Abstract: Various communication systems may benefit from appropriate security measures. For example, mobile networks may benefit from the flexible selection of security features. A method can include receiving an attach request. The method can also include sending a response to the request. The response can include information configured to allow selection of a control plane integrity algorithm independently of a user plane integrity algorithm.

Abstract: Systems, methods, apparatuses, and computer program products for securing user plane (e.g., MB2-U) interface between a group communication service application server (GCS AS) and Broadcast Multicast Service Center (BM-SC) are provided. One method may include transmitting a message via a control plane, to an application server, indicating whether to establish a security association on a user plane in an interface between the GCS AS and the BM-SC. The method may also include providing, to the GCS AS, a target internet protocol (IP) address and possible port as a target for the security association.

Abstract: User equipment is registered with a visited public land mobile network, VPLMN, in a process including: producing at the user equipment a concealed identifier; producing at the user equipment a freshness code; and sending by the user equipment to the VPLMN the concealed identifier and the freshness code; receiving by the user equipment an identity request from the VPLMN indicating that the long-term identifier must be transmitted to the VPLMN in a non-concealed form; receiving by the user equipment from the VPLMN a permission authenticator; and verifying at the user equipment if the permission authenticator has been formed with a cryptographic authentication of the home public land mobile network, HPLMN, and the user equipment or a subscription module at the user equipment indicating permission to transmit the long-term identifier to the VPLMN in the non-concealed form and if yes, transmitting the long-term identifier to the VPLMN in the non-concealed form.

Abstract: There are provided measures for network authorization assistance. Such measures exemplarily comprise detecting a connection opportunity to a radio access network, obtaining a network identifier of said radio access network, said network identifier being indicative of trust related information with respect to said radio access network, circuitry 11 verifying correctness of said network identifier, and controlling a selection processing of selecting to connect to said radio access network or not based on said network identifier of said radio access network, if said network identifier is verified as being correct.

Abstract: Various communication systems may benefit from appropriate security measures. For example, mobile networks may benefit from the flexible selection of security features. A method can include receiving an attach request. The method can also include sending a response to the request. The response can include information configured to allow selection of a control plane integrity algorithm independently of a user plane integrity algorithm.

Abstract: User equipment is registered with a visited public land mobile network, VPLMN, in a process including: producing at the user equipment a concealed identifier; producing at the user equipment a freshness code; and sending by the user equipment to the VPLMN the concealed identifier and the freshness code; receiving by the user equipment an identity request from the VPLMN indicating that the long-term identifier must be transmitted to the VPLMN in a non-concealed form; receiving by the user equipment from the VPLMN a permission authenticator; and verifying at the user equipment if the permission authenticator has been formed with a cryptographic authentication of the home public land mobile network, HPLMN, and the user equipment or a subscription module at the user equipment indicating permission to transmit the long-term identifier to the VPLMN in the non-concealed form and if yes, transmitting the long-term identifier to the VPLMN in the non-concealed form.

Abstract: Various communication systems may benefit from appropriate security measures. For example, mobile networks may benefit from the flexible selection of security features. A method can include receiving an attach request. The method can also include sending a response to the request. The response can include information configured to allow selection of a control plane integrity algorithm independently of a user plane integrity algorithm.

Abstract: In accordance with the occurrence of a mobility event whereby user equipment moves from accessing a source network to accessing a target network in a communication system environment, the user equipment sends a control plane message to the target network comprising an integrity verification parameter associated with the source network and an integrity verification parameter associated with the target network. By providing integrity verification parameters for both the source network and the target network in an initial message sent by the user equipment to the mobility management element of the target network, the mobility management element of the target network can verify the user equipment on its own or seek the assistance of the source network.

Abstract: A method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.

Abstract: Certain example embodiments may generally relate to multi-security levels/traffic management across multiple network function instantiations, including virtualized network function instantiations. A method may include configuring a first instantiation of a first network function to provide a first type of security. The method may also include configuring a second instantiation of the first network function to provide a second type of security that is different than the first type of security. The method may further include allocating at least some of the subscriber traffic to the first instantiation.

Abstract: In accordance with the occurrence of a mobility event whereby user equipment moves from accessing a source network to accessing a target network in a communication system environment, the user equipment sends a control plane message to the target network comprising an integrity verification parameter associated with the source network and an integrity verification parameter associated with the target network. By providing integrity verification parameters for both the source network and the target network in an initial message sent by the user equipment to the mobility management element of the target network, the mobility management element of the target network can verify the user equipment on its own or seek the assistance of the source network.

Abstract: The present invention provides apparatuses, methods, computer programs, computer program products and computer-readable media regarding security in isolated LTE networks. The method comprises receiving, at a network element, a message from a management entity, determining, at the network element, a class of a radio network to which the management entity belongs, selecting a function for generating an authentication key based on the determined class, and generating the authentication key using the selected function.

Abstract: It is provided an apparatus, comprising property checking means configured to check whether a claimant property information received from a claimant device corresponds to a predefined claimant attribute; obtaining means configured to obtain a result, which is positive only if the claimant property information corresponds to the predefined claimant attribute as checked by the property checking means; key generation means configured to generate a first claimant intermediate key from a predefined claimant permanent key stored in the apparatus; supplying means configured to supply, to the claimant device, the first claimant intermediate key using a secured protocol, wherein at least one of the key generation means and the supplying means is configured to generate and to supply, respectively, the first claimant intermediate key only if the result is positive.

Abstract: Various communication systems may benefit from appropriate security measures. For example, mobile networks may benefit from the flexible selection of security features. A method can include receiving an attach request. The method can also include sending a response to the request. The response can include information configured to allow selection of a control plane integrity algorithm independently of a user plane integrity algorithm.

Abstract: Certain example embodiments may generally relate to multi-security levels/traffic management across multiple network function instantiations, including virtualized network function instantiations. A method may include configuring a first instantiation of a first network function to provide a first type of security. The method may also include configuring a second instantiation of the first network function to provide a second type of security that is different than the first type of security. The method may further include allocating at least some of the subscriber traffic to the first instantiation.

Abstract: Various communication systems may benefit from appropriate security measures. For example, the cellular internet of things may benefit from suitable security procedures. A method can include including a first field in a subscriber profile. The first field can be configured to determine a minimum strength for at least one cryptographic algorithm to be used between a user equipment associated with this subscription and a support node. The method can also include transmitting the subscriber profile between a subscriber database and the support node.

Abstract: A wind turbine tower is provided with a plurality of tower segment which are placed one on top of the other in order to form the tower. A lower tower segment has a lower end face, and in the lower region of the lower tower segment, the lower tower segment has a plurality of recesses and through-bores between the lower end face of the lower tower segment and a base of the recesses. The recesses are designed to receive a leveling unit for leveling the lower tower segment. The recesses are preferably provided on the inner face of the lower tower segment and provide an effective possibility for receiving leveling units.

Abstract: An apparatus comprises a memory unit, and a control unit connected to the memory unit. The apparatus can be configured to interface at least one access node; the control unit is configured to derive at least one local level security key within an established security context for a terminal, forward the derived local security key to at least one access node, and detect failures in a handover for a terminal being served by a first access node towards a second access node. The failures concern the interface between the apparatus and the second access node. In response to a verified trigger condition, the control unit can re-adjust local level security keys with keys maintained at the terminal within the established security context.

Abstract: Systems, methods, apparatuses, and computer program products for providing security between WebRTC clients and IMS are provided. One method includes storing, by a network node, at least one parameter per internet protocol multimedia subsystem (IMS) subscription, where the at least one parameter comprises at least one identity of any web real time communication (WebRTC) web server function that is authorized to authenticate an IMS subscriber in WebRTC. The method may further include receiving a WebRTC web server function identity from a call state control function, comparing the received WebRTC web server function identity with the at least one parameter associated with the IMS subscription, and rejecting IMS communication when there is not a match between the received WebRTC web server function identity and the at least one parameter associated with the IMS subscription.

Abstract: Systems, methods, apparatuses, and computer program products for securing user plane (e.g., MB2-U) interface between a group communication service application server (GCS AS) and Broadcast Multicast Service Center (BM-SC) are provided. One method may include transmitting a message via a control plane, to an application server, indicating whether to establish a security association on a user plane in an interface between the GCS AS and the BM-SC. The method may also include providing, to the GCS AS, a target internet protocol (IP) address and possible port as a target for the security association.