Abstract: A method for determining a key for securing communication between a user apparatus and an application server. An authentication server of a mobile communication network and the user apparatus generate a secret master key during an authentication procedure. The user apparatus sends the authentication server a request for a key to communicate with the application server and receives a random variable. The authentication server and the user apparatus calculate the requested key by using a key derivation function applied to at least the random variable, a user identifier and an application server identifier using the master key.

Abstract: A method for protecting a network access profile against cloning. A first mobile equipment includes a first security module havng the network access profile. A second mobile equipment is designed to receive the network access profile and includes a second security module. The first and second security modules are designed to establish a logic communication channel with each other. The method is implemented by the first security module and includes: generating a secret key; using the secret key to encrypt a data packet associated with the network access profile; sending the encrypted packet to the second security module through the logic communication channel; receiving, from the second security module, an acknowledgement of a correct receipt of the encrypted data packet; deleting the data packet associated with the network access profile; and then sending the secret key to the second security module through the logic communication channel.

Abstract: A method for obtaining a command relating to a network access profile of an eUICC security module incorporated into a communication device and associated with a physical identifier. The communication terminal: obtains the physical identifier and an anonymous identifier of the security module is calculated from the physical identifier and a random parameter; transmits a request to obtain the command, via an “operator server”, to a “preparation server”, the request to obtain including the anonymous identifier of the security module; obtains the random parameter and calculates the anonymous identifier from the physical identifier of the security module and the random parameter; and sends, to a “discovery server”, a request to obtain information intended to obtain the command, this request to obtain information including the anonymous identifier, in order to obtain, in response, from the discovery server, an address of the preparation server.

Abstract: A method for administering a profile for access to a communication network by using a security module. The security module receives a request to perform an administrative action relating to an access profile originating from an administration entity. The request includes a certificate from the administration entity. The security module verifies that the certificate received is legitimate and that it carries information indicating that the entity is authorised to request the action and, if so, sends an authorisation to perform the action in conjunction with the administration entity. Otherwise, the security module rejects the request.

Abstract: A method for obtaining a profile for access to a communication network by a secondary terminal via a main terminal. The main terminal includes a security element having an authentication key, the authentication key being used by the network and by the main terminal to generate at least one session master key specific to the main terminal. The secondary terminal: provides its identifier to the main terminal; receives from the main terminal a temporary key specific to the secondary terminal, a temporary identifier of the secondary terminal, and an identifier of the network for access to the network. The temporary key is based on the temporary identifier of the secondary terminal and the session master key of the main terminal. The temporary key, the temporary identifier, the identifier of the secondary terminal, and the identifier of the access network are included in an profile for access to the network.

Abstract: A method for mutual authentication between user equipment and a communications network. The network includes a mobility management entity and a home subscriber server. The method, implemented by the user equipment, includes: receiving an authentication challenge having an token based on a first index and a first authentication message calculated by the home subscriber server and based on a first sequence number; checking that a condition of a set is true, the set including: the first sequence number is the same as a second sequence number stored in the user equipment, and the first sequence number is the same as a preceding value of the second sequence number and the first index is higher than a second index stored in the client equipment; and calculating and sending, when a condition is true, an authentication result and an authentication message, based on the preceding value of the second sequence number.

Abstract: A method of registering a mobile terminal in a mobile communication network via a base station, an access link between the base station and the core of the network being switched from a normal mode of operation to a degraded mode of operation. The method is implemented by a local mobility management entity and includes: receiving an attachment request, retransmitted by the base station and originating from the mobile terminal, the request including an identifier of the mobile terminal, dispatching, to an agent mobility management item, a request for security information specific to the mobile terminal, the request including the identifier of the mobile terminal, receiving a response to the request for security information, the response including security information specific to the mobile terminal, the security information originating from a server of subscribers of the network, and authenticating the terminal by using the security information received.

Abstract: A method for determining a key for securing communication between a user apparatus and an application server. An authentication server of a mobile communication network and the user apparatus generate a secret master key during an authentication procedure. The user apparatus sends the authentication server a request for a key to communicate with the application server and receives a random variable. The authentication server and the user apparatus calculate the requested key by using a key derivation function applied to at least the random variable, a user identifier and an application server identifier using the master key.

Abstract: A method for obtaining a profile for access to a communication network by a secondary terminal via a main terminal. The main terminal includes a security element having an authentication key, the authentication key being used by the network and by the main terminal to generate at least one session master key specific to the main terminal. The secondary terminal: provides its identifier to the main terminal; receives from the main terminal a temporary key specific to the secondary terminal, a temporary identifier of the secondary terminal, and an identifier of the network for access to the network. The temporary key is based on the temporary identifier of the secondary terminal and the session master key of the main terminal. The temporary key, the temporary identifier, the identifier of the secondary terminal, and the identifier of the access network are included in an profile for access to the network.

Abstract: A method for mutual authentication between user equipment and a communications network. The network includes a mobility management entity and a home subscriber server. The method, implemented by the user equipment, includes: receiving an authentication challenge having an token based on a first index and a first authentication message calculated by the home subscriber server and based on a first sequence number; checking that a condition of a set is true, the set including: the first sequence number is the same as a second sequence number stored in the user equipment, and the first sequence number is the same as a preceding value of the second sequence number and the first index is higher than a second index stored in the client equipment; and calculating and sending, when a condition is true, an authentication result and an authentication message, based on the preceding value of the second sequence number.

Abstract: A method of registering a mobile terminal in a mobile communication network via a base station, an access link between the base station and the core of the network being switched from a normal mode of operation to a degraded mode of operation. The method is implemented by a local mobility management entity and includes: receiving an attachment request, retransmitted by the base station and originating from the mobile terminal, the request including an identifier of the mobile terminal, dispatching, to an agent mobility management item, a request for security information specific to the mobile terminal, the request including the identifier of the mobile terminal, receiving a response to the request for security information, the response including security information specific to the mobile terminal, the security information originating from a server of subscribers of the network, and authenticating the terminal by using the security information received.