Abstract: It is disclosed a method comprising monitoring validity of limited-validity key information, acquiring, from a network entity upon invalidity of the limited-validity key information, limited-validity transaction identification information based on unlimited-validity identification information identifying a terminal, generating new limited-validity key information based on the acquired limited-validity transaction identification information, and transmitting the acquired limited-validity transaction identification information to a network element.

Abstract: A method for handling service failures for in a communications network comprising a user equipment, a first network element and a serving network element, the method comprising the following steps. Receiving at the first network element a first message from the user equipment. Transmitting the first message from the first network element to the serving network element. Detecting at the first network element that the serving network element is out of service. Determining at the first network element the type of the first message, and in dependence on the type of the first message sending from the first network element to the user equipment an error message including an indication that the serving network element is out of service.

Abstract: A method, program product and system of preventing or limiting the number of simultaneous sessions in a wireless local area network (WLAN). The method includes: determining whether subscriber terminal information has been changed between an old session and a new session, maintaining a connection with the old session if the subscriber terminal information has not changed, and establishing and authenticating the new session and disconnecting the old session if the subscriber terminal information has changed. A medium access control (MAC) address and a WLAN radio network identification can be compared between the old session and the new session to determine whether subscriber terminal information has been changed.

Abstract: A method for handling user identity and privacy, wherein a first Session Initiation Protocol (SIP) proxy is about to forward a SIP request to a next SIP proxy includes the step of determining whether Transport Layer Security (TLS) is supported in a hop to a next SIP proxy. When TLS is supported, the method includes establishing a TLS connection to the hop to the next SIP proxy, requesting a certificate from the next SIP proxy, receiving the certificate, verifying the certificate and trustworthiness of a network of the next SIP proxy and retaining identity information when the certificate and the trustworthiness of the network is verified. When TLS is not supported, or when the certificate is not verified, or when the trustworthiness of the network is not verified, the identity information is removed. Thereafter, the SIP request is forwarded over the TLS connection.

Abstract: Disclosed is a method and system to discourage a MITM attacker in a data communications system that includes client and a server. The method includes, in a Digest Authentication and Key Agreement (AKA) challenge sent to the client from the server, setting an “algorithm” field to ‘algorithm=“AKAv1-HMAC-MD5”’ for directing the client to use the HMAC-MD5 keyed hash function when producing Digest credentials; and using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.

Abstract: It is disclosed a method comprising monitoring validity of limited-validity key information, acquiring, from a net-work entity upon invalidity of the limited-validity key information, limited-validity transaction identification information based on unlimited-validity identification information identifying a terminal, generating new limited-validity key information based on the acquired limited-validity transaction identification information, and transmitting the acquired limited-validity transaction identification information to a network element.

Abstract: An apparatus and method for selecting a security association timer between user equipment and a control entity in a communication system are disclosed. The apparatus includes a transmitter configured to transmit a registration request message to a control entity in a communication system, whereby the registration request message is configured to request registration with the control entity. The apparatus further includes a receiver configured to receive an authentication challenge including a temporary timer, whereby the temporary timer is configured to set a time duration for the apparatus to respond to the authentication challenge. The receiver is further configured to receive an acknowledgement message including a security association timeout value in response to the transmitted registration message, whereby the security association timeout value includes a set time length of a security association equal to a registration time length set for registration of the apparatus.

Abstract: A method comprising receiving at a user equipment encrypted content. The content is stored in said user equipment in an encrypted form. At least one key for decryption of said stored encrypted content is stored in the user equipment.

Abstract: An apparatus and method for selecting a security association timer between user equipment and a control entity in a communication system are disclosed. The apparatus includes a transmitter configured to transmit a registration request message to a control entity in a communication system, whereby the registration request message is configured to request registration with the control entity. The apparatus further includes a receiver configured to receive an authentication challenge including a temporary timer, whereby the temporary timer is configured to set a time duration for the apparatus to respond to the authentication challenge. The receiver is further configured to receive an acknowledgement message including a security association timeout value in response to the transmitted registration message, whereby the security association timeout value includes a set time length of a security association equal to a registration time length set for registration of the apparatus.

Abstract: A method for selecting a time length of a security association (SA) between user equipment (UE) which transmits and receives communications and a control entity in a communication system in accordance with the invention, includes transmitting a registration message (SM1) from the user equipment to the control entity (P-CSCF) requesting registration of the user equipment with the control entity; after transmission of the registration message, setting the time length of the security association between the user equipment and the control entity to be equal to a registration time length set between the user equipment and the control entity during which registration of the user equipment with the control entity is valid; and transmitting the set time length of the security association to the user equipment as part of an acknowledgment message (SM10 or SM12) to the registration message to cause the security association to have a time equal to the registration timer length.

Abstract: A method for handling service failures for in a communications network comprising a user equipment, a first network element and a serving network element, the method comprising the following steps. Receiving at the first network element a first message from the user equipment. Transmitting the first message from the first network element to the serving network element. Detecting at the first network element that the serving network element is out of service. Determining at the first network element the type of the first message, and in dependence on the type of the first message sending from the first network element to the user equipment an error message including an indication that the serving network element is out of service.

Abstract: The invention relates to a method for updating a wireless device connected to a cellular network utilizing Instant Messaging and Presence Service protocol (IMPS) defined by open Mobile Alliance. In the method a server connected to the cellular network transmits a configuration message to the wireless device including a CIDPrefix, which includes a provider specific identity string. The wireless device which has received the configuration message adds to the provider-specific identity string separation marks and a supplier-specific internal identity string. After that the wireless device uses this concatenated identity string as a ClientID with the server which sent the configuration message. The invention relates also to a configuration message, wireless device, server and device management system utilizing the method. The invention relates also to computer programs implementing the method in a server and a wireless device.

Abstract: A system for presence publication, such as in a push-to-talk over cellular service, provides means for avoiding the reporting of conflicting presence information to a presence server. Two different entities may be capable of reporting status information for the same entity, the status information corresponding to a plurality of status attributes. The first entity would typically inform the second entity which ones of the plurality of status attributes for which the first entity will be reporting status information to the presence server. For the ones of the plurality of status attributes for which the first entity will be reporting status information, the second entity will typically not report status information. For the ones of the plurality of status attributes for which the first entity will not be reporting status information, the second entity will typically report status information if capable.

Abstract: The invention relates to providing services to a group of users, wherein the group of users is assigned to a first service, the group being identified by a common group identity, and each of the users assigned to the first service may have different states regarding the first service. The invention proposes methods, network control elements and terminal devices in order to provide a second service with respect to the users of the first service based on their state regarding the first service.

Abstract: A method for handling user identity and privacy, wherein a first Session Initiation Protocol (SIP) proxy is about to forward a SIP request to a next SIP proxy includes the step of determining whether Transport Layer Security (TLS) is supported in a hop to a next SIP proxy. When TLS is supported, the method includes establishing a TLS connection to the hop to the next SIP proxy, requesting a certificate from the next SIP proxy, receiving the certificate, verifying the certificate and trustworthiness of a network of the next SIP proxy and retaining identity information when the certificate and the trustworthiness of the network is verified. When TLS is not supported, or when the certificate is not verified, or when the trustworthiness of the network is not verified, the identity information is removed. Thereafter, the SIP request is forwarded over the TLS connection.

Abstract: A method, program product and system of preventing or limiting the number of simultaneous sessions in a wireless local area network (WLAN). The method includes: determining whether subscriber terminal information has been changed between an old session and a new session, maintaining a connection with the old session if the subscriber terminal information has not changed, and establishing and authenticating the new session and disconnecting the old session if the subscriber terminal information has changed. A medium access control (MAC) address and a WLAN radio network identification can be compared between the old session and the new session to determine whether subscriber terminal information has been changed.

Abstract: The present invention is a system and method which provides authentication for data services for at least one UE (12) using common authentication information based upon information stored in a HSS (16) of a home network (20) of the at least one UE for multiple protocols. At least one proxy server (18) stores authentication information for each of the protocols which may be used to provide data services to the at least one UE. Authentication of the protocols available to the least one UE uses the authentication information stored at the at least one proxy server obtained from the protocol used in the home network of the at least one UE.

Abstract: A communication system including at least one user equipment and at least one network application functional entity is disclosed. The system further includes a bootstrapping functional entity. The user equipment includes means to transmit a request to push authentication information to at least one network application function. The bootstrapping functional entity includes receiving means for receiving the request from the user equipment, and transmitting means for transmitting the authentication information to the at least one network application function entity. The at least one network application function includes means adapted to receive unsolicited bootstrapping information from the bootstrapping functional entity.

Abstract: Disclosed is a method and system to discourage a MITM attacker in a data communications system that includes client and a server. The method includes, in a Digest Authentication and Key Agreement (AKA) challenge sent to the client from the server, setting an “algorithm” field to ‘algorithm=“AKAv1-HMAC-MD5”’ for directing the client to use the HMAC-MD5 keyed hash function when producing Digest credentials; and using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.

Abstract: A method and apparatus for updating authorization and other persistent data using the session initiation protocol. In one aspect, a computing device sends a SIP PUBLISH message (or any other appropriate SIP message) to a second networked computing device. The second device extracts data from the SIP message and uses the extracted data to modify and/or update a set of persistent data. The data may be placed in the body of the SIP message. In one example, the SIP message body uses XML enclosing a remote procedure call or a call processing script.