Abstract: The invention relates to a method for controlling access for a user equipment to at least one local device via an intermediary system that is configured to connect to a local network and to a public network. The user equipment is connected to the public network and the at least one local device is connected to the local network. The method comprises a number of steps in the intermediary system. One of these steps is storing one or more location conditions for access for the user equipment to the at least one local device. Another step is receiving first location information of the user equipment over the public network, the first location information indicating a location of the user equipment. Yet another step is controlling access for the user equipment to the at least one local device by verifying whether the first location information satisfies the one or more location conditions. The invention further relates to the intermediary system used in the method.

Abstract: An apparatus is provided. The apparatus includes a memory storing one or more instructions and a processor. The processor execute the one or more instructions to: receive update information from an external apparatus, the update information corresponding to a network communication; obtain a Subscription Concealed Identifier (SUCI) based on the update information; and transmit the SUCI to the external apparatus.

Abstract: A method for providing a key derivation function (KDF) negotiation in a 5G network is provided. The method which includes: selecting a specific KDF at a UE and at the network for at least one security related key derivation; and transmitting, said selected KDF to the UE and to other network functions to indicate said selected KDF for generating specific security key at a receiver side.

Abstract: This invention introduces methods and mechanisms of partial integrity protection in mobile systems. A device comprising: a memory configured to store instructions; and a processor configured to execute the instructions to: generate a representation value based on protocol data unit (PDU) header data and payload data of a PDU; generate a message authentication code based on the representation value; and include the message authentication code in the PDU.

Abstract: This invention introduces methods and mechanisms of partial integrity protection in mobile systems. A user equipment (UE), comprising: a memory configured to store instructions; and a processor configured to execute the instructions to: receive, from a network device, user plane data having integrity protection; send an error indication indicating an integrity protection error relating to the user plane data; and receive retransmitted user plane data from the network device with a reduced data rate, based on the error indication.

Abstract: Methods and systems are disclosed enabling establishment of a direct connection between a first device connected to a first network and a second device connected to a second network upon finding a permission response from a third device connected to a third network. Establishment of the direct connection is controlled by a second network node associated with the second network. A connection request is received from the first device at at least one of the second network node or a third network node associated with the third network and a permission indication is found indicating that a connection with the second device is subject to permission from the third device. A permission response may be found from the third device to permit the connection request for enabling establishment of the direct connection. Establishing of the direct connection is enabled between the first device and the second device in response to finding the permission response.

Abstract: A client device (13) is configured to transmit a relay request to a relay device (14). The relay request comprises a first device identifier identifying the client device and one or more first link identifiers identifying one or more links of which at least one links a further device (12) with a network node via the client device. The client device is further configured to receive an acceptance message accepting the relay request from the relay device and transmit data associated with the one or more links to the relay device in dependence on receipt of the acceptance message. The relay device is configured to receive the relay request from the client device, determine whether the relay request can be accepted, associate the first device identifier with each of the first link identifiers, and transmit the acceptance message upon determining that the relay request can be accepted.

Abstract: A system (11) is configured to maintain a list of devices (1,9) associated with the system, wherein for each first device (1) of the list which uses a second device (9) of the list as a relay to the mobile communication network, the relation between the first device and the second device is recorded in the list and a security endpoint is recorded for the first device. The system is further configured to receive encrypted information from a device, determine from the list whether the device is used by a further device as a relay, forward the encrypted information to a security endpoint associated with the further device upon determining that the device is used by the further device as a relay and the security endpoint is not the system, and decrypt the encrypted information upon determining that the device is not used by a further device as a relay.

Abstract: The invention relates to a system comprising a mobile device (1), a device (13b) for transmitting information, a device (15) hosting a device registry (14) and a wireless device (3a). The mobile device (1) comprises a receiver, a transmitter, storage means and a processor.

Abstract: The present disclosure may be implemented in the form of a method or corresponding apparatus for sending signaling messages through an IPX proxy from a first network element. The at least one example embodiment includes a first network element located on a first mobile network, the first network element configured to establish an initial signaling connection with a second network element on a second mobile network. The first network element may be configured to send a signaling request message to the second network element, receive a signaling response message from the second network element, the received signaling response message including an indication of an IPX proxy selected by the second network element. The first network element may be further configured to establish a signaling connection with the IPX proxy indicated in the received signaling response message, and send a second signaling request message to the IPX proxy for mediation service.

Abstract: The system (1) of the invention is configured to receive information relating to relay devices (11,17-19) present in a certain spatial area and determine relay configuration information for the relay devices from the information. The relay configuration information instructs the relay devices when to receive and/or relay data units and when not to receive and/or relay data units. The system is further configured to transmit the relay configuration information to the relay devices.

Abstract: One aspect of the disclosure relates to a method in a user equipment for instructing establishment of a connection between a first local device and a second local device, the user equipment being connected to a public network, wherein an intermediary system is configured to connect to a first local network, to a second local network and to the public network. A virtual view is generated and, upon receiving a selection of a representation in the view, connectivity information is obtained regarding the communication path between the first local device and the second local device. An ability for user to instruct establishment of communication path in dependence of the connectivity information.

Abstract: Methods and systems enabling the end users of cellular devices to set up infrastructure-based D2D connections with other devices from within the over-the-top (OTT) applications running on their devices are disclosed. The methods are based on dynamically reconfiguring respective network-level firewalls protecting different end user devices.

Abstract: A device (1) is configured to derive a first security key based on information relating to a first node (17), to request use of or to use a further device (9) as a relay to the mobile communication network and to determine whether the further device is connected to the first node and/or receive a message when another device, e.g. the first node, has determined that the further device is not connected to the first node. The device is further configured to, upon determining that the further device is not connected to the first node or upon receipt of the message, derive a second security key based on information relating to a second node (11) to which the further device is connected and transmit information via the further device, the information being encrypted using the second security key.

Abstract: A system (11) is configured to maintain a list of devices (1,9) associated with the system, wherein for each first device (1) of the list which uses a second device (9) of the list as a relay to the mobile communication network, the relation between the first device and the second device is recorded in the list and a security endpoint is recorded for the first device. The system is further configured to receive encrypted information from a device, determine from the list whether the device is used by a further device as a relay, forward the encrypted information to a security endpoint associated with the further device upon determining that the device is used by the further device as a relay and the security endpoint is not the system, and decrypt the encrypted information upon determining that the device is not used by a further device as a relay.

Abstract: Methods and systems enabling the end users of cellular devices to set up infrastructure-based D2D connections with other devices from within the over-the-top (OTT) applications running on their devices are disclosed. The methods are based on dynamically reconfiguring respective network-level firewalls protecting different end user devices.

Abstract: A system for sending a relay notification comprises a transceiver and a processor. The processor is configured to use the transceiver to receive a request for allowing a mobile device to be used by a further mobile device as a relay to a mobile communication network. The processor is further configured to determine whether the mobile device is to act as a relay for the further mobile device based on the unique identifier of the further mobile device, and to use the transceiver to notify the mobile device that it is to act as a relay for the further mobile device in dependence on the determination. The mobile device is configured to receive the notification from the system. The processor is further configured to start relaying data received from the further mobile device to the mobile communication network upon receiving the notification.

Abstract: Methods and systems enabling the end users of cellular devices to set up infrastructure-based D2D connections with other devices from within the over-the-top (OTT) applications running on their devices are disclosed. The methods are based on dynamically reconfiguring respective network-level firewalls protecting different end user devices.

Abstract: The invention enables a device to discover one or more other devices within range for a device-to-device mode of communication. This proximity discovery may trigger a target device, e.g. to start listening to signals from a source device or perform any other action based on the proximity discovery like e.g. charging at a toll gate. A source device that wants to be discovered broadcasts a message including an identifier or a representation of the identifier. This identifier may be an identifier of the target device to be contacted or of the source device or a derivation thereof or a common security association used by a set of peers. The target device compares the broadcast identifier with a known identifier to establish proximity discovery.

Abstract: One aspect of the disclosure relates to a method in a user equipment for instructing establishment of a connection between a first local device and a second local device, the user equipment being connected to a public network, wherein an intermediary system is configured to connect to a first local network, to a second local network and to the public network. A virtual view is generated and, upon receiving a selection of a representation in the view, connectivity information is obtained regarding the communication path between the first local device and the second local device. An ability for user to instruct establishment of communication path in dependence of the connectivity information.