Abstract: A method of communication between a first node and a second node for a system where a plurality of different channels is provided between said first and second node. The method comprises the step of calculating an integrity output. The integrity output is calculated from a plurality of values, some of said values being the same for said different channels. At least one of said values is arranged to comprise information relating to the identity of said channel, each channel having a different identity. After the integrity output has been calculated, Information relating to the integrity output is transmitted from one of said nodes to the other.

Abstract: Systems and techniques for key management in mobile ad hoc networks are described. Pseudonyms are defined for group members of mobile ad hoc networks such that a pseudonym in a message can be deterministically identified with the sending device only by the sending device and the message recipient. Key management for a group is performed by a group manager, and key management may include key renewal and revocation. Key renewal is performed by a group manager, with the group manager using a set of couple pseudonyms, including a couple pseudonym between the manger and each group member. Key renewal employs a renewal key used to encrypt the updated group key, and the group manager updates the group key be transmitting a message to each group member in proximity, with the message being identified using the couple pseudonym of the manager and the group member.

Abstract: An approach is provided for preserving privacy for appointment scheduling. A scheduling platform receives a request to schedule an appointment among one or more users. The scheduling platform determines availability information for the one or more users from one or more respective devices, wherein the availability information is encrypted using homomorphic encryption. The scheduling platform then processes and/or facilitates a processing of the availability information using, at least in part, one or more homomorphic functions to determine one or more recommended time slots for the appointment.

Abstract: Message authentication in an ad-hoc network. Upon creation of a message, a message authentication code is created using a key shared with members of a group comprising a subset of nodes of the ad-hoc network. The message authentication code may be created using a cryptographic process having the message and a message identifier as inputs. After or in parallel with broadcast of the message, a pointer to the message is broadcast. The message authentication code is publicly broadcast and those members of the group among which the key has been shared are able to authenticate the message as coming from a particular sender.

Abstract: The invention proposes a method for transmitting a message to a plurality of user entities in a network by using a multicast service, comprising the steps of encrypting a multicast message by using ciphering, and sending the encrypted multicast message to the plurality of user entities simultaneously. The invention also proposes a corresponding multicast service control device and a corresponding user entity.

Abstract: The invention proposes a method for transmitting a message to a plurality of user entities in a network by using a multicast service, comprising the steps of encrypting a multicast message by using ciphering, and sending the encrypted multicast message to the plurality of user entities simultaneously. The invention also proposes a corresponding multicast service control device and a corresponding user entity.

Abstract: A method for providing efficient management of certificate revocation may comprise storing a list of identifiers of digital certificates including a revocation list defining a list of revoked certificates in an accumulator, storing a witness value in association with at least some entries in the revocation list in which the witness value provides proof of the membership or non-membership of an identifier in the revocation list, enabling generation of a new accumulator and a new witness value responsive to each insertion or deletion of an entry in the revocation list, and enabling batch updates to the revocation list using a reduced bitlength value generated based on to a ratio of a value generated based on elements added to the revocation list to a value generated based on elements deleted from the revocation list. A corresponding apparatus is also provided.

Abstract: An approach is provided for generating auditing specifications. The compliance platform processes and/or facilitates a processing of one or more data collection policies to determine one or more specifications that specify, at least in part, data to log for determining a compliance with the one or more data collection policies (e.g., based on minimizing an amount of the data to log). Then, the compliance platform causes, at least in part, an installation of the one or more specifications at one or more data stores operating under the one or more data collection policies to cause, at least in part, an initiation of a logging of the data.

Abstract: An identifier containing at least one encrypted part is received at a first network entity. A second network entity may then be determined based on the identifier. A request for assistance in decryption of the identifier from the second network entity may be sent from the first entity to the second network entity. The second network entity may then assist the first networks entity in an appropriate manner.

Abstract: It is disclosed a method comprising receiving, prior to a handover operation, first key indication information, creating, prior to the handover operation, key information based on the received first key indication information, retaining the created key information, sending, after the handover operation, the received first key indication information associated with the key information created prior to the handover operation, and retrieving, after the handover operation, the retained key information based on the first key indication information; and a method comprising generating, prior to the handover operation, the first key indication information associated with key information intended to be created, sending, prior to the handover operation, the generated first key indication information, and receiving, after the handover operation, second key indication information corresponding to the generated first key indication information.

Abstract: The invention proposes a method for transmitting a message to a plurality of user entities in a network by using a multicast service, comprising the steps of encrypting a multicast message by using ciphering, and sending the encrypted multicast message to the plurality of user entities simultaneously. The invention also proposes a corresponding multicast service control device and a corresponding user entity.

Abstract: An approach is provided for preserving privacy for appointment scheduling. A scheduling platform receives a request to schedule an appointment among one or more users. The scheduling platform determines availability information for the one or more users from one or more respective devices, wherein the availability information is encrypted using homomorphic encryption. The scheduling platform then processes and/or facilitates a processing of the availability information using, at least in part, one or more homomorphic functions to determine one or more recommended time slots for the appointment.

Abstract: Techniques for determining context based on a spatial trail include determining data that indicates a first trail comprising a plurality of locations of finite spatial granularity at a corresponding plurality of times. The techniques also comprise determining data that indicates at least one criterion for belonging in a group. The criterion indicates a first spatial granularity for at least a first location at a corresponding first time in the first trail. The techniques further comprise determining whether a particular entity belongs in the group based, at least in part, on the criterion and a second trail for the particular entity. A trail for any entity comprises a plurality of locations of finite spatial granularity indicating actual locations of the entity at a corresponding plurality of times.

Abstract: A method for protecting traffic in a radio access network connected to at least two core networks. The method comprises maintaining a corenetwork-specific authentication protocol and a radio-bearer-specific ciphering process, and generating, for each ciphering process, a count parameter comprising a cyclical sequence number and a hyperframe number (HFN) which is incremented each time the cyclical sequence number completes one cycle. For each core network or authentication protocol, a first radio bearer of a session is initialized with a HFN exceeding the highest HFN used during the previous session. When a new radio bearer is established, the mobile station selects the highest HFN used during the session for the core network in question, increments it and uses it for initializing the count parameter for the new radio bearer. At the end of a session, the mobile station stores at least part of the highest HFN used during the session.

Abstract: In a non-limiting and exemplary embodiment, a method is provided for arranging authentication of mobility related signalling messages in a mobile communications system. An authentication code is generated on the basis of a previous authentication code stored in connection with a preceding authentication code generation event. The newly generated authentication code is stored for subsequent authentication code generation event. In response to change of the mobile device to an access network of the network entity, a control message comprising the authentication code is transmitted from a mobile device to a first network entity, for verifying the authentication code by the first network entity or by a second network entity of a previous access system.

Abstract: A method, program product and system of preventing or limiting the number of simultaneous sessions in a wireless local area network (WLAN). The method includes: determining whether subscriber terminal information has been changed between an old session and a new session, maintaining a connection with the old session if the subscriber terminal information has not changed, and establishing and authenticating the new session and disconnecting the old session if the subscriber terminal information has changed. A medium access control (MAC) address and a WLAN radio network identification can be compared between the old session and the new session to determine whether subscriber terminal information has been changed.

Abstract: A method of communication between a first node and a second node for a system where a plurality of different channels is provided between said first and second node. The method comprises the step of calculating an integrity output. The integrity output is calculated from a plurality of values, some of said values being the same for said different channels. At least one of said values is arranged to comprise information relating to the identity of said channel, each channel having a different identity. After the integrity output has been calculated, Information relating to the integrity output is transmitted from one of said nodes to the other.

Abstract: During connection setup with a first radio access network, a multimode mobile station sends an unprotected initial signaling message that includes information about those encryption algorithms that the multimode mobile station supports when it communications in a second radio access network. The first radio access network saves some or all the information. Then it composes and sends an integrity-protected message that includes information about the encryption algorithms supported by the multimode mobile station in the second radio access network.

Abstract: A method for handling user identity and privacy, wherein a first Session Initiation Protocol (SIP) proxy is about to forward a SIP request to a next SIP proxy includes the step of determining whether Transport Layer Security (TLS) is supported in a hop to a next SIP proxy. When TLS is supported, the method includes establishing a TLS connection to the hop to the next SIP proxy, requesting a certificate from the next SIP proxy, receiving the certificate, verifying the certificate and trustworthiness of a network of the next SIP proxy and retaining identity information when the certificate and the trustworthiness of the network is verified. When TLS is not supported, or when the certificate is not verified, or when the trustworthiness of the network is not verified, the identity information is removed. Thereafter, the SIP request is forwarded over the TLS connection.

Abstract: A method of communication between a first node and a second node for a system where a plurality of different channels is provided between said first and second node. The method comprises the step of calculating an integrity output. The integrity output is calculated from a plurality of values, some of said values being the same for said different channels. At least one of said values is arranged to comprise information relating to the identity of said channel, each channel having a different identity. After the integrity output has been calculated, Information relating to the integrity output is transmitted from one of said nodes to the other.