Abstract: A substitution box, SBox, circuit that performs an SBox computational step when comprised in cryptographic circuitry. The SBox circuit comprises: a first circuit part comprising digital circuitry that generates a 4-bit first output signal (Y) from an 8-bit input signal (U); a second circuit part, configured to operate in parallel with the first circuit part and to generate a 32-bit second output signal (L) from the 8-bit input signal (U), wherein the 32-bit second output signal (L) consists of four 8-bit sub-results; and a third circuit part configured to produce four preliminary 8-bit results (K) by scalar multiplying each of the four 8-bit sub-results by a respective one bit of the 4-bit first output signal (Y), and to produce an 8-bit output signal (R) by summing the four preliminary 8-bit results (K).

Abstract: Disclosed herein is a method of a communication device, wherein the communication device is configured to operate in connection with an access node associated with a wireless communication network. The method comprises receiving a first data packet comprising a write request for writing code and/or data to a non-volatile memory comprised in the communication device and determining whether a second data packet comprising an identifier associated with the first data packet is received. When it is determined that the second data packet comprising the identifier is received, the method comprises extracting the identifier from the second data packet, wherein the identifier is a radio access layer parameter, determining whether the identifier is trusted, determining whether the identifier is validated when it is determined that the identifier is trusted and accepting at least a subset of the write request when it is determined that the identifier is trusted and validated.

Abstract: A substitution box, SBox, circuit that performs an SBox computational step when comprised in cryptographic circuitry. The SBox circuit comprises: a first circuit part comprising digital circuitry that generates a 4-bit first output signal (Y) from an 8-bit input signal (U); a second circuit part, configured to operate in parallel with the first circuit part and to generate a 32-bit second output signal (L) from the 8-bit input signal (U), wherein the 32-bit second output signal (L) consists of four 8-bit sub-results; and a third circuit part configured to produce four preliminary 8-bit results (K) by scalar multiplying each of the four 8-bit sub-results by a respective one bit of the 4-bit first output signal (Y), and to produce an 8-bit output signal (R) by summing the four preliminary 8-bit results (K).

Abstract: There is provided mechanisms for enabling secure communication between a first communications device and a second communications device. A method is performed by the first communications device. The method comprises performing a network attachment procedure with an authentication server. The method comprises establishing, during the network attachment procedure, a shared secret between the first communications device and the authentication server. The shared secret is established by running an authentication and key agreement protocol as part of the network attachment procedure with a network access identity of the first communications device as input. The method comprises deriving an application level shared key for the first communications device from the shared secret. The shared key is to be used for secure communication between the first communications device and the second communications device.

Abstract: There is provided mechanisms for handling a reconfiguration request for a communications device. A method is performed by the communications device. The method comprises wirelessly receiving the reconfiguration request from a radio access network node. The reconfiguration request originates from a server and is received together with digitally signed radio access layer information of the radio access network node. The method comprises verifying the digitally signed radio access layer information using an authorization process. The method comprises accepting the reconfiguration request only when having successfully verified the digitally signed radio access layer information.

Abstract: Disclosed herein is a method of a communication device, wherein the communication device is configured to operate in connection with an access node associated with a wireless communication network. The method comprises receiving a first data packet comprising a write request for writing code and/or data to a non-volatile memory comprised in the communication device and determining whether a second data packet comprising an identifier associated with the first data packet is received. When it is determined that the second data packet comprising the identifier is received, the method comprises extracting the identifier from the second data packet, wherein the identifier is a radio access layer parameter, determining whether the identifier is trusted, determining whether the identifier is validated when it is determined that the identifier is trusted and accepting at least a subset of the write request when it is determined that the identifier is trusted and validated.

Abstract: There is provided mechanisms for enabling secure communication between a first communications device and a second communications device. A method is performed by the first communications device. The method comprises performing a network attachment procedure with an authentication server. The method comprises establishing, during the network attachment procedure, a shared secret between the first communications device and the authentication server. The shared secret is established by running an authentication and key agreement protocol as part of the network attachment procedure with a network access identity of the first communications device as input. The method comprises deriving an application level shared key for the first communications device from the shared secret. The shared key is to be used for secure communication between the first communications device and the second communications device.

Abstract: There is provided mechanisms for handling a reconfiguration request for a communications device. A method is performed by the communications device. The method comprises wirelessly receiving the reconfiguration request from a radio access network node. The reconfiguration request originates from a server and is received together with digitally signed radio access layer information of the radio access network node. The method comprises verifying the digitally signed radio access layer information using an authorization process. The method comprises accepting the reconfiguration request only when having successfully verified the digitally signed radio access layer information.

Abstract: A method performed in a server node associated with a cellular communication system is disclosed. The method is for validation of a first position indication of a wireless communication device, wherein the wireless communication device is adapted to operate in connection with the cellular communication system. The first position indication is obtained via the wireless communication device by a first positioning system. The method comprises obtaining a serving cell identification of the wireless communication device, obtaining a second position indication of the wireless communication device based on the serving cell identification, and determining whether the first position indication is valid based on whether a metric based on the first and second position indications meets a validation criterion.

Abstract: A method performed in a server node associated with a cellular communication system is disclosed. The method is for validation of a first position indication of a wireless communication device, wherein the wireless communication device is adapted to operate in connection with the cellular communication system. The first position indication is obtained via the wireless communication device by a first positioning system. The method comprises obtaining a serving cell identification of the wireless communication device, obtaining a second position indication of the wireless communication device based on the serving cell identification, and determining whether the first position indication is valid based on whether a metric based on the first and second position indications meets a validation criterion.

Abstract: A method and an integrated circuit (100) for executing a trusted application within a trusted runtime environment (103) of the integrated circuit (100) are disclosed. The integrated circuit (100) comprises an internal memory (101) and the integrated circuit (100) is connected to an external memory (102). The trusted runtime environment (103) is restricted to use the internal memory (101) and the external memory (102). The integrated circuit (100) identifies (201) a call, by the trusted application, to a command of the trusted runtime environment (103). The trusted runtime environment (103) allows the command to be executed when the trusted application resides in the internal memory (101) only. Next, the integrated circuit (100) executes (204) the command while using the internal memory (101) only.

Abstract: A method performed by a network node for determining interoperability of an updated version of a piece of software with a device. The network node and the device operate in a network. The network node obtains information about software and hardware comprised in the device. The software comprises the piece of software to be updated. The network node updates the information about software and hardware with the updated version of the piece of software. The network node determines the interoperability of the updated version of the piece of software with the device based on a result of an interoperability test of the piece of software in an emulated environment corresponding to the device and created using updated information about software and hardware comprised in the device.

Abstract: Disclosed herein is a processing device comprising a secured execution environment comprising means for bringing the processing device into a predetermined operational state; and a timer; a communication interface for data communication between the processing device and a remote device management system external to the processing device; wherein the secured execution environment is configured, responsive to an expiry of the timer, to bring the processing device into said predetermined operational state; and responsive to a receipt, from the remote device management system via said communications interface, of a predetermined signal, to restart the timer.

Abstract: A method and an integrated circuit (100) for executing a trusted application within a trusted runtime environment (103) of the integrated circuit (100) are disclosed. The integrated circuit (100) comprises an internal memory (101) and the integrated circuit (100) is connected to an external memory (102). The trusted runtime environment (103) is restricted to use the internal memory (101) and the external memory (102). The integrated circuit (100) identifies (201) a call, by the trusted application, to a command of the trusted runtime environment (103). The trusted runtime environment (103) allows the command to be executed when the trusted application resides in the internal memory (101) only. Next, the integrated circuit (100) executes (204) the command while using the internal memory (101) only.

Abstract: Disclosed herein is a processing device comprising a secured execution environment comprising means for bringing the processing device into a predetermined operational state; and a timer; a communication interface for data communication between the processing device and a remote device management system external to the processing device; wherein the secured execution environment is configured, responsive to an expiry of the timer, to bring the processing device into said predetermined operational state; and responsive to a receipt, from the remote device management system via said communications interface, of a predetermined signal, to restart the timer.

Abstract: Security can be improved in electronic devices that use authentication images and trusted user interfaces (TUIs), and it can still be easy for users to see the TUIs by making more dynamic use of the authentication images and possibly adding color effects.

Abstract: Security can be improved in electronic devices that use authentication images and trusted user interfaces (TUIs), and it can still be easy for users to see the TUIs by making more dynamic use of the authentication images and possibly adding color effects.