Abstract: Provided is a low capability device (UE) active in a communication system comprising a plurality of satellites (Si, Sj) insuring a temporally continuous communication coverage for the low capability device (UE), said satellites being further grouped in families (S1x), satellites of a same family (S1x) sharing same and common access information, said device (UE) comprises a power saving module to send to the serving satellite (S11), during a first data session, a next access request for a next or continued data session with time indications including at least a desired next time interval to be granted for communication. Other embodiments disclosed.

Abstract: A method for authenticating by a network server a communication apparatus, the communication apparatus contains a tamper resistant area adapted to memorize a first secret, by receiving from the communication apparatus a request message including a subscriber identifier; providing, by consulting a database accessible by the network server, a device identifier associated to the received subscriber identifier allowing to identify the communication apparatus; identifying in a secure distributed ledger a record published by a manufacturer of at least a portion of the communication apparatus, the record including a second secret attributed to the identified communication apparatus; generating a challenge message including a random number and sending it to the communication apparatus for it to generate a first result; receiving from the communication apparatus a response message including the first result, the communication apparatus being authenticated by the network server if the first result is equal to a second

Abstract: Provided is a method for pushing data to a mobile network operator (MNO), the method being suitable to be implemented by a server and comprising the following steps of: receiving, from the MNO, a message comprising at least one communication pattern associated with at least one device identifier identifying a type or a provider of a device; receiving, from a user, a request for downloading a subscription profile of the MNO; sending, in response to the request, the subscription profile to a device of the user; identifying, from the at least one communication pattern, a communication pattern applicable to the subscription profile according to device data obtained from the request; and pushing data comprising an identifier of the subscription profile and the applicable communication pattern to the MNO.

Abstract: A method for updating a terminal comprising a secure element is provided by way of an Over-the-Air (OTA) platform. The OTA receives at least a location data reflecting the location of the terminal and a request for downloading a list of preferred networks in the terminal. Each of said preferred networks may be associated with its own target roaming quota usage, at least one weighting factor associated to a given list of the set may be updated as a result of an optimization function which aims at generating one weighting factor based on a target roaming quota usage associated to each preferred network of the given list. Other embodiments are disclosed.

Abstract: A method for connecting a secure element to a network of a first mobile network operator using an ephemeral first IMSI, in order to get a second IMSI, from the first mobile network operator, includes: Selecting a first radio serving network, the first selected network being not listed in the Forbidden VPLMN list of the secure element; Sending a REGISTER REQUEST message comprising the first IMSI to the first selected network; If the first selected network does not route the message to the network of the first mobile network operator, stop trying to register with the first selected network and put the MCC/MNC codes of the first selected network in the Forbidden VPLMN list of the secure element; Searching for a another network to register with; and Repeat the foregoing steps until a network routes the first IMSI to the network of the first mobile network operator.

Abstract: The invention proposes a method for establishing a bidirectional NAS signalization channel between a secure element cooperating with a terminal and a distant platform through a Network Exposure Function, upon request of either the secure element or the distant platform. The method includes an exchange of containers of data between the distant platform and the secure element through the Network Exposure Function.

Abstract: A method for authenticating by a network server a communication apparatus, the communication apparatus contains a tamper resistant area adapted to memorize a first secret, by receiving from the communication apparatus a request message including a subscriber identifier; providing, by consulting a database accessible by the network server, a device identifier associated to the received subscriber identifier allowing to identify the communication apparatus; identifying in a secure distributed ledger, using the device identifier, a record published by a manufacturer of at least a portion of the communication apparatus, said record comprising a second secret attributed to the identified communication apparatus; generating a challenge message comprising a random number RAND and sending it to the communication apparatus for it to generate a first result F_HWRES; receiving from the communication apparatus a response message comprising the first result F_HWRES, the communication apparatus being authenticated by the n

Abstract: This invention related to a method for provisioning a first communication device with a set of at least one credential required for accessing to a wireless network by using a second communication device provisioned with a cryptographic key K also known by the wireless network, the first communication device being associated with a certificate comprising a public key PK, said certificate being stored with an associated private key PrK in said first communication device, the method comprising the following steps: receiving by the second communication device a registration request from the first communication device in order to be provisioned with the set of at least one credential; transmitting to the wireless network by the second communication device the registration request to generate a set of at least one credential associated to the first communication device comprising at least a cryptographic key K?, the wireless network being adapted to generate a first random number R1 and a second random number R2; r

Abstract: The invention is a method for updating a first secret data in a credential container including a subscriber identity module. The credential container comprises a set of secret parameters customized for a network operator and is configured to execute a symmetric mutual authentication algorithm using said set. The credential container receives from a remote server a second secret data enciphered using a second algorithm different from said symmetric mutual authentication algorithm and a subset of said secret parameters, the credential container deciphers the enciphered second secret data by using both the subset and a third algorithm and replaces the first secret data with the second secret data.

Abstract: A method of replacing an authentication parameter for authenticating a security element co-operating with a terminal includes storing in the security element a first authentication parameter; transmitting to a mobile network operator the first authentication parameter for the operator to record it in its authentication system; on occurrence of an event, having a remote platform transmit to the security element an indicator informing the security element that it is authorized to replace the first authentication parameter with a second authentication parameter if its authentication fails; on occurrence of the event, having the entity transmit to the operator a second authentication parameter to replace the first authentication parameter; and in the event of subsequent failure of the security element to connect to the mobile network and if the indicator is present at the security element, replacing the first authentication parameter with the second authentication parameter at the security element.

Abstract: The invention specifically relates to a method for virtually connecting two persons, with the first person having a first NFC device and the second person having a second NEC device. One of the NFC devices is a telecommunications terminal comprising an application, and both NFC devices comprise the identity of the person to which they belong. According to the invention, the method includes transmitting the identity of the first person from the first NFC device to the second NFC device; transmitting the identity of the second person from the second NFC device to the first NFC device; generating a secret shared by the persons using the application, with the shared secret giving access to an Internet space shared by the persons; and storing the shared secret in the NFC devices, with a reference relating to the virtual connection thereof.

Abstract: This invention related to a method for provisioning a first communication device with a set of at least one credential required for accessing to a wireless network by using a second communication device provisioned with a cryptographic key K also known by the wireless network, the first communication device being associated with a certificate comprising a public key PK, said certificate being stored with an associated private key PrK in said first communication device, the method comprising the following steps: receiving by the second communication device a registration request from the first communication device in order to be provisioned with the set of at least one credential; transmitting to the wireless network by the second communication device the registration request to generate a set of at least one credential associated to the first communication device comprising at least a cryptographic key K?, the wireless network being adapted to generate a first random number R1 and a second random number R2; r

Abstract: The invention is a method for managing access to a service wherein the method comprises the following steps: a client application sends to an application server a request to access the service by using credentials and a first anti-clone code, the application server performs a verification of the credentials and said first anti-clone code, the application server sends a second anti-clone code to the client application and deactivates said first anti-clone code only in case of successful verification, said second anti-clone code being required for the next attempt to access the service.

Abstract: A method of replacing an authentication parameter for authenticating a security element co-operating with a terminal includes storing in the security element a first authentication parameter; transmitting to a mobile network operator the first authentication parameter for the operator to record it in its authentication system; on occurrence of an event, having a remote platform transmit to the security element an indicator informing the security element that it is authorized to replace the first authentication parameter with a second authentication parameter if its authentication fails; on occurrence of the event, having the entity transmit to the operator a second authentication parameter to replace the first authentication parameter; and in the event of subsequent failure of the security element to connect to the mobile network and if the indicator is present at the security element, replacing the first authentication parameter with the second authentication parameter at the security element.

Abstract: The invention relates to a method for accessing an Internet protocol Multimedia Subsystem type subsystem, said subsystem. According to the invention, a device is firstly connected to a mobile communication network, as a visited network, said first network. The method comprises the following steps. The first network sends to the device a first message comprising current location data relating to a location where the device is currently present. The device analyzes whether at least one roaming rule associated with the current location data is or is not stored within the device. The at least one roaming rule includes, each, at least one parameter for accessing the subsystem. And if the device does store the at least one roaming rule associated with the current location data, then the device sends to the subsystem a second message including a request for connecting to the subsystem. The invention also pertains to a corresponding device.

Abstract: The invention is a method for managing access to a service wherein the method comprises the following steps: a client application sends to an application server a request to access the service by using credentials and a first anti-clone code, the application server performs a verification of the credentials and said first anti-clone code, the application server sends a second anti-clone code to the client application and deactivates said first anti-clone code only in case of successful verification, said second anti-clone code being required for the next attempt to access the service.

Abstract: The invention relates, in particular, to a method for registering at least one public address in an IMS network including a terminal that interacts with a security element. According to the invention, the security element includes an application that invites the user of the terminal, upon the occurrence of an event, to enter a public address, selected by the user, via the man/machine interface of the terminal, the application transmitting the public address, accompanied by at least one identifier of the security element, to a remote network via the terminal such that the remote network associates the public address with the identifier.

Abstract: The invention relates to a method for accessing an Internet protocol Multimedia Subsystem type subsystem, said subsystem. According to the invention, a device is firstly connected to a mobile communication network, as a visited network, said first network. The method comprises the following steps. The first network sends to the device a first message comprising current location data relating to a location where the device is currently present. The device analyses whether at least one roaming rule associated with the current location data is or is not stored within the device. The at least one roaming rule includes, each, at least one parameter for accessing the subsystem. And if the device does store the at least one roaming rule associated with the current location data, then the device sends to the subsystem a second message including a request for connecting to the subsystem. The invention also pertains to a corresponding device.

Abstract: A method for establishing a communication channel between a local server and a remote server includes: i) transmitting, from the local server to a terminal, the IP address of the remote server and a communication port of the local server; ii) transmitting the IP address of the terminal from the terminal to the local server; iii) transmitting, from the local server to the terminal, a request to connect to the remote server, including the IP addresses of the remote server and the terminal, an identifier of the local server; and the communication port; iv) transmitting, from the local server to the remote server, the IP address of the terminal, an identifier of the local server, and the communication port; and v) combining, at the remote server, the identifier of the local server and the IP address of the terminal to ascertain an IP address of the local server.

Abstract: The invention specifically relates to a method for virtually connecting two persons, with the first person having a first NFC device and the second person having a second NEC device. One of the NFC devices is a telecommunications terminal comprising an application, and both NFC devices comprise the identity of the person to which they belong. According to the invention, the method includes transmitting the identity of the first person from the first NFC device to the second NFC device; transmitting the identity of the second person from the second NFC device to the first NFC device; generating a secret shared by the persons using the application, with the shared secret giving access to an Internet space shared by the persons; and storing the shared secret in the NFC devices, with a reference relating to the virtual connection thereof.