Abstract: A method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.

Abstract: A method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.

Abstract: The present invention is related to a method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.

Abstract: The user equipment (UE) and the Mobility Management Entity (MME) in an evolved 3GPP system generate authentication material that can be carried inside a packet switched network temporary mobile station identifier (P-TMSI) signature field of a Universal Mobile Telecommunications System (UMTS) signaling message from the UE to a UMTS/GPRS serving GPRS support node (SGSN) in a UMTS or GPRS Terrestrial Radio Access Network (UTRAN) or in a GSM/Edge Radio Access Network (GERAN), as well as from the SGSN to the MME of the evolved 3GPP system. The MME authenticates a context transfer request from the UTRAN/GERAN system based on the transferred authentication material and knowledge of how to create or to verify the authentication material. Additionally, the MME and the UE derive or verify authentication material, based on at least one user-specific key, for embedding in the P-TMSI signature field in legacy 3GPP signalling.

Abstract: A method, apparatus and computer program product are provided to provide fresh security context during intersystem mobility. A method is provided which includes receiving an indication of handover of a remote device from a source system to a target system. The target system may implement a communications standard different from that of the source system. The method also includes determining a current sequence number value of a security context maintained in the source system. The method additionally includes deriving a fresh mapped security context for the target system based at least in part upon the determined sequence number value. The method further includes providing the derived fresh mapped security context to the target system.

Abstract: When the set-top box (STB) has been switched on, registration and authentication with the provider (IDP) are carried out (1, 2, 3). Following successful authentication, a piece of authentication information is then sent (4) to the set-top box (STB), which the set-top box (STB) sends (5) to a service provider (SP1) for registration. The service provider (SP1) then sets up (6) a connection to the provider (IDP) of the registration and authentication function in order to verify the authentication information and to request guidelines for charging, and the provider (IDP) of the registration and authentication function sends (7) confirmation to the service provider.

Abstract: The use of suitable measures in a method for agreeing on a security key between at least one first and one second communication station to secure a communication link is improved so that the security level for the communication is increased and the improved method can be combined with already available methods. A first parameter is determined from an authentication and key derivation protocol. In addition, an additional parameter is sent securely from the second to the first communications station. A security key is then determined from the first parameter and the additional parameter.

Abstract: Cryptographic network separation functionality is provided on a user device. An option to store information about a type of database where a user is homed is provided in an indicator on a storage medium. An interface is provided between the user device and the storage medium for accessing the indicator. In case the information about the type of database cannot be obtained from the storage medium, it is determined not to enforce the cryptographic network separation functionality on the user device.

Abstract: The present invention is related to a method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.

Abstract: A method, apparatus and computer program product are provided to provide cryptographical key separation for handovers. A method is provided which includes calculating a key based at least in part upon a previously stored first intermediary value. The method also includes calculating a second intermediary value based at least in part upon the calculated key. The method additionally includes sending a path switch acknowledgement including the second intermediary value to a target access point. The method may further include receiving a path switch message including an indication of a cell identification and calculating the encryption key based upon the indication of the cell identification. The method may further include storing the second intermediary value. The calculation of the key may further comprise calculating the key following a radio link handover. Corresponding apparatuses and computer program products are also provided.

Abstract: A method, apparatus and computer program product are provided to provide fresh security context during intersystem mobility. A method is provided which includes receiving an indication of handover of a remote device from a source system to a target system. The target system may implement a communications standard different from that of the source system. The method also includes determining a current sequence number value of a security context maintained in the source system. The method additionally includes deriving a fresh mapped security context for the target system based at least in part upon the determined sequence number value. The method further includes providing the derived fresh mapped security context to the target system.

Abstract: When the set-top box (STB) has been switched on, registration and authentication with the provider (IDP) are carried out (1, 2, 3). Following successful authentication, a piece of authentication information is then sent (4) to the set-top box (STB), which the set-top box (STB) sends (5) to a service provider (SP1) for registration. The service provider (SP1) then sets up (6) a connection to the provider (IDP) of the registration and authentication function in order to verify the authentication information and to request guidelines for charging, and the provider (IDP) of the registration and authentication function sends (7) confirmation to the service provider.

Abstract: The use of suitable measures in a method for agreeing on a security key between at least one first and one second communication station to secure a communication link is improved so that the security level for the communication is increased and the improved method can be combined with already available methods. A first parameter is determined from an authentication and key derivation protocol. In addition, an additional parameter is sent securely from the second to the first communications station. A security key is then determined from the first parameter and the additional parameter.

Abstract: The user equipment (UE) and the Mobility Management Entity (MME) in an evolved 3GPP system generate authentication material that can be carried inside a packet switched network temporary mobile station identifier (P-TMSI) signature field of a Universal Mobile Telecommunications System (UMTS) signaling message from the UE to a UMTS/GPRS serving GPRS support node (SGSN) in a UMTS or GPRS Terrestrial Radio Access Network (UTRAN) or in a GSM/Edge Radio Access Network (GERAN), as well as from the SGSN to the MME of the evolved 3GPP system. The MME authenticates a context transfer request from the UTRAN/GERAN system based on the transferred authentication material and knowledge of how to create or to verify the authentication material. Additionally, the MME and the UE derive or verify authentication material, based on at least one user-specific key, for embedding in the P-TMSI signature field in legacy 3GPP signalling.