Abstract: A method and apparatus for providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency (LEA). A Key Management Server (KMS) function stores cryptographic information used to encrypt the communication at a database. The cryptographic information is associated with an identifier used to identify the encrypted communication between the sending node and the receiving node. The KMS receives a request for Lawful Interception, the request including an identity of a Lawful Interception target. The KMS uses the target identity to determine the identifier, and retrieves the cryptographic information associated with the identifier from the database. The cryptographic information can be used to decrypt the encrypted communication. The KMS then sends either information derived from the cryptographic information or a decrypted communication towards the LEA. This allows the LEA to obtain a decrypted version of the communication.

Abstract: There is disclosed a system for authentication of a device in a network by establishing a second security context between the device and a serving network node when a first security context has previously been established, assisted by an authentication server, based on a random value and a secret shared between an identity module associated with the device and the authentication server. First re-use information from the establishment of the first security context is stored at the authentication server and at the device, the first re-use information enabling secure generation of the second security context from the random value and the secret. Second re-use information may be generated or stored at the device. A context regeneration request is generated at the device, the context regeneration request authenticated at least partly based on the secret. The context regeneration request is sent to the serving network node.

Abstract: A method of performing an operation on a data storage for storing data being encrypted with a key KD associated with an owner of the data is provided. The method includes deriving, for each authorized client Cj, a first key KCj and a second key KTj, providing the client Cj with the first key KCj, and providing a Trusted Third Party (TTP) with the second key KTj. The method further includes, at a Policy Enforcement Point, receiving a request for performing the operation on the data storage from a client Ck of the authorized clients, acquiring a first key KCk from the client Ck, acquiring a second key KTk from the TTP, deriving the key KD from the first key KCk and the second key KTk, and performing the operation on the data storage using the derived key KD. The disclosed trust model uses two-part secret sharing.

Abstract: Disclosed is, among other things, a method for distributing content items to authorized users. The method comprising: a content owner device (190), COD, obtaining a first content item (196a); the COD (190) obtaining a first tag associated with the first content item (196a); the COD (190) obtaining a first content key, CK1, for said first content item (196a); the COD (190) encrypting the first content item (196a) using CK1, thereby producing a first encrypted content item; the COD (190) using at least the first tag and a key derivation function, KDF, to derive a first derived key, DK1; the COD (190) encrypting CK1 using the DK1, thereby producing a first encrypted content key, ECK1; and the COD (190) transmitting information to a content server (108), the information comprising: the first encrypted content item and the first tag.

Abstract: A tamper-resistant security device, such as a subscriber identity module or equivalent, has an AKA (Authentication and Key Agreement) module for performing an AKA process with a security key stored in the device, as well as means for external communication. The tamper-resistant security device includes an application that cooperates with the AKA module and an internal interface for communications between the AKA module and the application. The application cooperating with the AKA module is preferably a security and/or privacy enhancing application. For increased security, the security device may also detect whether it is operated in its normal secure environment or a foreign less secure environment and set access rights to resident files or commands that could expose the AKA process or corresponding parameters accordingly.

Abstract: A mobile device and an authentication server are configured to re-establish a security context that was previously established using an Authentication Key Agreement (AKA) procedure. The re-establishment advantageously uses re-use information saved from the preceding AKA procedure, including using synchronization information for each such re-establishment that occurs between AKA procedures. The synchronization information particularly identifies each instance of re-establishment and depends on a sequence number assigned to the preceding AKA procedure and on any previous instances of re-establishing the security context.

Abstract: Methods and apparatus for encrypting and storing data. The methods and apparatus provide different levels of security and usability. The methods and apparatus generate two or more keys based on a shared secret made available to a user equipment and a server. The two or more keys comprise at least one perfect forward secrecy key, and at least one limited forward secrecy key. The methods and apparatus encrypt data using at least one of the two or more keys. The methods and apparatus store the encrypted data in a memory of the user equipment and/or transmit the data from the user equipment to the server.

Abstract: A method that comprises maintaining, in a first node serving a mobile terminal over a connection protected by at least one first key, said first key and information about the key management capabilities of the mobile terminal. Upon relocation of the mobile terminal to a second node the method includes: if, and only if, said key management capabilities indicate an enhanced key management capability supported by the mobile terminal, modifying, by said first node, the first key, thereby creating a second key; sending, from the first node to the second node, the second key; and transmitting to the second node the information about the key management capabilities of the mobile terminal.

Abstract: A technique for generating a cryptographic key is provided. The technique is particularly useful for protecting the communication between two entities cooperatively running a distributed security operation. The technique comprises providing at least two parameters, the first parameter comprising or deriving from some cryptographic keys which have been computed by the first entity by running the security operation; and the second parameter comprising or deriving from a token, where the token comprises an exclusive OR of a sequence number (SQN) and an Anonymity Key (AK). A key derivation function is applied to the provided parameters to generate the desired cryptographic key.

Abstract: A Mobile Station (MS), a Base Station System (BSS) and a Mobile Switching Centre (MSC) of a cellular network, such as GSM, are disclosed. According to one embodiment, the MS is arranged to carry out one or more security features in its communication with the network. For example, the MS may be arranged to: by means of information received in a signalling message (0) from the network, discover if the network supports one or more of said security features, exchange information with the network in order to enable the use of one or more of the above-mentioned supported security features in the communication, carry out at least one of the one or more of the supported security features in the communication with the network.

Abstract: A method, arrangement, and first access router in a packet-switched communication network for determining that a first endpoint originating a communication session with a second endpoint is not initiating a malicious man-in-the-middle attack. The first access router provides access for the first endpoint to the network and a second access router provides access for the second endpoint. The first and second access routers facilitate conducting a secure key exchange between the first and second endpoints, wherein a shared secret key is generated. The first access router utilizes a Prefix Reachability Detection (PRD) protocol to determine the first endpoint is topologically legitimate due to being topologically located behind the first access router, and then sends a Prefix Request Test Initialization (PRTI) message to the second access router indicating the first endpoint is topologically legitimate.

Abstract: A tamper-resistant security device, such as a subscriber identity module or equivalent, has an AKA (Authentication and Key Agreement) module for performing an AKA process with a security key stored in the device, as well as means for external communication. The tamper-resistant security device includes an application that cooperates with the AKA module and an internal interface for communications between the AKA module and the application. The application cooperating with the AKA module is preferably a security and/or privacy enhancing application. For increased security, the security device may also detect whether it is operated in its normal secure environment or a foreign less secure environment and set access rights to resident files or commands that could expose the AKA process or corresponding parameters accordingly.

Abstract: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.

Abstract: The invention relates to a method, party challenging device (18) and computer program products for providing a challenge to a first terminal (10) intending to communicate with a second terminal (24) via two networks (N1, N2). The party challenging device receives a first electronic message (1M) concerning a transfer of media from the first terminal to the second terminal sent from the first terminal (10) and addressed to the second terminal (24), obtains communication contextual data associated with the first party or the first terminal, provides an electronic challenge message (CHM) including a challenge (CHl1) based on the obtained data and sends the challenge message to the first terminal in order to enable a decision to be made how to process the invitation message for the second terminal based on the correctness of a response (RM) including a response to the challenge.

Abstract: According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.

Abstract: A method and apparatus to establish trust between two nodes in a communications network. A first node receives from a network node authentication data unique to the first node, which can be used to derive a compact representation of verification data for the first node. The first node also receives a certified compact representation of verification data of all nodes in the network. The first node derives trust information from the authentication data for the node, and sends to a second node a message that includes the trust information and part of the authentication data. The second node has its own copy of the certified compact representation of verification data of all nodes in the network, and verifies the authenticity of the message from the first node using the compact representation of verification data of all nodes in the network and the received trust information and authentication data.

Abstract: A method of authorizing a message received at a node in a wireless network is disclosed. The message from a sender device is formed by a plurality of symbols and includes a first message integrity indicator located at a predetermined distance from the start of the message such that further symbols of the message are included after the first message integrity indicator. The position of the first message integrity indicator in the message is determined, and a cryptographic operation is performed on at least some of the symbols of the message before the first message integrity indicator so as to generate a second message integrity indicator before the first message integrity indicator is received. The first and second message integrity indicators are compared, and an indication that the message is not authorized is provided if the second message integrity indicator does not match the first message integrity indicator.

Abstract: A Mobile Station (MS), a Base Station System (BSS) and a Mobile Switching Center (MSC) of a cellular network, such as GSM, are disclosed. According to one embodiment, the MS is arranged to carry out one or more security features in its communication with the network. For example, the MS may be arranged to: • by means of information received in a signalling message (0) from the network, discover if the network supports one or more of said security features, • exchange information with the network in order to enable the use of one or more of the above-mentioned supported security features in the communication, • carry out at least one of the one or more of the supported security features in the communication with the network.

Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.

Abstract: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.