Abstract: A method for providing a security mechanism for an external code, wherein the method includes receiving the external code comprising a request for a server specific bootstrapping key (Ks_NAF). The method further comprises determining a server identifier (NAF-Id) and a security token. Furthermore, the method comprises generating the server specific bootstrapping key (Ks_NAF) based on the server identifier (NAF-Id), and generating an external code specific bootstrapping key (Ks_js_NAF) using the server specific bootstrapping key (Ks_NAF) and the security token. The method also comprises using the external code specific bootstrapping key (Ks_js_NAF) for the security mechanism of the external code.

Abstract: Various methods are described for providing updated network subscription information for a device to one or more other devices. One example method may comprise establishing a first subscription associated with a first network operator for a device. The method may further comprise transferring the device from the first subscription associated with the first network operator to a second subscription associated with a second network operator. Additionally, the method may comprise updating one or more other devices identified in a connection map associated with the device of the transfer to the second subscription. Similar and related methods, apparatuses, and computer program products are also provided.

Abstract: A method, computer program, apparatus and a secure module are described. By example, in the method there are steps of receiving a request from a first entity for a secure module to enter an unlock lifecycle state; requesting confirmation to enter the unlock lifecycle state; and if the request is confirmed, transitioning the secure module from a current lifecycle state to the unlock lifecycle state.

Abstract: A method and apparatus provide generic mechanism for a network application server. A receiver receives a request from a user equipment to provide authentication information to a network application function. A determining unit determines a key of a generic authentication architecture to integrate additional network application servers by extending an existing standard for user security settings. A providing unit provides the authentication information to the network application function.

Abstract: A method, devices, and a computer program for synchronizing one or more software programs from a first device (D100) to a second device (D200) are disclosed.

Abstract: A method, apparatus and computer program product are provided to facilitate authentication of a request, such as by a mobile terminal, while also supplying information about the user to a service, website, application or the like A method, apparatus and computer program product may provide for interworking a bootstrapping architecture, such as Generic Bootstrapping Architecture, and a shared identity service, such as OpenID architecture In this regard, a method, apparatus and computer program product may provide for a secure session with a service provider through Generic Bootstrapping Architecture while being able to supply the service provider with the user information and/or accessing a user account using OpenID architecture.

Abstract: A method, apparatus and computer program product are disclosed for establishing secure off-network communications between first and second Secure Cellular Devices that each have a cellular identity. The second Secure Cellular Device may assume the role of Remote Device for interaction with the NAF keyserver and may obtain a local key. The first Secure Cellular Device may derive the local key and the two devices may conduct secure communications using the shared local key. The two Secure Cellular Devices may alternate the roles of Secure Host and Remote Device, each twice obtaining or deriving a shared local key such that there are two such keys. The devices may employ one key for secure communication in one direction and the other for communication in the other direction. Alternatively, the devices may derive a unique shared key as a function of the two shared keys.

Abstract: A method comprises receiving an additional user provided access token requesting application at a device already having a user provided access token requesting application. The method also comprises requesting information from a user of said device if an access token of one of said applications is to be changed to that of the other of said applications and accepting verification by one of said applications as verification of another of said applications.

Abstract: A method, apparatus and computer program product are provided to selectively establish communications with one or more of a plurality of mobile terminals in accordance with a predefined criteria, such as a predefined schedule. In the context of a method, a mobile terminal maintains at least a first subscriber identity module (SIM) and a second SIM is mapped to different subscriber identification numbers. In this regard, the second SIM is mapped to the same subscriber identification number as the SIM of at least one other mobile terminal. The method may also activate the second SIM in accordance with a predefined criteria and may then subsequently deactivate the second SIM. For example, the second SIM may be activated and subsequently deactivated in accordance with a predefined schedule, such as a shift schedule, that identifies one or more time periods in which the second SIM is to be activated.

Abstract: Disclosed is a method including allowing an application server to request setup of a session on behalf of a user terminal, and using mechanisms of a generic peer authentication procedure for procedure for enabling authentication of the application server to an interrogating server, the interrogating server being a network element that is configured to process said request to setup a session on behalf of a user terminal. Also disclosed are related devices, systems and computer programs.

Abstract: Systems, methods, and apparatuses are provided for facilitating authorization of a roaming mobile terminal. A method may include receiving a request for security key related policy information for a user equipment device. The request may be sent by a service providing node on a visited network. The method may further include causing a service authorization information request including a user security settings package to be sent to a policy decisioning server. The method may also include receiving, in response to the service authorization information request, a service authorization information answer including a modified user security settings package including the authorization policy information for the user equipment device. The method may additionally include causing the requested security key related policy information to be sent to the service providing node. Corresponding systems and apparatuses are also provided.

Abstract: A methods enabling use of multiple SIM applications in UICCs is described. One method includes determining whether a physical component of a device is a secure module which supports subscription provisioning. If the physical component is a secure module which supports subscription provisioning, the physical component is instructed to operate as a legacy UICC. The physical component is operated as a legacy UICC via a virtual UICC. Another method includes downloading a first subscription related data which provides information for operating in a wireless network. The first subscription related data is stored on a memory component of a device. The device includes a UICC storing a second subscription. The method also includes operating the device as a multiple profile device using the first subscription and the second subscription. Apparatus and computer readable media are also described.

Abstract: A method, apparatus and software for accessing a database having, for each of a plurality of subscribers of a mobile communication network, a long-term secret key shared between the subscriber and the apparatus, for network authentication of a mobile communication device to the mobile communication network; wherein the mobile communication network is a universal mobile telecommunications system or a long term evolution telecommunication network; and producing for the mobile communication device, the authentication of which is being verified, one or more authentication vectors compliant with the global system for mobile communications; each authentication vector comprising a challenge, a signed response and a session key; and containing in the authentication vector an integrity key and an authentication token.

Abstract: Methods, devices, and computer programs for an authentication of a user to a service of a service provider are disclosed. Access for the user to the service of the service provider is requested. One or more authentication security profiles are selected by the service provider for specifying an authentication security requirement of the service provider for the authentication of the user to the service. An indication of the one or more selected authentication security profiles and a user identity identifying the user to an identity provider are sent from the service provider to the identity provider for requesting the authentication of the user by the identity provider. The user is authenticated based on the user identity and one of the one or more selected authentication security profiles. An assertion indicating the authentication of the user to the service provider is sent to the service provider.

Abstract: In accordance with the exemplary embodiments of the invention there is at least a method and apparatus to perform operations including triggering by user terminal device a new streaming server to generate new user-specific security keys; receiving at the user terminal device from the new streaming server a new security key specific for the new streaming server; generating at the user terminal device for the streaming server user-specific security keys; and using the new user-specific security keys generated at the user terminal device with the new streaming server for a previously established streaming service.

Abstract: Methods, apparatuses, and computer program products are herein provided for lawful interception through a subscription manager. In some embodiments, methods, apparatuses, and computer program products provide user subscription data to an agency, operator, or service provider in response to receiving a lawful interception request. A method may include receiving an interception request comprising a user's name from at least one operator. The method may further include determining, by a processor, an operator specific access code associated with the user's name. The method may also include providing the operator specific access code to the operator. Corresponding apparatuses and computer program products are also provided.

Abstract: Provided are a method, a corresponding apparatus and a computer program product for performing a group authentication and key agreement procedure. A method comprises initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; performing mutual authentication between the master device and the authentication entity based upon the shared group key; and performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure. With the claimed invention, the impact of the signaling overhead on a network can be significantly decreased without substantive modification to the existing architecture of the network.

Abstract: A method includes receiving at a network application function a request related to a generic bootstrapping architecture key originated from a user equipment. The received request includes a network application function identifier that includes a uniform resource locator, where the network application function has a fully qualified domain name. The method further includes causing a generic bootstrapping architecture key to be generated for the user equipment based at least in part on the uniform resource locator that is part of the network application function identifier. Apparatus and computer programs for performing the method are also disclosed.

Abstract: Various methods for providing a secure public warning related to a disaster are provided. One example method may comprise providing for transmission of a registration message. The registration message may comprise an indication of an identity and an indication of a location. The method of this example embodiment may further comprise receiving a warning message. The method of this example embodiment may further comprise authenticating the warning message. Additionally, the method of this example may further comprise providing an alert after authenticating the warning message. Similar and related example methods, example apparatuses, and example computer program products are also provided.

Abstract: A method and arrangements for managing user data stored in a database of a communications system where the database is managed by a main controller is disclosed. In the method a user is first authenticated, where after an application entity can manage user data in the database that associates with the user and an application by communicating data between the application entity and a second entity connected to the communications system.