Abstract: The invention provides a method and system (10) for enabling use of a communication network by a subscriber. The system includes a database (12) including data on a plurality of subscribers and identification means for remotely identifying subscriber. The system further includes verification means for verifying subscriber details with reference to the database and a stock of enabling codes (20) which, when fed into the network allow communication via the network to a predetermined extent. In use, the subscriber is identified remotely, his details are verified and he is then provided with an enabling code permitting communications via the network.

Abstract: A subscriber terminal initiates an authentication procedure with a supporting wireless communications system in response to either a timer expiration based trigger, a state change based trigger, or a combination timer/state based trigger. With respect to the timer expiration based trigger, a countdown timer is set by either the subscriber terminal or the supporting system and thereafter monitored for expiration to trigger authentication. For the state change based trigger, the subscriber terminal monitors for any transition from an operating state wherein use of an air interface connection with the supporting system has been suspended to trigger authentication. Furthermore, for the combination timer/state based trigger, the subscriber terminal sets a countdown timer and monitors for an operating state transition that occurs subsequent to timer expiration to trigger authentication.

Abstract: In a mobile communications system, a batch of sequence numbers is generated via an algorithm wherein each sequence number comprises a suffix and a prefix. The method comprises; calculating a new sequence number suffix from an existing sequence number suffix, calculating a prefix of a first new sequence number of the batch by addition to the prefix of the existing sequence number if the new suffix is not equal to a predetermined value or by a randomising process if the new suffix is equal to said predetermined value, and calculating prefixes for the other sequence numbers of the batch by modular addition of integers to the prefix of said first new sequence number. The sequence numbers are used in the authentication procedure.

Abstract: In a method and an arrangement for establishing an encrypted connection between a mobile station and a base transceiver station in a mobile telephone system, the base transceiver station makes sure, before forwarding a cipher mode command message to the mobile station that the mobile station is in multiple-frame-mode.

Abstract: A client 110 may be authenticated by transmitting or beaming a telecommunication network subscriber's authentication to the client from a device 120, over a wireless link. For example, a GSM telephone 120 may authenticate an electronic book 110 to a content providing service within the Internet. The service verifies the authentication using the subscriber's GSM network operator's Authentication Center 161 to generate an authenticator and the client correspondingly generates a local copy of the authenticator using a GSM SIM over the wireless local link. The authentication is then determined by checking that these authenticators match and thereafter the authenticator can be used as a session key to encrypt data in the service.

Abstract: When access is requested, the method consists in causing the portable device to transmit at least an identity sequence containing at least the value of a cryptogram (Ci) which is the result of an iterative algorithm (A2) being executed that is based on a non-invertible secret-key function (F2), and in causing the server to compute successive cryptograms (Q1, Q2, . . . ) on the basis of a cryptogram (Q0) and by using the same algorithm (A2) until a cryptogram (Qn) is found whose value is equal to the value of the cryptogram (Ci) so as to validate access. The method is suitable in particular for use in a home banking application.

Abstract: In the method in accordance with the present invention, the subscriber identifier to be sent to the transmission network is encrypted using a cipher key common to a specific group of subscribers, and a random number is attached to the identifier to be sent to the network. For example, a subscriber group may consist of the subscribers to a single given operator. The section of the identifier specifying the subscriber group is sent to the network in a non-encrypted format, in which case the network is able to direct the encrypted message to such a network element where it can be deciphered.

Abstract: In the method for securing over-the-air communication in wireless system, a mobile sends a system access request and dummy data associated with the system access request to a network. The network sends a first data stream including a first data portion to the mobile in response to the system access request and the dummy data. The mobile extracts the first data portion from the first bit stream, and sends a second bit stream to the network. The second bit stream includes a second data portion. The mobile and the network both generate a key based on the first data portion and the second data portion, and establish a first encrypted and authenticated communication channel in cooperation using the key. The mobile then transfers authorizing information to the network over the first encrypted and authenticated communication channel. If accepted, a second encrypted and authenticated communication channel is established.

Abstract: A computer system according to the present invention implements a self-modifying “fail-safe” password system that allows a manufacturer or site administrator to securely supply a single-use password to users who lose a power-up password. The fail-safe password system utilizes at least one fail-safe counter, an encryption/decryption algorithm, a public key, and a secure non-volatile memory space. The fail-safe password is derived by generating a hash code using SHA, MD5,or a similar algorithm and encrypting the result. The fail-safe password is then communicated to the user. After the user enters the fail-safe password, the computer system generates an internal hash value and compares it with the hash code of the decrypted fail-safe password. When the decrypted fail-safe password matches the internal hash value, the user is allowed access to the computer system.

Abstract: A system and a method for a secure trading mechanism combining wireless communication and wired communication are proposed, which, in the condition of two-way trading constructed based on network connection of a wireless communication device functioning in two-way transmission to a trading server and a trading host of a wired communication devices, allow the trading to be performed in real time and the correctness to be determined for data transmitted between different levels of the network according to a secure communication protocol defined in each communication device, so as to assure the security of trading data in transmission, and prevent the trading data from being acquired or changed without authorization.

Abstract: A cipher system having a cipher core to encrypt plaintext data into ciphertext data, and a bus interface coupled to the cipher core to transfer the ciphertext data to a bus. In one embodiment, the cipher core comprises a block assembler to receive words of data and to assemble the words into a block, an encryption function to encrypt the block based on an encryption function key, a block transmitter to receive the encrypted block and to disassemble the encrypted block into encrypted data words, and a controller to control multiple rounds of encryption by the encryption function for the block. In another embodiment, the encryption function is duplicated and the controller is replaced by two controllers, the first controller controlling the first five rounds of encryption of the block and the second controller controlling the second five rounds of encryption of the block.

Abstract: A user authentication method is provided which can provide high levels of security without a need for installing any special apparatus on a user side to provide a service to a user over a network.

Abstract: The invention provides technology that improves the security of the A-Keys in a wireless communications system. The technology effectively prevents any human access to the A-Keys and eliminates cloning. The invention improves the security and integrity of the wireless communications system. A secure processor exchanges random numbers with a wireless communications device to generate the A-Key. The secure processor then encrypts the A-Key and transfers the encrypted A-Key to an authentication system. When the authentication system generates or updates the SSD, the authentication system transfers the encrypted A-Key and other information to the secure processor. The secure processor decrypts the A-Key and calculates the SSD. The secure processor transfers the SSD to the authentication system for use in authenticating the wireless communications device.

Abstract: A communication device (122) supports secure communications using automated encryption key scheduling. The communication device (122) is provided with access to one or more schedules having entries of specific time periods, such as date and time of day information, that govern selection of encryption keys. A schedule is selected and accessed using current time information to obtain an encryption key (310, 320, 330). Subsequent communications are conducted using the obtained encryption key (340).

Abstract: A method for enabling encrypted communication to be performed directly in a single hop or merely directly between two terminals of a mobile radio network by satellite and/or of the GSM/DCS type, after one of said terminals has called via a fixed radio station of the network. After a first encryption stage, performed in conventional manner, a cipher key is simultaneously generated by the identity card associated with the calling terminal and by the network control structure for encrypting/decrypting data transmitted over the radio link between said calling terminal and the station. This cipher key is then stored in a memory of the station so as to be transmitted to the called terminal when a radio link is set up between said station and said called terminal for the call requested by the calling terminal, and the key is used for the purpose of encrypting/decrypting the data interchanged between the calling and called terminals.

Abstract: A communication system having a wireless trunk for connecting multiple phone lines over wireless communication links to a cellular network comprises a central telephone switch, such as a private branch exchange or key system, connected through one or more trunk lines to a wireless access communication unit. The wireless access communication unit preferably comprises a separate subscriber interface for each trunk line from the central telephone switch. The wireless access communication unit collects data from each of the subscriber interfaces, formats the data into a format compatible with an over-the-air protocol, and transmits the information over one or more wireless channels to a cellular base station. The wireless access communication unit thereby connects calls received from the central telephone switch's trunk lines over a wireless trunk to a network.

Abstract: The procedure for Over-The-Air Parameter Administration (OTAPA) utilizes the over-the-air programming protocol and procedures which support the Over-The-Air Service Provisioning (OTASP) feature in accordance with established industry standards (TIA/EIA/IS-683). The mobile phone is programmed with a service option for changing the NAM parameters including an identification number for this option. The network base station sends a message to the mobile phone using the identification number and, if the mobile phone has OTAPA capability, it responds indicating support. The base station then transmits message telling the mobile station to proceed to the Traffic Channel and inquires whether the encryption mode is enabled, proceeding with the OTAPA only if the encryption mode is enabled. Once on the Traffic Channel, a Parameter Change Code (PCC) is sent. If the PCC is verified by the mobile unit, the base station proceeds to update the parameters and store the updated parameters into the phone's memory.