establish a secure communication channel based on at least a first portion of the secret key.

Abstract: According to an embodiment, a communication device includes a receiver, an allocator, a first communication unit, an encryption processor, a second communication unit, and a controller. The receiver is configured to receive a shared key shared with another device. The allocator is configured to allocate the shared key to a transmission key or a reception key. The first communication unit is configured to receive data from an application. The encryption processor is configured to encrypt the data with the transmission key and decrypt the data encrypted by the other device with the reception key. The second communication unit is configured to communicate with the other device by using the encrypted data. The controller is configured to control at least one of allocation of the shared key, traffic of the first communication unit, and traffic of the second communication unit, by using state information of the device.

Abstract: A method of communicating a classical message M between a first party A and a second distant party B over a public channel F, comprises the steps of sharing a key between the parties, the shared key K comprising a short-term-secure key KS and/or a long-term-secure key KL; at A, encoding M as a quantum codeword, A using K to encode M into a first encrypted codeword belonging to a publicly known quantum code; communicating the first encrypted codeword from A to B over F whose output is a second codeword; unitarily transforming the second codeword into a third codeword by using a N-mode interferometer controlled by B, placed at the output of F and keyed by K; determining an estimate of M, at B, by performing a measurement on the third codeword and by processing the measurement using K.

Abstract: A method and an apparatus for managing an application identifier, where the application identifier management apparatus receives a request sent by a terminal to apply for a private key of an application identifier. The identifier management apparatus acquires a user identifier and an application identifier according to the request. The identifier management apparatus acquires a feature identifier of the user according to the user identifier, generates a private key of the application identifier according to the application identifier and the feature identifier of the user, and sends the private key of the application identifier to the terminal.

Abstract: An administration machine for a digital escrow server stores integer values each corresponding to a machine of a group of administration machines. An initialization function calls a polynomial function, unique to the administration machine, of a degree less than or equal to the number of administration machines, with each integer value, in order to obtain first secret values. The function constructs a message including, for each administration machine, the first secret value corresponding to the integer value of said machine. In response to a message having, for each administration machine, a second secret value obtained on calling the polynomial function of said machine on the integer value of the administration machine, the function constructs a resulting secret value from the first and second secret values. An overlay function processes a digital escrow using the resulting secret value unique to the administration machine and resulting secret values unique to similar administration machines.

Abstract: Systems and methods are provided for securing a private key on a mobile device for use with public key cryptography. Specifically, a private key is reduced to two partial keys where the partial keys are stored on separate electronic devices. The partial keys combine to temporarily regenerate the private key for the purposes of notarizing (digitally signing) messages or documents, and decrypting a message or document that was encrypted using the corresponding public key. The partial keys in some embodiments may be a secret key, which can be derived from an account identifier and a password, and an exclusive key, which can be derived from the secret key and the private key. The private key can be regenerated from the secret key and the exclusive key. With the partial keys stored on separate devices, another layer of practical security is provided to public key cryptography.

Abstract: In an example system for private key recovery performed by a processor of a key recovery computing system, a key recovery computing system is configured to provide an original private key. The original private key is associated with a storage location of a blockchain-based asset. The key recovery computing system is configured to receive supplemental recovery information provided by a user via a user computing device. A recovery seed is derived from at least a subset of the supplemental recovery information, wherein the recovery seed is non-invertible. The original private key and the recovery seed are stored relationally to the supplemental recovery information. In some embodiments, the processor is further configured to cryptographically protect at least one of the original private key and the recovery seed via a universal second-factor authentication (U2F) device.

Abstract: Embodiments of the invention are directed to authentication and authorization methods. The authentication process can involve a user device interacting with an access device that is within a proximity of the user device to help ensure that the user device is near a location of the access device. The access device can assist with the authentication, either at the access device or via a communications network to an authentication computer. For example, embodiments can provide mechanisms for authentication of a user device at an access device before the user device is authenticated and authorized access to a building.

Abstract: A resource generates and provides discovery configuration information to a network appliance. The network appliance validates the discovery configuration information, such as by validating a token within the discovery configuration information, then is configured using at least the discovery configuration information and passes at least a portion of the discovery configuration information to a network disjoint from that which connects the resource and the network appliance. This portion of discovery configuration information may include service advertisement information, routing information for traversing the network topology, and in some embodiments, the validation token.

Abstract: In general, one innovative aspect of the subject matter described in this specification may be embodied in methods that may include validating user data pages extracted from a digital identification in circumstances where a user device that includes the digital identification is either unavailable or presently lacks network connectivity. For instance, an authorized device may be used to extract user data pages from the digital identification by either exchanging communications with the user device using a proximity-based data exchange protocol, or by using a physical identification card to identify the digital identification on a user record. The user data pages may then be validated by comparing checksums associated with user data pages against the checksums within the user record, and decrypting the user data pages using a decryption key that is variably designated by a security status assigned to the digital identification.

Abstract: A method is provided for generating a public/private key pair on an IC and to provision an IoT device having the IC. In the method, a first entity manufacturers an integrated circuit (IC) for use in a device. The IC, or chip, has a root secret embedded therein. A public key is generated on the IC using a unique identifier (ID) and the root secret. The IC is provided to a second entity for manufacturing the device using the IC. A reference IC is provided to a third entity. The reference IC has the same embedded root secret as the IC. The reference IC is configured to use the unique ID of the IC and the embedded root secret to generate a derived public key. The third entity is enabled to verify that the public key of the IC is associated with the unique ID by using the derived public key of the reference IC. The method allows the IoT device to be provisioned without using a public key infrastructure.

Abstract: An authentication system, device and method that include ephemeral biometrics at login authentication is disclosed. The system, device and method may continue to authenticate the user while accessed to a user system. The system, device and method may also include position/location reporting of the device.

Abstract: The present disclosure discloses a CAPTCHA image generation method and apparatus, and a server, relating to the field of computer technologies. According to the present disclosure, first noise points are generated on a CAPTCHA code in some regions of an initial image and second noise points are generated on a background of the image in another region, so that a machine cannot filter out the noise points in a CAPTCHA image by means of some simple algorithms, increasing difficulty in recognizing the CAPTCHA code by the machine, reducing a risk that the CAPTCHA code is cracked by the machine, and having a strong crack-proof capability.

Abstract: Asset authentication in a dynamic, proximity-based network of communication devices, each having a first interface for establishing the dynamic, proximity-based network by short-range wireless beacon broadcast messaging, and a second interface for communicating with a server by broadband communication. A first communication device sends (210) via the first interface an authentication request to a second communication device having an associated asset. The second device receives (220) the authentication request via the first interface and in response communicates (230) with the server via the second interface to generate a digital signature by encrypting data which includes the asset with a private key for the second device. The second device sends (240) a signing completed report message about the generation of the digital signature to the first device via the first interface.

Abstract: A method for secure access to a mobile edge computing gateway device based on a subscriber location fingerprint may comprise receiving a request to access the mobile edge computing gateway, a first user credential, and an encrypted token from a requesting user, associating the first user credential with a block chain location fingerprint for the subscribing user, including a plurality of time-stamped records of a plurality of estimated or measured location state variables of the subscribing user and an associated confidence interval representing an accuracy of those variables, decrypting the location fingerprint, receiving a requesting user location measurement, predicting a current location for the subscribing user and an associated current confidence interval based on recent location state variables in the location fingerprint, and allowing the requesting user access to the mobile edge computing gateway when the received requesting user location measurement falls within the value of the current confidence i

Abstract: Embodiments herein relate to an electronic device that includes a camera sensor to capture a digital image that includes a plurality of pixels. The electronic device may further include a digital signature calculation engine coupled with the camera sensor, the digital signature calculation engine to generate, based on a private key that is shared between a plurality of image/video acquisition modules and a pixel of the plurality of pixels, a digital signature. The electronic device may further include digital signature insertion logic coupled with the digital signature calculation engine, the digital signature insertion logic to insert an indication of the digital signature into the digital image. Other embodiments may be described and/or claimed.

Abstract: Apparatus, methods and systems to secure remotely accessible applications using authentication devices are disclosed. More in particular apparatus, methods and systems are disclosed for thwarting overlay attacks against authentication applications for displaying transaction data and for generating signatures over these transaction data.

Abstract: Disclosed are: a communication technique and a system therefor for fusing, with IoT technology, a 5G communication system for supporting a data transmission rate higher than that of a 4G system. Provided is a method for installing a profile of a terminal having an embed universal integrated circuit card (eUICC) in a mobile communication system, the method comprising: requesting for an eUICC authentication certificate to an eUICC and receiving the eUICC authentication certificate; and transferring a profile package to the eUICC so as to install a profile, wherein the received eUICC authentication certificate further comprises an eUICC manufacturer (EUM) authentication certificate.

Abstract: A method for authenticating an instrument for processing a biological sample or reagent is disclosed. The method comprises generating a PIN code by the instrument, entering the PIN code and identification data associated with the instrument in a database of an electronic device, verifying the PIN code and identification data at the electronic device, transmitting an authentication certificate to the instrument if the PIN code and identification data correspond to target data stored in the database, installing the authentication certificate on the instrument, whereby the instrument is registered with the electronic device, and using the authentication certificate for an encrypted communication between the instrument and the electronic device. Further, a system is disclosed which comprises an instrument for processing a biological sample or reagent and an electronic device. The system is configured to carry out each step of the method.

Abstract: An example system receives certificate requests from clients. Each request indicates: a number of computerized devices needing certificates; a timestamp indicating when the request was transmitted; and a client. The system includes a Quality of Service (QoS) manager that: distributes the requests from the clients across client queues, each of the client queues corresponding to a particular client; and divides requests into smaller subgroups of entries corresponding to a subset of the computerized devices needing certificates. It also includes a QoS arbiter that selects a sequence of entries from the client queues to be placed onto a QoS queue based on a number of entries in the QoS queue, a latency level of a certificate management service, and timestamps indicating when requests were transmitted, where the QoS manager retrieves entries from the QoS queue in the sequence selected by the QoS arbiter and transmits them to the certificate management service.

Abstract: Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.

Abstract: A memory device includes a memory block that includes a plurality of memory bits, wherein each bit is configured to present a first logical state; and an authentication circuit, coupled to the plurality of memory bits, wherein the authentication circuit is configured to access a first bit under either a reduced read margin or a reduced write margin condition to determine a stability of the first bit by detecting whether the first logical state flips to a second logical state, and based on the determined stability of at least the first bit, to generate a physically unclonable function (PUF) signature.

Abstract: The present invention provides a method for authenticating distributed peripherals on a computer network using an array of physically unclonable functions (PUF). As each PUF is unique, each PUF is able to generate a plurality of challenge response pairs that are unique to that PUF. The integrated circuits of the PUF comprise a plurality of cells, where a parameter (such as a voltage) of each cell may be measured (possibly averaged over many readings). The plurality of cells in the PUF may be arranged in a one, two or more dimensional matrix. A protocol based on an addressable PUF generator (APG) allows the protection of a network having distributed peripherals such as Internet of things (IoT), smart phones, lap top and desk top computers, or ID cards. This protection does not require the storage of a database of passwords, or secret keys, and thereby is immune to traditional database hacking attacks.

Abstract: A physical unclonable function code generating method includes: providing a plurality of non-volatile memory cell pairs including a first non-volatile memory cell and a second non-volatile memory cell; comparing an initial state of the first non-volatile memory cell with an initial state of the second non-volatile memory cell, and generating a first physical unclonable function code according to a comparison result of the state; calculating a formation ratio difference of a logical level in the first physical unclonable function code; and adjusting the formation ratio difference by interactively performing forming operations on the first non-volatile memory cell and the second non-volatile memory cell when the formation ratio difference is greater than or equal to a ratio threshold.

Abstract: A bus arrangement includes: a coordinator; a first subscriber; a second subscriber; and a bus. The bus includes: a first signal line coupling the first subscriber and the coordinator; a second signal line connecting the second subscriber to the first subscriber; and at least one bus line connecting the coordinator to the first subscriber and the second subscriber. The coordinator is configured to send a message via the at least one bus line to the second subscriber with a command to activate the first subscriber via the second signal line. The first subscriber includes a first current sensor and the second subscriber includes a switchable current source. The second signal line couples the first current sensor with the switchable current source.

Abstract: An interactive, program-controlled, enterprise management system for selective access to operation, design, delivery and control of TCP/IP data over an interactive global communications network. The system comprises, for instance, a publisher module for creating content on the network including live events and uploading of video-on-demand programming; a single director module for controlling access to, and managing viewing of, the network content in real-time or live, including management of the live events with selective control over creation and management of slides, polling and on-line chat; an engineer module for controlling network infrastructure including encoders and media servers, real-time network status and access to any open trouble tickets on the network; and an administrator module for managing the viewer database, testing database, usage reports, billing and analytics.

Abstract: Systems, methods, and software are disclosed herein for enhancing ad-hoc online meetings. A service client, when executed by a computing system, directs the computing system to at least detect an in-room discovery signal, identify a room from the in-room discovery signal, identify a session based on the room associated with the in-room discovery signal, and join the session.

Abstract: Methods and apparatus for generating and using multicast transaction messages in an exchange system are described. A unicast transaction message is received, e.g., by a gateway device which interacts with devices outside the exchange system. The gateway device generates a multicast transaction message from the unicast transaction message and sends transmits it to other devices in the exchange system. A multicast transaction message is received by the gateway device. The gateway generates a unicast transaction response message and sends it to the trader system which sent the transaction message to which the response corresponds. Traders are permitted to include information in a transaction message field which is not interpreted or used by the exchange to control message processing. The information in the uninterpreted field is echoed back to the trader system and allows the trader to correlate the transaction messages to one or more clients or to perform other operations.

Abstract: Methods and apparatus for arranging event opportunities are disclosed. For example, the method detects the event opportunity that matches user profiles of at least two users who are unassociated with one another, verifies a safety parameter for one of the at least two users, wherein the safety parameter is defined by the one of the at least two users, and if the safety parameter is satisfied, sending an invitation to the event opportunity to each of the at least two users.

Abstract: Techniques and systems for synchronized accessibility for client devices in an online conference are described. For example, a conferencing system receives presentation content and audio content as part of the online conference from a client device. The conferencing system generates sign language content by converting audio in the audio content to sign language. The conferencing system then synchronizes display of the sign language content with the presentation content in a user interface based on differences in durations of segments of the audio content from durations of corresponding segments of the sign language content. Then, the conferencing system outputs the sign language content as synchronized with the presentation content, such as to a viewer client device that requested the sign language content, or to storage for later access by viewers that request sign language content.

Abstract: Systems and methods for real-time collaborative computing and collective intelligence are disclosed. A hybrid swarm intelligence system includes a central collaboration server, a plurality of computing devices in communication with the central server, and an agent application in communication with the central server. In response to information sent from the central server during a group collaboration session, user input is sent to the central server via the computing devices, and machine input is given to the server via the agent application, which determines input based on rules, additional data, and/or machine learning techniques. The central server uses the user input and the machine input to repeatedly provide feedback to the agent application and users during the group collaboration session.

Abstract: A system and method for broadcast response generally employing RDS, DARC, or similar technology is provided, including a method for responding to a broadcast comprising extracting an event identifier from a broadcast signal; detecting a response by a user to the broadcast signal; polling a communications device to determine a user identifier; and communicating the event identifier and the user identifier when the user response is detected.

Abstract: A control device, a method of controlling the same, and an integrated control system are provided. The method includes in response to a setting command being input, registering a setting state of at least one device connected to the control device at a time point when the setting command is input as a preferred setting state of the at least one device, and, in response to an execution command being input, transmitting a control command to the at least one device based on the registered preferred setting state.

Abstract: Field-device coupling unit for providing a supply voltage for a field device and for communication with a superordinate control unit, the field-device coupling unit including a current interface, which is configured for communication with the control unit and has a first controllable input load which is configured to provide, from an interface current of the current interface, a load voltage on which the supply voltage is based, the field-device coupling unit further including a circuit arrangement for providing a communication signal which is to be transmitted to the control unit, wherein the circuit arrangement is configured to control the first controllable input load according to the communication signal in order to superimpose the interface current with a current signal corresponding to the communication signal.

Abstract: Embodiments of a device and method are disclosed. In an embodiment, a method for communicating data frames on a bus that operates according to a multi-master bus protocol is disclosed. The method involves beginning transmission of a data frame from a node on the bus when the node gains control of the bus, wherein the multi-master bus protocol specifies a frame format that includes a start portion, a payload portion, and an end portion, during transmission of the payload portion of the data frame, inserting an in-payload arbitration field into the transmission, continuing transmission of the data frame if the node maintains control of the bus after insertion of the in-payload arbitration field, and halting transmission of the data frame before transmission of the data frame is complete if the node losses control of the bus after insertion of the in-payload arbitration field.

Abstract: A network interface of a network user having at least one physical interface for connecting the network interface to a network interface of a different network user, at least one data selector, which is connected to the physical interface and which is suitable for receiving data from the physical interface and sending data to the physical interface, and at least one data switch, which is connected to the data selector and which is suitable for receiving data from the data selector and sending data to the data selector.

Abstract: A relay device capable of preventing transmission of an improper message to one or more networks even if improper falsification is made to a program for executing relay processing. If one CAN controller receives a message, a gateway stores the received message in the message storage unit and also sends the message to the processing unit. The processing unit that received the message performs processing necessary for relay of the message by executing a relay program, and sends the message to be relayed to the CAN controller. The gateway compares the message before being sent from the CAN controller to the processing unit with the message sent from the processing unit to the CAN controller, to determine the properness of the message.

Abstract: The disclosure herein describes a virtual extensible local area network (VXLAN) gateway. During operation, the VXLAN gateway receives, from a physical host, an Ethernet packet destined for a virtual machine residing in a remote layer-2 network broadcast domain that is different from a local layer-2 network broadcast domain where the physical host resides. The VXLAN gateway then determines a VXLAN identifier for the received Ethernet packet. The VXLAN gateway further encapsulates the Ethernet packet with the virtual extensible local area network identifier and an Internet Protocol (IP) header, and forwards the encapsulated packet to an IP network, thereby allowing the packet to be transported to the virtual machine via the IP network and allowing the remote layer-2 network broadcast domain and the local layer-2 network broadcast domain to be part of a common layer-2 broadcast domain.

Abstract: A persistent World Wide Name (WWN)-Fiber Channel Identifier (FCID) assignment system includes a Fiber Channel (FC) networking device and a server device that sets a persistent WWN-FCID bit in a second fabric login that is directed to the FC networking device subsequent to a first fabric login that was directed to the FC networking device and that resulted in the assignment of an FCID to a WWN for the server device. An FC Forwarder (FCF) device receives the second fabric login from the server device. In response to determining that the persistent WWN-FCID bit is set in the second fabric login, the FCF device sends the FC networking device a second fabric discovery corresponding to the second fabric login through a port that was used to send the FC networking device a first fabric discovery corresponding to the first fabric login.

Abstract: A method for compressive channel estimation in a massive multiple input, multiple output (MIMO) system using sectored random beams is provided. In an embodiment, a method in a massive multiple input, multiple output (MIMO) transceiver for channel estimation includes obtaining a sector. The sector includes less than a complete coverage area of the transceiver. The method also includes transmitting, by the transceiver, a plurality of random beams to a user equipment (UE) in the sector.

Abstract: A method by which a terminal estimates a channel in a wireless access system can comprises the steps of: receiving mapping information on a port and a layer of a data demodulation reference signal (DMRS); receiving change information on whether the port of the DMRS has been changed; and determining a change in port information on the basis of an indicator and estimating a channel of the DMRS.