Abstract: A user equipment in a communications system, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a node in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.

Abstract: Security level establishment for an application in a terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms, the terminal equipment comprising a credential establishment entity and an application entity, comprising a request for a credential for the application from the application entity to the credential establishment entity and a response from the credential establishment entity to the application entity, wherein the response comprises the requested credential and credential quality information.

Abstract: One aspect of the invention discloses a method of authenticating an application. The method comprising performing, with a server application, bootstrapping procedures between the server application and a bootstrapping server function; deriving a shared key based on at least a key received from the bootstrapping server function server during the bootstrapping procedures and a network application function identifier; providing an application with a bootstrapping transaction identifier, the bootstrapping transaction identifier being received from the bootstrapping server function server during the bootstrapping procedures; receiving a response from the application; and authenticating the application by validating the response with the shared key.

Abstract: An approach is provided for providing service keys in multiple broadcast networks. A message including a group of keys is generated for providing secure communication over a first broadcast network and a second broadcast network. A message is transmitted to a terminal within the first broadcast network and a terminal within the second broadcast network. An encrypted service key is broadcast to the terminals, wherein the encrypted service key is decrypted using a portion of the group of keys.

Abstract: A method and arrangements for managing user security data stored in a database of a communications system. In the method a user equipment transmits a request to manage the user security data, the user equipment is authenticated, after which an application entity can manage user security data in the database that associates with the user by communicating data between the application entity and the database connected to the communications system.

Abstract: A method and a device for taking a policy decision are disclosed. The policy decision device (S3) has access to objects being relatable to each other by relations of one or more relation types.

Abstract: The invention provides a method, system, program and devices such as a user equipment, terminal, smart card, for protection of a communication or session, in particular in an IMS.

Abstract: A method and devices for a control of usage of content is disclosed.

Abstract: A method for provision of access for a data requesting entity (IRE) to data related to a principal is disclosed, comprising the steps of (i) creating an access granting ticket comprising an access specification specifying a permission for an access to data related to the principal, said data being available at a data providing entity (IPE1), and a principal identifier representing the principal towards the data providing entity (IPE1), (ii) encrypting the access granting ticket with an encryption key of the data providing entity (IPE1), (iii) communicating to the data requesting entity (IRE) the encrypted access granting ticket accompanied by an identifier of the data providing entity (IPE1), (iv) communicating from the data requesting entity (IRE) to the data providing entity (IPE1) a request comprising the encrypted access granting ticket, (v) decrypting the encrypted access granting ticket with a decryption key of the data providing entity (IPE1) corresponding to the encryption key, (vi) providing to the d

Abstract: A universal authentication mechanism for authenticating a user to a service provider (SP) is disclosed. An application device (ApD) requests a service for the user from the service provider (SP) and performs a transmission of a user identity (S10) identifying the user to the service provider (SP). The service provider sends a request for confirmation of the user identity (S20) to an authentication server (AS). The request comprises the user identity and a service identity identifying the requested service. The authentication server (AS) sends a request for service authentication (S50) to the authentication device (AuD) for confirmation. Based on the result of an analysis (S80) of a service authentication confirmation (S60) received from the authentication device (AuD), the authentication server (AS) sends a confirmation of the user identity (S90) confirming the identity of the user to the service provider (SP), which grants service access (S100).

Abstract: A method and arrangements for managing user data stored in a database of a communications system where the database is managed by a main controller is disclosed. In the method a user is first authenticated, where after an application entity can manage user data in the database that associates with the user and an application by communicating data between the application entity and a second entity connected to the communications system.

Abstract: This invention relates to security procedures in a communication system, specifically to production of key material. The invention provides a method for producing key material in a highly secure way for use in communication with a local network of a company. The method uses authentication information obtained from the communication system and information exchanged locally between a mobile station and the authentication systems of the company to produce a communication key for use in authentication procedures or e.g. for signing and/or encrypting data.

Abstract: A method and apparatus provide generic mechanism for a network application server. A receiver receives a request from a user equipment to provide authentication information to a network application function. A determining unit determines a key of a generic authentication architecture to integrate additional network application servers by extending an existing standard for user security settings. A providing unit provides the authentication information to the network application function.

Abstract: Methods of creating a secure channel over which credit card personalization data can be transmitted over the air (OTA) are provided. In particular, Generic Authentication Architecture (GAA) may be used to establish a secure communication channel between the user equipment (UE) and a personalization application server or bureau acting as a network application function (NAF) server. An user equipment, personalization application service (e.g., a NAF server), a system embodying a personalization application server and an user equipment, and a computer program product are also provided for creating a secure channel, such as via GAA, over which credit card personalization data can be transmitted OTA.

Abstract: Methods, devices, and computer programs for an authentication of a user to a service of a service provider (SP) are disclosed. Access for the user to the service of the service provider (SP) is requested. One or more authentication security profiles are selected by the service provider SP) for specifying an authentication security requirement of the service provider (SP) for the authentication of the user to the service. An indication of the one or more selected authentication security profiles and a user identity identifying the user to an identity provider (IdP1) are sent from the service provider (SP) to the identity provider (IdP1) for requesting the authentication of the user by the identity provider (IdP1). The user is authenticated based on the user identity and one of the one or more selected authentication security profiles. An assertion indicating the authentication of the user to the service provider (SP) is sent to the service provider (SP).

Abstract: For control of access of personal information in accordance with a privacy policy defined for a service provider, a method is disclosed, wherein the method comprises the steps of providing service provider request data from a service provider to an end user device, the service provider request data being indicative of personal information of a user of the end user device to be accessed by the service provider, providing to the service provider first user data including at least one of personal information of the user as requested by the service provider or rejections of personal information requested by the service provider, creating privacy receipt data including the first user data and data being indicative of the service provider, and providing the privacy receipt data to the end user device.

Abstract: A universal authentication mechanism for authenticating a user to a service provider (SP) is disclosed. An application device (ApD) requests a service for the user from the service provider (SP) and performs a transmission of a user identity (S10) identifying the user to the service provider (SP). The service provider sends a request for confirmation of the user identity (S20) to an authentication server (AS). The request comprises the user identity and a service identity identifying the requested service. The authentication server (AS) sends a request for service authentication (S50) to the authentication device (AuD) for confirmation. Based on the result of an analysis (S80) of a service authentication confirmation (S60) received from the authentication device (AuD), the authentication server (AS) sends a confirmation of the user identity (S90) confirming the identity of the user to the service provider (SP), which grants service access (S100).