Abstract: Mobile device user interface techniques are disclosed that can run across multiple platforms. These techniques allow for unobtrusive and intuitive communication with the user of the mobile device. For instance, one particular embodiment of the present invention allows a security product executing on a mobile device to use SMS-like messages to alert the user of the security status of the device, and more generally that security products (e.g., anti-virus, anti-spyware, email scanning, and/or intrusion detection) are actively protecting his/her device. A non-platform-user-interface dependent means of providing such alerts is also provided.

Abstract: The present invention relates to a method and a system for the local or remote authentication of an item, in particular a security document, with the help of a authenticating device, comprised in, connected to, or linked to mobile communication equipment. Said item carries a marking exhibiting a characteristic physical behavior in response to interrogating energy, such as electromagnetic radiation and/or electric or magnetic fields. Said marking may comprise physical and logical security elements, e.g. a barcode, or a characteristic particle or flake pattern, exhibiting a characteristic physical response.

Abstract: A basic idea according to the invention is to enhance or update the basic cryptographic security algorithms by an algorithm-specific modification of the security key information generated in the normal key agreement procedure of the mobile communication system. For communication with the mobile terminal, the network side normally selects an enhanced version of one of the basic cryptographic security algorithms supported by the mobile, and transmits information representative of the selected algorithm to the mobile terminal. The basic security key resulting from the key agreement procedure (AKA, 10) between the mobile terminal and the network is then modified (22) in dependence on the selected algorithm to generate an algorithm-specific security key. The basic security algorithm (24) is then applied with this algorithm-specific security key as key input to enhance security for protected communication in the mobile communications network.

Abstract: An interactive client-server authentication system and method are based on Random Partial Pattern Recognition algorithm (RPPR). In RPPR, an ordered set of data fields is stored for a client to be authenticated in secure memory. An authentication server presents a clue to the client via a communication medium, such positions in the ordered set of a random subset of data fields from the ordered set. The client enters input data in multiple fields according to the clue, and the server accepts the input data from the client via a data communication medium. The input data corresponds to the field contents for the data fields at the identified positions of the random subset of data fields. The server then determines whether the input data matches the field contents of corresponding data fields in a random subset.

Abstract: A method and system to allow wireless devices, such as wirelessly-equipped digital cameras, to gain wireless packet-data connectivity and to interact with a media management server, such as a photo server. A wireless carrier distributes multiple devices all having the same set of radio access data (e.g., mobile identification number and electronic serial number), and all having shared or unique pre-registration data. Any such device can then readily use the shared radio access data to acquire radio connectivity and can then use the pre-registration data to gain access to the media management server. The first time such a device connects with the media management server using the pre-registration data, the server will engage in a online account registration session with the device and provision the device with post-registration data that the device can thereafter use to access the online account.

Abstract: An M6 block cipher system and method for encoding content and authenticating a device may use an M6 core. The M6 block cipher system may include a rotate constant selector selecting one or more rotate constants from a plurality of input rotate constants for output based on a selection signal input thereto, a rotate constant ordering device ordering the selected rotate constants and a common rotate constant input thereto based on a received ordering signal and an M6 core generating one or more of an output signal, a validity signal and a round number based on the ordered rotate constants and a plurality of input signals. The system may include a rotate constant scheduler outputting the ordering signal to the rotate constant ordering device in response to the selection signal and the round number.

Abstract: A method and apparatus for authorizing an access requester to access a data communication network is provided. A determination is made that a threshold access control server cannot process an access request associated with the access requester. Access requester history data, or data that describes the access history for an access requester, is analyzed to obtain a threshold access level. A threshold access level is an expression of how likely that a particular access requester is a legitimate access requester. A session profile is selected for the access requester based on the threshold access level. The session profile indicates one or more actions the access requester is authorized to perform in the network. The session profile may subsequently be transmitted to the access requester to allow the access requester access to the network to the extent appropriate in view of the access requester history data.

Abstract: A method for secure loading of a key dedicated to securing a predetermined operation into memory of a microchip of an embedded system includes, as a first step, authenticating a security device by generating a first random number using the microchip, transmitting the first random number to the security device, generating a second random number in the security device, generating a first cryptogram from the first and second random numbers by applying an asymmetric signature algorithm using an asymmetric secret key, transmitting at least the first cryptogram to the microchip, and authenticating the security device by verifying the first cryptogram using the public key.

Abstract: A method and system for providing secure communications for transmitting data to and from a wireless device includes components that facilitate sending authentication-related data to a wireless device using a secure channel of a first protocol; and utilizing the authentication-related data to facilitate secure communications between the wireless device and an enhanced wireless service. The secure communications between the wireless device and the enhanced wireless service utilizes a second protocol.

Abstract: Methods and apparatus for secure over-the-air (OTA) programming, and particularly, activation, of a wireless unit in a particular communications system. The unit stores a stored key having been generated by using a key algorithm (K-algorithm) with an identifier associated with the unit as an input to the K-algorithm. The unit may receive information such as parameters and a verification number from a communications system for the purpose of programming the unit. The verification number is generated by using an authorization algorithm (A-algorithm) having the parameters and a key as A-algorithm inputs. They key is generated by the K-algorithm having the identifier associated with the K-algorithm input. In response to the receipt of the parameters and the verification number, the wireless unit generates a trial verification number by using the A-algorithm with the parameters and the stored key as trial inputs. The unit compares the verification number to the trial verification number for a match.

Abstract: To render secure a connection between an access point of a short-range network and a mobile terminal within a cellular network while precluding acquisition of a PIN code, a platform transmits a confirming message, including a secret code and the access point address retrieved from a terminal request, to the terminal through the cellular network and a connection request message including the secret code and the mobile terminal address to the access point. The access point authenticates the terminal, or the terminals authenticate each other as a function of a session key determined as a function of the secret code retrieved from the connection request message and from the confirming message.

Abstract: A method of validated communication The present invention provides a method of validated communication between a mobile network node (MNN) and a correspondent node (CN) via at least a first mobile router (MR). The method is characterized by employing an extended return routability checking procedure (XRRP) wherein an MNN test initiation (MNNTI) message is sent by the MR, and a MNN test (MNNT) message is sent by the CN. This adds to the security of requiring the home and care-of addresses being consistent as noted previously in standard RRPs, by enabling the generation of binding update validation keys based on receipt on any or all of the three HoT, CoT and MNNT test messages. The method is further characterized by sending from the MR an extended binding update (XBU), comprising the MNN's address (MNNA). By extending the binding update to include the MNNA in this manner, validated CN/MNN route optimization can be achieved.

Abstract: A credential provisioning technique is provided that is secure yet easy to administer. A credential provisioner such as a network AP is configured to leave a secure mode of operation and allow open authentication with a wireless supplicant. After open authentication is established, the wireless supplicant requests credential provisioning. In response, the credential provisioner supplies the supplicant with an encrypted password. To prevent unauthorized access, the supplicant again requests credential provisioning but also proves knowledge of the encrypted password. At least one credential is supplied to the wireless supplicant in response to the proof only if a waiting period expires with just one request for credential provisioning being received by the credential provisioner.

Abstract: A method (FIG. 3), corresponding call screening unit, and base station (FIG. 2), suitable for detecting cloned communication units (111 or 113), are operable to receive a first response message and a second response message (305); determine whether identification fields (ESNs, MINs) corresponding to the response messages are equivalent (307); and if so, assess whether message contents or message properties corresponding to the response messages are not correlated (311) thus indicating the response messages are from different communication units; and when not correlated, decide that one of the response messages corresponds to a cloned communication unit (313).

Abstract: A security component determines whether a request for a resource poses a security risk to a computing device and verifies the integrity of the requested resource before the request is allowed. For a request having arguments and a resource path with a filename that identifies the resource, the security component determines that the request does not pose a security risk if the resource path does not exceed a maximum number of characters, individual arguments do not exceed a maximum number of characters, the arguments combined do not exceed a maximum number of characters, and the filename has a valid extension. The security component verifies the integrity of a requested resource by formulating a descriptor corresponding to the resource and comparing the descriptor with a cached descriptor corresponding to the resource.

Abstract: A system and method for activating a subscriber identification module (SIM) based mobile device in a PCS/ANSI type wireless network. The method comprises pre-programming the SIM card of the mobile device with temporary activation identifiers, such as an international mobile station identity (IMSI) and/or a mobile identification number (MIN), and a temporary electronic serial number. The temporary electronic serial number, rather than the mobile device actual electronic serial number, is used to identify the mobile device during registration and activation. The network identifies the temporary electronic serial number associated with the SIM vendor and invokes an over-the-air activation procedure especially for the SIM card mobile devices. A SIM-over-the-air-activation processor is notified to perform the activation for that mobile device on the PCS wireless network.

Abstract: Methods and apparatus for secure over-the-air (OTA) programming, and particularly, activation, of a wireless unit in a particular communications system. The unit stores a stored key having been generated by using a key algorithm (K-algorithm) with an identifier associated with the unit as an input to the K-algorithm. The unit may receive information such as parameters and a verification number from a communications system for the purpose of programming the unit. The verification number is generated by using an authorization algorithm (A-algorithm) having the parameters and a key as A-algorithm inputs. The key is generated by the K-algorithm having the identifier associated with the as K-algorithm input. In response to receipt of the parameters and the verification number, the wireless unit generates a trial verification number by using the A-algorithm with the parameters and the stored key as trial inputs. The unit compares the verification number to the trial verification number for a match.

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: Apparatus and methods provide remote access to subscriber identity information and subscriber configuration information stored on one or more subscriber identity modules (SIMs), to allow remote configuration of wireless communications devices. A SIM server provides access to the SIMs, a SIM librarian catalogs the SIMs, and a SIM accounting system tracks and/bills for SIM usage. Apparatus and methods provide remote access to proxy wireless communications devices, allowing such devices to operate as if actually present in the remote locations.

Abstract: The invention proposes a method of performing authentication of a subscriber during a subscriber equipment terminated call, comprising the steps of sending a session invitation message (S4, S5) to the subscriber equipment, the session invitation message including authentication information (AuthData1), and performing an authentication procedure in the subscriber equipment by using the authentication information. The invention also proposes a corresponding network system, network control element and subscriber entity.

Abstract: A technique for authenticating a user to a server using SIP messages includes forwarding an SIP request from the user agent to the server. The server then forwards a request for authentication to the user agent in response to the invite request, the request for authentication including information that the authentication will be performed using a UMTS AKA mechanism. The user agent then forwards and authentication response to the server in accordance with the UMTS AKA mechanism and the server then performs the appropriate actions to perform an invoked SIP procedure in response to the SIP request. The SIP request may include any standardized SIP request including an SIP INVITE request or an SIP REGISTER request.

Abstract: The invention relates to a method and system for authenticating a user of a data transfer device (such as a terminal in a wireless local area network, i.e. WLAN). The method comprises: setting up a data transfer connection from the data transfer device to a service access point. Next, identification data of the mobile subscriber (for example an MSISDN) are inputted to the service access point. This is followed by checking from the mobile communications system whether the mobile subscriber identification data contains an access right to the service access point. If a valid access right exists, a password is generated, then transmitted to a subscriber terminal (for example a GSM mobile phone) corresponding to the mobile subscriber identification data, and login from the data transfer device to the service access point takes place with the password transmitted to the subscriber terminal.

Abstract: Arranging data ciphering in a telecommunication system comprising at least one wireless terminal, a wireless local area network and a public land mobile network. At least one first ciphering key according to the mobile network is calculated in the mobile network and in the terminal for a terminal identifier using a specific secret key for the identifier. Data transmission between the mobile network and the terminal is carried out through the wireless local area network. A second ciphering key is calculated in the terminal and in the mobile network using said at least one first ciphering key. The second ciphering key is sent from the mobile network to the wireless local area network. The data between the terminal and the network is ciphered using said second ciphering key.

Abstract: A method to authenticate a mobile station B in a mobile network, so that the mobile station B is authenticated and an encryption key is agreed between mobile stations A and B using user data exchange during call setup. More specifically the mobile station B is authenticated by the mobile station A constructing and sending to the mobile station B a message M1, the mobile station B receiving the message M1, constructing and sending a message M2 to the mobile station A, the mobile station A receiving the message M2, checking the validity of the information in the message M2, if the information is verified valid the mobile station A accepting to share a shared encryption key K with mobile station B, the mobile station A constructing and sending the message M3 to the mobile station B, the mobile station B receiving the message M3 and verifying the validity of the information, if the information is valid the mobile station B accepting the sharing of the shared encryption key K with the mobile station A.

Abstract: A method and system is disclosed for using common provisioning data to activate cellular wireless devices. A wireless carrier may distribute multiple wireless devices containing a common set of pre-activation provisioning data, such as a common MIN/ESN pair, as well as a unique post-activation data, such as a unique ESN. When such a device is powered on, it may use the common pre-activation provisioning data to gain RF access and then enter into a provisioning data session with a provisioning server. Through the provisioning server, the carrier may tie the device to a service account, and the device may acquire and store further post-activation data, such as a unique MIN. The device may thereafter engage in wireless communication service, using its post-activation ESN and MIN as a basis to gain RF access.

Abstract: A mobile terminal control system using a digital signature. The system including a server for preparing a command message for a relevant mobile terminal according to mobile terminal status information set by a user, adding a digital signature to the prepared command message, and transmitting the resultant message. The system further includes a mobile terminal for authenticating the command message transmitted from the server and performing operations of power-off, log-on and log-off of the mobile terminal according to the authenticated command message. The server prepares a command message according to mobile terminal status information set by a user and transmits the prepared command message to a mobile terminal and the mobile terminal authenticates the transmitted command message. The mobile terminal can be controlled only through the authenticated message.

Abstract: The authentication processing apparatus according to the present invention includes: an authentication unit having a circuit that performs authentication phases included in processing for authenticating an external device; a command holding unit which holds a first command that indicates whether or not to perform each of the authentication phases; and an authentication control unit which causes the authentication unit to perform an authentication phase that is indicated by the first command as an authentication phase which is to be performed.

Abstract: An ID is being calculated in a manner distributed among devices of the user's personal area network (PAN). The devices communicate in a wireless manner. A server runs a simulation of the PAN. If the server and the PAN calculate matching results, it is assumed that the user's ID is correct for purposes of conditional access. The distribution of the calculation of the ID among the user's PAN devices and its, for practical purposes, stochastic nature render the system very hard to hack.

Abstract: Systems and methods for improved security in handset reprogramming are provided that prevent a handset from being reprogrammed in the field without authorization from carrier. When a handset receives a reprogramming request, or detects a reprogramming attempt, the handset contacts the carrier for authorization to be reprogrammed. The network can provide the authorization, deny the authorization, require additional information from the reprogramming device, or contact the reprogramming device directly to authorize the reprogramming. Additionally, the carrier may provide the handset and the reprogramming device each with a private key that can be converted by each device and then compared by the handset to determine if the reprogramming device is authorized.

Abstract: Methods and apparatus are presented herein for allowing a wireless communication device to perform a proxy authentication on behalf of a tethered device.

Abstract: A wireless local area network system (100) supporting mobile radio telephony reduces the time to complete an authenticated handover from one access point (104) to another (108) by a mobile station (102) by performing some of the steps normally performed upon leaving one access point while still associated with that access point. More particularly, the mobile station causes a cryptographic key (204) to be preestablished (212) for use when handing over to a new access point. The cryptographic key is derived at the mobile station, and is also derived in the WLAN infrastructure and stored until the mobile station initiates a handover.

Abstract: A mobile host MH and its home network HN correspond to both the Internet Protocol version 4 (IPv4) and the Internet Protocol version 6 (IPv6). An authentication server (RS) is accommodated in the home network HN. A corresponding host H corresponds to the IPv6 and is accommodated in the IPv6 network. In addition, a plurality of relay servers S1, S2 and S3 corresponding to both the IPv4 and the IPv6 are accommodated in the IPv6 network. The respective S1, S2 and S3 extract an IPv6 packet by decapsulating the IPv4 packet received from the mobile host MH via the IPv4 network, and transfers the relevant IPv6 packet to the corresponding host H via the IPv6 network.

Abstract: An aspect of the present invention is to easily verify data integrity in data transmission and reception by means of an ad-hoc radio connection. A requester and requested end of an establishment of a cipher communication path are defined as source A and destination B, respectively. A predetermined verification data generation algorithm ID1 is arranged in advance between source A and destination B. Source A sends its own public key Kp to destination B, and at the same time generates verification data Xp based on Kp using ID1 and outputs Xp to its own verification image display section. On the other hand, destination B receives data Kx that is transmitted from source A as Kp, then generates verification data Xx based on Kx using ID1 and outputs Xx to its own verification image display section. A verifier determines that data integrity is secured if Xp and Xx displayed in the verification image display sections of source A and destination B match.

Abstract: A method and apparatus for performing authentication in a communications system is provided. The method includes receiving a request for authentication from a server, the request for authentication including a first and a second random challenge, and comparing the first random challenge and the second random challenge. The method further includes denying the request for authentication in response to determining that the first random challenge is substantially the same as the second random challenge, and transmitting an encoded value to the server in response to determining that the first random challenge is different from the second random challenge, wherein the encoded value is generated based on the first and second random challenge and a key that is not shared with the server.

Abstract: A wireless LAN access authentication system capable of shortening the time required for an access authentication procedure of a radio terminal apparatus. In this wireless LAN access authentication system, when a radio terminal apparatus 116 of a user who has sent an access request is already registered through initial access, a gateway apparatus 111 searches for a WEP key assigned to the radio terminal apparatus 116 through a WEP key control section 306 and redistributes the WEP key registered beforehand to a new access point section 124 in the destination area and the radio terminal apparatus 116. The radio terminal apparatus 116 and access point section 124 to which the WEP key has been distributed encrypt transmission/reception data in a predetermined radio section using the redistributed WEP key and carry out a communication.

Abstract: A method and system for secure identification of a person in an electronic communications environment, wherein a host computer is adapted to be able to communicate with a specific electronic communications device operated by the person. The person is issued with a mask code, known only to the person and stored in the host computer, but never transmitted electronically there between. When the person is required to identify him- or herself to the host computer, the host computer transmits a pseudo-random string to the specific electronic communications device, whereupon the mask code must be applied to the pseudo-random string according to predetermined rules so as to generate a volatile identification code which is then transmitted back to the host computer. Positive identification is achieved when the volatile identification code matches a volatile identification code generated within the host computer by applying the mask code stored therein to the pseudo-random string.

Abstract: A technique for authenticating a user to a server using SIP messages includes forwarding an SIP request from the user agent to the server. The server then forwards a request for authentication to the user agent in response to the invite request, the request for authentication including information that the authentication will be performed using a UMTS AKA mechanism. The user agent then forwards and authentication response to the server in accordance with the UMTS AKA mechanism and the server then performs the appropriate actions to perform an invoked SIP procedure in response to the SIP request. The SIP request may include any standardized SIP request including an SIP INVITE request or an SIP REGISTER request.

Abstract: A method of granting, to a user communications device, access to a service provided by a plurality of service communications devices where an access key code is generated during an initial communications session between the user communications device and one of the service communications devices. The established access key code is subsequently stored in the user communications device and made available to the service communications devices for use in subsequent communications sessions between the user communications device and any one of the service communications devices. The invention further relates to a communications system and a user communications device.

Abstract: A method for improving an established Authentication and Key Agreement procedure which prevents rogue mobiles from fraudulently gaining access to a communication system. The communication system periodically broadcasts a challenge interrogation message requesting that a mobile, which is currently validated to use the system, to authenticate itself to the system. The mobile computes an authentication response based on information known only to the communication system and the USIM of the mobile and transmits said response to the communication system. The communication system also computes an authentication response and compares said response with that received from the mobile. A mobile is authenticated by the communication system when the two authentication responses are equal. Otherwise, the mobile is not given access to the communication system.

Abstract: Many examples exist of a mobile node moving between the operational zones of multiple network access points or base stations. To minimize delay in re-authenticating with the network through a new base station, an additional form authenticated access mode called “credential authenticated” access is provided. The mobile unit is fully authenticated in the first base station (e.g., the user has logged in and paid for service). Thereafter, the first base unit transmits a “credential” to the mobile node that may be used by other base stations to establish trust with the mobile node prior to full re-authentication. Upon entering the operational zone of the second base station, the mobile node can transmit the credential to the second base station, which may accept the credential and allow access by the mobile node to the network through the second base station before full authentication has completed.

Abstract: According to the two party authentication method, a first party generates and transfers a random number to a second party as a first challenge. The second party increments a count value in response to the first challenge, generates a first challenge response by performing a keyed cryptographic function (KCF) on the first challenge and the count value using a first key, and transfers the count value, as a second challenge, and the first challenge response to the first party. The first party verifies the second party based on the first challenge, the second challenge and the first challenge response. The first party also generates a second challenge response by performing the KCF on the second challenge using the first key, and transfers the second challenge response to the second party. The second party verifies the first party based on the second challenge and the second challenge response. For instance, the first and second parties can be a network and mobile, respectively, in a wireless system.

Abstract: A method for executing secure data transfer between a communication device and an application server in a wireless network, in which a request requiring a secure transaction of data is sent from either the communication device or the server. An agreement proposal for the secure transaction is sent to the communication device, and if the agreement proposal is considered acceptable, the agreement proposal is sent to a security adapter. Details of the transaction are entered into a message and sent to a smart card in order to activate a signing application in the smart card. The details of the transaction are displayed on the communication device, and if the transaction is accepted, the signing application signs the data and sends it to the security adapter via messages, the signature is verified, and the data is sent to the server.

Abstract: The infrastructure has a core network, radio network controllers linked to the core network and base stations provided with radio interfaces and each linked to one of the controllers. Ciphered information is transmitted over a first communication path in circuit mode between the core network and the terminal, passing through a first master controller, then over a second communication path in circuit mode between the core network and the terminal, passing through a second master controller. The second path is established in a transfer procedure comprising the transmission of adjustment data from the first to the second master controller and the suppression of the first path. These data are representative of a current value of a sequence number used to encipher the information and incremented at regular intervals, and of an offset between this sequence number and a time reference available to the second controller.

Abstract: Device for processing data includes a processor for executing program routines, and a memory for storing program routines to be executed by the processor. Part of the memory includes a protected part from which data can be read but which is protected against being written into. The processor is arranged to necessarily execute a program routine stored in the protected part of the memory upon start-up.

Abstract: A system for updating a communications key(s) performs an authentication(s) of the unit and/or of the communications system using an update key. By using the update key to perform the authentication(s), the key update system can reduce communications between a home communications system and a visiting communications system by sending the update key to the visiting communications system while maintaining the communications key at the home communication system. For example, in performing a key update, the home communications system generates a communications key, such as a new authentication key SSD-A-NEW, using a sequence RANDSSD generated at the home communications system and a secret key A-KEY maintained at the home communications system and at the unit. The home communications system generates the update key SSD-KEY also using the sequence RANDSSD and the secret key A-KEY.

Abstract: A mobile communication terminal includes an IC card, a power supply, and a control section. The IC card stores an identification number. The power supply supplies power to the mobile communication terminal. The control section can set the mobile communication terminal to a communication possible state when the power is supplied from the power supply and an entered identification number is coincident with the identification number stored in the IC card. Also, the control section can set the mobile communication terminal to the communication possible state depending on a power down time period without an entering operation of the identification number when the supply of the power to the mobile communication terminal is stopped and then recovered.

Abstract: A data server derives information regarding the identities of users placing calls in a circuit-switched communication network. It performs this task by initially establishing at least one known and trusted identity “seed.” The data server uses the trusted identity seed, in conjunction with information regarding calls placed in the circuit-switched communication network, to derive additional user identities. Further, a user device may encrypt its secret identification number before transmitting it to the data server to maintain the secrecy of this information. The data server is additionally configured to modify previously derived identities when the server determines that they have become inaccurate.

Abstract: The present invention is to provide a method of safely sending encrypted e-mails over LAN comprising the steps of installing a LAN access program on a wireless communication device; connecting the wireless communication device to a LAN; setting LAN access conditions in the LAN access program prior to sending e-mail; and enabling a CPU of the wireless communication device to perform the sub-steps of performing an authorization at a server based on the LAN access conditions; after gaining the authorization, adding corresponding encrypted codes on the e-mail based on a selected safety level; and sending the encrypted e-mail over an authorized VPN.

Abstract: In the disclosed registration and authentication scheme, in the case of carrying out the registration and authentication of a wireless terminal with respect to a wireless base station provided inside the home, for example, a user of the wireless terminal must directly operate the wireless base station. For this reason, it is possible to prevent the registration and authentication of a wireless terminal of an external user who cannot easily operate the wireless base station, and thereby it is possible to realize the secure and easy registration and authentication processing even when the wireless communications are used.

Abstract: Ciphered information is transmitted over a first communication path in circuit mode between a core network and a terminal, passing through a first master controller, then over a second path between the core network and the terminal, passing through a second master controller. The second path is established in a procedure comprising the transmission of data from the first to the second master controller, a phase of simultaneous transmission of radio signals by the infrastructure on the first and second paths, then the suppression of the first path. The radio signals transmitted on the two paths during the phase of simultaneous transmission transport the same information, ciphered with offset sequence numbers, and the radio terminal switches over from the first to the second path while advancing the ciphering sequence number in such a way as to align it with the offset number used by the second controller.