Abstract: The invention proposes a method for transmitting a message to a plurality of user entities in a network by using a multicast service, comprising the steps of encrypting a multicast message by using ciphering, and sending the encrypted multicast message to the plurality of user entities simultaneously. The invention also proposes a corresponding multicast service control device and a corresponding user entity.

Abstract: The invention relates to a method and arrangement for efficient distribution of Internet key exchange using Internet Key Exchange protocol (IKEv1 and IKEv2) securely in mobile terminal. The objects of the invention are fulfilled by distributing IKEv1 and/or IKEv2 protocol in secure way between mobile equipment and tamper resistant device (TRD), so, that most of the complex public key operations are done in mobile equipment and authentication is done by TRD. In addition there may be a counter for measuring the number of request from outside, which allows only a certain numbers of request and in that way provide security against, e.g. timing and DPA (Differential Power Analysis) attacks.

Abstract: A communication system comprises two authentication entities. A first authentication entity (24) is for authentication of a registration request by a user (1). The first authentication entity is provided with a storage means for authentication data associated with the user. A second authentication entity (22) is for authentication of a further request by the user. The second authentication entity is provided with means for requesting data associated with the user from the first authentication entity. The second entity may also comprise means for storing user data communicated from the first entity. The provision of the user data from the first entity to the second entity may occur while the user is in an inactive state. The further request may comprise a session set-up request.

Abstract: In order to enable a home network operator to also control the issuing of certificates to a roaming subscriber, first information indicating whether or not it is allowed to issue a certificate to the subscriber is maintained in the subscription information. The first information is checked in response to a subscriber's certificate request received from the subscriber and the certificate is generated and delivered to the subscriber only if certificate issuance is allowed.

Abstract: The invention relates to a method for sharing the authorization to use specific resources among multiple devices, which resources are accessible via messages on which a secret key operation was applied with a predetermined secret master key d available at a master device 11. In order to provide an optimized sharing of authorization, it is proposed that the master device 11 splits the secret master key d into two parts d1, d2. A piece of information relating to the first part d1 of the secret master key d is forwarded to the slave device 13 for enabling this slave device to perform a partial secret key operation on a message m. The second part d2 of the secret master key d is forwarded to a server 12 for enabling the server 12 to perform partial secret key operations on a message m received from the slave device 13.

Abstract: A network system is proposed comprising a network control element and a communication device (UE) associated to a subscriber, wherein the communication device (UE) is adapted to send a registration message (A8) including subscriber information to be protected and an integrity code (MAC), to the network control element, wherein the communication device (UE) is adapted to calculate the integrity code (MAC) by using a part or whole of the registration message (A8) including the subscriber information to be protected, and the network element is adapted to verify the integrity code (MAC) included in the registration message. Also a case is proposed in which the integrity code is calculated in the network control element and verified in the communication device (UE). Furthermore, corresponding methods are proposed.

Abstract: The present invention is a system and method which provides authentication for data services for at least one UE (12) using common authentication information based upon information stored in a HSS (16) of a home network (20) of the at least one UE for multiple protocols. At least one proxy server (18) stores authentication information for each of the protocols which may be used to provide data services to the at least one UE. Authentication of the protocols available to the at least one UE uses the authentication information stored at the at least one proxy server obtained from the protocol used in the home network of the at least one UE.

Abstract: The present invention is for use in an electronic auction and in an electronic second price sealed bid auction. The present invention is an efficient and secure privacy protection method and system that protects the opening of sealed bids during a sealed bid auction and preventing fraudulent attempts. The system includes are bidders, an auctioneer, and a semi-trusted third party, each of which is provided with a terminal or a computer system capable of sending and receiving information. The terminals of the bidders communicate with a computer system of the auctioneer over a first network and the computer system of the auctioneer communicates with a computer system of the semi-trusted party over a second network. The first and second networks are either radio or fixed networks.

Abstract: A method for protecting traffic in a radio access network connected to at least two core networks (CN). The method comprises maintaining a core-network-specific authentication protocol and a radio-bearer-specific ciphering process, and generating, for each ciphering process, a count parameter (C) comprising a cyclical sequence number (43) and a hyperframe number (HFN) which is incremented each time the cyclical sequence number (43) completes one cycle. For each core network or authentication protocol, a first radio bearer of a session is initialized (5-8) with a HFN exceeding the highest HFN used during the previous session. When a new radio bearer is established, the mobile station selects (5-10) the highest HFN used during the session for the core network in question, increments it (5-12) and uses it for initializing (5-14) the count parameter for the new radio bearer. At the end of a session, the mobile station stores (5-16) at least part (41) of the highest HFN used during the session.

Abstract: Identity data of an operational unit and a verification key of the cryptographic method employed by the service provider are protected with a key of the cryptographic method employed by the manufacturer of the operational unit. The verification key of the cryptographic method employed by the manufacturer of the operational unit is stored in the operational unit of the electronic device. The identity data of the operational unit and the identity data of the service provider are protected with a key of the cryptographic method employed by the service provider. The identity data of the operational unit and the verification key of the service provider are verified with the verification key of the manufacturer of the operational unit. The identity data of the operational unit and the identity data of the service provider are verified with the verified verification key of the service provider. The identity data stored in the user-specific module are compared with the verified identity data.

Abstract: The invention relates to a method for ensuring data transmission security between a first and a second communication device in short-range wireless communication. To set up a secure data transmission connection, the communication devices conduct a key exchange stage to generate at least one shared key between the communication devices. After said key exchange stage at least a first and a second check string is formed, said strings being based at least on a unique short random string and on the keys generated in each communication device at said key exchange stage. Thus, the security of the connection that is set up is ensured by comparing the correspondence of said check strings. The invention also relates to a communication system and a communication device, in which the method will be applied.

Abstract: The invention allows transmission of a message in a single radio block when the length of the message with an added message authentication code exceeds the transmission block size. If the length of the message is shorter than the length of the block size, then the computed message authentication code is truncated to fit in the remaining space. Truncation is limited to a certain minimum value. At the receiving end a message authentication code is recomputed using exactly the same algorithm as was used at the transmitting end. Then the received message authentication code is compared with the recomputed authentication code. The bits of the truncated message authentication code are compared bit-by-bit to the bits of the recomputed authentication code. When the bits of the truncated message allocation code match the corresponding bits of the recomputed message allocation code, the received message is accepted.

Abstract: During a connection between a network infrastructure and user equipment a first indication of the amount of data transmitted over the connection is maintained in the network infrastructure and a second indication of the amount data transmitted is maintained in the user equipment. A checking procedure is triggered in response to encountering (402) a predetermined checking value. The checking procedure utilizes integrity protected signalling. During the checking procedure the first indication is compared with the second indication. This checking procedure enables easy discovery of an intruder who either sends and/or receives data on an authorized connection between a network infrastructure and a mobile station, the data transmission being charged from the mobile station.

Abstract: A fraudulent intruder can eavesdrop on a call by removing information about an encryption algorithm when a multimode mobile station sends an unprotected initial signaling message containing this information over the radio interface to the mobile telecommunications system. The attempt can be prevented in a universal mobile telecommunications system (UMTS) comprising at least two radio access networks providing mobile stations with access to at least one core network, a multimode mobile station, and at least one core network. During connection setup with a first radio access network, the multimode mobile station sends an unprotected initial signaling message that includes information about those encryption algorithms that the multimode mobile station supports when it communicates in a second radio access network. The first radio access network saves some or all the information of it.

Abstract: A method of communication between a first node and a second node for a system where a plurality of different channels is provided between said first and second node. The method comprises the step of calculating an integrity output. The integrity output is calculated from a plurality of values, some of said values being the same for said different channels. At least one of said values is arranged to comprise information relating to the identity of said channel, each channel having a different identity. After the integrity output has been calculated, Information relating to the integrity output is transmitted from one of said nodes to the other.

Abstract: The invention relates to a method for transmitting data between a GRPS/EDGE radio access network and user equipment of a mobile system, and to user equipment using the method, and to GERAN. In the method, the data to be transmitted in encrypted using an encryption algorithm at the transmitting end, the encrypted data is transmitted from the transmitting end to the receiving end, and the transmitted data is decrypted using an encryption algorithm at the receiving end. The used encryption algorithm is an encryption algorithm of the radio access network UTRAN employing the wideband code division multiple access method of the universal mobile telecommunications system, in which case the input parameters of agreed format required by the encryption algorithm are created on the basis of the operating parameters of the GPRS/EDGE radio access network GERAN.

Abstract: A communications device comprising means for transmitting a signal to another party; and means for controlling the signal level with which said transmitting means transmits, wherein said signal level is initially relatively low and when a connection is established with said another party, said signal level is increased.

Abstract: A mechanism for synchronizing transmission of frames in a telecommunications network comprising a mobile station (MS), a radio network controller (SRNC), at least one base station (BS1, BS2). The mobile station (MS) and each base station (BS1, BS2) have a corresponding timing reference (MSFN, BSLFN, BS2FN). The mechanism comprises or performs the steps of 1) establishing a connection-specific timing reference (CFN) which is common to all nodes (MS, BS1, BS2, RNC) involved in the connection; 2) determining, for the base stations (BS1, BS2) an offset (OFS) between the timing reference of the base station in question and the CFN; and 3) using the offset (OFS) in the base stations (BS1, BS2), to compensate for the difference between the timing references.