Abstract: Embodiments include methods. electronic device, storage medium, and computer program to implement parallel Data-gram Transport Layer Security (DTLS) connections over a stream control transmission protocol (SCTP) association.

Abstract: Mechanisms for establishing forward secrecy during digest access authentication are provided. A method is performed by a client device. The method includes performing digest access authentication with a server device. The digest access authentication includes sending a first request towards the server device for accessing a resource; and receiving a first response. The first response includes a challenge and a public component of an asymmetric key pair for a key exchange with the server device. The digest access authentication includes calculating, using a digest algorithm, a response parameter based at least on the challenge and the public component of the asymmetric key pair; and sending a second request towards the server device for accessing the resource. The second request includes the calculated response parameter. The digest access authentication includes receiving a second response from the server device that indicates successful digest access authentication with the server device.

Abstract: A method comprising a client device performing digest access authentication with a server device. The digest access authentication comprises sending a first request towards the server device for accessing a resource. The digest access authentication comprises receiving a first response from the server device. The first response comprises at least two challenges and indications of as many different digest algorithms, one digest algorithm is associated with each challenge. The digest access authentication comprises calculating a response to one of the challenges using the digest algorithm associated with said one of the challenges. The response to said one of the challenges is indicative of all of the different digest algorithms. The digest access authentication comprises sending a second request towards the server device for accessing the resource. The second request comprises the response to said one of the challenges.

Abstract: Communication equipment (20) is configured for use in a communication network (10). The communication equipment (20) determines an extent (24) to which a communication identifier (16) for the communication network (10) is to be padded in order for the communication identifier (16) to have a length that is included in a set (30) of allowed lengths. For each of at least two allowed lengths in the set (30), the allowed length differs from the next shortest or longest allowed length in the set (30) by a common length difference, and the longest allowed length among said at least two allowed lengths differs from the next longest allowed length in the set (30) by more than the common length difference. The communication equipment (20) performs, or assists other communication equipment (20) to perform, padding of the communication identifier (16) to the determined extent (24).

Abstract: A network node in a home network, HN, of a wireless device assigns a different priority to each of one or more parameter sets in a priority list. Each parameter set comprises one or more parameters used for calculating the subscription identifier. The network node provides the wireless device with the priority list to facilitate the calculation of the subscription identifier by the wireless device. The wireless device obtains the priority list, and calculates the subscription identifier using a null parameter set or one of the one or more parameter sets in the priority list selected responsive to the defined priorities. The wireless device then informs the HN of the subscription of the wireless device by sending the calculated subscription identifier to the network node.

Abstract: A network node (500, 600) in a home network, HN, of a wireless device (10, 300, 400) assigns a different priority to each of one or more parameter sets in a priority list. Each parameter set comprises one or more parameters used for calculating the subscription identifier. The network node (500, 600) provides the wireless device (10, 300, 400) with the priority list to facilitate the calculation of the subscription identifier by the wireless device (10, 300, 400). The wireless device (10, 300, 400) obtains the priority list, and calculates the subscription identifier using a null parameter set or one of the one or more parameter sets in the priority list selected responsive to the defined priorities. The wireless device (10, 300, 400) then informs the HN of the subscription of the wireless device (10, 300, 400) by sending the calculated subscription identifier to the network node (500, 600).

Abstract: A communication device establishes a secure connection in a wireless communication network. The communication device communicates a request to use a communication service provided by the wireless communication network, the request including an indication that the communication device can support the requested communication service and an Authentication and Key Management for Applications (AKMA) service provided by the wireless communication network. Responsive to communicating the request, the communication device receives a communication comprising information that indicates whether the requested communication service and the AKMA service can be provided to the communication device to establish the secure connection in the wireless communication network.

Abstract: A method at a first node for encoding a message for secure transmission to a second node comprising. The method includes receiving the message for transmission to the second node and fragmenting the message into a plurality of fragments, wherein each fragment is of a selected size. The method further includes encoding separately each fragment of the plurality of fragments using Datagram Transport Layer Security (DTLS), combining DTLS encoded fragments into a Stream Control Transmission Protocol (SCTP) message, and transmitting the message as a plurality of DTLS encoded fragments in the SCTP message to the second node.

Abstract: A user equipment (“UE”) in a wireless communication network can generate a padded identifier by inserting a padding bitstring in a field of an identifier associated with the UE. The UE can further encrypt the padded identifier to generate a concealed padded identifier. The UE can further transmit the concealed padded identifier to a network node operating in the wireless communication network.

Abstract: A method at a first node for encoding a message for secure transmission to a second node comprising. The method includes receiving the message for transmission to the second node and fragmenting the message into a plurality of fragments, wherein each fragment is of a selected size. The method further includes encoding separately each fragment of the plurality of fragments using Datagram Transport Layer Security (DTLS), combining DTLS encoded fragments into a Stream Control Transmission Protocol (SCTP) message, and transmitting the message as a plurality of DTLS encoded fragments in the SCTP message to the second node.

Abstract: A method for a first network node may protect confidentiality of a first identifier associated by the first network node with a subscription used by a mobile entity. The communications network comprises a home network of the mobile entity and a serving network serving the mobile entity. The first network node, which is part of the home network may: receive, from a second network node which is part of the serving network, a first request for authentication information for the mobile entity, the first request comprising the first identifier; generate a first pseudonym associated with the first identifier; create a link between the first pseudonym and the first identifier; and send, to the second network node, the first pseudonym in response to the first request for authentication information for use as an identifier for the mobile entity in the serving network. A method for a second network node is also provided.

Abstract: A method for enabling secure group communication in a communication network is performed in a sending node and includes providing signature verification related information to a plurality of listening nodes and sending a group message to the plurality of listening nodes, the group message including signature verification related information of the sending node. A method, nodes, computer programs, and a computer program product enabling secure group communication in a communication network are also presented.

Abstract: A network node (500, 600) in a home network, HN, of a wireless device (10, 300, 400) assigns a different priority to each of one or more parameter sets in a priority list. Each parameter set comprises one or more parameters used for calculating the subscription identifier. The network node (500, 600) provides the wireless device (10, 300, 400) with the priority list to facilitate the calculation of the subscription identifier by the wireless device (10, 300, 400). The wireless device (10, 300, 400) obtains the priority list, and calculates the subscription identifier using a null parameter set or one of the one or more parameter sets in the priority list selected responsive to the defined priorities. The wireless device (10, 300, 400) then informs the HN of the subscription of the wireless device (10, 300, 400) by sending the calculated subscription identifier to the network node (500, 600).

Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.

Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.

Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.

Abstract: A method for a first network node may protect confidentiality of a first identifier associated by the first network node with a subscription used by a mobile entity. The communications network comprises a home network of the mobile entity and a serving network serving the mobile entity. The first network node, which is part of the home network may: receive, from a second network node which is part of the serving network, a first request for authentication information for the mobile entity, the first request comprising the first identifier; generate a first pseudonym associated with the first identifier; create a link between the first pseudonym and the first identifier; and send, to the second network node, the first pseudonym in response to the first request for authentication information for use as an identifier for the mobile entity in the serving network. A method for a second network node is also provided.

Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.

Abstract: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.

Abstract: There is described herein a device (101) for communicating with a network. The device (101) comprises a communications unit for receiving data, a notification device for providing a notification to a user, and a control unit for controlling the operation of the communications unit and notification unit. The communications unit is configured to receive an information message (110, 112, 115), and to receive security authentication data (110, 112, 115) associated with the information message if such security authentication data is available. The control unit is configured to operate in a first or second configuration. In the first configuration it ignores the security authentication data, (111, 113), and instructs the notification unit to convey the notification to the user. In the second configuration, it verifies the information message (116) on the basis of the security authentication data and instructs the notification unit to convey the notification to the user if the verification is successful.