Abstract: Systems and methods for tracking and managing mobile devices in a wireless network are provided. For example, the method can include discovering wireless devices connected to the wireless network, collecting association information from access points, with the association information from an access point including information identifying a current association between the access point and an associated wireless device, and providing a visualization of current associations between the access points and corresponding associated wireless devices. A conflict resolution engine may be provided for resolving conflicting access point associations.

Abstract: A mobile terminal transmits an N-th authentication key to an authentication server when the mobile terminal has moved from a coverage area under a certain radio access point to a coverage area under another radio access point. The N-th authentication key is generated by applying a hash function to a random number a number of times one smaller than an (N?1)th authentication key which was transmitted when the mobile terminal moved to the coverage area under the certain radio access point. Upon receipt of the N-th authentication key from the mobile terminal, the authentication server applies the hash function once to the N-th authentication key, and compares the result with the (N?1)th authentication key. Then, the authentication server determines that the authentication is successful when there is a match between both keys.

Abstract: Identity data of an operational unit and a verification key of the cryptographic method employed by the service provider are protected with a key of the cryptographic method employed by the manufacturer of the operational unit. The verification key of the cryptographic method employed by the manufacturer of the operational unit is stored in the operational unit of the electronic device. The identity data of the operational unit and the identity data of the service provider are protected with a key of the cryptographic method employed by the service provider. The identity data of the operational unit and the verification key of the service provider are verified with the verification key of the manufacturer of the operational unit. The identity data of the operational unit and the identity data of the service provider are verified with the verified verification key of the service provider. The identity data stored in the user-specific module are compared with the verified identity data.

Abstract: A remote controller device 2 sends its own ID code when specifying an access destination to a main device 1. Upon receipt of an access command from the remote controller device 2, the main device 1 appends the ID code of the remote controller device 2 to information obtained by accessing the access destination and outputs the same. The remote controller device 2 takes in the output only when it is appended with its own ID code and displays the same on a display unit 25. Thus, the user can confirm the information the main device 1 has obtained from the network 7 on the display unit 25 of the remote controller device 2. Consequently, the risk that the information is seen by anyone around can be reduced, thereby making it possible to improve the security on the private information.

Abstract: Methods of creating a secure channel over which credit card personalization data can be transmitted over the air (OTA) are provided. In particular, Generic Authentication Architecture (GAA) may be used to establish a secure communication channel between the user equipment (UE) and a personalization application server or bureau acting as a network application function (NAF) server. An user equipment, personalization application service (e.g., a NAF server), a system embodying a personalization application server and an user equipment, and a computer program product are also provided for creating a secure channel, such as via GAA, over which credit card personalization data can be transmitted OTA.

Abstract: Techniques to manage digital telephones are described. An apparatus may comprise a digital telephone management component having a telephone interface module operative to receive security information in the form of a personal identification number (PIN) for an operator or device. The digital telephone management component may also comprise a telephone security module communicatively coupled to the telephone interface module, the telephone security module operative to receive encrypted security credentials from a computing device, and decrypt the encrypted security credentials with the PIN. The digital telephone management component may further comprise a telephone authentication module communicatively coupled to the telephone security module, the telephone authentication module operative to authenticate the digital telephone using the security credentials. Other embodiments are described and claimed.

Abstract: A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session.

Abstract: The present invention communication network system and method facilitates authentication and registration in a communication network as mobile nodes move from one geographical region to another. Multiple wireless domain services (WDSs) share client authentication information permitting relatively seamless roaming between subnets with minimal interruptions and delays. In one embodiment, a wireless domain service network communication method is performed utilizing partial authentication processes. A mobile node engages in an authentication protocol with a first wireless domain service (WDS) access point in a first subnet. The authentication credentials are forwarded to a second wireless domain service in a second subnet if the authentication protocol is successfully completed. The forwarded authentication credentials are utilized to authenticate the client entering the service area of the second wireless domain service in the second subnet.

Abstract: A communication network system has a plurality of interconnected sub-networks, at least one mobile node having a care-of address dependent on a sub-network currently connected thereto and a home address independent of the connected sub-network, and a home agent. Upon detection of a sub-network connected to the mobile node, the latter determines a security method corresponding to the sub-network held in a node-side security application management table as a security method for ensuring the security for user data communicated between the mobile node and a home agent associated therewith. Then, the sub-network is notified to the home agent through a mobile node network signal. The home agent determines a security method corresponding to the sub-network from among security methods held in an agent-side security application management table as a security method used for ensuring the security for user data communicated between the home agent and the mobile node managed thereby.

Abstract: The method and network ensure secure forwarding of a message in a telecommunication network that has at least one first terminal and another terminal. The first terminal moves from a first address to a second address. A secure connection between the first address of the first terminal and the other terminal defining at least the addresses of the two terminals is established. When the first terminal moves from the first address to a second address, the connection is changed to be between the second address and to the other terminal by means of a request from the first terminal and preferably a reply back to the first terminal.

Abstract: When an authenticated wireless computer loses connectivity to a wireless access point of a network and roams to another access point, the wireless computer (e.g., a hypervisor in the computer) determines whether the new access point is authorized for secure communication and if so, releases access to secure data on the network through the new access point.

Abstract: A method of establishing a collaborative domain among a plurality of communication terminals can include having a communication terminal authenticate one or more other communication terminals based on personal information, which can be stored on a removable memory card in the other terminals, and/or based on the geographic location of the other terminals. A first communication terminal can determine the geographic location of a second communication terminal and can authenticate the second communication terminal in response to both the determined geographic location and personal information defined in the second communication terminal. In response to the authentication by the first communication terminal, communication of user and/or program information, which is unrelated to authentication, is allowed between at least the first and second communication terminals.

Abstract: According to the inventive method, a message is transmitted from an operating mobile radio network (NW2) to a terminal (MS1a) that identifies coding techniques (UEA-NW) supported by the operating mobile radio network in order to establish a connection between the terminal (MS1a) that supports a number (UEA-MS) of coding techniques and the operating mobile radio network (NW2). The terminal selects, if available, a coding technique (UEA) that is supported by the terminal and the operating mobile radio network (NW2), and the connection is operated using the coding technique selected by the terminal. If no coding technique is available that is supported by the terminal and the operating mobile radio network, the connection is operated uncoded only upon prior authorization.

Abstract: Method and apparatus for obtaining a cryptographic key by dispatching a key request to a communications channel, receiving a response from one or more key sources, selecting a key source according to the received responses, preparing a requester credential, communicating the requester credential to the selected key source, receiving a source credential from the selected key source, receiving an encrypted key from the key source and decrypting the encrypted key source according to the received source credential, the requester credential and a pre-placed certificate.

Abstract: A Web access providing system that allows a user to access a Web page as if he or she is making a telephone call. When a user terminal B sends out a service request S1 and an originating connection request S12, a connection notification S4 is sent to a user terminal A through local Mobile multimedia switching system (L-MMS 1) and a gateway mobile multimedia switching system (G-MMS 2). When receiving the connection notification 4, the user terminal A performs authentication. The authentication verifies whether the telephone number of the user terminal B is contained in a telephone directory of the user terminal A. After the authentication, the user terminal A outputs a connection communication response S5 to the G-MMS 2. The connection communication response S5 contains the URL of a Web page associated with the user terminal A. The L-MMS 1 receives the URL and outputs a connection request S7. Thus, the user terminal B can access and browse the Web page implemented by a Web server 3.

Abstract: A method and apparatus for authorizing an access requester to access a data communication network is provided. A determination is made that a threshold access control server cannot process an access request associated with the access requester. Access requester history data, or data that describes the access history for an access requester, is analyzed to obtain a threshold access level. A threshold access level is an expression of how likely that a particular access requester is a legitimate access requester. A session profile is selected for the access requester based on the threshold access level. The session profile indicates one or more actions the access requester is authorized to perform in the network. The session profile may subsequently be transmitted to the access requester to allow the access requester access to the network to the extent appropriate in view of the access requester history data.

Abstract: A wireless mobile phone is equipped to operate in an unauthenticated and an authenticated mode of operation, depending on whether a user has been authenticated. In one embodiment, the wireless mobile phone includes a finger print reader to enable a user's finger print to be inputted and be used for authentication. In one embodiment, the finger print reader includes a light source and sensors, and having complementary logic to process emitted light reflected off a user's finger into an input finger print. The user is authenticated using the inputted finger print. In one embodiment, the finger print reader is integrated with a power on/off switch, which may be disposed on an end surface, a side surface or a front surface of the body of the phone.

Abstract: An International Mobile Equipment Identification (IMEI) is coded and then stored in a user equipment (UE), wherein an authorized user is allowed to change the existing IMEI. When an IMEI is inputted, the UE generates a security code and stores the IMEI and the generated security code in a memory. Thereafter, if a second security code and IMEI is inputted, the UE determines whether the inputted security code is identical with the pre-stored security code. If the two security codes are identical with each other, the UE generates a third security code and stores the IMEI and the generated third security code. Thus, unauthorized IMEI storage is prevented. Accordingly, the IMEI coding method of the mobile UE can prevent unauthorized use of the UE while allowing the IMEI to be re-coded without hardware alteration.

Abstract: A system, method and computer program product are provided. In use, a key is distributed to a plurality of nodes of a wireless network for use in securing the nodes during use of the wireless network. Further, the key is automatically updated at the nodes in the wireless network based on predetermined criteria.

Abstract: Provided are a mobile communication terminal having a tag read function and a method of providing genuine product authentication service. The mobile communication terminal having the tag read function specifies an encryption key corresponding to an encryption key stored in the tag from its own plurality of encryption keys based on a signal received from the tag. The mobile communication terminal receives an encrypted product code or product information from the tag and decrypts the received product code or product code using an encryption key. Also, the mobile communication terminal outputs a result of decryption on a liquid crystal display (LCD) window or as beep sounds or voices.

Abstract: A method for Access Authentication in the High Rate Packet Data Network is proposed in the present invention comprising steps of the AN-AAA receiving the Radius Access Request message sent from the HRPD AN; the AN-AAA judging whether a terminal is a roaming one according to the Network Access ID and transmits the roaming terminal's authentication information to the terminal's home nerwork. If said terminal is a local one, the AN-AAA judges the type of the terminal according to the NAI value. If said terminal is a single-mode one, the AN-AAA works out the Result2 with the MD5 algorithm. if said terminal is in dual-mode, the AN-AAA calculates the Result2 with the CAVE algorithm to compare the Result1 with the Result2.

Abstract: A secure removable card has electrical connections for communication therewith. The card comprises a first integrated circuit die, with the first die including a processor. The card has a second integrated circuit die, with the second die including a non-volatile memory for storing a secret key, and a controller for controlling the operation of the non-volatile memory. A bus connects the first die with the second die. The processor can generate a key pair, having a public key portion and a private key portion upon power up, and transfers the public key portion across the bus to the second die. The controller can receive the public key and encrypt the secret key with the public key to generate a first encrypted key, and can transfer the first encrypted key across the bus to the first die.

Abstract: A method and system for providing secure communications for transmitting data to and from a wireless device includes components that facilitate sending authentication-related data to a wireless device using a secure channel of a first protocol; and utilizing the authentication-related data to facilitate secure communications between the wireless device and an enhanced wireless service. The secure communications between the wireless device and the enhanced wireless service utilizes a second protocol.

Abstract: Methods and apparatus for secure over-the-air (OTA) programming, and particularly, activation, of a wireless unit in a particular communications system. The unit stores a stored key having been generated by using a key algorithm (K-algorithm) with an identifier associated with the unit as an input to the K-algorithm. The unit may receive information such as parameters and a verification number from a communications system for the purpose of programming the unit. The verification number is generated by using an authorization algorithm (A-algorithm) having the parameters and a key as A-algorithm inputs. They key is generated by the K-algorithm having the identifier associated with the K-algorithm input. In response to the receipt of the parameters and the verification number, the wireless unit generates a trial verification number by using the A-algorithm with the parameters and the stored key as trial inputs. The unit compares the verification number to the trial verification number for a match.

Abstract: An authentication process for authenticating a battery to a cellular telephone includes the step of receiving a challenge from the cellular telephone at the battery over a single wire conductor. In response to the challenge, the seed values are retrieved from the memory and a response is generated based upon the challenge and the seed values. The response is transmitted back to the cellular telephone from the battery over the single conductor so that a comparison with a similar response generated by the cellular telephone may be made.

Abstract: A wireless network is connectable to an authentication server. Each access point in the wireless network includes a supplicant processing unit, an authenticator processing unit, and a function selector. When an access point is detected within communication range, the function selector selects either the supplicant processing unit or the authenticator processing unit. The selected unit operates to carry out or mediate an authentication protocol and establish a secure wireless link, protected by a pairwise encryption key, between the two access points. Because every access point can operate as either an authenticator or a supplicant, it is not necessary to invoke the services of a master authenticator. If an encryption key is compromised, the effect is limited and does not force the entire network to be shut down.

Abstract: By using a unique ID generated by considering the hardware characteristic of PC in PDA where an application program, etc. distributed based on PC is installed, it makes possible to generate and authenticate a virtual unique ID in PDA so as to authenticate drive of the application in PDA. As such, the file size of a distributed edition is small in its characteristic and it is difficult to have a protecting means such as security, etc. in view of the characteristic of device. Hence, illegal distribution is easy and a more certain solution is provided so as to prevent illegal copy of the application in PDA having a feasible characteristic in protecting copyright.

Abstract: A Gateway 3 receives mobile station data corresponding to a mobile station 2 from a switching center in a mobile packet communication network 1. The mobile station data may be communicated with a communication protocol such as Network Management Protocol (NWMP). Mobile station 2 transmits and receives user data, such as Hypertext Transfer Protocol (HTTP) data, in a protocol, such as HTTP, via gateway 3. In transmitting user data from mobile station 2 to a server 5, gateway 3 may add the mobile station data corresponding to mobile station 2 to the data. Mobile station 2 cannot falsify the mobile station data because the added mobile station data corresponds to identification data used in establishing a wireless connection between mobile station 2 and mobile packet communication network 1. As a result, server 5 may trust mobile station data added by gateway 3 to the user data transmitted from mobile station 2.

Abstract: A key exchange for a network architecture. A mobile node that roams over a foreign domain transmits a registration request to a home domain using the foreign domain. The identity of the mobile node within the registration request is encrypted. The home domain receives the registration request and decrypts the mobile node identity. The home domain generates a registration reply that includes encryption keys for encrypting information to be transmitted between and among the home domain, the foreign domain, and the mobile node.

Abstract: The present invention prevents a third party's impersonation while wireless communication is established for security setting. An access point, which performs a security setting process for wireless communication with a wireless LAN terminal by means of wireless communication, receives a start instruction for the security setting process and wirelessly receives start instruction data that indicates the start of the security setting process. The security setting process is not performed if the start instruction data is received before the receipt of the start instruction. The security setting process is performed if the start instruction data is not received before the receipt of the start instruction.

Abstract: A method for providing user notification signals in digital phone such as IP phones or cell phones that use encryption. In one embodiment, a digital phone receives an encrypted data packet. The phone determines that the encrypted data packet satisfies a criterion. The phone generates a user notification signal that is perceivable by a user of the phone in response to determining that the encrypted data packet does not satisfy the criterion. The user notification signal may comprise a tone, synthesized speech, or other signal that is audible in a handset or speaker of the phone. Alternatively, the user notification signal is visually displayed in an electronic display of the phone. The criterion may comprise a failure to authenticate one or more encrypted data packets that are provided to the phone in a secure protocol. The process may be performed at a voice gateway or cellular base station.

Abstract: In a mobile communications system, a batch of sequence numbers is generated via an algorithm wherein each sequence number comprises a suffix and a prefix. The method comprises; calculating a new sequence number suffix from an existing sequence number suffix, calculating a prefix of a first new sequence number of the batch by addition to the prefix of the existing sequence number if the new suffix is not equal to a predetermined value or by a randomizing process if the new suffix is equal to said predetermined value, and calculating prefixes for the other sequence numbers of the batch by modular addition of integers to the prefix of said first new sequence number. The sequence numbers are used in the authentication procedure.

Abstract: A method of validated communication The present invention provides a method of validated communication between a mobile network node (MNN) and a correspondent node (CN) via at least a first mobile router (MR). The method is characterized by employing an extended return routability checking procedure (XRRP) wherein an MNN test initiation (MNNTI) message is sent by the MR, and a MNN test (MNNT) message is sent by the CN. This adds to the security of requiring the home and care-of addresses being consistent as noted previously in standard RRPs, by enabling the generation of binding update validation keys based on receipt on any or all of the three HoT, CoT and MNNT test messages. The method is further characterized by sending from the MR an extended binding update (XBU), comprising the MNN's address (MNNA). By extending the binding update to include the MNNA in this manner, validated CN/MNN route optimization can be achieved.

Abstract: A system and method of controlling ciphering of call information between a mobile communication terminal and a network initiates the transmission of a ciphering request from the terminal to the network. The network then transmits a ciphering authentication request message to the terminal and the terminal responds by transmitting a ciphering authentication response message to the network. The network then transmits a ciphering activation completion message to the terminal in accordance with the ciphering authentication response message. A system and method for controlling deactivation of ciphering of call information initiates transmission of a ciphering deactivation request from the mobile terminal to the network. The network then performs the ciphering deactivation and transmits a ciphering deactivation completion message to the terminal. Through these systems and methods, the user terminal controls ciphering and deciphering of call information instead of the network.

Abstract: A method and apparatus for performing authentication in a communications system is provided. The method includes receiving a request for authentication from a server, the request for authentication including a first and a second random challenge, and comparing the first random challenge and the second random challenge. The method further includes denying the request for authentication in response to determining that the first random challenge is substantially the same as the second random challenge, and transmitting an encoded value to the server in response to determining that the first random challenge is different from the second random challenge, wherein the encoded value is generated based on the first and second random challenge and a key that is not shared with the server.

Abstract: A method for authenticating a mobile terminal in a wireless network is disclosed. The method includes transmitting a request for authenticating the mobile terminal in that wireless network operative to provide services at a location where the mobile terminal is currently present, receiving the request at a base station associated with that wireless network, and determining an entity associated with the wireless network to be operative as a single authentication access entity for that mobile terminal, as long as the mobile terminal location remains within that wireless network and traffic is directed through any location associated with that wireless network.

Abstract: A single sign-on technique allows multiple accesses to one or more applications or other resources using a proof-of-authentication module operating in conjunction with a standard authentication component. The application or other resource issues an authentication information request to the standard authentication component responsive to an access request from the user. The application or other resource receives, responsive to the authentication information request, a proof-of-authentication value from the standard authentication component, and authenticates the user based on the proof-of-authentication value. The standard authentication component interacts with the proof-of-authentication module to obtain the proof-of-authentication value. The proof-of-authentication module is configured to generate multiple proof-of-authentication values for authentication of respective access requests of the user.

Abstract: A system and method for providing secured access of a mobile device is disclosed herein. Access to data included in the mobile device is permitted when the presence of an authentication device having the proper authentication information is received by the mobile device.

Abstract: A security component determines whether a request for a resource poses a security risk to a computing device and verifies the integrity of the requested resource before the request is allowed. For a request having arguments and a resource path with a filename that identifies the resource, the security component determines that the request does not pose a security risk if the resource path does not exceed a maximum number of characters, individual arguments do not exceed a maximum number of characters, the arguments combined do not exceed a maximum number of characters, and the filename has a valid extension. The security component verifies the integrity of a requested resource by formulating a descriptor corresponding to the resource and comparing the descriptor with a cached descriptor corresponding to the resource.

Abstract: A method (FIG. 3), corresponding call screening unit, and base station (FIG. 2), suitable for detecting cloned communication units (111 or 113), are operable to receive a first response message and a second response message (305); determine whether identification fields (ESNs, MINs) corresponding to the response messages are equivalent (307); and if so, assess whether message contents or message properties corresponding to the response messages are not correlated (311) thus indicating the response messages are from different communication units; and when not correlated, decide that one of the response messages corresponds to a cloned communication unit (313).

Abstract: A mobile node that is in communication with a correspondent node via a home agent initiates a process for establishing a route optimized mode of communication between the mobile node and the correspondent node. The mobile node sends a first initiating message to the home agent for delivery to the correspondent node and sends a second initiating message directly to the correspondent node. The mobile node secures the first initiating message by including an initiating-message authentication code that can be validated by the home agent or by an authentication server. The correspondent node responds by sending a first responsive message to the home agent for delivery to the mobile node and by sending a second responsive message directly to the mobile node. The home agent secures the first responsive message by adding a responsive-message authentication code that can be validated by the mobile node.

Abstract: Methods and apparatus for providing personalized content to a user of a wireless network include establishing an anonymous user identifier and delivering the user identifier to a content provider. Based on the user identifier, communication with a predetermined data source is established or predetermined data content is selected. In some embodiments, a device identifier is provided in addition to the user identifier and device specific, personalized content is delivered to the user. In one example, a device identifier and a user identifier are based on a mobile station serial number and a subscriber identity module, respectively, and are used in an HTTP header. The anonymous user identifier can be based on a subscriber identity module (SIM) serial number, or a hash of the SIM serial number so that user information such as a user phone numbers is not available to content providers.

Abstract: The invention concerns the security of the data connections of a telephone user. The basic idea of the invention is to forward the authentication of a telephone system to the leg between two private data networks connected via an arbitrating network. When establishing the connection, the private network connected to the telephone system forwards the authenticated subscriber identity to the other private network. To provide the identity forwarded with authenticity, the message containing the identity is signed. To provide encryption of the subscriber identity, the message is encrypted using a public key method. In response the second private network generates a session key to be used in the connection. This key is signed and encrypted using a public key method and sent to the first private network. During the connection, a symmetrical encryption method with the session key is used.

Abstract: Methods and apparatus for secure over-the-air (OTA) programming, and particularly, activation, of a wireless unit in a particular communications system. The unit stores a stored key having been generated by using a key algorithm (K-algorithm) with an identifier associated with the unit as an input to the K-algorithm. The unit may receive information such as parameters and a verification number from a communications system for the purpose of programming the unit. The verification number is generated by using an authorization algorithm (A-algorithm) having the parameters and a key as A-algorithm inputs. The key is generated by the K-algorithm having the identifier associated with the as K-algorithm input. In response to receipt of the parameters and the verification number, the wireless unit generates a trial verification number by using the A-algorithm with the parameters and the stored key as trial inputs. The unit compares the verification number to the trial verification number for a match.

Abstract: An system for and method of providing end-to-end encrypted real-time phone calls using a commodity mobile phone and without requiring service provider cooperation is presented. The system and method improve upon prior art techniques by omitting any requirement for mobile phones that are specially manufactured to include end-to-end encryption functionality.

Abstract: A reception intensity measuring unit measures a reception intensity of a radio wave received by a radio reception unit under control of a connection control unit. When it is judged that the reception intensity of the received radio wave is larger than a reception intensity set in advance, the reception intensity measuring unit controls a transmission intensity changing unit to lower a transmission intensity of a radio wave to be transmitted from a radio transmission unit. When the transmission intensity of the radio wave to be transmitted from the radio transmission unit is lowered by the transmission intensity changing unit, an authentication processing unit executes authentication processing with another apparatus via the radio reception unit and the radio transmission unit and controls an authentication data registering unit to register authentication data, which is obtained as a result of the authentication processing, in a memory.

Abstract: Authentication of cellular telephone device by providing a first one-time pad cryptological table to a security server which has multiple sequenced One Time Pad value entries including a previous use indicator initialized as “unused”, and providing a second one-time pad cryptological table to an authentic device initially synchronized with the first table. A cloned copy of the second table is stored in an inauthentic cellular telephone device, these third table being initially synchronized with the second table. The authentic device selects an unused entry in the second table and transmits it to the server when requesting service. If the received entry matches a next sequential unused entry in the first table, the server grants service, and both server and authentic device mark that entry as used. If the received entry does not match a sequentially next unused entry in the first table, service is denied to the requesting device.

Abstract: In order to enable a home network operator to also control the issuing of certificates to a roaming subscriber, first information indicating whether or not it is allowed to issue a certificate to the subscriber is maintained in the subscription information. The first information is checked in response to a subscriber's certificate request received from the subscriber and the certificate is generated and delivered to the subscriber only if certificate issuance is allowed.

Abstract: In one embodiment, the method performed by mobile equipment to authenticate communication with a network includes generating keys using cellular authentication and voice encryption, and then generating an authentication key based on these keys. The authentication key is used to generate an expected message authentication code used in authenticating the network according to authentication and key agreement security protocol.

Abstract: In the method and the arrangement for checking the authenticity of a first communication subscriber in a communications network, a first fault information item is formed in the first communication subscriber using a fault detection data item of the first communication subscriber and an information item relating to a random data item. In a second communication subscriber in the communications network, a second fault information item is formed using a fault detection data item of the second communication subscriber and the information relating to the random data item. The authenticity of the first communication subscriber is checked using the first fault information and the second fault information.