Abstract: When an authenticated wireless computer loses connectivity to a wireless access point of a network and roams to another access point, the wireless computer (e.g., a hypervisor in the computer) determines whether the new access point is authorized for secure communication and if so, releases access to secure data on the network through the new access point.

Abstract: A method of establishing a collaborative domain among a plurality of communication terminals can include having a communication terminal authenticate one or more other communication terminals based on personal information, which can be stored on a removable memory card in the other terminals, and/or based on the geographic location of the other terminals. A first communication terminal can determine the geographic location of a second communication terminal and can authenticate the second communication terminal in response to both the determined geographic location and personal information defined in the second communication terminal. In response to the authentication by the first communication terminal, communication of user and/or program information, which is unrelated to authentication, is allowed between at least the first and second communication terminals.

Abstract: According to the inventive method, a message is transmitted from an operating mobile radio network (NW2) to a terminal (MS1a) that identifies coding techniques (UEA-NW) supported by the operating mobile radio network in order to establish a connection between the terminal (MS1a) that supports a number (UEA-MS) of coding techniques and the operating mobile radio network (NW2). The terminal selects, if available, a coding technique (UEA) that is supported by the terminal and the operating mobile radio network (NW2), and the connection is operated using the coding technique selected by the terminal. If no coding technique is available that is supported by the terminal and the operating mobile radio network, the connection is operated uncoded only upon prior authorization.

Abstract: A wireless mobile phone is equipped to operate in an unauthenticated and an authenticated mode of operation, depending on whether a user has been authenticated. In one embodiment, the wireless mobile phone includes a finger print reader to enable a user's finger print to be inputted and be used for authentication. In one embodiment, the finger print reader includes a light source and sensors, and having complementary logic to process emitted light reflected off a user's finger into an input finger print. The user is authenticated using the inputted finger print. In one embodiment, the finger print reader is integrated with a power on/off switch, which may be disposed on an end surface, a side surface or a front surface of the body of the phone.

Abstract: A Web access providing system that allows a user to access a Web page as if he or she is making a telephone call. When a user terminal B sends out a service request S1 and an originating connection request S12, a connection notification S4 is sent to a user terminal A through local Mobile multimedia switching system (L-MMS 1) and a gateway mobile multimedia switching system (G-MMS 2). When receiving the connection notification 4, the user terminal A performs authentication. The authentication verifies whether the telephone number of the user terminal B is contained in a telephone directory of the user terminal A. After the authentication, the user terminal A outputs a connection communication response S5 to the G-MMS 2. The connection communication response S5 contains the URL of a Web page associated with the user terminal A. The L-MMS 1 receives the URL and outputs a connection request S7. Thus, the user terminal B can access and browse the Web page implemented by a Web server 3.

Abstract: A method and apparatus for authorizing an access requester to access a data communication network is provided. A determination is made that a threshold access control server cannot process an access request associated with the access requester. Access requester history data, or data that describes the access history for an access requester, is analyzed to obtain a threshold access level. A threshold access level is an expression of how likely that a particular access requester is a legitimate access requester. A session profile is selected for the access requester based on the threshold access level. The session profile indicates one or more actions the access requester is authorized to perform in the network. The session profile may subsequently be transmitted to the access requester to allow the access requester access to the network to the extent appropriate in view of the access requester history data.

Abstract: An International Mobile Equipment Identification (IMEI) is coded and then stored in a user equipment (UE), wherein an authorized user is allowed to change the existing IMEI. When an IMEI is inputted, the UE generates a security code and stores the IMEI and the generated security code in a memory. Thereafter, if a second security code and IMEI is inputted, the UE determines whether the inputted security code is identical with the pre-stored security code. If the two security codes are identical with each other, the UE generates a third security code and stores the IMEI and the generated third security code. Thus, unauthorized IMEI storage is prevented. Accordingly, the IMEI coding method of the mobile UE can prevent unauthorized use of the UE while allowing the IMEI to be re-coded without hardware alteration.

Abstract: A system, method and computer program product are provided. In use, a key is distributed to a plurality of nodes of a wireless network for use in securing the nodes during use of the wireless network. Further, the key is automatically updated at the nodes in the wireless network based on predetermined criteria.

Abstract: A method for Access Authentication in the High Rate Packet Data Network is proposed in the present invention comprising steps of the AN-AAA receiving the Radius Access Request message sent from the HRPD AN; the AN-AAA judging whether a terminal is a roaming one according to the Network Access ID and transmits the roaming terminal's authentication information to the terminal's home nerwork. If said terminal is a local one, the AN-AAA judges the type of the terminal according to the NAI value. If said terminal is a single-mode one, the AN-AAA works out the Result2 with the MD5 algorithm. if said terminal is in dual-mode, the AN-AAA calculates the Result2 with the CAVE algorithm to compare the Result1 with the Result2.

Abstract: Provided are a mobile communication terminal having a tag read function and a method of providing genuine product authentication service. The mobile communication terminal having the tag read function specifies an encryption key corresponding to an encryption key stored in the tag from its own plurality of encryption keys based on a signal received from the tag. The mobile communication terminal receives an encrypted product code or product information from the tag and decrypts the received product code or product code using an encryption key. Also, the mobile communication terminal outputs a result of decryption on a liquid crystal display (LCD) window or as beep sounds or voices.

Abstract: A secure removable card has electrical connections for communication therewith. The card comprises a first integrated circuit die, with the first die including a processor. The card has a second integrated circuit die, with the second die including a non-volatile memory for storing a secret key, and a controller for controlling the operation of the non-volatile memory. A bus connects the first die with the second die. The processor can generate a key pair, having a public key portion and a private key portion upon power up, and transfers the public key portion across the bus to the second die. The controller can receive the public key and encrypt the secret key with the public key to generate a first encrypted key, and can transfer the first encrypted key across the bus to the first die.

Abstract: A method and system for providing secure communications for transmitting data to and from a wireless device includes components that facilitate sending authentication-related data to a wireless device using a secure channel of a first protocol; and utilizing the authentication-related data to facilitate secure communications between the wireless device and an enhanced wireless service. The secure communications between the wireless device and the enhanced wireless service utilizes a second protocol.

Abstract: Methods and apparatus for secure over-the-air (OTA) programming, and particularly, activation, of a wireless unit in a particular communications system. The unit stores a stored key having been generated by using a key algorithm (K-algorithm) with an identifier associated with the unit as an input to the K-algorithm. The unit may receive information such as parameters and a verification number from a communications system for the purpose of programming the unit. The verification number is generated by using an authorization algorithm (A-algorithm) having the parameters and a key as A-algorithm inputs. They key is generated by the K-algorithm having the identifier associated with the K-algorithm input. In response to the receipt of the parameters and the verification number, the wireless unit generates a trial verification number by using the A-algorithm with the parameters and the stored key as trial inputs. The unit compares the verification number to the trial verification number for a match.

Abstract: An authentication process for authenticating a battery to a cellular telephone includes the step of receiving a challenge from the cellular telephone at the battery over a single wire conductor. In response to the challenge, the seed values are retrieved from the memory and a response is generated based upon the challenge and the seed values. The response is transmitted back to the cellular telephone from the battery over the single conductor so that a comparison with a similar response generated by the cellular telephone may be made.

Abstract: A wireless network is connectable to an authentication server. Each access point in the wireless network includes a supplicant processing unit, an authenticator processing unit, and a function selector. When an access point is detected within communication range, the function selector selects either the supplicant processing unit or the authenticator processing unit. The selected unit operates to carry out or mediate an authentication protocol and establish a secure wireless link, protected by a pairwise encryption key, between the two access points. Because every access point can operate as either an authenticator or a supplicant, it is not necessary to invoke the services of a master authenticator. If an encryption key is compromised, the effect is limited and does not force the entire network to be shut down.

Abstract: By using a unique ID generated by considering the hardware characteristic of PC in PDA where an application program, etc. distributed based on PC is installed, it makes possible to generate and authenticate a virtual unique ID in PDA so as to authenticate drive of the application in PDA. As such, the file size of a distributed edition is small in its characteristic and it is difficult to have a protecting means such as security, etc. in view of the characteristic of device. Hence, illegal distribution is easy and a more certain solution is provided so as to prevent illegal copy of the application in PDA having a feasible characteristic in protecting copyright.

Abstract: A Gateway 3 receives mobile station data corresponding to a mobile station 2 from a switching center in a mobile packet communication network 1. The mobile station data may be communicated with a communication protocol such as Network Management Protocol (NWMP). Mobile station 2 transmits and receives user data, such as Hypertext Transfer Protocol (HTTP) data, in a protocol, such as HTTP, via gateway 3. In transmitting user data from mobile station 2 to a server 5, gateway 3 may add the mobile station data corresponding to mobile station 2 to the data. Mobile station 2 cannot falsify the mobile station data because the added mobile station data corresponds to identification data used in establishing a wireless connection between mobile station 2 and mobile packet communication network 1. As a result, server 5 may trust mobile station data added by gateway 3 to the user data transmitted from mobile station 2.

Abstract: A key exchange for a network architecture. A mobile node that roams over a foreign domain transmits a registration request to a home domain using the foreign domain. The identity of the mobile node within the registration request is encrypted. The home domain receives the registration request and decrypts the mobile node identity. The home domain generates a registration reply that includes encryption keys for encrypting information to be transmitted between and among the home domain, the foreign domain, and the mobile node.

Abstract: The present invention prevents a third party's impersonation while wireless communication is established for security setting. An access point, which performs a security setting process for wireless communication with a wireless LAN terminal by means of wireless communication, receives a start instruction for the security setting process and wirelessly receives start instruction data that indicates the start of the security setting process. The security setting process is not performed if the start instruction data is received before the receipt of the start instruction. The security setting process is performed if the start instruction data is not received before the receipt of the start instruction.

Abstract: A method for providing user notification signals in digital phone such as IP phones or cell phones that use encryption. In one embodiment, a digital phone receives an encrypted data packet. The phone determines that the encrypted data packet satisfies a criterion. The phone generates a user notification signal that is perceivable by a user of the phone in response to determining that the encrypted data packet does not satisfy the criterion. The user notification signal may comprise a tone, synthesized speech, or other signal that is audible in a handset or speaker of the phone. Alternatively, the user notification signal is visually displayed in an electronic display of the phone. The criterion may comprise a failure to authenticate one or more encrypted data packets that are provided to the phone in a secure protocol. The process may be performed at a voice gateway or cellular base station.

Abstract: In a mobile communications system, a batch of sequence numbers is generated via an algorithm wherein each sequence number comprises a suffix and a prefix. The method comprises; calculating a new sequence number suffix from an existing sequence number suffix, calculating a prefix of a first new sequence number of the batch by addition to the prefix of the existing sequence number if the new suffix is not equal to a predetermined value or by a randomizing process if the new suffix is equal to said predetermined value, and calculating prefixes for the other sequence numbers of the batch by modular addition of integers to the prefix of said first new sequence number. The sequence numbers are used in the authentication procedure.

Abstract: A system and method of controlling ciphering of call information between a mobile communication terminal and a network initiates the transmission of a ciphering request from the terminal to the network. The network then transmits a ciphering authentication request message to the terminal and the terminal responds by transmitting a ciphering authentication response message to the network. The network then transmits a ciphering activation completion message to the terminal in accordance with the ciphering authentication response message. A system and method for controlling deactivation of ciphering of call information initiates transmission of a ciphering deactivation request from the mobile terminal to the network. The network then performs the ciphering deactivation and transmits a ciphering deactivation completion message to the terminal. Through these systems and methods, the user terminal controls ciphering and deciphering of call information instead of the network.

Abstract: A method of validated communication The present invention provides a method of validated communication between a mobile network node (MNN) and a correspondent node (CN) via at least a first mobile router (MR). The method is characterized by employing an extended return routability checking procedure (XRRP) wherein an MNN test initiation (MNNTI) message is sent by the MR, and a MNN test (MNNT) message is sent by the CN. This adds to the security of requiring the home and care-of addresses being consistent as noted previously in standard RRPs, by enabling the generation of binding update validation keys based on receipt on any or all of the three HoT, CoT and MNNT test messages. The method is further characterized by sending from the MR an extended binding update (XBU), comprising the MNN's address (MNNA). By extending the binding update to include the MNNA in this manner, validated CN/MNN route optimization can be achieved.

Abstract: A method and apparatus for performing authentication in a communications system is provided. The method includes receiving a request for authentication from a server, the request for authentication including a first and a second random challenge, and comparing the first random challenge and the second random challenge. The method further includes denying the request for authentication in response to determining that the first random challenge is substantially the same as the second random challenge, and transmitting an encoded value to the server in response to determining that the first random challenge is different from the second random challenge, wherein the encoded value is generated based on the first and second random challenge and a key that is not shared with the server.

Abstract: A system and method for providing secured access of a mobile device is disclosed herein. Access to data included in the mobile device is permitted when the presence of an authentication device having the proper authentication information is received by the mobile device.

Abstract: A method for authenticating a mobile terminal in a wireless network is disclosed. The method includes transmitting a request for authenticating the mobile terminal in that wireless network operative to provide services at a location where the mobile terminal is currently present, receiving the request at a base station associated with that wireless network, and determining an entity associated with the wireless network to be operative as a single authentication access entity for that mobile terminal, as long as the mobile terminal location remains within that wireless network and traffic is directed through any location associated with that wireless network.

Abstract: A single sign-on technique allows multiple accesses to one or more applications or other resources using a proof-of-authentication module operating in conjunction with a standard authentication component. The application or other resource issues an authentication information request to the standard authentication component responsive to an access request from the user. The application or other resource receives, responsive to the authentication information request, a proof-of-authentication value from the standard authentication component, and authenticates the user based on the proof-of-authentication value. The standard authentication component interacts with the proof-of-authentication module to obtain the proof-of-authentication value. The proof-of-authentication module is configured to generate multiple proof-of-authentication values for authentication of respective access requests of the user.

Abstract: A method (FIG. 3), corresponding call screening unit, and base station (FIG. 2), suitable for detecting cloned communication units (111 or 113), are operable to receive a first response message and a second response message (305); determine whether identification fields (ESNs, MINs) corresponding to the response messages are equivalent (307); and if so, assess whether message contents or message properties corresponding to the response messages are not correlated (311) thus indicating the response messages are from different communication units; and when not correlated, decide that one of the response messages corresponds to a cloned communication unit (313).

Abstract: A security component determines whether a request for a resource poses a security risk to a computing device and verifies the integrity of the requested resource before the request is allowed. For a request having arguments and a resource path with a filename that identifies the resource, the security component determines that the request does not pose a security risk if the resource path does not exceed a maximum number of characters, individual arguments do not exceed a maximum number of characters, the arguments combined do not exceed a maximum number of characters, and the filename has a valid extension. The security component verifies the integrity of a requested resource by formulating a descriptor corresponding to the resource and comparing the descriptor with a cached descriptor corresponding to the resource.

Abstract: Methods and apparatus for providing personalized content to a user of a wireless network include establishing an anonymous user identifier and delivering the user identifier to a content provider. Based on the user identifier, communication with a predetermined data source is established or predetermined data content is selected. In some embodiments, a device identifier is provided in addition to the user identifier and device specific, personalized content is delivered to the user. In one example, a device identifier and a user identifier are based on a mobile station serial number and a subscriber identity module, respectively, and are used in an HTTP header. The anonymous user identifier can be based on a subscriber identity module (SIM) serial number, or a hash of the SIM serial number so that user information such as a user phone numbers is not available to content providers.

Abstract: A mobile node that is in communication with a correspondent node via a home agent initiates a process for establishing a route optimized mode of communication between the mobile node and the correspondent node. The mobile node sends a first initiating message to the home agent for delivery to the correspondent node and sends a second initiating message directly to the correspondent node. The mobile node secures the first initiating message by including an initiating-message authentication code that can be validated by the home agent or by an authentication server. The correspondent node responds by sending a first responsive message to the home agent for delivery to the mobile node and by sending a second responsive message directly to the mobile node. The home agent secures the first responsive message by adding a responsive-message authentication code that can be validated by the mobile node.

Abstract: The invention concerns the security of the data connections of a telephone user. The basic idea of the invention is to forward the authentication of a telephone system to the leg between two private data networks connected via an arbitrating network. When establishing the connection, the private network connected to the telephone system forwards the authenticated subscriber identity to the other private network. To provide the identity forwarded with authenticity, the message containing the identity is signed. To provide encryption of the subscriber identity, the message is encrypted using a public key method. In response the second private network generates a session key to be used in the connection. This key is signed and encrypted using a public key method and sent to the first private network. During the connection, a symmetrical encryption method with the session key is used.

Abstract: Methods and apparatus for secure over-the-air (OTA) programming, and particularly, activation, of a wireless unit in a particular communications system. The unit stores a stored key having been generated by using a key algorithm (K-algorithm) with an identifier associated with the unit as an input to the K-algorithm. The unit may receive information such as parameters and a verification number from a communications system for the purpose of programming the unit. The verification number is generated by using an authorization algorithm (A-algorithm) having the parameters and a key as A-algorithm inputs. The key is generated by the K-algorithm having the identifier associated with the as K-algorithm input. In response to receipt of the parameters and the verification number, the wireless unit generates a trial verification number by using the A-algorithm with the parameters and the stored key as trial inputs. The unit compares the verification number to the trial verification number for a match.

Abstract: An system for and method of providing end-to-end encrypted real-time phone calls using a commodity mobile phone and without requiring service provider cooperation is presented. The system and method improve upon prior art techniques by omitting any requirement for mobile phones that are specially manufactured to include end-to-end encryption functionality.

Abstract: A reception intensity measuring unit measures a reception intensity of a radio wave received by a radio reception unit under control of a connection control unit. When it is judged that the reception intensity of the received radio wave is larger than a reception intensity set in advance, the reception intensity measuring unit controls a transmission intensity changing unit to lower a transmission intensity of a radio wave to be transmitted from a radio transmission unit. When the transmission intensity of the radio wave to be transmitted from the radio transmission unit is lowered by the transmission intensity changing unit, an authentication processing unit executes authentication processing with another apparatus via the radio reception unit and the radio transmission unit and controls an authentication data registering unit to register authentication data, which is obtained as a result of the authentication processing, in a memory.

Abstract: Authentication of cellular telephone device by providing a first one-time pad cryptological table to a security server which has multiple sequenced One Time Pad value entries including a previous use indicator initialized as “unused”, and providing a second one-time pad cryptological table to an authentic device initially synchronized with the first table. A cloned copy of the second table is stored in an inauthentic cellular telephone device, these third table being initially synchronized with the second table. The authentic device selects an unused entry in the second table and transmits it to the server when requesting service. If the received entry matches a next sequential unused entry in the first table, the server grants service, and both server and authentic device mark that entry as used. If the received entry does not match a sequentially next unused entry in the first table, service is denied to the requesting device.

Abstract: In order to enable a home network operator to also control the issuing of certificates to a roaming subscriber, first information indicating whether or not it is allowed to issue a certificate to the subscriber is maintained in the subscription information. The first information is checked in response to a subscriber's certificate request received from the subscriber and the certificate is generated and delivered to the subscriber only if certificate issuance is allowed.

Abstract: In one embodiment, the method performed by mobile equipment to authenticate communication with a network includes generating keys using cellular authentication and voice encryption, and then generating an authentication key based on these keys. The authentication key is used to generate an expected message authentication code used in authenticating the network according to authentication and key agreement security protocol.

Abstract: A wireless device includes a data capture system, a radiant-energy data transmission system, and a steganographic encoder that hides a plural-bit auxiliary code within data captured by the data capture system prior to its transmission by the data transmission system. An illustrative system, operable with audio input data, is a cell phone that steganographically encodes a user's voice.

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: Mechanisms and techniques provide for authenticating devices in a network such as a Radio Frequency Identification (RFID) Network between control stations and one or more transceivers. A transceiver receives transceiver configuration information including a network address and transceiver authentication credentials and receives an authentication request from the control station. The transceiver applies authentication processing to request information within the authentication request in conjunction with the transceiver authentication credentials to produce an authentication response and transmits the authentication response to the control station to allow the control station to determine if the transceiver is authorized to communicate within the remote identification system.

Abstract: Systems and/or methods of selectively terminating security in mobile networks are presented. User equipment (UE) can specify cipher termination location capabilities for encrypting/decrypting data packets to a base station in a mobile network. The mobile network can subsequently determine at which node in the network to terminate the cipher in part according to the capabilities provided and deliver the determined location to the UE. The determined cipher termination location can be provided in response to a request to initiate communications, the initial request can specify the capabilities. The UE can utilize the location to support disparate types of networks and to intelligently deal with hand-offs and other functions of the mobile network.

Abstract: Location data about a mobile entity (20) is provided in encrypted form by a location server (79) to a recipient that is one of the mobile entity (20) or a service system (40) usable by the mobile entity. The location data (P) is encrypted such that it can only to be decrypted using a secret available to a decryption entity (80) that is not under the control of the recipient. This permits location data (P) to be provided in a confidential manner to service systems (40) and also protects billing relationships between participants. A mechanism is also described for limiting the accuracy of decrypted location data (L) made available to a service system (40).

Abstract: Systems for the non-invasive monitoring of the effectiveness of a customer's electronic security services include a test generation engine for generating and launching a denatured attack towards a customer's network. A monitoring and evaluation agent is operatively coupled to the test generation engine and is adapted to monitor and evaluate the denatured attack. A recording and analysis engine is adapted to record and analyze the results of the denatured attack. Other systems and methods are also provided.

Abstract: Method and systems for protecting data on a mobile handset when remotely activated by a user involve encrypting the data using an encryption key, storing the encrypted data, and deleting the non-encrypted data along with the encryption key. Data may also be uploaded to a server to via a cellular data call for use in backing up the mobile handset. A mobile handset application configures the handset to receive activation commands from a server to encrypt, upload or download data. The encryption key is either received from the server or generated by the mobile handset and communicated to the server. Mock data files may be generated and stored on the mobile handset to enable handset applications to function normally after the data files have been encrypted.

Abstract: A communications arrangement that provides multiple levels of security is described. In one embodiment, a plurality of seedable code generators is configured to generate different sets of codes. A plurality of CDMA encoders are respectively coupled to the code generators, and each encodes input data using the set of codes generated by the coupled code generator. A plurality of CDMA decoders are similarly arranged for decoding input data. A node controller provides respective input seeds to the code generators and provides respective sets of codes from the code generators to paired encoders and decoders. An interconnect combines encoded data from the encoders into an output signal and transmits the output signal. An input signal received by the interconnect interface is provided to each decoder.

Abstract: Various advantageous arrangements for use with the proposed SAE/LTE or 4G mobile telecommunications system are disclosed. An arrangement for allowing a mobile terminal/UE (1) to transmit data packets to duplicate access points (5) is disclosed. An IP combiner (20) receives the duplicate data packets from the respective access points (5), together with quality indicators, and determines which data packet should be passed onwardly to the network. An arrangement is also disclosed which allows a particular MME (7) (corresponding to the 3G SGSN) to be selected for a particular access point (5). A particular MME may be selected depending on various criteria, such as to distribute the load evenly between the MMEs (7) of the network or to take a particular MME (7) out of service temporarily in a managed manner. Further, an arrangement is disclosed which enables the more rapid establishment of the user plane bearer between the mobile terminal/UE (1) and the network.

Abstract: A deactivation method is for a system including a communication terminal, a secure device, and a management apparatus. An identification number and communication identification code are notified to the management apparatus while the secure device is attached to the communication terminal. The management apparatus holds the identification number and the communication identification code by correlating them, acquires an identification number of a secure device to be deactivated, when instructed to deactivate the secure device by an authentic owner of a right to use the secure device, extracts the communication identification code in accordance with the identification number, and transmits the deactivation authentication code to an apparatus identified by the extracted communication identification code. If the communication terminal receives the deactivation authentication code while the secure device is attached to it, the secure device is deactivated.

Abstract: A system and method of security authentication and key management scheme in a multi-hop wireless network is provided herein with a hop-by-hop security model. The scheme adapts the 802.11r key hierarchy into the meshed AP network. In this approach, a top key holder (R0KH) derives and holds the top Pairwise Master Key (PMK—0) for each supplicant wireless device after the authentication process. All authenticator AP take the level one key holder (R1KH) role and receive the next level Pairwise Master Key (PMK—1) from R0KH. The link level data protection key is derived from PMK—1 via the 802.11i 4-way handshaking.

Abstract: In the method and the arrangement for checking the authenticity of a first communication subscriber in a communications network, a first fault information item is formed in the first communication subscriber using a fault detection data item of the first communication subscriber and an information item relating to a random data item. In a second communication subscriber in the communications network, a second fault information item is formed using a fault detection data item of the second communication subscriber and the information relating to the random data item. The authenticity of the first communication subscriber is checked using the first fault information and the second fault information.