Abstract: Methods and systems for connecting a wireless communications device to a deployable wireless communications network. The method includes receiving, from the wireless communications device via a mobile management entity (MME) configured to operate as an extensible authentication protocol (EAP) authenticator, an extensible authentication protocol packet. The method further includes authenticating the wireless communications device based on the extensible authentication protocol packet. The method further includes establishing a first wireless connection between the wireless communications device and a deployable subscription bootstrapping service of the deployable wireless communications network. The method further includes generating a subscription profile for the wireless communications device, and communicating the subscription profile to the wireless communications device via the first wireless connection.

Abstract: Methods and systems for connecting a wireless communications device to a deployable wireless communications network. The method includes receiving, from the wireless communications device via a mobile management entity (MME) configured to operate as an extensible authentication protocol (EAP) authenticator, an extensible authentication protocol packet. The method further includes authenticating the wireless communications device based on the extensible authentication protocol packet. The method further includes establishing a first wireless connection between the wireless communications device and a deployable subscription bootstrapping service of the deployable wireless communications network. The method further includes generating a subscription profile for the wireless communications device, and communicating the subscription profile to the wireless communications device via the first wireless connection.

Abstract: A method and apparatus for bootstrapping secure connections between wireless devices and deployable wireless communications networks. Using the method, a wireless device establishes a connection to an auxiliary network, and then establishes a connection with a deployable subscription bootstrapping service. The deployable subscription bootstrapping service generates a temporary subscription profile, including a temporary shared symmetric key, for the wireless device, writes the temporary profile to a deployable home subscriber server, and communicates the temporary profile to the wireless device, which stores the temporary profile. The wireless device then terminates the connection to the auxiliary network, and initiates a connection with the deployable wireless communications network using the temporary subscription profile.

Abstract: A method and apparatus is provided for connecting a communication device to a deployable system. The deployable system obtains at least one deployable key derived on a fixed system for the deployable system based on an existing key stored on a database of the fixed system, wherein the existing key is used to authenticate a communication device. The deployable system stores the derived key. Subsequent to the storing, the deployable system is activated to provide communication resources to communication devices disconnected from the fixed system. The activated deployable system is not connected to the fixed system. The activated deployable system receives an authentication request from the communication device requesting connection to the deployable system; generates authentication vectors using the at least one derived deployable key; and authenticates an authentication response received from the communication device using the authentication vectors.

Abstract: A method and apparatus is provided for connecting a communication device to a deployable system. The deployable system obtains at least one deployable key derived on a fixed system for the deployable system based on an existing key stored on a database of the fixed system, wherein the existing key is used to authenticate a communication device. The deployable system stores the derived key. Subsequent to the storing, the deployable system is activated to provide communication resources to communication devices disconnected from the fixed system. The activated deployable system is not connected to the fixed system. The activated deployable system receives an authentication request from the communication device requesting connection to the deployable system; generates authentication vectors using the at least one derived deployable key; and authenticates an authentication response received from the communication device using the authentication vectors.

Abstract: Methods and apparatuses bind a user's IMS public identity to, and unbind it from, a mobile device (MD) shared among multiple users. In binding the user's IMS public identity, a message is received from the MD, which message comprises a shared service authorization access token that is associated with a shared service and that comprises an identifier of a user of the MD. The message further comprises a default public identity of the MD. Based on the user identifier and the default public identity, the user is determined to be authorized to use the MD for the shared service. In response to the determination, a public identity of the user is obtained and mapped to the MD to bind a private identity and a public identity of the MD and the public identity of the user, and a user subscription database is instructed to update the user's service subscription information.

Abstract: A method and apparatus for bootstrapping secure connections between wireless devices and deployable wireless communications networks. Using the method, a wireless device establishes a connection to an auxiliary network, and then establishes a connection with a deployable subscription bootstrapping service. The deployable subscription bootstrapping service generates a temporary subscription profile, including a temporary shared symmetric key, for the wireless device, writes the temporary profile to a deployable home subscriber server, and communicates the temporary profile to the wireless device, which stores the temporary profile. The wireless device then terminates the connection to the auxiliary network, and initiates a connection with the deployable wireless communications network using the temporary subscription profile.

Abstract: A system and method for enabling a primary and a secondary communication device to share a user identity assertion is presented. The user identity assertion enables the devices to access an application system. The primary and secondary devices are paired to place them in collaboration with each other. The primary device requests an identity provider system to issue a user identity assertion scoped to the primary and secondary communication device. The identity provider system authenticates the primary device and generates the user identity assertion scoped to the primary device and the secondary device identified in the request. The primary communication device receives the user identity assertion and communicates the user identity assertion to the secondary device. The primary device may request the user identity assertion by communicating a user identity assertion scoped to the primary device and a single sign on session cookie or a request for an extension assertion.

Abstract: A method and apparatus for bootstrapping secure connections between wireless devices and deployable wireless communications networks. Using the method, a wireless device establishes a connection to an auxiliary network, and then establishes a connection with a deployable subscription bootstrapping service. The deployable subscription bootstrapping service generates a temporary subscription profile, including a temporary shared symmetric key, for the wireless device, writes the temporary profile to a deployable home subscriber server, and communicates the temporary profile to the wireless device, which stores the temporary profile. The wireless device then terminates the connection to the auxiliary network, and initiates a connection with the deployable wireless communications network using the temporary subscription profile.

Abstract: A method and apparatus is provided for connecting a communication device to a deployable system. The deployable system obtains at least one deployable key derived on a fixed system for the deployable system based on an existing key stored on a database of the fixed system, wherein the existing key is used to authenticate a communication device. The deployable system stores the derived key. Subsequent to the storing, the deployable system is activated to provide communication resources to communication devices disconnected from the fixed system. The activated deployable system is not connected to the fixed system. The activated deployable system receives an authentication request from the communication device requesting connection to the deployable system; generates authentication vectors using the at least one derived deployable key; and authenticates an authentication response received from the communication device using the authentication vectors.

Abstract: An apparatus for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration key to the first device based on the first identity token or user authentication. The first device generates and sends a collaboration credential based on the collaboration key to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract: Multi-factor authentication is enabled across a plurality of communication devices. A user performs authentication by using a first authentication factor on a first of the communication devices, and by using a second authentication factor on a second of the communication devices. A collaboration credential is shared among the devices to enable the devices to collaborate with each other. Both of the authentication factors are bound together. A multi-factor identification token is issued to each device, to support multi-factor authentication for the user across the devices.

Abstract: A system for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration credential to the first device based on the first identity token or user authentication. The first device sends the collaboration credential generated by the server to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract: A system and method for enabling a primary and a secondary communication device to share a user identity assertion is presented. The user identity assertion enables the devices to access an application system. The primary and secondary devices are paired to place them in collaboration with each other. The primary device requests an identity provider system to issue a user identity assertion scoped to the primary and secondary communication device. The identity provider system authenticates the primary device and generates the user identity assertion scoped to the primary device and the secondary device identified in the request. The primary communication device receives the user identity assertion and communicates the user identity assertion to the secondary device. The primary device may request the user identity assertion by communicating a user identity assertion scoped to the primary device and a single sign on session cookie or a request for an extension assertion.

Abstract: Multi-factor authentication is enabled across a plurality of communication devices. A user performs authentication by using a first authentication factor on a first of the communication devices, and by using a second authentication factor on a second of the communication devices. A collaboration credential is shared among the devices to enable the devices to collaborate with each other. Both of the authentication factors are bound together. A multi-factor identification token is issued to each device, to support multi-factor authentication for the user across the devices.

Abstract: A system for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration credential to the first device based on the first identity token or user authentication. The first device sends the collaboration credential generated by the server to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract: An apparatus for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration key to the first device based on the first identity token or user authentication. The first device generates and sends a collaboration credential based on the collaboration key to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract: A network device is configured to authenticate a collaborative session between at least two communication devices. The network component receives an indication that at least two devices located within a predefined physical range are attempting to collaborate. The network component determines, based on the indication, that the two devices are authentic and that the two devices are attempting to collaborate. Responsive to determining that the two devices are authentic and attempting to collaborate, the network component determines that the two devices are authorized to collaborate and a level on which the two devices are authorized to collaborate. The network component sends an authorization response to at least one of the at least two devices, wherein if the two devices are authorized to collaborate the authorization response includes the level on which the two devices are authorized to collaborate.

Abstract: A method, a network element, and a client device for creating a trusted connection with a network are disclosed. A client device 104 may attempt to access a sub-network 106. The client device 104 may determine that a certificate of the sub-network 106 is issued by a certification authority absent from a device certificate trust list. The client device 104 may receive via the sub-network 106 a certificate trust list update 400 from a certificate trust list provider 108.

Abstract: A method, information processing system, and wireless device provide authentication information to a network. The method includes determining that at least one authentication context (120) resides in memory (412). The at least one authentication context (120) is analyzed to determine if at least one realm identifier associated with a home service provider is included in the at least one authentication context (120). A user is prompted to update the at least one authentication context (120) with at least one realm identifier associated with a home service provider in response to determining that at least one realm identifier fails to be included in the at least one authentication context (120). At least one realm identifier is received (612) from a user that is associated with a home service provider. The at least one authentication context (120) is updated with the at least one realm identifier received from the user.