Systems and techniques to enable message routing among multiple devices and device domains, via end-to-end tunneling techniques, are disclosed. In an example, techniques and device configurations involving the use of RESTful protocols that communicate OSCORE (Object Security for Constrained RESTful Environments) payloads over OSCORE tunnels, involve receiving an OSCORE message having an encrypted COSE (Concise Binary Object Representation (CBOR) Object Signing and Encryption) object payload and inserting the OSCORE message into an OSCORE tunnel message to implement a tunneled communication with a receiving device. Here, the tunnel message includes the OSCORE message within an envelope encrypted COSE object payload. The OSCORE tunnel message may then be transmitted to the receiving device. Further techniques and device configurations for the receipt, processing, conversion, and decryption of such tunneled messages are also disclosed.

Systems and techniques to enable message routing among multiple devices and device domains, via end-to-end tunneling techniques, are disclosed. In an example, techniques and device configurations involving the use of RESTful protocols that communicate OSCORE (Object Security for Constrained RESTful Environments) payloads over OSCORE tunnels, involve receiving an OSCORE message having an encrypted COSE (Concise Binary Object Representation (CBOR) Object Signing and Encryption) object payload and inserting the OSCORE message into an OSCORE tunnel message to implement a tunneled communication with a receiving device. Here, the tunnel message includes the OSCORE message within an envelope encrypted COSE object payload. The OSCORE tunnel message may then be transmitted to the receiving device. Further techniques and device configurations for the receipt, processing, conversion, and decryption of such tunneled messages are also disclosed.

Apparatuses, methods, and systems are disclosed for protecting the user identity and credentials. One apparatus includes a processor registers with a mobile communication network using a first set of credentials, the mobile communication network supporting a plurality of network slices. The processor receives a public key for a network slice where slice-specific authentication is required and encrypts a second set of credentials using the public key. Here, the second set of credentials is used for authentication with the network slice. The apparatus includes a transceiver that sends a message to the mobile communication network, the message including the encrypted second set of credentials.

A system includes sensors disposed within a location for outputting presence signals to a smart device, for receiving an ephemeral ID signal from the smart device, for outputting sensor ID signals to the smart device, for receiving responsive data from the smart device and for determining presence of the smart device in response to the responsive data, an authentication server for receiving the sensor ID signals from the smart device, for determining the responsive data, and for providing the responsive data to the smart device, a hub device coupled to the sensors for receiving an indication of the determination of the presence of the smart device, for determining additional data associated with the smart device, for facilitating a physical change perceptible to a user of the smart device in response to the additional data, and for providing the presence data to a smart device associated with a first responder.

A vehicle can have a user profile securely deployed in it according to a security protocol. The vehicle can include a body, a powertrain, vehicle electronics, and a computing system. The computing system of the vehicle can be configured to: retrieve information from a user profile according to a security protocol. The computing system of the vehicle can also be configured to receive a request for at least a part of the retrieved information from the vehicle electronics and send a portion of the retrieved information to the vehicle electronics according to the request. The computing system of the vehicle can also be configured to propagate information sent from the vehicle electronics back into the user profile according to the security protocol. And, the computing system of the vehicle can also be configured to store in its memory, according to the security protocol, information sent from the vehicle electronics.

A system for embedding users' preferences and behaviors based on interactions with an array of devices.

Systems and methods are provided for performing privacy transformation of data to protect privacy in data analytics under the multi-access edge computing environment. In particular, a policy receiver in an edge server receives privacy instructions. Inference determiner in the edge server in a data analytics pipeline receives data from an IoT device and evaluates the data to recognize data associated with personally identifiable information. Privacy data transformer transforms the received data with inference for protecting data privacy by preventing exposure of private information from the edge server. In particular, the privacy data transformer dynamically selects a technique among techniques for removing information that is subject to privacy protection and transforms the received data using the technique. The techniques includes reducing resolution of image data such that inference enables object recognition without sufficient details to prevent other servers in the data analytics pipeline to determine identifies of the object deeper inferences.

A method and system for blurring location data. Location data indicating a location of a mobile device and a user identification associated with the mobile device is received. Prestored data indicating a plurality of entries is accessed, each entry having a respective stored location associated with a corresponding location status. In response to an entry in the prestored data including a stored location corresponding to the location of the mobile device indicated in the location data, a derived location of the mobile device is generated based on the corresponding location status of the stored location, wherein the derived location is less accurate than the location indicated in the received location data. The derived location of the mobile device is stored in a mobile device location log associated with the received user identification.

A method and system for blurring location data. Location data indicating a location of a mobile device and a user identification associated with the mobile device is received. Prestored data indicating a plurality of entries is accessed, each entry having a respective stored location associated with a corresponding location status. In response to an entry in the prestored data including a stored location corresponding to the location of the mobile device indicated in the location data, a derived location of the mobile device is generated based on the corresponding location status of the stored location, wherein the derived location is less accurate than the location indicated in the received location data. The derived location of the mobile device is stored in a mobile device location log associated with the received user identification.

A method performed by a network node of a serving public land mobile network, PLMN, associated with a user equipment, UE, comprising: obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.