Abstract: The present invention relates to a method, system, client device, gateway device and computer program product for maintaining a state information in an intermediate network function, wherein the state information expires after a predetermined idle period. Detecting means are provided for detecting an idle state of a connection. In response to the detecting means, a transport protocol used for encapsulating data is changed from a first protocol with a first predetermined idle period to a second protocol with a second predetermined idle period, said second predetermined idle period being longer than said first predetermined idle period. Alternatively, a connection parameter is provided to a device for a parallel second connection in a set-up negotiation via said first connection. This connection parameter is then used for setting up a parallel second connection to the device based on the second transport protocol used for encapsulating data with the second predetermined idle period.

Abstract: A method, apparatus, system and computer program product are provided for booting up a system using a secure boot framework. In particular, a secure boot mechanism (i.e., a mechanism that enforces that only authenticated programs and/or events are executed on a particular platform) is provided that has an unlimited number of authorized boot configurations, while requiring only a minimal amount of secure/confidential storage. The secure boot mechanism further provides for the separation of run-time and management functionality, which allows other authorization mechanisms to be plugged-in later on. In addition, the authorized secure boot configurations (i.e., the definition of the secure boot state) can be kept in insecure storage, such as a system disk (e.g., flash memory). Finally, the disclosed secure boot mechanism is further beneficial because it builds upon existing TCG techniques, causing it to require minimal implementation where TCG techniques are implemented.

Abstract: The present invention provides an establishment of a trusted relationship between two mutually unknown communication parties in a communication system without the use of a trusted third party. The invention is based on non-interactive proofs-of-work being purpose-bound for establishing the trusted relationship and cryptographically signing information to be transferred between the communication parties using such proofs-of-work for the solving of a problem instance along with verifying the proofs-of-work and generating a session object for a trusted relationship, when the verifying yields an affirmative result.

Abstract: A method and apparatus for providing a mobile terminal with at least one feature setting. The method comprises steps of storing at least a first check-up data in the mobile terminal; linking at least the first check-up data via a feature lock with at least one feature setting, the feature lock protecting the at least one feature setting of the mobile terminal; in response to receiving a configuration message in the mobile terminal, authenticating a sender of the configuration message with the first check-up data; and in response to the sender of the configuration message being authorised to modify the feature setting of the mobile terminal, supplying a configuration data included in the configuration message via the feature lock to be used by the mobile terminal.

Abstract: The invention is in the field of security and trustworthy computing. The invention relates to a method for managing identities in a device comprising a trusted platform module. In the method an identity related command is used for performing identity related action; a delegation agent, a storage key for secure storage, and a delegation for the identity related command are created. Further, said delegation is sealed using the created storage key to a trustworthy system state; and the sealed delegation is delivered to the delegation agent.

Abstract: A communication network manages key material. A method generates and provides session keys from a security node to an access node for further propagation during handoff procedures, without requiring the security node to take part in the handoff procedures.

Abstract: The invention relates to method for secure interpretation of a program in an electronic device. An interpreted program is loaded and a stub executable is formed using a prototype stub executable. The stub executable is associated with the interpreted program. At least one second capability also is assigned to the interpreted program and further to the stub executable. The stub executable invokes at least one function in a shared interpreter library to interpret the interpreted program. An interpreter engine checks whether the interpreted program refers an external interpreted program code section. The interpreter engine infers at least one second capability for the external interpreted program code section. The interpreter engine disallows the execution of said external interpreted program code section if said at least one first capability is not a subset of said at least one second capability.