Abstract: The present disclosure is designed to determine appropriate spatial resources for uplink control channels. A user terminal has a receiving section that receives, through higher layer signaling, a plurality of entries of information related to a spatial resource for an uplink control channel, and receives specifying information that specifies, amongst the plurality of entries, entries that correspond respectively to the plurality of uplink control channel resources, by means of a control element of media access control, and a control section that controls determination of one of the plurality of uplink control channel resources, and controls transmission of the uplink control channel, by using an entry that corresponds to the determined uplink control channel resource, amongst the specified entries.

Abstract: Techniques are described for wireless communication. A first method includes generating uplink control information at a wireless device, and transmitting the uplink control information over an interlace of a component carrier of an unlicensed radio frequency spectrum band. The interlace includes a plurality of non-contiguous concurrent resource blocks in the unlicensed radio frequency spectrum band, and at least two resource blocks in the interlace include different portions of the uplink control information. A second method includes generating uplink control information at a wireless device, and transmitting the uplink control information over an uplink control channel of an unlicensed radio frequency spectrum band. Resources of the uplink control channel are divided into a plurality of discrete dimensions and the uplink control information of the wireless device is transmitted over a number of the discrete dimensions allocated to the uplink control information of the wireless device.

Abstract: Example methods and apparatus for configuring a reference signal are provided. One example method includes determining first information including beam information of beams used by a link between the second node and a third node by a. first node. The first node serves as an upper-level node of a second node. The first node sends configuration information to the second node to indicate a reference signal received or sent by the second node on a target beam. The target beam is at least one of the beams used by the link between the second node and the third node, so that the first node can indicate the second node to receive or send the reference signal based on the beams used by the link between the second node and the third node. The second node may further measure interference between the backhaul links based on the reference signal.

Abstract: Disclosed are a method and an apparatus for channel quality estimation in consideration of interference control and coordinated communication in a cellular system. A base station receives an SRS transmitted by a terminal to thus measure received power, and then configures, for the terminal, a CSI process which may measure SINRs for base stations having higher SRS received power. If the terminal feeds back, to the base station, channel quality information for the configured CSI process, the base station determines an SINR and a MCS to be applied to data transmission in consideration of a received CQI and a CoMP transmission scheme, and applies the determined SINR and MCS to thus transmit data.

Abstract: A user terminal according to an aspect of the present invention includes a control section that determines a type of particular search space, based on certain information included in a search space configuration, and a receiving section that monitors a control resource set (CORESET) by using the particular search space. According to an aspect of the present disclosure, it is possible to appropriately associate a search space with a CORESET.

Abstract: In order to control a beam failure recovery procedure properly, a user terminal according to one aspect of the present disclosure has a transmitting section that transmits a beam failure recovery request, a receiving section that receives a response signal to the beam failure recovery request, and a control section that controls at least one of whether or not to receive a control resource set and a type of a control resource set to receive, in at least one of a first period from transmission of the beam failure recovery request to start of monitoring for the response signal, a second period from the start of monitoring for the response signal to receipt of the response signal, and a third period from the receipt of the response signal to when reconfiguration is performed.

Abstract: The present disclosure provides signaling for multi-panel user equipment (MPUE) activation and deactivation status. The MPUE may include a plurality of panels. The MPUE may determine a nominal number of active panels. The MPUE may map a number of panel identifiers equal to the nominal number of active panels to an actual number of active panels of the plurality of panels. The MPUE may receive, from a base station, a downlink control information (DCI) scheduling a communication based on one of the panel identifiers. The MPUE may determine a panel for the communication based on the mapping. The MPUE may communicate according to the DCI using the determined panel.

Abstract: There is disclosed a method of operating a network node in a radio access network. The method includes transmitting first numerology information indicating a first numerology for a carrier, the first numerology having a first subcarrier spacing and a first frequency reference. The method also includes transmitting a frequency shift indication indicating a second frequency reference for a second numerology for the same carrier, the frequency shift indication indicating the second frequency reference in relation to the first frequency reference. The disclosure also pertains to related methods and devices.

Abstract: The present disclosure provides signaling for multi-panel user equipment (MPUE) activation and deactivation status. The MPUE may include a plurality of panels. The MPUE may determine a number of active panels. The MPUE may transmit a status message indicating at least the number of active panels to a base station. The base station may schedule a communication with the UE for at least one panel of the number of active panels. The MPUE may receive from the base station, a downlink control information (DCI) scheduling a communication for at least one of the number of active panels. The MPUE may communicate according to the DCI using the at least one panel scheduled by the DCI. In another aspect, the MPUE may indicate a nominal number of active panels and implicitly manage a mapping of panel identifiers to an actual number of active panels.

Abstract: The present invention is designed to improve the throughput of radio communication by using partial frequency bands for DL/UL communication. A user terminal has a receiving section that receives downlink control information by using a first partial frequency band (BWP) among a plurality of BWPs configured in a carrier, and a control section that identifies, via a resource allocation field (RA field) having a size that is configured based on a given BWP among the plurality of BWPs, a resource of a second BWP, which is different from the first BWP, in the downlink control information.

Abstract: Provided are a user equipment, base station and wireless communication methods related to resource determination for UCI in case of BWP switching in NR. A user equipment comprises: a receiver operative to receive, from a base station in a slot, a Downlink Control Information (DCI) for Bandwidth Part (BWP) switching from a first BWP to a second BWP; circuitry operative to drop a Uplink Control Information (UCI) to be transmitted in a BWP switching period of the first BWP, and to determine the earliest available slot of the second BWP or a third BWP, the BWP switching period being from the slot where the DCI for BWP switching is received until starting the second BWP to which the first BWP is switched according to the DCI; and a transmitter operative to transmit the dropped UCI in the determined earliest available slot of the second BWP or the third BWP to the base station.

Abstract: The present specification discloses a method for transmitting and receiving acknowledgement (ACK) information in a wireless local area network (WLAN) system and a device for the same. More specifically, the present specification describes a method in which a station device scheduled according to a time division duplex (TDD) scheduling scheme transmits and receives ACK information based on TDD scheduling information and a device for the same.

Abstract: A device may receive a signal from a wireless station; and determine a network-permitted Time Division Duplex (TDD) uplink duty cycle based on the signal. If the determined network-permitted TDD uplink duty cycle is greater than a maximum allowable TDD uplink duty cycle for the device, when the device performs TDD uplink transmission after receiving a scheduling grant from the wireless station, the device may decrease the TDD uplink duty cycle of the device or may decrease a time-average transmission power of the device.

Abstract: A signal receiving circuit includes a summing circuit, a clocked latch circuit and a feedback circuit. The summing circuit generates a summing signal based on an input signal and a feedback signal. The clocked latch circuit generates a sampling signal by sampling the summing signal in synchronization with a clock signal. The feedback circuit generates the feedback signal by selecting one among a plurality of coefficients based on the sampling signal.

Abstract: Systems and methods for encoding a data signal as a pulse position modulation (PPM) signal and decoding a PPM signal to output the original data signal. The method of encoding may comprise receiving an input data signal; converting the data within the input data signal to a sequence of PPM symbol values; and generating a PPM signal comprising an alternating sequence of synchronisation pulses and data pulses. The PPM signal may be generated by generating a plurality of synchronisation pulses at a fixed pulse repetition rate; and generating a sequence of data pulses with each data pulse having a time delay from a preceding synchronisation pulse, whereby the sequence of data pulses represent the sequence of PPM symbol values.

Abstract: The present disclosure discloses a low voltage differential signal transmitter, a method for generating a low voltage differential signal, and a data transmission device, the low voltage differential signal transmitter comprises includes a controller and a physical layer chip connected with each other, the controller is configured to receive a first clock signal, process the first clock signal to obtain a second clock signal, read a first data signal under drive of the second clock signal, and output a third clock signal and a second data signal; the physical layer chip is configured to receive the first clock signal and the signals output by the controller, sample the third clock signal and the second data signal according to the first clock signal, and output a serial low voltage differential clock signal and a serial low voltage differential data signal.

Abstract: A clock data recovery (CDR) mechanism qualifies symbols received from the data detector prior to using those symbols to compute a timing gradient. The disclosed CDR mechanism analyzes one or more recently received symbols to determine whether the current symbol should be used in computing the time gradient. When configured with a Mueller-Muller phase detector, the timing gradient for the received signal is set to zero if the current symbol is a ?2 or a +2 and the previous symbol is non-zero. Otherwise, the Mueller-Muller timing gradient is evaluated in the traditional manner. When configured with a minimum mean-squared error phase detector, the timing gradient for the received signal is set to zero if the previous symbol is non-zero. Otherwise, the minimum mean-squared error timing gradient is evaluated in the traditional manner.

Abstract: Disclosed herein are computer-implemented method, system, and computer-program product (computer-readable storage medium) embodiments for benchmarking with statistics in a way that reduces leakage, preserving privacy of participants and secrecy of participant data. An embodiment includes receiving a plurality of encrypted values and computing a composite statistic corresponding to at least a subset of the plurality of encrypted values. An embodiment may further include outputting the at least one composite statistic. The composite statistic may be calculated to be distinct from any encrypted value of the plurality of encrypted values, thereby preserving privacy. Further embodiments may also include generating a comparison between the composite statistic and a given encrypted value of the plurality of encrypted values, as well as outputting a result of the comparison.

Abstract: A computer-implemented method for information protection comprises: determining one or more data inputs and one or more data outputs for a transaction, wherein the data inputs are associated with input data types respectively, and the data outputs are associated with output data types respectively; encrypting the input data types and the output data types; committing each of the encrypted input data types and the encrypted output data types with a commitment scheme to obtain corresponding commitment values; obtaining at least a parameter R based at least on the commitment values; and submitting the transaction to one or more nodes in a blockchain network with disclosure of the parameter R and without disclosure of the input data types and output data types for the nodes to verify consistency between the input data types and the output data types.

Abstract: An apparatus in accordance with embodiments includes front-end radar circuitry and storage circuitry. The front-end radar circuitry generates a digital data stream that represents received radar wave signals and provides a cryptographic hash using the digital data stream, timing information, and apparatus-specific data. The storage circuitry stores the digital data stream and the cryptographic hash indicative of authenticity of the digital data stream.

Abstract: One or more embodiments of the present specification provide blockchain-based data processing methods and apparatuses that are applied to a blockchain network system that includes a node device of a service platform and a node device of a service provider. The method includes receiving first transaction data by the blockchain node device of the service provider; generating, by the blockchain node device of the service provider, second transaction data, as part of a second transaction, based on the service handling data; and sending, by the blockchain node device of the service provider, the second transaction data to a blockchain network.

Abstract: Disclosed is a secret-key provisioning (SKP) method and device based on an optical line terminal (OLT), which can generate an SKP queue according to key requests received; generate at least one secret-key according to the SKP queue; and store the at least one secret-key in key pools (KPs) of corresponding ONUS. A non-transitory computer-readable storage medium is also disclosed.

Abstract: Techniques regarding privacy preservation in a federated learning environment are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can comprise a plurality of machine learning components that can execute a machine learning algorithm to generate a plurality of model parameters. The computer executable components can also comprise an aggregator component that can synthesize a machine learning model based on an aggregate of the plurality of model parameters. The aggregator component can communicate with the plurality of machine learning components via a data privacy scheme that comprises a privacy process and a homomorphic encryption process in a federated learning environment.

Abstract: Systems and methods providing access control and data privacy/security with decentralized ledger technology are disclosed. To ensure data privacy the decryption or access to data by a non-data owner requires joint orchestration of decentralized system nodes to provide partial decryption components with n-of-x required to fulfill request. Data can be encrypted, and access control policy can be decided including required number of key fragments to fulfill decryption. Access control policies can be stored in the decentralized ledger based system. Key information can be stored in the system in a decentralized manner with partial key fragments encrypted and split among system nodes. An access request can be sent to the system to fetch a data file, without disclosing the requester's identity in the system. The decentralized ledger based system can verify a legitimate request to access the data and denies access to malicious or faulty participants.

Abstract: A method for performing privacy-preserving or secure multi-party computations enables multiple parties to collaborate to produce a shared result while preserving the privacy of input data contributed by individual parties. The method can produce a result with a specified high degree of precision or accuracy in relation to an exactly accurate plaintext (non-privacy-preserving) computation of the result, without unduly burdensome amounts of inter-party communication. The multi-party computations can include a Fourier series approximation of a continuous function or an approximation of a continuous function using trigonometric polynomials, for example, in training a machine learning classifier using secret shared input data.

Abstract: Described embodiments provide systems and methods for securing offline data for shared accounts of a shared computing device. Cache files can be generated for a plurality of users of an application executable on the device to store user data corresponding to individual users of the application. An encryption key can be generated for one or more of the cache files and the encryption key can be associated with at least one user of the application. The encryption key can be associated with a user identifier so that the encryption key is not accessible by other users of the computing device. The user data can be encrypted in one of the cache files with the encryption key. The encrypted user data can be presented to a user via the shared computing device based on receipt of a user identifier that enables access to the encryption key.

Abstract: There is provided mechanisms for deployment of components of a distributed application on destination runtime environments. A method is performed by a source runtime environment. The method comprises providing, with the components residing on the source runtime environment, public key fingerprints between the components, such that each component has its own public key and its own private key and is provided with a public key fingerprint of at least one other of the components. The method comprises providing migrating each of the components from the source runtime environment to its destination runtime environment for deployment of each component on its destination runtime environment.

Abstract: An apparatus for sharing data according to one embodiment includes a first combined data generator configured to generate first combined data by combining target data to be shared and a random bit string, a data encryptor configured to generate a ciphertext for the first combined data, a key encryptor configured to generate one or more ciphertexts for a decryption key of the ciphertext for the first combined data using one or more public keys, a second combined data generator configured to generate second combined data by combining the ciphertext for the first combined data, the one or more ciphertexts for the decryption key, and the random bit string, and a data discloser configured to disclose the second combined data to one or more entities to share the target data to be shared.

Abstract: The described cipher system includes a bits of some randomness (BOSR) reservoir; a first multiplexer circuit that receives a BOSR key, a functional key, and a first control signal for selection between the BOSR key and the functional key; a second multiplexer circuit that receives a BOSR state, a functional state, and a second control signal for selection between the BOSR state and the functional state; a block cipher logic circuit that receives the outputs from the first and second multiplexer circuits and a functional input. The block cipher outputs bits into either the BOSR reservoir or as a functional output according to a third control signal. The cipher system includes a control logic block that outputs the first control signal, second control signal, and third control signal and controls whether a clock cycle of the block cipher logic circuit is used for a BOSR operation or a functional operation.

Abstract: Disclosed is a method for allocating QKD network resources, which includes the following steps: obtaining a network structure of a QKD network, and constructing a key topology according to distributions condition of quantum key resources in the QKD network; in response to arrival of a service requiring encryption, judging whether the encrypted service is delay sensitive; when the service is delay sensitive, distributing quantum key resources to the service according to the key topology of the QKD network; and when the service is not delay sensitive, distributing quantum key resources to the service according to the network structure of the QKD network. Moreover, the present disclosure also provides a device for allocating QKD network resources and a non-transitory computer-readable storage medium.

Abstract: The present disclosure relates to exchanging data for multi-party computation. In some aspects, a server generates a first random number set, a second random number set, a third random number set, and a fourth random number set based on a first random seed, a second random seed, a third random seed, and a fourth random seed, respectively. The sever generates a fifth random number set and a sixth random number set, respectively, based on the first random number set, the second random number set, the third random number set, and the fourth random number set. The random numbers in the random number sets satisfy a predetermined condition. The server sends the first random seed, the second random seed, and the fifth random number set to a first device. The server sends the third random seed, the fourth random seed, and the sixth random number set to a second device.

Abstract: A security key to access a geographic location is sent after one or more threshold requirements are met for an entrant. In aspects, this includes a scheduling requirement and/or a proximity requirement. The security key may be encrypted with a code. The proximity requirement may be satisfied using RFID technology.

Abstract: A security device includes a physical unclonable function (PUF) cell array including a plurality of PUF cells, and a controller configured to control the PUF cell array to generate a security key. The controller includes a receiver configured to receive raw data from the plurality of PUF cells, a mapping table generator configured to extract stable data from the received raw data by discarding unstable data of the received raw data, and generate a mapping table based on stable PUF cells corresponding to the extracted stable data, among the plurality of PUF cells, a PUF cell controller configured to read sensing data from the stable PUF cells, based on the generated mapping table, and a bit determiner configured to generate the security key, based on the read sensing data.

Abstract: A method includes obtaining a plaintext query that includes a sequence of plaintext integers and generating a polynomial having coefficients that include the sequence of plaintext integers of the plaintext query. The method also includes encrypting the polynomial using a secret encryption key and transmitting the encrypted polynomial to a server. The secret encryption key is randomly sampled from a ciphertext space and the server is configured to expand the encrypted polynomial using a public encryption key to obtain a sequence of encrypted integers corresponding to the sequence of plaintext integers. The method also includes receiving an encrypted result from the server. The encrypted result is based on the sequence of encrypted integers.

Abstract: A facility for performing accurate and real-time privacy-preserving biometrics verification in a client-server environment is described. The facility receives the user's biometrics data such as face, voice, fingerprint, iris, gait, heart rate, etc. The facility then processes and applies various privacy-preserving techniques to this data to complete enrollment and authenticate users, including but not limited to: encrypting data with a key using homomorphic encryption techniques and sending the encryption to the server; the server computes directly on the encryption and returns the result, which is also encrypted under the same key, to the client; the client optionally performs post-processing and decryption (in any order) and obtains the enrollment or authentication result. The facility may repeat this process to increase security level, resulting in more than 1 round trip between the client and the server.

Abstract: Provided is a system and method for implementing remote trust services for blockchain. In one example, the method may include one or more of retrieving block content from a portion of a blockchain via an application programming interface (API), in response to a triggering event being detected, calling an off-chain trust service to sign the retrieved block content, receiving accreditation results of the retrieved block content from the off-chain trust service, the accreditation results comprising an indication of whether the retrieved block content has been successfully signed, and writing the received accreditation results to a block within the blockchain.

Abstract: A remote authentication device includes a memory. The memory includes a one time pad comprising a series of bits. The memory includes circuitry arranged to retrieve a plurality of the bits from the one time pad. The circuitry is arranged to form a key from the plurality of bits and to use the key in a hash to generate an authentication code. The retrieval of the bits, forming of the key, and generation of the authentication code are repeated a plurality of times using a different plurality of bits from the one time pad.

Abstract: Methods and systems are provided for performing a secure transaction. In an embodiment, users register biometric and/or other identifying user information. A private encryption key is generated from the biometric information and/or other user information and/or information obtained from a unpredictable physical process and are stored in a secure area of a device and a public key is transmitted to the blockchain network which acts as a service provider. In some embodiments, the execution and integrity of transactions by using transaction signatures, based on visual images is disclosed. In an embodiment, a blockchain network verifies and executes the transaction.

Abstract: A computer-implemented method for a token-based authorization in a data processing environment may be provided. The data processing environment comprises at least a user system, an application, an authentication server and an access control server. The method comprises accessing the application via a user system request, redirecting the user access request to an authentication server, authenticating the user, wherein authentication credentials comprise a request for a restricted entitlement, wherein the restricted entitlement represents a subset of existing entitlements managed by the access control server for a resource. The method comprises also sending an access token from the authentication server to the application, requesting execution of an operation comprising invoking the operation by the application providing the access token comprising restricted entitlements, invoking the access control server, and providing the scope of the token comprising the subset of the existing entitlements.

Abstract: Example embodiments of systems and methods for data transmission between a contactless card, a client device, and one or more servers are provided. The contactless card may include one or more processors and memory, which may include one or more applets. The client device may include one or more processors and memory. The client device may be in data communication with the contactless card. One or more servers may be in data communication with the client device. A first set of information may be transmitted from the contactless card to the client device. The first set of information may include one or more links to activate the contactless card via a designated email program. Upon validation of the first set of information by the one or more servers, the contactless card may be activated.

Abstract: The disclosure relates to deploying validated artifacts on a cloud computing system. In an embodiment, a method for deploying artifacts on the cloud computing system includes receiving a request to deploy an artifact on the cloud computing system. The request includes a unique identifier of the artifact. The method further includes retrieving an artifact signature associated with the artifact from an artifact repository using the unique identifier of the artifact; verifying the artifact using the retrieved artifact signature; and deploying the artifact in a productive environment of the cloud computing system when the artifact is successfully verified. The artifact deployed in the productive environment is accessible by one or more tenants of the cloud computing system.

Abstract: A storage device includes a basic memory to store a message received from an external device, a security memory to store an authentication key for authenticating the message, a controller to output a control signal, and a security engine to obtain the authentication key from the security memory with an authority to access the security memory in response to the control signal from the controller and to block an access of the controller to the security memory.

Abstract: Bitcoins and the underlying blockchain technology are one of the main innovations in building decentralized applications. The effects of quantum computing on this technology are analyzed in general. Provided herein are effective solutions to address security vulnerabilities in a blockchain-based system that can be exploited by a quantum attacker.

Abstract: In a method of operating a memory system, first security data and a first timestamp for preventing a replay attack are written by a host device to a first memory area which is an external memory area. A second timestamp is updated by the host device based on the first timestamp. The second timestamp corresponding to the first timestamp is stored in a second memory area distinguished from the first memory area. A first notification signal representing a result of updating the second timestamp is received by the host device. A writing operation for the first security data is completed when it is determined, by the host device, based on the first notification signal that the second timestamp is successfully updated.

Abstract: An information management method and system stores signatures (e.g., hashes or cryptographically unique IDs) corresponding to the individual data blocks of files or other data objects. The method and system may compare signatures for a file against a database of signatures for other stored files. If there are a threshold amount of matching signatures, the system can identify a relationship between the files, such as to identify potential security threats in the information management system.

Abstract: A key exchange technique of performing a key exchange among N (?2) parties, which can conceal metadata on communication, is provided. A key exchange method includes: a first key generation step in which a communication device Ui generates a first key; a first anonymous broadcast step in which the communication device Ui anonymously broadcasts the first key with a set R?{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the first key with ? being designated for i?{n+1, . . . , N}; a second key generation step in which the communication device Ui generates a second key; a second anonymous broadcast step in which the communication device Ui anonymously broadcasts the second key with the set R?{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the second key with ? being designated for i?{n+1, . . . , N}; and a session key generation step in which the communication device Ui generates a session key SK for i?{1, . . .

Abstract: Provided is a method for validating a predetermined digital certificate having a validation device, wherein the validation device stores approval information that specifies which digital certificates of a plurality of digital certificates are permissible digital certificates, and wherein the validation device further stores trust information which indicates a trust level of the permissible digital certificates. The method includes determining, while taking account of the approval information, whether the predetermined digital certificate is permissible for the planned use under the current conditions; and if it is determined that the predetermined digital certificate is permissible, determining the trust level of the predetermined digital certificate by taking into consideration the trust information for the planned use and the current conditions, is provided.

Abstract: A system includes a storage unit, a trusted time source, a key generation unit, and an encryption unit. The storage unit is configured to store data. The trusted time source provides a correct time responsive to a request. The key generation unit receives a time expiration associated with the data stored on the storage unit. The time expiration indicates when the data stored on the storage unit is to become inaccessible. The key generation unit further receives the correct time from the trusted time source and generates an encryption key based on the correct time and further based on the time expiration. The encryption unit is configured uses the encryption key to encrypt the data stored on the storage unit. A certificate that includes the time expiration and a decryption key associated with the encryption key is generated responsive to the data stored on the storage unit being encrypted.

Abstract: There are provided methods for associating an adapter controller with a device, among a plurality of devices, for instance a Power over Ethernet device or its controller, each device of the plurality being connected to a controller interconnected to other controllers by a power-over-data linear bus to which an item of power source equipment is also connected. The methods comprises an exchange of a pairing message comprising a unique identifier of the device to be paired with, wherein only said device from which is the pairing message receives power at the time of receiving the pairing message by the controller among the plurality of devices.

Abstract: A data collection server determines, based on the data received from the data collection terminal, a collection schedule for collecting data from the data collection terminal. Then the data collection server determines, based on the determined collection schedule, a fee plan to be signed-up for from among at least two contract plans that indicate fees charged in accordance with an amount of data communicated via the communication line. Then the data collection server notifies, to the data collection terminal, the determined collection schedule and the determined contract plan. The data collection terminal transmits the data collected from the facility device to the data collection server in accordance with the notified collection schedule and the notified contract plan.