Abstract: A system comprising an IMS network (104), an adapter module (106), an identity provider (108) and an application (110) is described. The adapter module (106) is within an IMS trust domain. The application (110) is within the trust domain of the identity provider. A user of the system can access the application (110) via the IMS network (104), regardless of whether the application is within the IMS trust domain, by making use of the adapter module (106) to obtain the user's user credentials for the application from the identity provider.

Abstract: A method and apparatus can be configured to notify that the apparatus has changed a network node upon which the apparatus is camped on. The apparatus changes from camping on a first network node to camping on a second network node. The apparatus is in idle mode while camping on the first and the second network node. The first network node and the second network node both belong to a first network. The notifying is performed when the apparatus maintains a session to a third network node of a second network. The notifying is not performed when the apparatus is not maintaining a session to the third network node of the second network.

Abstract: A wind turbine tower is provided with a plurality of tower segment which are placed one on top of the other in order to form the tower. A lower tower segment has a lower end face, and in the lower region of the lower tower segment, the lower tower segment has a plurality of recesses and through-bores between the lower end face of the lower tower segment and a base of the recesses. The recesses are designed to receive a leveling unit for leveling the lower tower segment. The recesses are preferably provided on the inner face of the lower tower segment and provide an effective possibility for receiving leveling units.

Abstract: Various communication systems may benefit from appropriate security mechanisms. For example, isolated operation of evolved universal terrestrial radio networks may benefit from key separation for a local evolved packet core. A method can include deriving a subscriber key corresponding to an isolated operation network. The subscriber key can be derived from an identifier of the isolated operation network and a master subscriber key. The method can also include provisioning the subscriber key to the isolated operation network.

Abstract: A method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.

Abstract: The present invention is related to a method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.

Abstract: Systems, methods, apparatuses, and computer program products for security handling in, for example, cells that support multiple frequency band indication are provided. One method includes receiving, for example by a source evolved node B (eNB) configured to communicate with a user equipment, a multiple frequency band indicator (MFBI) list, the multiple frequency band indicator (MFBI) list comprising at least one frequency band number listed in the same order of priority as broadcast by a target eNB. The method may further include selecting one of the at least one frequency band number for use by the source eNB, calculating a security key (KeNB*) using the DL EARFCN belonging to the selected frequency band number with the highest priority that is also supported by the user equipment, and signaling the calculated security key to the target eNB.

Abstract: In a method for key handling in mobile communication systems, first and second numbers are exchanged between entities of the mobile communication system. The first and second numbers are respectively used only once with respect to the respective system parameters of the communication system and therefore allowing greater security in the communication system.

Abstract: It is provided an apparatus, comprising property checking means configured to check whether a claimant property information received from a claimant device corresponds to a predefined claimant attribute; obtaining means configured to obtain a result, which is positive only if the claimant property information corresponds to the predefined claimant attribute as checked by the property checking means; key generation means configured to generate a first claimant intermediate key from a predefined claimant permanent key stored in the apparatus; supplying means configured to supply, to the claimant device, the first claimant intermediate key using a secured protocol, wherein at least one of the key generation means and the supplying means is configured to generate and to supply, respectively, the first claimant intermediate key only if the result is positive.

Abstract: It is provided an apparatus, comprising property checking means configured to check whether a claimant property information received from a claimant device corresponds to a predefined claimant attribute; obtaining means configured to obtain a result, which is positive only if the claimant property information corresponds to the predefined claimant attribute as checked by the property checking means; key generation means configured to generate a first claimant intermediate key from a predefined claimant permanent key stored in the apparatus; supplying means configured to supply, to the claimant device, the first claimant intermediate key using a secured protocol, wherein at least one of the key generation means and the supplying means is configured to generate and to supply, respectively, the first claimant intermediate key only if the result is positive.

Abstract: An access specific key is provided for securing of a data transfer between a mobile terminal and a node of an access net. For authentication of the mobile terminal, a authentication server generates a session key, from which a basic key is derived and transferred to an interworking-proxy-server. The interworking-proxy-server derives the access specific key from the transferred basis key and provides the key to the node of the access net.

Abstract: The present invention relates to devices, methods and computer program products in relation to mobile communication. In particular, it relates to those devices, methods and computer program products of communication networks in relation to e.g. so-called Public Warning Systems (PWS). In order to provide improvement, an apparatus comprises: a control module configured to receive a specified message including an indication of a public key for verification of broadcast messages, in response to having received the indication, select a timer period associated with the indication of the public key received, launch a timer for the selected timer period, and, upon expiry of the timer, cause to indicate acceptance of the public key.

Abstract: It is disclosed a method (and related apparatus) including selecting, at a first endpoint entity, at least one range of protection to be granted, the range of protection relating to one of a plurality of network elements in at least one access network and at least one core network and to a second endpoint entity, and transmitting, to a network element entity, a signaling message including first establishment information indicating the at least one range of protection to be granted; and a method (and related apparatus) including receiving, at the network element entity, the signaling message from the first endpoint entity, obtaining, from a second endpoint entity and based on the first establishment information, second establishment information indicating protection granted by the second endpoint entity, and signaling, from the network element entity to the first endpoint entity, third establishment information indicating the protection granted to the first endpoint entity.

Abstract: An apparatus comprises a memory unit, and a control unit connected to the memory unit. The apparatus can be configured to interface at least one access node; the control unit is configured to derive at least one local level security key within an established security context for a terminal, forward the derived local security key to at least one access node, and detect failures in a handover for a terminal being served by a first access node towards a second access node. The failures concern the interface between the apparatus and the second access node. In response to a verified trigger condition, the control unit can re-adjust local level security keys with keys maintained at the terminal within the established security context.

Abstract: The invention relates to a blade (1.1) for a water turbine, comprising the following features or components: •—a body made of sheet steel or cast steel, said body having mutually opposite outer surfaces that are in contact with the water during operation; •—at least one relief notch (5) which is located in a peripheral region of the blade (1.1) and extends through mutually opposite regions of the outer surfaces; •—a curable filling compound (6) which fills the cavity in the notch (5). The invention is characterized by the following features: •—retaining bodies (10) are fixed to the notch surface (5.1), said retaining bodies (10) being embedded in the filling compound (6) in the mounted state; •—the retaining bodies (10) have protrusions which prevent the filling compound (6) from falling out by way of a tight fit when the filling compound has cured.

Abstract: Systems, methods, apparatuses, and computer program products for providing security between WebRTC clients and IMS are provided. One method includes storing, by a network node, at least one parameter per internet protocol multimedia subsystem (IMS) subscription, where the at least one parameter comprises at least one identity of any web real time communication (WebRTC) web server function that is authorized to authenticate an IMS subscriber in WebRTC. The method may further include receiving a WebRTC web server function identity from a call state control function, comparing the received WebRTC web server function identity with the at least one parameter associated with the IMS subscription, and rejecting IMS communication when there is not a match between the received WebRTC web server function identity and the at least one parameter associated with the IMS subscription.

Abstract: A home subscriber server (400) receives a request for authentication information from an authentication server (300) and transforms cryptographic keys for a user equipment (100) into access specific cryptographic keys based on an identity of an authenticator (200) controlling access from the user equipment (100) to an EPS network, and generates the authentication information including the access specific cryptographic keys and a separation indicator which is set. The user equipment (100) checks whether the separation indicator included in the authentication information is set, and if the separation indicator is set, transforms cryptographic keys into access specific cryptographic keys based on the identity of the authenticator (200), and computes a key specific to an authentication method from the access specific cryptographic keys.

Abstract: Embodiments provide an apparatus, method, product and storage medium for secure communication, wherein a message is sent over a secure signalling path to a recipient, the message including a value indicating a key for encrypting or decrypting information for secure communication, or a key derivation value for deriving a key. The message further includes an indication indicating the type of usage of the value. The receiver of the message may return a message which also includes a key or key derivation value and an indication indicating the type of key or type of usage of the value.

Abstract: Systems, methods, apparatuses, and computer program products for security handling in, for example, cells that support multiple frequency band indication are provided. One method includes receiving, for example by a source evolved node B (eNB) configured to communicate with a user equipment, a multiple frequency band indicator (MFBI) list, the multiple frequency band indicator (MFBI) list comprising at least one frequency band number listed in the same order of priority as broadcast by a target eNB. The method may further include selecting one of the at least one frequency band number for use by the source eNB, calculating a security key (KeNB*) using the DL EARFCN belonging to the selected frequency band number with the highest priority that is also supported by the user equipment, and signaling the calculated security key to the target eNB.

Abstract: A method includes receiving at a UE information indicating different CN domains will be used for first and second data services after handover from a first RAT to a second RAT. Integrity protection is activated for the first and second CN domains but an element in the UE does not have an indication integrity protection is activated for the second CN domain. The UE provides a notification for the element that integrity protection has been activated for the second CN domain. Another method includes receiving at a network node a message indicating a UE has performed a handover involving first and second data services from a first to a second RAT, where the first and second data services will be handled by different core network domains. A security mode control procedure is performed to activate integrity protection towards the second core network domain. Apparatus and program products are disclosed.