Abstract: A terminal (1) for use with a cellular or mobile telecommunications network (3) includes authentication means (15) such as a SIM, USIM, UICC etc. for authenticating the terminal with the network. The terminal further includes a normal execution environment (30) and a secure execution environment (34). An interface controller (46) is provided in the secure execution environment and intercepts all communications directed to the authentication means to control access to the authentication means by these communications.

Abstract: A method of verifying the validity of a message received by a telecommunications terminal (8) having a processor (30) and which is operable in a boot mode and a runtime mode is disclosed. In the embodiments the message is a SIM unlock message, for removing or modifying a restriction of the types of subscriber identity module (SIM) with which the mobile terminal may be used. In response to reception of the SIM unlock message when the terminal (1) is in the runtime mode, the processor 30 of the terminal (1) causes the terminal to enter the boot mode and verify the validity of the message during the boot mode. Because the validity of the message is checked during the boot mode, the check can be performed with greater security.

Abstract: A terminal (1) for use with a cellular or mobile telecommunications network (3) includes authentication means (15) such as a SIM, USIM, UICC etc. for authenticating the terminal with the network. The terminal further includes a normal execution environment (30) and a secure execution environment (34). An interface controller (46) is provided in the secure execution environment and intercepts all communications directed to the authentication means to control access to the authentication means by these communications.

Abstract: A method of verifying the validity of a message received by a telecommunications terminal (8) having a processor (30) and which is operable in a boot mode and a runtime mode is disclosed. In the embodiments the message is a SIM unlock message, for removing or modifying a restriction of the types of subscriber identity module (SIM) with which the mobile terminal may be used. In response to reception of the SIM unlock message when the terminal (1) is in the runtime mode, the processor 30 of the terminal (1) causes the terminal to enter the boot mode and verify the validity of the message during the boot mode. Because the validity of the message is checked during the boot mode, the check can be performed with greater security.

Abstract: A method of controlling a telecommunications terminal (1, 11, 13) requiring an authorised input to perform at least one operation, and including a locking function that locks said at least one operation of the telecommunications terminal. The method comprises selectively transmitting to the telecommunications terminal an unlocking application, receiving the unlocking application at the telecommunications terminal and running the unlocking application to enable said at least one locked operation. The operation may be the full use of the terminal with a selected subscriber identity module. In addition, and preferably in combination, a method and system for a telecommunications terminal to securely receive a message in which the telecommunications terminal has a first environment for running an operating system, and a second environment adapted to be substantially secure against third party tampering.

Abstract: A method is described by which the possessor of a secret certified in a particular manner can prove to a party with which the possessor of a secret needs to interact that it does indeed possess a secret formed in the proper manner. In the context of trusted computing apparatus, this can be used to show that the secret has been provided by a legitimate manufacturer of such apparatus. A method and an architecture for revocation operable in this context is also described.