Abstract: Provided is a telecommunications system comprising a core network, an Integrated Access Backhaul donor arranged in connection with the core network; and a plurality of Integrated Access Backhaul nodes connected to one Integrated Access Backhaul donor, either directly or by means of other Integrated Access Backhaul nodes. At least some of the Integrated Access Backhaul nodes are configured to operate in different backhauling profiles, and at least some of these Integrated Access Backhaul nodes comprise a UICC which is configured to manage a set of backhauling profiles of the corresponding Integrated Access Backhaul node.

Abstract: The invention concerns a method for transmitting to a physical or virtual element of a telecommunications network, an encrypted subscription identifier stored in a security element, or an encrypted identifier of the security element or an encrypted identifier of a terminal cooperating with the security element. The method includes pre-calculating proactively, at the occurrence of an event, the encrypted identifier using a key and storing it in a file or memory of the security element with a parameter enabling the key to be calculated by the element of the telecommunications network, in order to be able to transmit to the element of the telecommunications network the encrypted identifier and the parameter, without having to compute the encrypted identifier when the terminal is asking for it.

Abstract: The present invention relates to a method to authenticate a user having a GBA or AKMA compliant user equipment (UE) at a service provider (SR) using a GBA or AKMA protocol to communicate with a user equipment (UE), said method relying on an operator's (MNO) GBA or AKMA authentication framework while maintaining confidentiality of the communication between the user equipment (UE) and the service provider (SR) regarding the operator (MNO), said method using a Diffie-Hellman exchange between the user equipment (UE) and the service provider (SR), leading to a Diffie-Hellman session key (gxy), while establishing the GBA or AKMA protocol, said method comprising a step of calculation of a final Network or AKMA Application Function key (iNAF_key or iAApF_key) to be used in further communication between the user equipment (UE) and the service provider (SR) by derivation from the Diffie-Hellman session key (gxy) and from the GBA or AKMA protocol's service provider key (Ks_ext/int_NAF or KAF), the user authentication be

Abstract: A system and method for authentication of a secure element cooperating with a Mobile Equipment forming a terminal in a telecommunication network is provided. The telecommunication network comprises a SEAF and a AUSF/UDM/ARPF. The method includes generating an anchor key (KSEAF_SRT) for the communication between the terminal and the SEAF according to 3GPP TS 33.501, wherein the anchor key (KSEAF_SRT) is indirectly derived from a key (KSRT) obtained by deriving from the long-term key K and a secure registration token SRT sent by the terminal to the AUSF/UDM/ARPF and concealed with the AUSF/UDM/ARPF public key along with its SUPI in the SUCI. Other embodiments are disclosed.

Abstract: A method for detecting that a removable secure element has been temporarily disconnected from a first device includes: Providing by the secure element to the first device a first Temporal Global Identity; Entering the first device in the sleeping mode; If the secure element is inserted and used by a second device during the sleeping mode of the first device, replacing in the secure element the first Temporal Global Identity by a second Temporal Global Identity and providing the second Temporal Global Identity to the second device; When getting out from the sleeping mode by the first device, reading by the first device the Temporal Global Identity stored in the secure element; If the Temporal Global Identity read is not the same than the stored Temporal Global Identity, sending to an MNO server a message to indicate that the secure element has been used by another device.

Abstract: This invention related to a method for provisioning a first communication device with a set of at least one credential required for accessing to a wireless network by using a second communication device provisioned with a cryptographic key K also known by the wireless network, the first communication device being associated with a certificate comprising a public key PK, said certificate being stored with an associated private key PrK in said first communication device, the method comprising the following steps: receiving by the second communication device a registration request from the first communication device in order to be provisioned with the set of at least one credential; transmitting to the wireless network by the second communication device the registration request to generate a set of at least one credential associated to the first communication device comprising at least a cryptographic key K?, the wireless network being adapted to generate a first random number R1 and a second random number R2; r

Abstract: The present invention relates to a mobile communication device for communicating with a cellular network by means of a serving base node, the mobile communication device further being connected to a subscriber identity module, the mobile communication device being configured to operate in a power optimization mode wherein the power optimization mode comprises extended paging periods, and the mobile communication device is further configured to set up a communication context with the base node using authentication means of the subscriber identity module, wherein the mobile communication device is further configured, in case of detection of a removal of the subscriber identity module and when the power optimization mode is activated: to send an removal alert message to the serving base node by means of said communication context, afterwards to terminate the communication context.

Abstract: The present invention relates to a method to authenticate a subscriber (IMSIi) within a local network (LNj) comprising preliminary step of deriving a subscriber key (SMKi) in local keys (LKi), one local key (LKiLNj) for each local network (LNj) the subscriber (IMSIi) is authorized to access, provisioning each local network (LNj) the subscriber (IMSIi) is authorized to access with its own local key (LKiLNj). When an authentication is required in a given local network (LNj), an UICC application derives a local key (LKiLNj) in the UICC application of the subscriber (IMSIi) using the network identifier (LNj), the key derivation function (KDF) and the subscriber key (SMKi) and use the derived local key (LKiLNj) in the algorithm to perform local authentication in the local network (LNj).

Abstract: The invention concerns a method for transmitting to a physical or virtual element of a telecommunications network, an encrypted subscription identifier stored in a security element, or an encrypted identifier of the security element or an encrypted identifier of a terminal cooperating with the security element. The method includes pre-calculating proactively, at the occurrence of an event, the encrypted identifier using a key and storing it in a file or memory of the security element with a parameter enabling the key to be calculated by the element of the telecommunications network, in order to be able to transmit to the element of the telecommunications network the encrypted identifier and the parameter, without having to compute the encrypted identifier when the terminal is asking for it.

Abstract: This invention related to a method for provisioning a first communication device with a set of at least one credential required for accessing to a wireless network by using a second communication device provisioned with a cryptographic key K also known by the wireless network, the first communication device being associated with a certificate comprising a public key PK, said certificate being stored with an associated private key PrK in said first communication device, the method comprising the following steps: receiving by the second communication device a registration request from the first communication device in order to be provisioned with the set of at least one credential; transmitting to the wireless network by the second communication device the registration request to generate a set of at least one credential associated to the first communication device comprising at least a cryptographic key K?, the wireless network being adapted to generate a first random number R1 and a second random number R2; r

Abstract: The present invention relates to a mobile communication device for communicating with a cellular network by means of a serving base node, the mobile communication device further being connected to a subscriber identity module, the mobile communication device being configured to operate in a power optimization mode wherein the power optimization mode comprises extended paging periods, and the mobile communication device is further configured to set up a communication context with the base node using authentication means of the subscriber identity module, wherein the mobile communication device is further configured, in case of detection of a removal of the subscriber identity module and when the power optimization mode is activated: to send an removal alert message to the serving base node by means of said communication context, afterwards to terminate the communication context.

Abstract: The present invention relates to a method to authenticate a subscriber (IMSIi) within a local network (LNj) comprising preliminary step of deriving a subscriber key (SMKi) in local keys (LKi), one local key (LKiLNj) for each local network (LNj) the subscriber (IMSIi) is authorized to access, provisioning each local network (LNj) the subscriber (IMSIi) is authorized to access with its own local key (LKiLNj). When an authentication is required in a given local network (LNj), an UICC application derives a local key (LKiLNj) in the UICC application of the subscriber (IMSIi) using the network identifier (LNj), the key derivation function (KDF) and the subscriber key (SMKi) and use the derived local key (LKiLNj) in the algorithm to perform local authentication in the local network (LNj).

Abstract: A method of protecting a telecommunication terminal having a chip-card-type personal component which is required for telecommunication network access. The terminal includes a processing unit, at least one operating memory element containing the information necessary to the operation of the terminal, i.e. a terminal operating program, and the data necessary to the program. The method involves: a) encrypting the contents of the operating memory element of the telecommunication terminal using a pre-determined key K which is necessary for decryption; and b) allowing the terminal to commence decryption once the terminal has been started with a start-up program that is saved in a secure memory element and once the key for decryption has been calculated by same.

Abstract: The present invention relates to a method to establish a secure voice communication session between two user equipments with the help of a dedicated Network Application Function (NAF) and at least one Bootstrapping Server Function. A session key is calculated from bootstrapping service derived external or internal NAF keys of the first and the second user equipments. A secured voice communication is established using the calculated session key.

Abstract: This invention is aimed at a method for the anonymisation of data that could help identify the user while a profile of said user is collected by a targeting data collection server. To implement such anonymisation, an anonymisation server is placed between a user terminal and the collections server. The profile data collected are encrypted by the terminal using a secret key shared with the data collection server. Those profile data supplemented with data that could help identify the user are then sent to the anonymisation server. The anonymisation server encrypts the data that could help identify the user with an anonymisation key of said anonymisation server before sending on the encrypted collected data and the anonymised identification data to said collection server.

Abstract: The invention relates to the reuse of identity data from an identity module in a user equipment by a peripheral device. In order to enable the reuse of identity data from an identity module, such as a SIM or UICC card, in a user equipment by a peripheral device, the identifier of the peripheral device is transmitted to the module upon establishment of communication and authentication between the module and the peripheral device. Subsequently, identity data are transmitted, preferably selectively, by the identity module to the peripheral device when the transmitted identifier is recognized as one of the identifiers of the peripheral devices that were previously stored in the identity module. The identity data are reused by the peripheral device in order to establish a communication with the home network of the user equipment or with a local wireless network.

Abstract: The invention relates to a method for communicating data between a first secure element and a network access point. The first secure element is coupled with a network access point. The network access point is comprised within a communication network. According to the invention, at least one of the first secure element and the network access point sends, to the other of the network access point and the first secure element respectively, data relating to an identity of a communication link, as logical link, between the first secure element and the network access point. The invention also relates to a corresponding secure element.

Abstract: The invention relates to the reuse of identity data from an identity module in a user equipment by a peripheral device. In order to enable the reuse of identity data from an identity module, such as a SIM or UICC card, in a user equipment by a peripheral device, the identifier of the peripheral device is transmitted to the module upon establishment of communication and authentication between the module and the peripheral device. Subsequently, identity data are transmitted, preferably selectively, by the identity module to the peripheral device when the transmitted identifier is recognized as one of the identifiers of the peripheral devices that were previously stored in the identity module. The identity data are reused by the peripheral device in order to establish a communication with the home network of the user equipment or with a local wireless network.

Abstract: A method of protecting a telecommunication terminal having a chip-card-type personal component which is required for telecommunication network access. The terminal includes a processing unit, at least one operating memory element containing the information necessary to the operation of the terminal, i.e. a terminal operating program, and the data necessary to the program. The method involves: a) encrypting the contents of the operating memory element of the telecommunication terminal using a pre-determined key K which is necessary for decryption; and b) allowing the terminal to commence decryption once the terminal has been started with a start-up program that is saved in a secure memory element and once the key for decryption has been calculated by same.

Abstract: The invention relates to access rules (R) of compliance of subjects (Su) with objects (Ob) with a predetermined security policy (PS) in a data processing system such as a chip card. Each access rule defines the right of a subject to carry out an action on an object The security policy defines the security rules (RS) for access of the subjects to the objects. For an operation relating to a given object (Ob), at least one access rule relating to the given object is compared with the security rules in order to accept the operation when the access rule is in compliance with all the security rules; if this is not the case, the operation is refused. An operation can be the loading of an object such as an application, a modification of the access rules, or deletion or addition of a subject (s) or a request for access to a given object by a subject or a group of subjects.