Abstract: A method is described herein for protecting multicast/broadcast traffic (e.g., mobile TV, multimedia) which is transmitted from a broadcast service provider via a mobile operator to one or more mobile devices. To protect the multicast/broadcast traffic, the method utilizes a broadcast key distribution and encryption architecture that is based in part on the existing GSM/UMTS authentication standards.

Abstract: A method is described herein which enables a mobile device and a smart card (SIM, UICC) to establish a shared secret KE which can then be used to secure an interface between themselves. A mobile operator helps in the establishment of the shared secret (KE) by taking part in a key exchange between the mobile device and smart card. The mobile operator's involvement is desirable since they can keep track of mobile device-smart card pairs and if necessary they can block the security establishment between the mobile device and the smart card in order to prevent fraudulent behavior.

Abstract: A method of granting, to a user communications device, access to a service provided by a plurality of service communications devices where an access key code is generated during an initial communications session between the user communications device and one of the service communications devices. The established access key code is subsequently stored in the user communications device and made available to the service communications devices for use in subsequent communications sessions between the user communications device and any one of the service communications devices. The invention further relates to a communications system and a user communications device.

Abstract: A method of providing to a client communications device access to a subscription module of a server communications device, the method comprising the steps of establishing a communications link between the client communications device and the server communications device; and communicating a number of messages comprising data related to the subscription module between the server communications device and the client communications device via the communications link. The method further comprises the step of providing integrity protection of the messages communicated between the server communications device and the client communications device via the communications link.

Abstract: A method of processing a message to determine a tag value from the message and from a key according to a message authentication code. The method including the steps of selecting one of a plurality of symbols, the plurality of symbols forming a codeword encoding a data item derived from the message, the codeword encoding the data item according to an error correcting code, wherein said key determines which one of said plurality of symbols is selected; and determining the tag value to be the selected symbol.

Abstract: The present invention relates to the problem of establishing of security that arises within an ad hoc network The problem is solved by using an optical device at a first device to read a public key that is encoded to a graphical string at a second device, which key is required for establishing security.

Abstract: When connecting a unit to one or more existing ad hoc wireless networks comprising several units, the units e.g. adapted to communicate according to the Bluetooth specification and the network then being formed according to the same specification to comprise one or more piconets, a unit can discover the units which are the masters in the networks, and then connect as a slave to those masters. Specifically it does not have to use the master-slave switch according to the Bluetooth specification. In the first stage of the unit trying to make a connection it establishes contact with at least one unit in an existing ad hoc network and then additional information on the status, in particular the role of master or slave, of the unit already connected in the network is transferred to the not yet connected unit. This information facilitates the decision of the unconnected unit as to which unit in the network that it should try to correct to.

Abstract: Disclosed is a method of loading data, such as software, into a mobile terminal, where the data is loaded from a loading station, and the data comprises payload data and header data. The mobile terminal accepts the data conditioned on a verification process based on the header data. The step of receiving the data further comprises the steps of receiving a header message including the header data from the loading station by the mobile terminal, verifying the received header data by the mobile terminal, and receiving at least a first payload message including the payload data, if the header data is verified successfully.

Abstract: Disclosed is a method of granting a client communications terminal access to a subscription module of a server communications terminal, the method comprising the steps of establishing a communications link between the client communications terminal and the server communications terminal; communicating data related to the subscription module between the server communications terminal and the client communications terminal via the communications link; authenticating the client communications terminal by the subscription module using a key-based authentication procedure; and initiating the step of communicating data related to the subscription module conditioned on a result of the step of authenticating the client communications device. The present invention further relates to an arrangement for granting access to a subscription module in a communications system.

Abstract: A system and method for encrypting data communications between a client and server utilizes an untrusted proxy server to perform computationally expensive encryption calculations which would otherwise be performed by the client. Prior to transmitting the data message to the proxy server, the client masks the data message such that the data message is indecipherable to the untrusted proxy. The untrusted proxy performs the computationally expensive encryption calculations prior to transmitting the data message to the intended receiver.

Abstract: A method of establishing a secure communications link between a user communications device and a first service communications device; the method comprises the steps of initiating a communications link using a first communications protocol between the user communications device and the first service communications device; performing, based on a PIN value, an initialisation procedure between the user communications device and the first service communications device, the initialisation procedure resulting in an identification key; storing the identification key in the user communications device and the first service communications device; the method is characterised in that it further comprises the steps of using a second communications protocol to perform a transaction between the user communications device and a second service communications device; generating and storing the PIN value; the invention further relates to a communications system and a mobile communications device.

Abstract: A method of authenticating a message (111) received via a transmission channel (108) using a Message Authentication Code (MAC).

Abstract: The present invention relates to securing information in open systems and more particularly to a method and a system for providing authentication, confidentiality and integrity protection of arbitrary communication services. A client that wishes to communicate with a particular service downloads a signed program code from that service containing code necessary for doing authenticated key exchange with that service. The client is assumed to support only two basic cryptographic functions: signing of arbitrary data by using a public key algorithm together with a one way hash function, and verifying a public key signature of arbitrary data. By allowing the security protocol needed for key exchange and data communication protection to be downloaded the number of predefined security functions that a client or server needs to support is limited. This also makes it much easier to update the communication protection since only the server program needs to be updated.

Abstract: A method of providing secure communications between a first and a second communications unit comprising a key exchange between the communications units resulting in a shared secret key, the key exchange including a user interaction. The method includes the steps of providing, at least partly by means of a user interaction, a passcode to the first and second communications units; generating a first contribution to the shared secret key by the first communications unit and a second contribution to the shared secret key by the second communications unit, and transmitting each generated contribution to the corresponding other communications unit; authenticating the transmitted first and second contributions by the corresponding receiving communications unit based on at least the passcode; and establishing said shared secret key by each of the communications units from at least the corresponding received first or second contribution, only if the corresponding received contribution is authenticated successfully.

Abstract: A method is provided for achieving admission control to a public connectionless packet network. This provides a method of access control which allows service differentiation in a form which permits a user to receive a quality of service guarantee which is better than a “best effort” service. Each transmission by a user across the network includes a ticket message sent to the user from the network. The ticket message includes information about the priority level of the transmission, and can be used in a connectionless network to determine the resources available for future transmission requests.

Abstract: A method for public key certification in a local network environment, wherein a personal certification authority associated with the local network environment is connected with a first device needing to be certified. Responsive to the connection, a certificate is provided to the device to be certified from the personal certification authority. The devices receiving a certificate may then use the certificate to carry out secure information exchange within the local network environment with other devices having a similar certificate.

Abstract: A method of granting, to a user communications device, access to a service provided by a plurality of service communications devices where an access key code is generated during an initial communications session between the user communications device and one of the service communications devices. The established access key code is subsequently stored in the user communications device and made available to the service communications devices for use in subsequent communications sessions between the user communications device and any one of the service communications devices. The invention further relates to a communications system and a user communications device.

Abstract: Two logically separated scatternets, the maximum connectivity scatternet (MCS) and the traffic scatternet (TS) are provided. An MCS maintains information about all nodes in the scatternet in order to facilitate a quick path establishment when a destination node is searched for. The MCS is maintained autonomously as new nodes arrive to the scatternet and other nodes leave the scatternet. A TS is established on a per session basis, primarily between two nodes in the scatternet. The TS is designed to achieve the best possible performance for the data flow between the involved nodes. When supported, in addition to establishing dedicated TS piconets and/or dedicated TS links, this may involve switching to the Bluetooth high speed mode on TS links. An overall scatternet may consist of one MCS and several TSs.

Abstract: When connecting a unit to one or more existing ad hoc wireless networks comprising several units, the units e.g. adapted to communicate according to the Bluetooth specification and the network then being formed according to the same specification to comprise one or more piconets, a unit can discover the units which are the masters in the networks, and then connect as a slave to those masters. Specifically it does not have to use the master-slave switch according to the Bluetooth specification. In the first stage of the unit trying to make a connection it establishes contact with at least one unit in an existing ad hoc network and then additional information on the status, in particular the role of master or slave, of the unit already connected in the network is transferred to the not yet connected unit. This information facilitates the decision of the unconnected unit as to which unit in the network that it should try to correct to.

Abstract: The present invention relates to the problem of establishing of security that arises within an ad hoc network