Abstract: A method and arrangements for managing user data stored in a database of a communications system where the database is managed by a main controller is disclosed. In the method a user is first authenticated, where after an application entity can manage user data in the database that associates with the user and an application by communicating data between the application entity and a second entity connected to the communications system.

Abstract: A first apparatus having a first identity associated therewith the first apparatus, the first apparatus comprising: at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the first apparatus to perform at least the following: enable transmission of a proxy initiation command to a second apparatus, wherein the proxy initiation command is configured to enable the second apparatus to initiate a first-identity-second-apparatus connection, the first-identity-second-apparatus connection enabling the second apparatus to transmit data denoted as being from the first identity and/or receive data denoted as being to the first identity via the data network.

Abstract: In accordance with the exemplary embodiments of the invention there is at least a method, an executable computer program, and an apparatus to determine at a network application function a list of desired user equipment security features to be used, the security features of the list ordered by preference of the network application function, send the list to a database of user security settings via a bootstrapping server function, and receive by the network application function, via the bootstrapping server function, a security features response including a security key, derived from information stored in the database, corresponding to a desired security feature contained in the list, thereby informing the network application function of the availability of at least one of the desired security features in the user equipment.

Abstract: This invention relates to security procedures in a communication system, specifically to production of key material. The invention provides a method for producing key material in a highly secure way for use in communication with a local network of a company. The method uses authentication information obtained from the communication system and information exchanged locally between a mobile station and the authentication systems of the company to produce a communication key for use in authentication procedures or e.g. for signing and/or encrypting data.

Abstract: A method includes downloading at the request of a user an application for storage in a secure module of a terminal; requesting the user to assign a descriptive name for the downloaded application; storing the descriptive name together with an application identity of the downloaded application; in response to a request to activate a stored application, presenting the user with a list having elements of one or more stored applications, where each list element comprises at least the user assigned descriptive name; and activating an application associated with a selection of a list element by the user. Various embodiments of apparatus for implementing the method are also disclosed.

Abstract: A method and apparatus are provided for access credential provisioning. A method may include receiving, at a first mobile apparatus, information about a second mobile apparatus. The first mobile apparatus may be provisioned with network access credential information to be transferred from the first mobile apparatus to the second mobile apparatus. The method may further include causing the information about the second mobile apparatus to be provided to a provisioning apparatus for the network. The method may additionally include receiving authorization form the provisioning apparatus to transfer the network access credential information from the first mobile apparatus to the second mobile apparatus. The method may also include, in response to receipt of the authorization, causing the network access credential information to be provided to the second mobile apparatus. A corresponding apparatus is also provided.

Abstract: One aspect of the invention discloses a method of authenticating an application. The method comprising performing, with a server application, bootstrapping procedures between the server application and a bootstrapping server function; deriving a shared key based on at least a key received from the bootstrapping server function server during the bootstrapping procedures and a network application function identifier; providing an application with a bootstrapping transaction identifier, the bootstrapping transaction identifier being received from the bootstrapping server function server during the bootstrapping procedures; receiving a response from the application; and authenticating the application by validating the response with the shared key.

Abstract: Methods and apparatuses are provided for access credential provisioning. A method may include causing a trusted device identity for a mobile apparatus to be provided to an intermediary apparatus. The intermediary apparatus may serve as an intermediary between the mobile apparatus and a provisioning apparatus for a network. The method may further include receiving, from the intermediary apparatus, network access credential information for the network. The network access credential information may be provisioned to the mobile apparatus by the provisioning apparatus based at least in part on the trusted device identity. Corresponding apparatuses are also provided.

Abstract: A method and apparatus including units configured to send a request from a first network entity to a user equipment for an identifier and receive a message indicating that a public key is required from the user equipment by the first network entity. The method and apparatus also includes units configured to send, by the first network entity, the public key to the user equipment and receive an encrypted identifier by the first network entity, wherein upon authenticating the public key, the user equipment encrypts at least part of the identifier using the public key, thereby enabling further processing between the network entity and the user equipment.

Abstract: A method includes downloading at the request of a user an application for storage in a secure module of a terminal; requesting the user to assign a descriptive name for the downloaded application; storing the descriptive name together with an application identity of the downloaded application; in response to a request to activate a stored application, presenting the user with a list having elements of one or more stored applications, where each list element comprises at least the user assigned descriptive name; and activating an application associated with a selection of a list element by the user. Various embodiments of apparatus for implementing the method are also disclosed.

Abstract: A method and apparatus including units configured to send a request from a first network entity to a user equipment for an identifier and receive a message indicating that a public key is required from the user equipment by the first network entity. The method and apparatus also includes units configured to send, by the first network entity, the public key to the user equipment and receive an encrypted identifier by the first network entity, wherein upon authenticating the public key, the user equipment encrypts at least part of the identifier using the public key, thereby enabling further processing between the network entity and the user equipment.

Abstract: A method and devices for a control of usage of content is disclosed. In one embodiment, a user device performs the steps of obtaining the content, defining usage rights, generating integrity protection information for defined usage rights, encrypting the content with a content encryption key, encrypting the content encryption key with a key encryption key associated with a recipient device and/or an operator of the recipient device, communicating the encrypted content, the defined usage rights, the encrypted content encryption key, and the integrity protection information to the recipient device.

Abstract: An apparatus with a memory and computer program code configured, with a processor, to start an application; to read a file from a first subscriber module and to determine if there is an active subscriber module lock of the first subscriber module; in response to determining that there is an active subscriber module lock of the first subscriber module executing the application; otherwise if it is determined that there is not an active subscriber module lock of the first subscriber module, to determine if there is an active subscriber module lock of a second subscriber module and continuing until an active subscriber module lock of another subscriber module is determined, and then executing the application using that subscriber module having the active subscriber module lock, otherwise terminating the method without executing the application if no active subscriber module lock of any other subscriber module is determined to be present.

Abstract: Methods and apparatus, including computer program products, are provided for credential transfer. In one aspect there is provided a method. The method may include receiving, at a first device, an authorization token; determining, at the first device, a delegation token, one or more credentials, and metadata; and providing, by the first device to a second device, the delegation token, the one or more credentials, and the metadata. Related apparatus, systems, methods, and articles are also described.

Abstract: A method, apparatus and computer program product are provided to facilitate authentication of a request, such as by a mobile terminal, while also supplying information about the user to a service, website, application or the like A method, apparatus and computer program product may provide for interworking a bootstrapping architecture, such as Generic Bootstrapping Architecture, and a shared identity service, such as OpenID architecture In this regard, a method, apparatus and computer program product may provide for a secure session with a service provider through Generic Bootstrapping Architecture while being able to supply the service provider with the user information and/or accessing a user account using OpenID architecture.

Abstract: The exemplary embodiments of the invention include inputting, at a device, a voucher having a plurality of data fields, where the voucher provides provisional subscriber identification for the device, sending at least some of the voucher data fields to a network operator, based on the sent information, receiving a software based subscriber identity module, and using the software based subscriber identity module to authenticate the device. Further, the exemplary embodiments include receiving a voucher having a plurality of data fields from a device, where the voucher provides provisional subscriber identification for the device, in response to the voucher code, sending to the device a request for additional information, in response to the request, receiving an additional data field of the voucher and a security identifier of the device, and based on validating the additional information using the security identifier, sending a software based subscriber identity module to the device.

Abstract: Systems, methods, and apparatuses are provided for facilitating authorization of a roaming mobile terminal. A method may include receiving a request for security key related policy information for a user equipment device. The request may be sent by a service providing node on a visited network. The method may further include causing a service authorization information request including a user security settings package to be sent to a policy decisioning server. The method may also include receiving, in response to the service authorization information request, a service authorization information answer including a modified user security settings package including the authorization policy information for the user equipment device. The method may additionally include causing the requested security key related policy information to be sent to the service providing node. Corresponding systems and apparatuses are also provided.

Abstract: A method including receiving, at a first entity, from a second entity, the content and an identification of the second entity, over a peer-to-peer communication link. The received content is rendered and verification information containing the identification of the second entity and an identification of the received content is generated. The verification information is encrypted using an encryption key.

Abstract: A method including receiving encrypted multimedia information of a multimedia broadcast multicast service streaming session, wherein the multimedia information is encrypted using an encryption key. An indication allowing to switch the receiving of the encrypted multimedia information to a peer-to-peer streaming session is received and receiving of the encrypted multimedia information from the multimedia broadcast multicast service streaming session to the peer-to-peer streaming session is switched. Encrypted multimedia information of the peer-to-peer streaming session is received.

Abstract: In accordance with an example embodiment of the present invention, an apparatus comprises at least one processor and at least one memory including computer program code. The at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following initiate a first mobile communication using a called number associated with a non-local subscriber identity information, the non-local subscriber identity information associated with a second apparatus, and automatically initiate a second mobile communication using a local subscriber identity contact information associated with the called number in such a manner as to avoid using a roaming area.