Abstract: A method and apparatus provide generic mechanism for a network application server. A receiver receives a request from a user equipment to provide authentication information to a network application function. A determining unit determines a key of a generic authentication architecture to integrate additional network application servers by extending an existing standard for user security settings. A providing unit provides the authentication information to the network application function.

Abstract: A method includes receiving at a network application function a request related to a generic bootstrapping architecture key originated from a user equipment. The received request includes a network application function identifier that includes a uniform resource locator, where the network application function has a fully qualified domain name. The method further includes causing a generic bootstrapping architecture key to be generated for the user equipment based at least in part on the uniform resource locator that is part of the network application function identifier. Apparatus and computer programs for performing the method are also disclosed.

Abstract: A method and apparatus provide generic mechanism for a network application server. A receiver receives a request from a user equipment to provide authentication information to a network application function. A determining unit determines a key of a generic authentication architecture to integrate additional network application servers by extending an existing standard for user security settings. A providing unit provides the authentication information to the network application function.

Abstract: Security level establishment for an application in a terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms, the terminal equipment comprising a credential establishment entity and an application entity, comprising a request for a credential for the application from the application entity to the credential establishment entity and a response from the credential establishment entity to the application entity, wherein the response comprises the requested credential and credential quality information.

Abstract: A method and related apparatus include the steps of registering, from a client at a service providing network entity, first client-related identity information and, from the client at an identity providing network entity, second client-related identity information being different from the first client-related identity information and being generated based on the first client-related identity information. Key information is a secret of the client and identity information is related to the service providing network entity. A second method and related apparatus include the step of determining, at a service providing network entity, the first client-related identity information based on the second client-related identity information being received from the identity providing entity. Finally, a third method and related apparatus include the step of authenticating, towards the service providing network entity, the second client-related identity information being received from the client.

Abstract: An apparatus (such as a AAA node of a core/operator network) receives from a relying party an initial credit control request that bears first information comprising a relying party identifier, a service context identifier for a service to be provided by the relying party, and a token that authenticates a subscriber. The first information is extracted and forwarded to a core network accounting server that stores account information for the subscriber. The relying party is not within the core network. In reply to forwarding the extracted first information, the apparatus receives from the accounting server a credit control answer that bears second information comprising the relying party identifier, the service context identifier, and a grant indicating the subscriber may be charged a fee for the service to be provided by the relying party. The second information is extracted and forwarded to the relying party.

Abstract: In accordance with the exemplary embodiments of the invention there is at least a method, an executable computer program, and an apparatus to determine at a network application function a list of desired user equipment security features to be used, the security features of the list ordered by preference of the network application function, send the list to a database of user security settings via a bootstrapping server function, and receive by the network application function, via the bootstrapping server function, a security features response including a security key, derived from information stored in the database, corresponding to a desired security feature contained in the list, thereby informing the network application function of the availability of at least one of the desired security features in the user equipment.

Abstract: A method for provision of access for a data requesting entity (IRE) to data related to a principal is disclosed, comprising the steps of (i) creating an access granting ticket comprising an access specification specifying a permission for an access to data related to the principal, said data being available at a data providing entity (IPE1), and a principal identifier representing the principal towards the data providing entity (IPE1), (ii) encrypting the access granting ticket with an encryption key of the data providing entity (IPE1), (iii) communicating to the data requesting entity (IRE) the encrypted access granting ticket accompanied by an identifier of the data providing entity (IPE1), (iv) communicating from the data requesting entity (IRE) to the data providing entity (IPE1) a request comprising the encrypted access granting ticket, (v) decrypting the encrypted access granting ticket with a decryption key of the data providing entity (IPE1) corresponding to the encryption key, (vi) providing to the d

Abstract: Disclosed is a method including receiving an authentication bootstrapping request related to a subscriber, requesting authentication information of the subscriber from a subscriber database, requesting security settings of the subscriber from a security setting database, receiving a response at least from one of the subscriber database and the security setting database, and proceeding with authentication bootstrapping at least partially on the basis of response(s) received. Also disclosed are related apparatuses, systems and computer programs.

Abstract: It is disclosed a method comprising monitoring validity of limited-validity key information, acquiring, from a net-work entity upon invalidity of the limited-validity key information, limited-validity transaction identification information based on unlimited-validity identification information identifying a terminal, generating new limited-validity key information based on the acquired limited-validity transaction identification information, and transmitting the acquired limited-validity transaction identification information to a network element.

Abstract: Methods of creating a secure channel over which credit card personalization data can be transmitted over the air (OTA) are provided. In particular, Generic Authentication Architecture (GAA) may be used to establish a secure communication channel between the user equipment (UE) and a personalization application server or bureau acting as a network application function (NAF) server. An user equipment, personalization application service (e.g., a NAF server), a system embodying a personalization application server and an user equipment, and a computer program product are also provided for creating a secure channel, such as via GAA, over which credit card personalization data can be transmitted OTA.

Abstract: An apparatus for providing key management for a mobile authentication architecture may include a processor. The processor may be configured to provide a request for key revocation over an interface otherwise defined for sharing key acquisition information between a bootstrapping server function and a network application function, and cancel key information associated with the request for key revocation.

Abstract: The present invention relates to remotely provisioning subscriber identification parameters in a device on a wireless network. A secure connection is established with the device, and a token containing the new subscriber identification parameters is forwarded over the secure connection. The device may verify the received token. In one embodiment, the subscriber identification parameters are updated to change network operators. The secure connection can be with the old network operator or the new network operator. The device on the wireless network may be a machine-to-machine device. The provisioned subscriber identification may be part of a universal subscriber identification module.

Abstract: Disclosed is a method including allowing an application server to request setup of a session on behalf of a user terminal, and using mechanisms of a generic peer authentication procedure for procedure for enabling authentication of the application server to an interrogating server, the interrogating server being a network element that is configured to process said request to setup a session on behalf of a user terminal. Also disclosed are related devices, systems and computer programs.

Abstract: A method comprising receiving at a user equipment encrypted content. The content is stored in said user equipment in an encrypted form. At least one key for decryption of said stored encrypted content is stored in the user equipment.

Abstract: A method, devices, and a computer program for synchronizing one or more software programs from a first device (D100) to a second device (D200) are disclosed.

Abstract: Disclosed is a method including receiving an authentication bootstrapping request related to a subscriber, requesting authentication information of said subscriber from a subscriber database, requesting security settings of said subscriber from a security setting database, receiving a response at least from one of the subscriber database and the security setting database, and proceeding with authentication bootstrapping at least partially on the basis of response(s) received. Also disclosed are related apparatuses, systems and computer programs.

Abstract: A method and apparatus including units configured to send a request from a first network entity to a user equipment for an identifier and receive a message indicating that a public key is required from the user equipment by the first network entity. The method and apparatus also includes units configured to send, by the first network entity, the public key to the user equipment and receive an encrypted identifier by the first network entity, wherein upon authenticating the public key, the user equipment encrypts at least part of the identifier using the public key, thereby enabling further processing between the network entity and the user equipment.

Abstract: A system and method for protecting against spam messages. An incoming filtering message system receives an anti-spam policy configuration message and forwards the message to a trusted environment, such as a smart card. The configuration is forwarded to the trusted environment over a secure channel, such as an encrypted tunnel. An anti-spam filter is created based upon the message. Upon receiving a potential spam message at the apparatus, the incoming filtering message system retrieves at least one of the created anti-spam filters and applies the anti-spam filter to parameters of the potential spam message. If after applying the filter, it is determined that the potential spam message is an actual spam message, the actual spam message is either sent to a junk folder and later deleted or immediately deleted. Alternatively, a user of the apparatus may be queried to confirm that the potential spam message is an actual spam message.

Abstract: A method for improving application security in computing devices. The method comprises monitoring access requests between application and resources, building intrusion profiles based on monitoring observations, storing said profiles in a data repository, detecting application acts when applications are used, comparing acts to said profiles and based on comparison result performing a security action. Furthermore, suitable hardware and software implementations are disclosed.