Abstract: A method, devices, and a computer program for synchronizing one or more software programs from a first device (D100) to a second device (D200) are disclosed.

Abstract: Methods, devices, and computer programs for an authentication of a user to a service of a service provider are disclosed. Access for the user to the service of the service provider is requested. One or more authentication security profiles are selected by the service provider for specifying an authentication security requirement of the service provider for the authentication of the user to the service. An indication of the one or more selected authentication security profiles and a user identity identifying the user to an identity provider are sent from the service provider to the identity provider for requesting the authentication of the user by the identity provider. The user is authenticated based on the user identity and one of the one or more selected authentication security profiles. An assertion indicating the authentication of the user to the service provider is sent to the service provider.

Abstract: Methods and devices for charging a user for access to a service accessible via a communication network are disclosed. At least two charging-related states are defined for the communication network. A tariff proposal entity associated with the user determines one or more tariff proposals for charging the user for accessing the service and sends the one or more tariff proposals to a rating entity. The rating entity analyzes the one or more tariff proposals in relation to a current charging-related state of the at least two charging-related states, wherein it is determined if at least one of the one or more tariff proposals complies with at least one tariff setting associated with the current charging-related state. The rating entity further selects a tariff of the at least one complying tariff proposals for charging the user for access to the service and initiates a charging of the user for access to the service according to the selected tariff.

Abstract: A method for provision of access for a data requesting entity (IRE) to data related to a principal is disclosed, comprising the steps of (i) creating an access granting ticket comprising an access specification specifying a permission for an access to data related to the principal, said data being available at a data providing entity (IPE1), and a principal identifier representing the principal towards the data providing entity (IPE1), (ii) encrypting the access granting ticket with an encryption key of the data providing entity (IPE1), (iii) communicating to the data requesting entity (IRE) the encrypted access granting ticket accompanied by an identifier of the data providing entity (IPE1), (iv) communicating from the data requesting entity (IRE) to the data providing entity (IPE1) a request comprising the encrypted access granting ticket, (v) decrypting the encrypted access granting ticket with a decryption key of the data providing entity (IPE1) corresponding to the encryption key, (vi) providing to the d

Abstract: A method for linking of a first characteristic of a first device and a second characteristic of a second device by a server is disclosed. The method comprises the steps of selecting a first linking information and a second linking information, the first linking information matching to the second linking information, sending from the server the first linking information to the first device and the second linking information to the second device, presenting by the first device the first linking information and by the second device the second linking information, entering into the first device an indication of the matching of the first linking information and the second linking information, and based on the entered indication of the matching, sending to the server a matching confirmation for confirming the matching to the server, and associating the first characteristic and the second characteristic based on the received matching confirmation.

Abstract: Methods and devices for charging a user for access to a service accessible via a communication network are disclosed. At least two charging-related states are defined for the communication network. A tariff proposal entity associated with the user determines one or more tariff proposals for charging the user for accessing the service and sends the one or more tariff proposals to a rating entity. The rating entity analyzes the one or more tariff proposals in relation to a current charging-related state of the at least two charging-related states, wherein it is determined if at least one of the one or more tariff proposals complies with at least one tariff setting associated with the current charging-related state. The rating entity further selects a tariff of the at least one complying tariff proposals for charging the user for access to the service and initiates a charging of the user for access to the service according to the selected tariff.

Abstract: A method, devices, and a computer program for synchronizing one or more software programs from a first device (D100) to a second device (D200) are disclosed.

Abstract: Access to information related to a client terminal is provided to a first web server, the information being stored by a second web server. The first web server is connected to the client terminal via a proxy server. The second web server sends a message, including a cookie, to the proxy server, wherein the cookie comprises a network address of the second web server. The cookie, related to the client terminal, is stored in the proxy server. The proxy server receives a message from the client terminal addressed to the first web server and the proxy server inserts the stored cookie into the received message. The proxy server forwards the received message to the first web server, which uses the cookie to request information from the second web server.

Abstract: A method for provision of access for a data requesting entity (IRE) to data related to a principal is disclosed, comprising the steps of (i) creating an access granting ticket comprising an access specification specifying a permission for an access to data related to the principal, said data being available at a data providing entity (IPE1), and a principal identifier representing the principal towards the data providing entity (IPE1), (ii) encrypting the access granting ticket with an encryption key of the data providing entity (IPE1), (iii) communicating to the data requesting entity (IRE) the encrypted access granting ticket accompanied by an identifier of the data providing entity (IPE1), (iv) communicating from the data requesting entity (IRE) to the data providing entity (IPE1) a request comprising the encrypted access granting ticket, (v) decrypting the encrypted access granting ticket with a decryption key of the data providing entity (IPE1) corresponding to the encryption key, (vi) providing to the d

Abstract: A universal authentication mechanism for authenticating a user to a service provider (SP) is disclosed. An application device (ApD) requests a service for the user from the service provider (SP) and performs a transmission of a user identity (S10) identifying the user to the service provider (SP). The service provider sends a request for confirmation of the user identity (S20) to an authentication server (AS). The request comprises the user identity and a service identity identifying the requested service. The authentication server (AS) sends a request for service authentication (S50) to the authentication device (AuD) for confirmation. Based on the result of an analysis (S80) of a service authentication confirmation (S60) received from the authentication device (AuD), the authentication server (AS) sends a confirmation of the user identity (S90) confirming the identity of the user to the service provider (SP), which grants service access (S100).

Abstract: A method for linking of a first characteristic of a first device and a second characteristic of a second device by a server is disclosed. The method comprises the steps of selecting a first linking information and a second linking information, the first linking information matching to the second linking information, sending from the server the first linking information to the first device and the second linking information to the second device, presenting by the first device the first linking information and by the second device the second linking information, entering into the first device an indication of the matching of the first linking information and the second linking information, and based on the entered indication of the matching, sending to the server a matching confirmation for confirming the matching to the server, and associating the first characteristic and the second characteristic based on the received matching confirmation.

Abstract: Methods, devices, and computer programs for an authentication of a user to a service of a service provider (SP) are disclosed. Access for the user to the service of the service provider (SP) is requested. One or more authentication security profiles are selected by the service provider SP) for specifying an authentication security requirement of the service provider (SP) for the authentication of the user to the service. An indication of the one or more selected authentication security profiles and a user identity identifying the user to an identity provider (IdP1) are sent from the service provider (SP) to the identity provider (IdP1) for requesting the authentication of the user by the identity provider (IdP1). The user is authenticated based on the user identity and one of the one or more selected authentication security profiles. An assertion indicating the authentication of the user to the service provider (SP) is sent to the service provider (SP).

Abstract: The invention relates to a method for providing information related to a client (C) to a first web server (WS1) as well as a web server, a proxy server. The invention further relates to a proxy server, a program unit loadable into a proxy server, a web server, and a program unit loadable into a web sever, all of them to perform the invented method. A second web server (WS2) stores the information related to the client (C), and the first web server (WS1) is connected to the client (C) via a proxy server (PS). The proxy server stores a cookie for the first web server (WS1), the cookie being related to the client (C) and the cookie comprising a network address of the second web server (WS2). The client (C) sends a message towards the first web server (WS1) via the proxy server (PS). The message is received in the proxy server (PS), that inserts the cookie into the message, and forwards the message to the first web server (WS1).

Abstract: For control of access of personal information in accordance with a privacy policy defined for a service provider, a method is disclosed, wherein the method comprises the steps of providing service provider request data from a service provider to an end user device, the service provider request data being indicative of personal information of a user of the end user device to be accessed by the service provider, providing to the service provider first user data including at least one of personal information of the user as requested by the service provider or rejections of personal information requested by the service provider, creating privacy receipt data including the first user data and data being indicative of the service provider, and providing the privacy receipt data to the end user device.

Abstract: Method and apparatus for error concealment in an image allowing to conceal an error area in the image with estimated pixels. A first boundary section and a second boundary section adjacent to the error area is determined and correspondences between the boundary elements of the boundary sections are established using non-linear alignment operations. After establishing the correspondences pixels between respective boundary elements of the first boundary section and the second boundary section are estimated. The non-linear alignment operations may include dynamic programming techniques, including Needleman-Wunsch techniques, wherein a similarity measure is used for a matrix fill operation.

Abstract: A method for authentication of a user towards a unit (AR1) is described that uses unique biometric data of the user but avoids spreading of the sensitive biometric data. The method overcomes the problem of the lack of trustworthiness of a client (C1) operated by a user and the lack of trustworthiness of a unit (AR1) operated by an institution offering services or goods introducing an authentication instance (AI1) operated by a third party that is trusted by both the user operating the client (C1) and the institution operating the unit. According to the invented method the responsability for the secure handling of the sensitive biometric data is taken from the institution operating the unit (AR1) requesting authentication and given to a trusted third party organization operating an authentication instance (AI1).

Abstract: A universal authentication mechanism for authenticating a user to a service provider (SP) is disclosed. An application device (ApD) requests a service for the user from the service provider (SP) and performs a transmission of a user identity (S10) identifying the user to the service provider (SP). The service provider sends a request for confirmation of the user identity (S20) to an authentication server (AS). The request comprises the user identity and a service identity identifying the requested service. The authentication server (AS) sends a request for service authentication (S50) to the authentication device (AuD) for confirmation. Based on the result of an analysis (S80) of a service authentication confirmation (S60) received from the authentication device (AuD), the authentication server (AS) sends a confirmation of the user identity (S90) confirming the identity of the user to the service provider (SP), which grants service access (S100).

Abstract: The invention relates to a method for initiating an electronic payment transaction. A filter FI receives a payment request 300 and modifies it by adding a transaction identification. It sends the modified payment request 301 to a transaction server WS, and a payment request information 302 containing the transaction identification to a communication terminal MS. The transaction server WS receives the modified payment request 301 and a payment initiation 303 containing an additional transaction identification from the communication terminal MS. The transaction server WS compares the transaction identifications of the modified payment request 301 and the payment initiation 303 and performs the payment transaction 304, if the transaction identifications correspond with each other.

Abstract: A method for the authorization of transactions is described, wherein a user equipment receives an authorization request with an identifier of a transaction and replies to the request with an authorization response. For an authorization request, an indication is determined which is output by the user equipment (UE). Preferably, the identifier is a hash value of the content which is to be authorized. After an input to approve or disapprove the authorization request, the identifier (H) is signed and the authorization response according to the input is sent, wherein an approving authorization response comprises the signed identifier (H). Devices and software programs adapted to the method are also described.