Abstract: The invention enables a device to discover one or more other devices within range for a device-to-device mode of communication. This proximity discovery may trigger a target device, e.g. to start listening to signals from a source device or perform any other action based on the proximity discovery like e.g. charging at a toll gate. A source device that wants to be discovered broadcasts a message including an identifier or a representation of the identifier. This identifier may be an identifier of the target device to be contacted or of the source device or a derivation thereof or a common security association used by a set of peers. The target device compares the broadcast identifier with a known identifier to establish proximity discovery.

Abstract: A system is described to control a mobile telecommunication device within a telecommunications network, when the mobile device is suspected of being, or has been found to be, infected by malicious software or viruses causing it to behave maliciously or aggressively within the network. The telecommunications network is arranged to identify the telecommunication device and limit the communication between the mobile telecommunication device and the telecommunications network. This may mean limiting the bandwidth of the bearer between the mobile telecommunications device and the telecommunications network or may mean limiting the communications between the mobile telecommunications device and a specific location. In further embodiments the telecommunications network quarantines the identified device by either transferring an attachment of the mobile telecommunications device to a second network, or, maintaining a list of devices and adding the identified mobile telecommunications device to the list.

Abstract: Mobile network (MN) for mobile devices (UE1, UE2), the mobile devices being arranged for exchanging communication data via the mobile network or, by selection, via a Device-To-Device [D2D] communication channel, the mobile network comprising a base station (ENB1) and a controller (010), wherein the controller (010) is arranged for: i) receiving an interception request from a lawful intercept controller (020), the interception request being indicative of a subscriber; ii) determining whether a target device associated with the subscriber participates in the D2D communication channel (D2D) based on D2D control data; and iii) if the target device is deemed to participate in the D2D communication channel (D2D), requesting the base station (ENB1) to intercept the communication data exchanged via the D2D communication channel (D2D); and wherein the base station (ENB1) is arranged for, in response to a request from the controller, intercepting radio signals (RS) of the D2D communication channel based on the D2D cont

Abstract: A method is disclosed for establishing a device-to-device communication session between mobile devices (MD1, MD2) which are mutually connectable via a D2D communication channel (DDC) and individually connectable to a mobile network (MN), comprising: pre-loading (120) an initiation key on each of the mobile devices (MD1, MD2), the initiation key being associated with a validity period; and on each of the mobile devices (MD1, MD2), verifying (140) a validity of the initiation key based on a current time; if the initiation key is deemed valid, generating (160) a session key using the initiation key by using the initiation key in performing (164, 166) a key agreement procedure between the mobile devices (MD1, MD2) over the D2D communication channel (DDC), the key agreement procedure resulting in the session key if the initiation key used by each of the mobile devices matches; and establishing (180) the D2D communication session over the D2D communication channel (DDC) based on the session key.

Abstract: The invention relates to AKA procedures for terminals (3) in a network. A method for enabling authentication and/or key agreement for a terminal (3) in a network is disclosed. The method involves the transfer of at least one AKA parameter (RANDn+m; RANDn+m, AUTNn+m) from the network to the terminal (3) during a terminal session n. The AKA parameter enables authentication and/or key agreement procedure of the terminal (3) in the network for a subsequent terminal session n+m.

Abstract: The invention relates to a method and system for key distribution and encryption/decryption. An encryption key (Kenc) is derived in a terminal. The encryption key is applied by the terminal for encrypting at least a part of data included in an application message for an application server transmitted over a network. The terminal and the network both have access to a first key (K1). The terminal and the server both have access to a second key (K2). The encryption key is derived at the terminal using the first key and the second key. The first key or the derivative thereof is received at the server. The encryption key for decrypting the application message encrypted by the terminal is derived in the server using the shared second key and the received first key of the derivative thereof.

Abstract: At least a method for verifying the authenticity of one or more authentication messages in an authentication procedure between a network and a mobile device is described wherein the method comprises: sending an authentication request through a first radio access node to a said mobile device, said radio access node being associated with first location information; said mobile device generating second location information associated with the location of said mobile device; and, verifying the authenticity of the origin of said authentication request by checking if said second location information comprises said first location information.

Abstract: The invention relates to AKA procedures for terminals (3) in a network. A method for enabling authentication and/or key agreement for a terminal (3) in a network is disclosed. The method involves the transfer of at least one AKA parameter (RANDn+m; RANDn+m, AUTNn+m) from the network to the terminal (3) during a terminal session n. The AKA parameter enables authentication and/or key agreement procedure of the terminal (3) in the network for a subsequent terminal session n+m.

Abstract: At least a method for verifying the authenticity of one or more authentication messages in an authentication procedure between a network and a mobile device is described wherein the method comprises: sending an authentication request through a first radio access node to a said mobile device, said radio access node being associated with first location information; said mobile device generating second location information associated with the location of said mobile device; and, verifying the authenticity of the origin of said authentication request by checking if said second location information comprises said first location information.

Abstract: Method and apparatuses for protectedly reading out an enciphered, cryptographic key (Ksec) stored in a first memory (2) of a first communication apparatus (8; 8′), comprising the following steps: a. making available a first predetermined number (PW; X) by the first communication apparatus (8; 8′); b. receiving the first predetermined number (PW; X) by the second communication apparatus; c. calculating a Message Authentication Code (MAC) by the second communication apparatus on a second predetermined number, using the first predetermined number (PW; X), and with the aid of a predetermined key (Kicc); d. making available the Message Authentication Code by the second communication apparatus (6; 13); e. deciphering the cryptographic key by the first communication apparatus (8; 8′), using the Message Authentication Code as a deciphering key.