Abstract: A method including receiving encrypted multimedia information of a multimedia broadcast multicast service streaming session, wherein the multimedia information is encrypted using an encryption key. An indication allowing to switch the receiving of the encrypted multimedia information to a peer-to-peer streaming session is received and receiving of the encrypted multimedia information from the multimedia broadcast multicast service streaming session to the peer-to-peer streaming session is switched. Encrypted multimedia information of the peer-to-peer streaming session is received.

Abstract: A method, apparatus and computer program product are provided to selectively accept requests for communication that may be supported by different identification profiles with the selective acceptance being based upon a predefined criteria, such as the cost of the communications. In the context of a method, a request for communications is received from a network operator. The communications with the network operator are supported by a first of a plurality of identification profiles. The method also includes determining, relative to a predefined criteria, whether the communications should be supported by the first identification profile or by another identification profile configured to support communications with another network operator. In an instance in which the communications should be supported by another identification profile, the method causes the request for communications to be denied.

Abstract: Methods and apparatus, including computer program products, are provided for adaptive security. In one aspect there is provided a method. The method may include receiving, at a user equipment, at least one policy update representative of a rule defining at least one of a security level and an operation allowed to be performed at the security level; monitoring a configuration of the user equipment to determine whether the configuration of the user equipment violates the at least one policy update; and adapting, based on the monitoring, at least one of a security indicator at the user equipment and the operation at the user equipment. Related apparatus, systems, methods, and articles are also described.

Abstract: Methods and apparatus, including computer program products, are provided for secure storage synchronization. In one aspect there is provided a method. The method may include receiving, at a user equipment, an update to an application stored in a secure memory device at the user equipment; sending a notification to announce the update being available at the secure memory device at the user equipment, wherein the notification is sent securely to at least one device, when the at least one device connects to a group network including the at least one device and the user equipment; and providing, by the user equipment, the update securely to the at least one device, when the at least one device connects to the group network. Related apparatus, systems, methods, and articles are also described.

Abstract: In accordance with the exemplary embodiments of the invention there is at least a method and apparatus to perform operations including triggering by user terminal device a new streaming server to generate new user-specific security keys; receiving at the user terminal device from the new streaming server a new security key specific for the new streaming server; generating at the user terminal device for the streaming server user-specific security keys; and using the new user-specific security keys generated at the user terminal device with the new streaming server for a previously established streaming service.

Abstract: Provided are a method, a corresponding apparatus and a computer program product for performing a group authentication and key agreement procedure. A method comprises initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; performing mutual authentication between the master device and the authentication entity based upon the shared group key; and performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure. With the claimed invention, the impact of the signaling overhead on a network can be significantly decreased without substantive modification to the existing architecture of the network.

Abstract: A method comprises causing a network access application or cellular authentication in a secure element to be disabled by changing a status of security information. In one embodiment, a method is provided to disable the network access applications of a UICC, in case of an emergency call, by resetting a verification status of the PIN.

Abstract: The exemplary embodiments of the invention include inputting, at a device, a voucher having a plurality of data fields, where the voucher provides provisional subscriber identification for the device, sending at least some of the voucher data fields to a network operator, based on the sent information, receiving a software based subscriber identity module, and using the software based subscriber identity module to authenticate the device. Further, the exemplary embodiments include receiving a voucher having a plurality of data fields from a device, where the voucher provides provisional subscriber identification for the device, in response to the voucher code, sending to the device a request for additional information, in response to the request, receiving an additional data field of the voucher and a security identifier of the device, and based on validating the additional information using the security identifier, sending a software based subscriber identity module to the device.

Abstract: In accordance with an example embodiment of the present invention, there is provided an apparatus, comprising a transceiver arranged to insertably interface with an integrated module, at least one processing core configured to enable the integrated module to be connected, via the apparatus, to a network, the transceiver being configured to receive from the integrated module information enabling the apparatus to become an endpoint of a connection to a network node, and the at least one processing core being configured to receive, using the connection, a computer program for operating the apparatus. In some embodiments, the integrated module comprises a universal integrated circuit card and a secure execution environment.

Abstract: A method and apparatus are provided. Information associated with a lawful interception of communication data of a user equipment is received. Security information associated with the communication data of the user equipment is provided in response to the received information. The security information is based on a first secret which is shared between a communication network provider and the user equipment.

Abstract: A method, corresponding apparatuses, and a computer program product for multiSIM devices with embedded SIM functionality are provided. The method comprises downloading at least one subscription from a secure application manager to a secure element with remote provisioning functionality within a user equipment. The method also comprises determining whether or not to assign an identity related to the at least one subscription. The method further comprises informing the user equipment of the at least one subscription being present upon assignment of the identity. With the claimed inventions, subscriptions and a pool of identities can be efficiently and flexibly managed and maintained remotely.

Abstract: An apparatus with a memory and computer program code configured, with a processor, to start an application; to read a file from a first subscriber module and to determine if there is an active subscriber module lock of the first subscriber module; in response to determining that there is an active subscriber module lock of the first subscriber module executing the application; otherwise if it is determined that there is not an active subscriber module lock of the first subscriber module, to determine if there is an active subscriber module lock of a second subscriber module and continuing until an active subscriber module lock of another subscriber module is determined, and then executing the application using that subscriber module having the active subscriber module lock, otherwise terminating the method without executing the application if no active subscriber module lock of any other subscriber module is determined to be present.

Abstract: A method and apparatus are provided for access credential provisioning. A method may include receiving, at a first mobile apparatus, information about a second mobile apparatus. The first mobile apparatus may be provisioned with network access credential information to be transferred from the first mobile apparatus to the second mobile apparatus. The method may further include causing the information about the second mobile apparatus to be provided to a provisioning apparatus for the network. The method may additionally include receiving authorization form the provisioning apparatus to transfer the network access credential information from the first mobile apparatus to the second mobile apparatus. The method may also include, in response to receipt of the authorization, causing the network access credential information to be provided to the second mobile apparatus. A corresponding apparatus is also provided.

Abstract: A method of generating a key for D2D communication between a first user equipment and a second user equipment in a first radio access node is disclosed.

Abstract: A warning system in which users' devices performs a method including: receiving a broadcast message comprising message information in a first human language from a mobile telecommunication network or an indication of an alternative radio bearer or network for retrieval of the message information; storing information templates in one or more different human languages; and presenting to a user, according to a language preference of the user: the message information of the broadcast message; or one or more information templates corresponding to the message information, in a second human language other than the first human language.

Abstract: A method and apparatus are provided for access credential provisioning. A method may include receiving, at a first mobile apparatus, information about a second mobile apparatus. The first mobile apparatus may be provisioned with network access credential information to be transferred from the first mobile apparatus to the second mobile apparatus. The method may further include causing the information about the second mobile apparatus to be provided to a provisioning apparatus for the network. The method may additionally include receiving authorization form the provisioning apparatus to transfer the network access credential information from the first mobile apparatus to the second mobile apparatus. The method may also include, in response to receipt of the authorization, causing the network access credential information to be provided to the second mobile apparatus. A corresponding apparatus is also provided.

Abstract: Methods and apparatuses are provided for access credential provisioning. A method may include causing a trusted device identity for a mobile apparatus to be provided to an intermediary apparatus. The intermediary apparatus may serve as an intermediary between the mobile apparatus and a provisioning apparatus for a network. The method may further include receiving, from the intermediary apparatus, network access credential information for the network. The network access credential information may be provisioned to the mobile apparatus by the provisioning apparatus based at least in part on the trusted device identity. Corresponding apparatuses are also provided.

Abstract: A first apparatus having a first identity associated therewith the first apparatus, the first apparatus comprising: at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the first apparatus to perform at least the following: enable transmission of a proxy initiation command to a second apparatus, wherein the proxy initiation command is configured to enable the second apparatus to initiate a first-identity-second-apparatus connection, the first-identity-second-apparatus connection enabling the second apparatus to transmit data denoted as being from the first identity and/or receive data denoted as being to the first identity via the data network.

Abstract: An apparatus for enabling removal or disabling of weak algorithms may include a processor and memory storing executable computer program code that cause the apparatus to at least perform operations including receiving an indication of one or more algorithms utilized by a communication device. The computer program code may further cause the apparatus to determine whether one or more of the algorithms are identified as a weak algorithm. The computer program code may further cause the apparatus to enable provision of a message to the communication device instructing the communication device to remove, disable, or assign at least one condition to at least one detected weak algorithm among the algorithms. Corresponding methods and computer program products are also provided.

Abstract: Methods, apparatuses, and computer program products herein enable a communication device to enable the bundling of one or more connection requests in order to reduce overall signaling from a communication device. An example method may include receiving a connection request from an application. In some example embodiments, the connection request defines a connection time indication. The method may further include receiving at least one additional connection request from one or more applications. The method may further include determining a connection time for the application and the one or more applications. In some example embodiments, the connection time is configured to enable the application and the one or more applications to utilize the connection concurrently. The method may further include causing a connection to be established at a connection time. In some example embodiments, the connection time is scheduled prior to an expiration of the connection time indication.