Abstract: The invention relates to a method and system for key distribution and encryption/decryption. An encryption key (Kenc) is derived in a terminal. The encryption key is applied by the terminal for encrypting at least a part of data included in an application message for an application server transmitted over a network. The terminal and the network both have access to a first key (K1). The terminal and the server both have access to a second key (K2). The encryption key is derived at the terminal using the first key and the second key. The first key or the derivative thereof is received at the server. The encryption key for decrypting the application message encrypted by the terminal is derived in the server using the shared second key and the received first key of the derivative thereof.

Abstract: The disclosure relates to a security method in a radio access network system. A shared secret key is stored in both a user device and a core network system. A further secret key is received from the core network system, wherein the further secret key has been derived using the shared secret key stored in the core network system. One or more values are provided over the radio interface to the user device to derive the further secret key in the user device from at least the shared secret key stored in the user device and one or more of the one or more values provided over the radio interface. An authentication procedure and/or a key agreement procedure is performed for the user device over the wireless radio interface using the received further secret key in the radio access network system and the derived further secret key in the user device.

Abstract: The disclosure relates to a security method and system in a telecommunications network comprising a radio access network system and a core network system. The radio access network system is configured to provide a wireless radio interface for at least one user device, wherein a shared secret key is stored in both the user device and the core network system. At least one vector is received from the core network system comprising one or more values derived from the shared secret key. At least one of an authentication procedure and a key agreement procedure is performed in the radio access network system for the user device over the wireless radio interface using the one or more values of the received vector for establishing a connection between the user device and the radio access network system.

Abstract: The disclosure relates to a security method in a radio access network system. A shared secret key is stored in both a user device and a core network system. A further secret key is received from the core network system, wherein the further secret key has been derived using the shared secret key stored in the core network system. One or more values are provided over the radio interface to the user device to derive the further secret key in the user device from at least the shared secret key stored in the user device and one or more of the one or more values provided over the radio interface. An authentication procedure and/or a key agreement procedure is performed for the user device over the wireless radio interface using the received further secret key in the radio access network system and the derived further secret key in the user device.

Abstract: The disclosure relates to a security method in a radio access network system. A shared secret key is stored in both a user device and a core network system. A further secret key is received from the core network system, wherein the further secret key has been derived using the shared secret key stored in the core network system. One or more values are provided over the radio interface to the user device to derive the further secret key in the user device from at least the shared secret key stored in the user device and one or more of the one or more values provided over the radio interface. An authentication procedure and/or a key agreement procedure is performed for the user device over the wireless radio interface using the received further secret key in the radio access network system and the derived further secret key in the user device.

Abstract: The invention enables a device to discover one or more other devices within range for a device-to-device mode of communication. This proximity discovery may trigger a target device, e.g. to start listening to signals from a source device or perform any other action based on the proximity discovery like e.g. charging at a toll gate. A source device that wants to be discovered broadcasts a message including an identifier or a representation of the identifier. This identifier may be an identifier of the target device to be contacted or of the source device or a derivation thereof or a common security association used by a set of peers. The target device compares the broadcast identifier with a known identifier to establish proximity discovery.

Abstract: The invention relates to a method and system for key distribution and encryption/decryption. An encryption key (Kenc) is derived in a terminal. The encryption key is applied by the terminal for encrypting at least a part of data included in an application message for an application server transmitted over a network. The terminal and the network both have access to a first key (K1). The terminal and the server both have access to a second key (K2). The encryption key is derived at the terminal using the first key and the second key. The first key or the derivative thereof is received at the server. The encryption key for decrypting the application message encrypted by the terminal is derived in the server using the shared second key and the received first key of the derivative thereof.

Abstract: The invention relates to a method and system for key distribution and encryption/decryption. An encryption key (Kenc) is derived in a terminal. The encryption key is applied by the terminal for encrypting at least a part of data included in an application message for an application server transmitted over a network. The terminal and the network both have access to a first key (K1). The terminal and the server both have access to a second key (K2). The encryption key is derived at the terminal using the first key and the second key. The first key or the derivative thereof is received at the server. The encryption key for decrypting the application message encrypted by the terminal is derived in the server using the shared second key and the received first key of the derivative thereof.

Abstract: The disclosure relates to a security method and system in a telecommunications network comprising a radio access network system and a core network system. The radio access network system is configured to provide a wireless radio interface for at least one user device, wherein a shared secret key is stored in both the user device and the core network system. At least one vector is received from the core network system comprising one or more values derived from the shared secret key. At least one of an authentication procedure and a key agreement procedure is performed in the radio access network system for the user device over the wireless radio interface using the one or more values of the received vector for establishing a connection between the user device and the radio access network system.

Abstract: The disclosure relates to a security method and system in a telecommunications network comprising a radio access network system and a core network system. The radio access network system is configured to provide a wireless radio interface for at least one user device, wherein a shared secret key is stored in both the user device and the core network system. At least one vector is received from the core network system comprising one or more values derived from the shared secret key. At least one of an authentication procedure and a key agreement procedure is performed in the radio access network system for the user device over the wireless radio interface using the one or more values of the received vector for establishing a connection between the user device and the radio access network system.

Abstract: The invention enables a device to discover one or more other devices within range for a device-to-device mode of communication. This proximity discovery may trigger a target device, e.g. to start listening to signals from a source device or perform any other action based on the proximity discovery like e.g. charging at a toll gate. A source device that wants to be discovered broadcasts a message including an identifier or a representation of the identifier. This identifier may be an identifier of the target device to be contacted or of the source device or a derivation thereof or a common security association used by a set of peers. The target device compares the broadcast identifier with a known identifier to establish proximity discovery.

Abstract: The invention enables a device to discover one or more other devices within range for a device-to-device mode of communication. This proximity discovery may trigger a target device, e.g. to start listening to signals from a source device or perform any other action based on the proximity discovery like e.g. charging at a toll gate. A source device that wants to be discovered broadcasts a message including an identifier or a representation of the identifier. This identifier may be an identifier of the target device to be contacted or of the source device or a derivation thereof or a common security association used by a set of peers. The target device compares the broadcast identifier with a known identifier to establish proximity discovery.

Abstract: A method is disclosed for establishing a device-to-device communication session between mobile devices which are mutually connectable via a D2D communication channel (DDC) and individually connectable to a mobile network (MN), including preloading an initiation key on each of the mobile devices, the initiation key being associated with a validity period; and on each of the mobile devices: verifying a validity of the initiation key based on a current time; if the initiation key is deemed valid, generating a session key using the initiation key by using the initiation key in performing a key agreement procedure between the mobile devices over the D2D communication channel (DDC), the key agreement procedure resulting in the session key if the initiation key used by each of the mobile devices matches; and establishing the D2D communication session over the D2D communication channel (DDC) based on the session key.

Abstract: The disclosure relates to a security method in a radio access network system. A shared secret key is stored in both a user device and a core network system. A further secret key is received from the core network system, wherein the further secret key has been derived using the shared secret key stored in the core network system. One or more values are provided over the radio interface to the user device to derive the further secret key in the user device from at least the shared secret key stored in the user device and one or more of the one or more values provided over the radio interface. An authentication procedure and/or a key agreement procedure is performed for the user device over the wireless radio interface using the received further secret key in the radio access network system and the derived further secret key in the user device.

Abstract: A method is disclosed for establishing a device-to-device communication session between mobile devices which are mutually connectable via a D2D communication channel (DDC) and individually connectable to a mobile network (MN), including preloading an initiation key on each of the mobile devices, the initiation key being associated with a validity period; and on each of the mobile devices: verifying a validity of the initiation key based on a current time; if the initiation key is deemed valid, generating a session key using the initiation key by using the initiation key in performing a key agreement procedure between the mobile devices over the D2D communication channel (DDC), the key agreement procedure resulting in the session key if the initiation key used by each of the mobile devices matches; and establishing the D2D communication session over the D2D communication channel (DDC) based on the session key.

Abstract: The disclosure relates to a security method and system in a telecommunications network comprising a radio access network system and a core network system. The radio access network system is configured to provide a wireless radio interface for at least one user device, wherein a shared secret key is stored in both the user device and the core network system. At least one vector is received from the core network system comprising one or more values derived from the shared secret key. At least one of an authentication procedure and a key agreement procedure is performed in the radio access network system for the user device over the wireless radio interface using the one or more values of the received vector for establishing a connection between the user device and the radio access network system.

Abstract: Mobile network (MN) for mobile devices (UE1, UE2), the mobile devices being arranged for exchanging communication data via the mobile network or, by selection, via a Device-To-Device [D2D] communication channel, the mobile network comprising a base station (ENB1) and a controller (010), wherein the controller (010) is arranged for: i) receiving an interception request from a lawful intercept controller (020), the interception request being indicative of a subscriber; ii) determining whether a target device associated with the subscriber participates in the D2D communication channel (D2D) based on D2D control data; and iii) if the target device is deemed to participate in the D2D communication channel (D2D), requesting the base station (ENB1) to intercept the communication data exchanged via the D2D communication channel (D2D); and wherein the base station (ENB1) is arranged for, in response to a request from the controller, intercepting radio signals (RS) of the D2D communication channel based on the D2D cont

Abstract: A method is disclosed for establishing a device-to-device communication session between mobile devices (MD1, MD2) which are mutually connectable via a D2D communication channel (DDC) and individually connectable to a mobile network (MN), comprising: preloading (120) an initiation key on each of the mobile devices (MD1, MD2), the initiation key being associated with a validity period; and on each of the mobile devices (MD1, MD2), verifying (140) a validity of the initiation key based on a current time; if the initiation key is deemed valid, generating (160) a session key using the initiation key by using the initiation key in performing (164, 166) a key agreement procedure between the mobile devices (MD1, MD2) over the D2D communication channel (DDC), the key agreement procedure resulting in the session key if the initiation key used by each of the mobile devices matches; and establishing (180) the D2D communication session over the D2D communication channel (DDC) based on the session key.

Abstract: A system is described for communicating with a mobile telecommunications device (201) in a telecommunications network (207). The mobile telecommunications device (201) comprises first and second security applications. The second security application (209) is comprised in a smart card (204), typically the UICC of the mobile device (201). There is a secure logical channel between the first and second security applications which stops any malicious software resident on the device from interfering with communication between the first and second security applications. The telecommunications network (207) produces data and signals it to the mobile telecommunications device (201) which stores the data in the second security application (209) for access by the first security application (208).

Abstract: At least a method for verifying the authenticity of one or more authentication messages in an authentication procedure between a network and a mobile device is described wherein the method comprises: sending an authentication request through a first radio access node to a said mobile device, said radio access node being associated with first location information; said mobile device generating second location information associated with the location of said mobile device; and, verifying the authenticity of the origin of said authentication request by checking if said second location information comprises said first location information.