Abstract: An anonymous attestation cryptographic protocol is provided for enabling a target (device 4) to attest to a predetermined property of the device without needing to reveal its identity to a verifier (8). When obtaining a credential from an issuer (6) to attest to the predetermined property, the credential is validated by an intermediary device (2) which is a separate consumer electronics device to the target device (4) itself. This allows the relatively processor-intensive calculations required for validating the credential to be performed on a separate device (2) from the device (4) for which the attestation has been made, allowing anonymous attestation protocols to be used for lower powered target devices such as sensors in the internet of things.

Abstract: A network usage control method comprises receiving (S2, S5) a handset identifier (e.g. an IMEI number) of a requesting terminal device (2) seeking to use a mobile network (4); retrieving verification information (S7) for verifying an identity of an authorised terminal device associated with the handset identifier; verifying (S9), based on the verification information, whether the requesting terminal device (2) is the authorised terminal device; and controlling (S10, S11) usage of the mobile network by the requesting terminal ON device in dependence on whether the requesting terminal device is verified as the authorised terminal device. Cryptographic keys can be used to bind the handset identifier to a particular handset and verify that a device presenting a given handset identifier is actually the authorised handset for that handset identifier. This prevents thieves being able to circumvent blacklisted handset identifier of a stolen handset by cloning a valid handset identifier from another device.

Abstract: To establish a first protected communication channel between a device D and a first server S, a symmetric key KS is derived at the device D, based on a device identifying key KD and public key information dependent on a first server public key Spublic of the first server S. The symmetric key KS is derived in a corresponding way at a second server T. The symmetric key KS is transmitted from the second server T to the first server S on a second protected communication channel. Communication on the first protected communication channel between the device D and the first server S is protected using a communication key KC which is dependent on the symmetric key KS. This can enable a device D lacking support for asymmetric key cryptography to securely enter into communication with the first server S.

Abstract: Microprocessor system that is implemented or can be implemented in a mobile terminal and comprises: a normal operating system designed to generate and maintain a non-secure runtime environment and a security operating system designed to generate and maintain a secured runtime environment, and an operating system interface between the normal operating system and the security operating system, said operating interface being designed to control communication between the non-secure runtime environment and the secured runtime environment on the operating system level, and at least one filter interface that is designed to securely control communication between the non-secure runtime environment and a secured runtime environment on a level different from the operating system level.

Abstract: The invention relates to a method for carrying out a transaction at a transaction terminal (40) by means of a mobile terminal (20), to such a transaction terminal (40), and to such a mobile terminal (20). The method has the step of identifying a user by means of the transaction terminal (40) and the step of authenticating the user with respect to the transaction terminal (40). The method is characterized in that the user is authenticated by checking whether a password, in particular a PIN, which is entered by the user via an input device (22, 24) of the mobile terminal (20) matches a password which is stored for the user in the transaction terminal (40) or in a background system (80) that is connected to said transaction terminal.

Abstract: Microprocessor system that is implemented or can be implemented in a mobile terminal and comprises: a normal operating system designed to generate and maintain a non-secure runtime environment and a security operating system designed to generate and maintain a secured runtime environment, and an operating system interface between the normal operating system and the security operating system, said operating interface being designed to control communication between the non-secure runtime environment and the secured runtime environment on the operating system level, and at least one filter interface that is designed to securely control communication between the non-secure runtime environment and a secured runtime environment on a level different from the operating system level.

Abstract: The invention relates to a method for operating a microprocessor unit, in particular in a mobile terminal, wherein the microprocessor unit comprises a microprocessor (MP) on which a normal runtime environment (NZ) is implemented with a first operating system (B1) and a secure runtime environment is implemented with a second, secure operating system (B2). The microprocessor unit also comprises a RAM memory (R) outside the secure runtime environment (TZ), into which memory the first operating system (B1) is loaded when executing the normal runtime environment (NZ). The invention is distinguished by the fact that the second operating system (B2) is a secure version of the first operating system (B1), which version is loaded into a section of the RAM memory intended for the secure runtime environment during the execution of the secure runtime environment (TZ).