Various embodiments of the teachings herein include a method for executing workloads in an execution environment. An example includes: determining approval of the workload for execution using a list of admissible workloads; determining information identifying an IT security risk of the execution environment; and amending the admissibility list of admissible workloads depending on the determined risk information.

Aspects of the present disclosure relate to certificate-based identity verification for wireless communication. In examples, a wireless network has an associated certificate, such that the certificate may be validated to verify the identity of an establishment associated with the wireless network (e.g., prior to, when, and/or after establishing a connection with the wireless network). For instance, the certificate includes the name of the wireless network as the common name to which the certificate is bound. The certificate may automatically be validated and/or manually inspected by a user, thereby confirming that the corresponding wireless network is actually associated with the establishment. By contrast, a fraudulent wireless network may not have an associated certificate or may have a certificate that does not have a valid chain of trust, such that a computing device and/or a user may more easily distinguish between an authentic wireless network and a fraudulent wireless network.

The present disclosure discloses a regulation and control method for a network connection request, a controller, a base station, and a storage medium. The regulation and control method may include: setting a lag duration and a current credibility for a terminal initiating a network connection request to a current base station for the first time; discarding the network connection request initiated by the terminal to the current base station for the first time, and replying an indication message to the terminal to instruct the terminal to initiate the network connection request again after the lag duration; and each time the network connection request initiated by the terminal is received by the terminal is abnormal within the lag duration, reducing the current credibility of the terminal according to a preset rule, and according to the current credibility, determining the probability of discarding the network connection request initiated by the terminal.

Systems, devices, and techniques described herein relate to use of an optimized security mode command (SMC) procedure for securing communications. When connecting to a different cellular network (e.g., from a 5.sup.th generation (5G) Radio Access Network (RAN)) to a different cellular network (e.g., a 4.sup.th generation (4G) RAN), a User Equipment (UE) performs the SMC procedure without processing subsequent commands until a period of time has elapsed. Instead of allowing the UE to process subsequent commands received close in time to receiving the SMC, the subsequent commands may be delayed/suspended so that the UE has time to perform the SMC procedure and establish secure communications with the 4G LTE network. According to some examples, the delay is set to a period of time (e.g., 1 ms, 10 ms, or some other value) such that the subsequent command does not interfere with performing the SMC procedure.

Systems, devices, and methods are described herein for calculating a trust score. The trust score may be calculated between entities including, but not limited to, human users, groups of users, organizations, or businesses/corporations. A system trust score may be calculated for an entity by combining a variety of factors, including verification data, a network connectivity score, publicly available information, and/or ratings data. A peer trust score targeted from a first entity to a second entity may also be calculated based on the above factors. In some embodiments, the peer trust score may be derived from the system trust score for the target entity and may take into account additional factors, including social network connections, group/demographic info, and location data. Finally, a contextual trust score may be calculated between the first and second entities based on a type of transaction or activity to be performed between the two entities.

A method, computer system, and computer program product are provided for prioritizing network traffic. An indication is received at a network controller that an alarm is activated at a physical site. A request is received from a user device to join a network at the physical site that is under control of the network controller, wherein the request includes a flag indicating an identity of a user of the user device and a priority status of the user. In response to authenticating the identity of the user via an identity provider server, the user device is authorized to join the network. Based on verifying the priority status of the user using the flag and authentication via the identity provider server, network traffic for the user device is prioritized.

Described herein are systems, methods and instrumentalities associated with a trustworthiness evaluation framework for determining the trustworthiness of a wireless transmit/receive unit (WTRU) to participate in a network operation such as an artificial intelligence machine learning (AIML) operation. The framework may provide capabilities for monitoring, evaluating, and/or selecting the WTRU to participate in the network operation. The trustworthiness of the WTRU may be evaluated based on data and/or analytics such as the privileges and security state of the WTRU, security policy rules, the behavior history of the WTRU, the attributes and/or reputations of the WTRU, referrals for the WTRU from other entities, etc. A trustworthiness level or score may be determined to indicate the trustworthiness of the WTRU. An access policy may be dynamically formed and/or enforced to reflect the trustworthiness of THE WTRU.

An identity management method, wherein the method includes: A trusted authority (TA) device determines a pseudonymous identity (PID) of a terminal device i, and sends a first parameter to the terminal device i, where the first parameter indicates the PID of the terminal device i, and the PID of the terminal device i is determined based on a real identity (RID) of the terminal device i. Based on this, the TA device may determine the PID for the terminal device, to protect the RID of the terminal device. In addition, the PID of the terminal device is associated with the RID of the terminal device, so that the TA device can determine the RID of the terminal device based on the PID of the terminal device, and can determine the real identity of the terminal device when the terminal device performs a malicious operation or an unauthorized operation.

A method for determining a context threat score in an industrial plant includes obtaining input data from the industrial plant, the input data comprising environmental data and/or operational data of at least one section of the plant; determining a context factor score for the at least one section of the industrial plant based on at least one pre-determined context factor and the input data, wherein the at least one context factor comprises a relation between the input data and context data of the at least one section, wherein the context data comprises at least one context dependent property of the at least one section; and determining, by the processing unit, a context threat score based on the at least one context factor score.

Methods, systems, and devices for wireless communication are described. A user equipment (UE) may receive first control signaling indicating a configuration associated with a target network node in a non-terrestrial network. The configuration may include a first UE-group configuration and a UE-specific configuration including integrity information for the first UE-group configuration. The UE may perform a connection operation based on a trust status of the first UE-group configuration.