Abstract: In accordance with the example embodiments of the Invention there is at least a method and apparatus to detect that at least one message received from another network device of a communication network is in response to a prior message using a spoofed source address; based on the detecting, mirror the at least one message; and send to the another network device the mirrored at least one message to cause the another network device to filter out the at least one message in response to the prior message using the spoofed address. Further, there is at least a method and apparatus to receive from a network node signaling associated with at least one message; based on the signaling, detect that the at least one message is in response to a prior message using a spoofed source address; and based on the detecting, filter out the at least one message in response to the prior message using the spoofed source address.

Abstract: A method, apparatus and computer program product are disclosed for establishing secure off-network communications between first and second Secure Cellular Devices that each have a cellular identity. The second Secure Cellular Device may assume the role of Remote Device for interaction with the NAF keyserver and may obtain a local key. The first Secure Cellular Device may derive the local key and the two devices may conduct secure communications using the shared local key. The two Secure Cellular Devices may alternate the roles of Secure Host and Remote Device, each twice obtaining or deriving a shared local key such that there are two such keys. The devices may employ one key for secure communication in one direction and the other for communication in the other direction. Alternatively, the devices may derive a unique shared key as a function of the two shared keys.

Abstract: The invention relates to a method and devices for mutual communication between devices, and to computer programs enabling such communication. According to the invention, in a first device is controlled a transmitter module operable in a local radio communications network to transmit a sequence of radio signal pulses representing a predetermined code. In at least one second device a receiver module is scanning said local radio communications network to detect said predetermined code. A contact network of the user of said at least second device is accessed, and the predetermined code is checked in the second device against the user's contact network for a match stored in the network profiles for the contacts. Then a validation key is fetched, that relates to a matching contact found in said contact network, and a connection establishment request containing the validation key is sent over said local radio communications network from the second device to the first device.

Abstract: A method and apparatus including units configured to send a request from a first network entity to a user equipment for an identifier and receive a message indicating that a public key is required from the user equipment by the first network entity. The method and apparatus also includes units configured to send, by the first network entity, the public key to the user equipment and receive an encrypted identifier by the first network entity, wherein upon authenticating the public key, the user equipment encrypts at least part of the identifier using the public key, thereby enabling further processing between the network entity and the user equipment.

Abstract: A method, apparatus and computer program product are provided to selectively establish communications with one or more of a plurality of mobile terminals in accordance with a predefined criteria, such as a predefined schedule. In the context of a method, a mobile terminal maintains at least a first subscriber identity module (SIM) and a second SIM is mapped to different subscriber identification numbers. In this regard, the second SIM is mapped to the same subscriber identification number as the SIM of at least one other mobile terminal. The method may also activate the second SIM in accordance with a predefined criteria and may then subsequently deactivate the second SIM. For example, the second SIM may be activated and subsequently deactivated in accordance with a predefined schedule, such as a shift schedule, that identifies one or more time periods in which the second SIM is to be activated.

Abstract: A method comprises causing a network access application or cellular authentication in a secure element to be disabled by changing a status of security information. In one embodiment, a method is provided to disable the network access applications of a UICC, in case of an emergency call, by resetting a verification status of the PIN.

Abstract: It is disclosed a method comprising monitoring validity of limited-validity key information, acquiring, from a network entity upon invalidity of the limited-validity key information, limited-validity transaction identification information based on unlimited-validity identification information identifying a terminal, generating new limited-validity key information based on the acquired limited-validity transaction identification information, and transmitting the acquired limited-validity transaction identification information to a network element.

Abstract: An apparatus for enabling removal or disabling of weak algorithms may include a processor and memory storing executable computer program code that cause the apparatus to at least perform operations including receiving an indication of one or more algorithms utilized by a communication device. The computer program code may further cause the apparatus to determine whether one or more of the algorithms are identified as a weak algorithm. The computer program code may further cause the apparatus to enable provision of a message to the communication device instructing the communication device to remove, disable, or assign at least one condition to at least one detected weak algorithm among the algorithms. Corresponding methods and computer program products are also provided.

Abstract: A method, apparatus and computer program in which a cellular terminal: transmits a request that requires authentication procedure triggering to a cellular network and responsively receiving from the cellular network an authentication request message with an indication of a selected cryptographic algorithm from a group of a plurality of cryptographic algorithms; decodes the authentication request message to a decoded authentication request according to the selected cryptographic algorithm and based on a shared secret known by the cellular terminal and a network operator of the cellular terminal; based on the decoded authentication request, the shared secret and the selected cryptographic algorithm, produces and encrypts an authentication response message; and transmits the authentication response message to the cellular network.

Abstract: A cellular terminal detects any capability reporting trigger and responsively to such determination produces a cellular network authentication capabilities message indicative of cellular network authentication capabilities available for the terminal; and transmits the cellular network authentication capabilities message to the cellular network. The cellular network receives the network authentication capabilities message from a cellular terminal, selects a cellular authentication algorithm based on capabilities indicated by the network authentication capabilities message; and performs cellular authentication with the cellular terminal using the selected cellular authentication algorithm.

Abstract: Method, network element, mobile terminal, system and computer program product are disclosed for negotiating cryptographic algorithm. The method comprises: receiving a first candidate list from the mobile terminal by the network element, wherein the first candidate list includes at least one candidate cryptographic algorithm supported by the mobile terminal and excludes at least one undesirable cryptographic algorithm even though it is supported by the mobile terminal; and selecting, from the first candidate list, a cryptographic algorithm supported by both the network element and the mobile terminal. As the undesirable cryptographic algorithm(s) is excluded from the first candidate list, the network element will be forced to choose more secure algorithms for communications with the mobile terminal.

Abstract: A cellular terminal transmits a request that requires authentication procedure triggering to a cellular network and responsively receives from the cellular network an authentication request message with an indication of a selected cryptographic algorithm from a group of a plurality of cryptographic algorithms. The cellular terminal attempts to decode the authentication request message to a decoded authentication request according to the selected cryptographic algorithm and based on a shared secret known by the cellular terminal and a network operator of the cellular terminal.

Abstract: Various methods are described for providing updated network subscription information for a device to one or more other devices. One example method may comprise establishing a first subscription associated with a first network operator for a device. The method may further comprise transferring the device from the first subscription associated with the first network operator to a second subscription associated with a second network operator. Additionally, the method may comprise updating one or more other devices identified in a connection map associated with the device of the transfer to the second subscription. Similar and related methods, apparatuses, and computer program products are also provided.

Abstract: A method, corresponding apparatuses, and a computer program product for multiSIM devices with embedded SIM functionality are provided. The method comprises downloading at least one subscription from a secure application manager to a secure element with remote provisioning functionality within a user equipment. The method also comprises determining whether or not to assign an identity related to the at least one subscription. The method further comprises informing the user equipment of the at least one subscription being present upon assignment of the identity. With the claimed inventions, subscriptions and a pool of identities can be efficiently and flexibly managed and maintained remotely.

Abstract: A method includes receiving, at a first wireless device, from a second wireless device, content and an identification of the second wireless device, over a peer-to-peer wireless communication link. The received content is rendered and verification information containing the identification of the second wireless device and an identification of the received content is generated at the first wireless device. The verification information is then encrypted at the first wireless device using an encryption key. Apparatus and a computer program product counterparts to the method are also disclosed.

Abstract: A user equipment in a communications system, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a node in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.

Abstract: According to an example embodiment of the present invention, there is provided an apparatus comprising at least one secure element configured to store at least two credentials, and at least one processing core configured to cause a first one of the at least two credentials to be employed to decrypt a first encrypted content to produce a first decrypted content, to cause a second one of the at least two credentials to be employed to decrypt a second encrypted content to produce a second decrypted content, and to cause the first decrypted content be provided to a first rendering device over a first secured tunnel connection, wherein an endpoint of the first secured tunnel connection resides in the apparatus.

Abstract: A method comprises receiving an additional user provided access token requesting application at a device already having a user provided access token requesting application. The method also comprises requesting information from a user of said device if an access token of one of said applications is to be changed to that of the other of said applications and accepting verification by one of said applications as verification of another of said applications.

Abstract: A user equipment in a communications system, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a node in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.

Abstract: Embodiments of the present invention provide a method and apparatus for provisioning an operational subscription. The method for provisioning an operational subscription comprising: establishing a connection from a first terminal to a provisioning server using the information of a first provisional subscription of the first terminal; transmitting a first terminal identifier of the first terminal to the provisioning server via the connection; and upon receipt of a message from the provisioning server, which was sent if, based on the first terminal identifier, the first terminal is already registered and one operational subscription of the first terminal is active, downloading from the provisioning server another operational subscription corresponding to the first provisional subscription. With the proposed solutions, it is more convenient for a user of the terminal to obtain operational subscriptions.