Abstract: System and method for establishing secure conference calls. In one example system, a central conference call server establishes point-to-point connections with accessory devices comprising a secure element and connected to corresponding participant devices. The conference call server includes an interface to a plurality of secure elements configured to perform scrambling and unscrambling of media signals communicated to and from the accessory devices. In another example, one of the participant devices operates as the central conference call server. In other examples, participant devices communicate on a conference call via point-to-point connections between all accessory devices connected to the participant devices. The accessory devices include secure elements for decryption and encryption of media signals communicated between the accessory devices.

Abstract: Embodiments herein include, for example, a method, comprising: generating a shared symmetric key to begin a communication session among a group of users by a first user; distributing, by the first user, the generated shared symmetric key to each user in the group of users; communicating within the communication session among a group of users, where each user encrypts a message to the group of users to be distributed through the communication session using the generated shared symmetric key, and each user decrypts a message received from the communication session using the generated shared symmetric key.

Abstract: A method for providing improved personalized security mechanisms for transferring electronic data is disclosed. In an embodiment, the method comprises generating, at a client computer, a user key pair, wherein the user key pair comprises a user private key and a user public key; transmitting the user public key from the client computer to a server computer; receiving, at the client computer, from the server computer, a user account public key; generating a virtual memory stick (“VMS”) file and including, in the VMS file, one or more keys and one or more passphrases; encrypting the VMS file with a protection passphrase to generate an encrypted VMS file; and transmitting the encrypted VMS file to the server computer.

Abstract: A method of enabling applications to reference user information is provided, including receiving a request for a user identifier that references a user of the application and sending a second request for the user identifier to a server. The second request may include a second user identifier that references the user and a second authentication token for the second user identifier. Furthermore, the second user identifier and the second authentication token are not accessible by the user. The method includes receiving the user identifier and an authentication token for the first user identifier. The user identifier corresponds to the second identifier; and providing the user identifier and authentication token to the application. A method of enabling an application to identify users associated with a user of the application is provided; the method may include receiving, from the server, user identifiers that reference one or more users scoped to the application.

Abstract: Data packets passing from a source to a destination in a network according to a Service Function Chain (SFC) are processed by an ordered sequence of at least one service function (SF). For each SF in the SFC in order, a current value of a function, such as a hash function, is recursively computed including, as input values, at least current identifying data that identifies a corresponding current one of the SFs, and a value of the function output from an immediately preceding SF. After computing the current value of the function for a selected SF in the SFC, the current value of the function is compared with an expected value. If the value of the function for the selected SF is the same as the expected value, the data packet is allowed to be transmitted to a subsequent processing stage; if not, then an error response action is taken.

Abstract: Disclosed herein are a fixed-location Internet-of-Things (IoT) device for protecting secure storage access information and a method for protecting secure storage access information of the fixed-location IoT device.

Abstract: A security method and system for capturing user specific binary information used to identify the user; using the user specific binary information to generate a secured primary code, generating strong user credentials for accessing web based or applications logins, intercepting credential requests from local applications or remote web sites, regenerating strong user credentials dynamically, using the secure primary code to generate encryption keys for protection of data inside or outside the machine of creation, and using secure primary code protection in conjunction with subsidiary key exchanges to allow data sharing while retaining data security.

Abstract: A method and apparatus prevents hacker code from infecting an application program by requiring decryption of the application program prior to running the application program on a computer. The method includes steps of: providing a security device that is a separate unit from components necessary to operate the computer; storing a symmetric private key on the security device; using the device symmetric private key to produce an encrypted application program upon first installation; thereafter decrypting that part of the encrypted application program needed implement a command to run the application program; and, decrypting, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program.

Abstract: In one embodiment, a system includes a processing circuit and logic integrated with the processing circuit, executable by the processing circuit, or integrated with and executable by the processing circuit. The logic is configured to cause the processing circuit to limit functionality of a remote controlled device during periods of time that a user of the remote controlled device is not authenticated, and to receive identity information of the user of the remote controlled device via an authentication process, with the identity information establishing an identity of the user. Also, the logic is configured to cause the processing circuit to authenticate the user prior to allowing full functionality of the remote controlled device, send an indication of the identity of the user to the remote controlled device, and provide full functionality of the remote controlled device to the user in response to successfully authenticating the user.

Abstract: A pseudonymous proximity location device and methods of operating and/or interacting with the same are provided. The pseudonymous proximity location device is configured to provide meaningful information to authorized reading devices but useless information to non-authorized reading devices, thereby prohibiting the use of the pseudonymous proximity location device by unauthorized reading devices.

Abstract: Methods, systems, and computer-readable storage media for a trust management system (TMS) in connected devices including a service provider device and a service consumer device, actions including receiving, by the TMS, side information associated with the service provider device, the side information including profile data and context data, processing, by the TMS, the side information using a computer-executable stereotype model to determine a prior trust value, determining, by the TMS, a trust value using a computer-executable experiential trust model, and at least partially based on the prior trust value, and selectively conducting a transaction between the service consumer device, and the service provider device based on the trust value.

Abstract: An approach is provided to automatically replicate content to certain servers in a networking environment based on, amongst other metrics, location of third parties accessing information in a social networking environment. The approach includes obtaining content from a user within a networked environment and analyzing information of one or more third parties that have access to the networked environment and who have an association with the user. The approach further includes replicating the content to one or more servers within the networked environment based on the analyzed information of the one or more third parties.

Abstract: An electronic social networking environment enables the transfer of stored value between users of the environment. A transfer may be in the form of a gift from one user to another. The stored value may represent actual currency or virtual currency. The stored value may be redeemed within or outside the electronic social networking environment, and may be redeemed with one or more merchants. The stored value may be redeemed for a physical item or service or for a virtual item or service.

Abstract: Provided are methods and apparatuses for establishing a wireless communications connection by using biometric information of a user. A method of operating an electronic device includes operations of: acquiring first biometric information; transmitting first sub-information of the first biometric information to a terminal within a certain time from an instant of acquiring the first biometric information; receiving from the terminal second sub-information of second biometric information of a user who uses the terminal; and comparing second sub-information of the first biometric information corresponding to the second sub-information of the second biometric information with the second sub-information of the second biometric information. If it is determined as a result of the comparing that the second sub-information of the first biometric information matches the second sub-information of the second biometric information, a pairing with the terminal is established through a wireless network.

Abstract: A method to securely send, to the device the cryptographic key and the local wireless network credentials with an authenticity verification to ensure that the device is safe to be added to the local network. Those credentials are sent using a NFC enabled device to the internal EEPROM with NFC interface embedded on the target connected device. The method enforces the configuration setup process to avoid critical vulnerabilities in IoT devices, minimizing security and privacy issues to the final user and avoid any unauthorized device to be added to the network. When a new IoT device is added, assuming that this new device has no security key embedded and no stored authentication credentials, a secure mobile application will send that information to the device using NFC. This application has an interface to configure the device in a single step.

Abstract: The present application is directed to a computer-implemented device for reserving a path in a network. The device includes a non-transitory memory operably coupled to a processor. The processor is configured to perform the instruction of sending a path computation request to a backbone router via a routing protocol path. The processor is also configured to perform the instruction of receiving a computation reply from the backbone router path based upon the request. The processor is also configured to perform the instruction of assigning a soft cell on the path between the source and the destination device. The application is also directed to a computer-implemented device for reserving a path between a source device and destination device.

Abstract: An entity authentication method includes: an entity A generates and sends NA to an entity B; the entity B generates NB and ZSEEDB, computes a key MKA?KEIA and first encrypted authentication data AuthEncDataB, and sends the NB?NA?AuthEncDataB to the entity A for verification; the entity A generates ZSEEDA, computes second encrypted authentication data AuthEncDataA, a shared key seed Z, a master key MK and a first message authentication identifier MacTagA, and sends the NA?NB?AuthEncDataA?MacTagA to the entity B for verification; the entity B computes Z, MK and MacTagA, compares the MacTagA with the received MacTagA, and if the two are equal, considers that the entity A is valid; the entity B computes and sends a second message authentication identifier MacTagB to the entity A; and the entity A computes MacTagB, compares the MacTagB with the received MacTagB, and if the two are equal, considers that the entity B is valid.

Abstract: The present disclosure provides a bootstrapping server, a network application function (NAF), a system and methods for establishing secure communication between a machine to machine (M2M) device and a NAF. A method for establishing secure communication between the NAF and M2M device comprises receiving a first data object, tunneling the first data object to the M2M device, via an interface between the NAF and the M2M device, for enabling the M2M device to derive first information to establish said secure communication, receiving a second data object and deriving second information for use in establishing said secure communication with the M2M device.

Abstract: An apparatus includes a computing system that is configured to receive, from an electronic device, a verification message indicating that the electronic device is not corrupt. The computing system is also configured to receive, from the electronic device, a unique universal identifier (UUID) that is associated with an application stored in a memory of the electronic device. The computing system is further configured to receive, from a management server of the one or more management servers, a server key stored in a credential store and that is associated with the UUID received from the electronic device. In addition, the computing system is configured to establish one or more secure channels for electronic data communication with the electronic device based on the received UUID and the server key.

Abstract: Systems and methods for backing up data are provided. Data objects or blocks of data can be encrypted with individualized keys. The keys are generated from the unencrypted data objects or blocks. The encrypted data objects or blocks and fingerprints of the encrypted data objects or blocks can be uploaded to a datacenter. Even though the data objects or blocks are encrypted, deduplication can be performed by the datacenter or before the data object is uploaded to the datacenter. In addition, access can be controlled by encrypting the key used to encrypt the data object with access keys to generate one or more access codes. The key to decrypt the encrypted data object is obtained by decrypting the access code.

Abstract: Techniques for implementing public key infrastructure using blockchains are described. An apparatus may receive, from a introducee principal, a proof-of-work. The apparatus may combine the proof-of-work with an identifier of the introducee principal. The apparatus may generate an introduction of the introducee principal. The introduction may include signing, using an asymmetric private key assigned to the apparatus, the combination of the proof-of-work and the identifier of the introducee principal. The apparatus may publish the introduction of the introducee principal to a blockchain.

Abstract: An example method for file sharing over secure connections comprises: establishing a secure client connection; receiving a client request identifying a file residing on the file sharing host; transmitting an identifier and a parameter of the secure client connection via a management connection to the file sharing host; receiving a host request to establish a secure host connection, the host request comprising the identifier of the secure client connection; establishing the secure host connection using the parameter of the secure client connection identified by the received identifier; forwarding, over the secure host connection, a first data packet received over the secure client connection, the first data packet comprising at least part of the client request; and forwarding, over the secure client connection, a second data packet received over the secure host connection, the second data packet comprising at least part of the file identified by the client request.

Abstract: An authentication server determines that a user entering authentication data is in physical possession of a client device by determining that the user has observed changes in the state of hardware elements of the client device that are effected outside of a remote desktop protocol. The authentication server causes the client device to prompt the user to observe the hardware element of the client device for state changes and receives data generated by the user representing observed state changes. If the data accurately represents the changes in the state of the hardware element, the user is determined to be in physical possession of the client device.

Abstract: Efficient memory management can be provided in a multi-tenant virtualized environment by encrypting data to be written in memory by a virtual machine using a cryptographic key specific to the virtual machine. Encrypting data associated with multiple virtual machines using a cryptographic key unique to each virtual machine can minimize exposure of the data stored in the memory shared by the multiple virtual machines. Thus, some embodiments can eliminate write cycles to the memory that are generally used to initialize the memory before a virtual machine can write data to the memory if the memory was used previously by another virtual machine.

Abstract: Disclosed are examples of systems, apparatus, methods and computer program products for creating custom platform objects for a multi-tenant non-relational database environment. A database system maintains a multi-tenant non-relational database associated with multiple enterprises and a number of records for each of the enterprises. The system also maintains a dynamic virtual table associated with a number of records. A request is received from one of the enterprises to define a custom data object within the database system, uniquely associated with an enterprise. The request is processed, and a custom object is generated based on the request. The custom object defines database columns corresponding to the data object and the enterprise. The virtual table is updated to include virtual columns corresponding to the database column definitions, and existing columns of a shared table in the non-relational database are updated to match the virtual columns.

Abstract: In a transient storage device (TSD) with multiple authentication silos, a host computing device connected to the TSD is configured by the TSD to discover and act upon various types of authentication information in the silos. One or more logical combinations of authentication silos are switched to the authenticated state to grant access to an associated storage area. A particular ordering of authentication silos may be required to achieve a valid combination of authenticated silos. Ordering may be suggested by configuration information in the TSD. Ordering may also be based upon whether or not user input is required for authenticating a given authentication silo, the environment of use of the TSD, or a hierarchy from most trusted to least trusted authentication silo. With this information, the host proceeds with the most efficient authentication sequence leading to a grant of access to the storage area.

Abstract: A quantum key generation system including two photon detector units, two photon entanglement chains extending between the two photon detector units, and a plurality of multicore fiber links each including at least two non-uniform cores structurally configured to provide non-uniform photon propagation delay. Each photon entanglement chain includes at least one quantum repeater structurally configured to entangle a pair of photons and first and second terminating quantum memories optically coupled the quantum repeater using the multicore fiber links such that photons received by the first and the second terminating quantum memories are entangled with photons entangled by the quantum repeater.

Abstract: A projector includes: a projection unit which projects a first image onto a projection surface; a detection unit which detects a position of an indicator on the projection surface; a first storage unit which stores a second image including a figure drawn according to the position of the indicator; an acquisition unit which acquires information for specifying a transmission destination of the second image via a wireless reader/writer; a communication unit which communicates via a network; and a transmission unit which transmits the second image via the communication unit to the transmission destination specified by the information acquired by the acquisition unit.

Abstract: Techniques for enabling cloud authentication of Layer 2-connected member devices via an IP-connected active device are provided. In one set of embodiments, the member device can transmit, to the active device, a request to authenticate the member device with a cloud management platform. The member device can further receive, from the active device, an encrypted nonce generated by the cloud management platform in response to the request, where the encrypted nonce is encrypted using a public key of the member device. The member device can decrypt the encrypted nonce using a private key of the member device to generate a decrypted nonce and can transmit the decrypted nonce to the active device. The member device can then receive, from the active device, a token generated by the cloud management platform indicating that the member device has been authenticated by the platform.

Abstract: The present invention relates to a method of providing voice recognition. The method comprises the steps of receiving a packetised voice data of a person to be identified over a packet-switched network, comparing the voice data with a stored voice data of a user and, based on the comparison, providing an indication of the likelihood that the person to be identified is the user, wherein the step of receiving the voice data comprises waiting for sufficient voice data to be received.

Abstract: A hosting provider may be bi-directionally authenticated with one or more media repositories. The hosting provider preferably has domain name registration and hosting capabilities. The media repositories may collect data (such as pictures and/or files) from one or more users. Once authenticated, the hosting provider and media repositories may cooperate in storing, aggregating and transmitting data to a user. Routes may be hosted by the hosting provider and used to organize and access the data. For example, a user may enter a route into a browser and receive media/data, possibly from a plurality of media repositories, that is associated with that route. In another example, the user may enter a route into the browser and be redirected from the hosting provider to a website of the media repository.

Abstract: An appliance includes a processor, a medium, a registration application, and a monitoring application. The registration application includes instructions in the medium that, when read and executed by the processor, configure the registration application to write a transaction identifier to a start message, the transaction identifier identifying the appliance, write a dataset of interest identifier to the start message, and send the start message to a database. The dataset of interest identifies a group of appliances including the appliance. The monitoring application includes instructions in the medium that, when read and executed by the processor, configure the monitoring application to monitor operations executed on the appliance, write data resulting from the operations to a data message, and send the data message anonymously to the database. The data message is signed with a member key associated with the group of appliances.

Abstract: Systems and methods authenticate with application extensions. An application extension requests a token from a local application. The local application generates a token and either inserts the token into a protected storage accessible only by the application extension being run by the current user or returns the token back to the application extension after being confirmed by the legitimate user. The application extension uses the token to authenticate itself with the local application.

Abstract: Wireless communications systems and methods related to the reduction in a probability of collision for grant-less transmissions from internet of everything (IOE) devices while not increasing search complexity at a base station are disclosed. An IOE device randomly selects a first access resource from a common pool that the base station searches to initiate a transmission. If a metric associated with the data transmission is predicted to exceed a threshold, the IOE device also requests a second access resource from a reserved access pool from the base station, that the base station does not search. The IOE includes the request in the data transmission. The base station and the IOE device switch to the second access resource after the base station identifies an available resource from the reserved access pool and the IOE device completes the data transmission using the second access resource.

Abstract: Secure application-to-application communication is disclosed. A shared encryption key may be used to encrypt data to be transferred from a first mobile application to a second mobile application. The encrypted data is provided to a shared storage location. The second mobile application is configured to retrieve the encrypted data from the shared storage location.

Abstract: A method of cell detection, for a user equipment (UE) of a first cell, wherein the first cell operates on a first frequency, from a second cell, wherein UE is served by the second cell, and the second cell operates on a second frequency different form the first frequency, is disclosed. The method comprises performing cell detection on the first frequency while the UE is associated with the second cell on the second frequency; detecting at least one cell identification (ID) candidate on the first frequency; determining whether verification of cell ID is to be done prior or after a predetermined event has occurred; and if it is determined that verification is to be done after the predetermined event, postponing the verification and performing the verification after the predetermined event has occurred. Methods of cell identification and handover are also disclosed. A communication apparatus and a computer program are also disclosed.

Abstract: Systems and methods for using an arbitrary base value for EPID calculations are provided herein. A system to use arbitrary base values in enhanced privacy ID (EPID) calculation, where the system includes a microcontroller; and a memory coupled to the microcontroller; wherein the microcontroller is to: obtain an arbitrary value at a member device, the member device being a member of a group of member devices, each member device in the group of member devices having a unique private EPID key assigned from a pool of private keys, where any of the pool of private keys is able to sign content that is verifiable by a single group public key, and the arbitrary value being one of a time-based value or a usage-based value; construct an EPID base using the arbitrary value; and transmit content signed with the private key using the EPID base to a verifier.

Abstract: A service providing system includes an application configured to provide a service to a terminal device that has made a service request including use identification information; a creator configured to create group identification information for identifying a group of the use identification information, based on a creation request from the application; an issuer configured to issue the use identification information associated with the group identification information, based on an issue request from the application, the issue request including the group identification information; and a verifier configured to verify the use identification information, based on a verification request from the application, the verification request including the group identification information and the use identification information.

Abstract: A method includes: displaying, by a second device, prompt information, where the prompt information is used to inform a user that a task executed on a first device may be handed off to the second device for execution; receiving, by the second device, a first operation of the user, and collecting a fingerprint used when the user performs the first operation, where the first operation is used to request execution of the task on the second device; acquiring, by the second device, first fingerprint information and second fingerprint information by using the first device; calculating, by the second device according to the fingerprint used when the user performs the first operation and the first fingerprint information, third fingerprint information; and executing, by the second device, the task when the third fingerprint information matches the second fingerprint information.

Abstract: The Messaging Search and Management Apparatuses, Methods and Systems (“MSM”) transforms message, ranking request inputs via MSM components into work graphs, ML structure input data, ML structure, ranking response outputs. A work graph generation request that includes group level access control data may be obtained. A set of metadata access control carrying messages, a set of users, a set of channels, and a set of topics with access control data corresponding to the group level access control data may be determined. A user priority score for each of the other users, a channel priority score for each of the channels, and a topic priority score for each of the topics, from the perspective of each user, may be calculated. A work graph data structure may be generated that includes, for each user, data regarding the calculated user priority scores, channel priority scores, and topic priority scores.

Abstract: A method may include identifying a shared usage of a first network address and a second network address in a predetermined period of time. The method may also include clustering the first network address and the second network address based on the shared usage. The method may include determining a weighting factor between the first network address and the second network address based on the shared usage. The method may further include receiving a request that includes the second network address from a client device. The method may include determining that the request for the electronic activity does not include suspicious activity based on the first network address and the second network address being in the cluster. The method may further include permitting the electronic activity based on the determination that the request for the electronic activity does not include suspicious activity.

Abstract: A system and method are disclosed for authenticating and authorizing access to and accounting for consumption of bandwidth for IPv6 connectivity to the Internet over Wireless Access Vehicular Environment (WAVE) service channels by client devices using an Authentication, Authorization and Accounting (AAA) server. The AAA server authenticates and authorizes client devices to access WAVE service channels, and accounts for bandwidth consumption by the client devices using WAVE service channels to access the Internet. The AAA server enables an RSU infrastructure operator to quantify wireless bandwidth consumption by in-vehicle devices using the WAVE Service Channels, on a per-device basis.

Abstract: Pre Shared Keys (“PSK”) for application and data session security are generated using application authentication secret values stored in a SIM device/card. The SIM internally uses the secret values as inputs to a security algorithm engine, but the secret values are not accessible outside of the SIM. The application authentication secret values cannot be used to authenticate the SIM, or a device that includes the SIM, to a communication network. Rather, symmetric keys and keying material are generated for use by applications outside of the standard and conventional wireless networking uses of a SIM device. Updated PSKs are generated at different network endpoints such that the PSKs are generated individually and separately at the endpoints; the ‘preshared’ keys are not actually shared. Thus, a client endpoint and a server endpoint, or an endpoint associated with the server, independently generate the same PSK without the PSK being transmitted between the endpoints.

Abstract: A system receives a request to authenticate a user and determines a first set of cell identifiers of a card matrix to associate with the user. The system receives a first factor, which comprises a first set of received cell values corresponding to the first set of cell identifiers of the card matrix. The system further determines a first set of stored cell values corresponding to the first set of cell identifiers of the card matrix and compares the first set of received cell values to the first set of stored cell values. The system also receives a second factor, which is different than the first factor. Finally, the system determines that the user is authenticated based at least in part upon the comparison of the first set of receives cell values to the first set of stored cell values.

Abstract: Pre Shared Keys (“PSK”) for application and data session security are generated using application authentication secret values stored in a SIM device/card. The SIM internally uses the secret values as inputs to a security algorithm engine, but the secret values are not accessible outside of the SIM. The application authentication secret values cannot be used to authenticate the SIM, or a device that includes the SIM, to a communication network. Rather, symmetric keys and keying material are generated for use by applications outside of the standard and conventional wireless networking uses of a SIM device. Updated PSKs are generated at different network endpoints such that the PSKs are generated individually and separately at the endpoints; the ‘preshared’ keys are not actually shared. Thus, a client endpoint and a server endpoint, or an endpoint associated with the server, independently generate the same PSK without the PSK being transmitted between the endpoints.

Abstract: A system and method for establishing and monetizing trusted identities in cyberspace relying upon user opt in. Users request to attain secure IDs for accessing parties that will rely on secure IDs to complete a transaction, for example merchants and service providers (relying parties). The relying parties (RPs) communicate with identity service providers and attribute providers via an Attribute Exchange Network (AXN) in order to obtain verified attributes associated with an entity (end user or user) that wishes to conduct business with the relying party. The relying party makes requests for verified attributes that are important to consummating business transactions for the relying party. Users are informed of requests for attributes on behalf of relying parties and users have the option to verify attributes, and add new attributes that may be useful or required for conducting business with relying parties.

Abstract: In a management system which allows measurement results obtained by sensors to be collected and a management target to be managed on the basis of the collected measurement results, a management device and the like that can provide more useful information for managing the management target are provided. The management device includes: an obtainment unit configured to obtain, from each of a plurality of sensors each configured to perform measurement regarding a management target, sensor information indicating a result of the measurement and identification information of the sensor; and a group management unit configured to perform a grouping process of dividing a plurality of the sensors into a plurality of groups by using the pieces of the identification information obtained by the obtainment unit, and to perform a process of storing group information indicating a result of the grouping process.

Abstract: Systems and methods of cryptographically protecting location data transferred between servers via a network to tune a location engine are described herein. A first encryption module determines a first hash value for each location determination, encrypts the first hash value for each location determination using a first encryption protocol to generate a first encrypted data set, and transmits the first encrypted data set to a server. The first encryption module receives, from the server, a second encrypted data set with second hash values generated by a second encryption module of the server using a second encryption protocol. The first encryption module creates a first double encrypted data set from the second encrypted data set. A tuner compares the first double encrypted data set with a second double encrypted data set received from the server to adjust the location engine.

Abstract: An audio object (AOB) for which corresponding rights management information (RMI) has been generated by a license management apparatus, and an AOB for which RMI does not exist are written into a recording medium for use in an SDMI system which includes the license management apparatus. Each AOB is put in correspondence with a migration permission flag (MPF). When the corresponding AOB is the AOB for which RMI does not exist, the relevant MPF is set to on so as to show that a migration procedure is permitted. When the corresponding AOB is the AOB for which RMI has been generated by the license management apparatus, the relevant MPF is set to off so as to show that a migration procedure is not permitted.

Abstract: A method, by an authentication unit of a wireless access network, allows anchoring of a data packet session of a user entity connected to the wireless access network to a packet core network of a mobile communications network. The user entity uses an access identifier for its identification in the wireless access network. The access identifier is not used in the mobile communications network to identify a subscriber. A request message is received in which access to the wireless access network is requested. The request message contains an MAC address of the requesting user entity. The MAC address is converted into a sequence of digits used as a mobile subscriber identifier with which the user entity is identified in the mobile communications network and a response message is transmitted accepting the access to the packet core network. The response message includes the sequence of digits used as mobile subscriber identifier.