Patent application number | Description | Published |
20080215888 | Method and Arrangement For Authentication and Privacy - The present invention improves privacy protection and authentication over prior art GAA/GBA system specifying a Bootstrap Server Function (BSF) that creates an Authentication Voucher asserting to a network application function NAF authentication of a. BSF generates keys Ks and Ks NAF with corresponding key identifiers B_TID and B_TID_NAF. In order to prevent tracking of user by collusion between several NAF entities B_TID_NAF and the Voucher can be unique for each NAF. The interface Ua is further protected by encryption using key Ks and the Ub interface is further protected against man-in-the-middle attacks by using signatures with key Ks and provision of freshness. | 09-04-2008 |
20090205028 | Method and System for Mobile Device Credentialing - Methods and systems taught herein allow communication device manufacturers to preconfigure communication devices to use preliminary access credentials to gain temporary network access for downloading subscription credentials, and particularly allow the network operator issuing the subscription credentials to verify that individual devices requesting credentials are trusted. In one or more embodiments, a credentialing server is owned or controlled by the network operator, and is used by the network operator to verify that subscription credentials are issued only to trusted communication devices, even though such devices may be referred to the credentialing server by an external registration server and may be provisioned by an external provisioning server. Particularly, the credentialing server interrogates requesting devices for their device certificates and submits these device certificates to an external authorization server, e.g., an independent OCSP server, for verification. A common Public Key Infrastructure (PKI) may be used for operator and device certificates. | 08-13-2009 |
20100223339 | DIAS-DYNAMIC IMPU ASSIGNMENT SERVICE - A method and arrangement in a multimedia gateway connected to a multimedia service network, for providing access to multimedia services for communication devices connected to a private network. In the multimedia gateway, a communication unit receives a request from a device in the private network for a public identity associated with the multimedia gateway. An identity manager then selects and allocates an associated public identity from a pool of public identities associated with the multimedia gateway which have been predefined as valid in the multimedia service network. The communication unit then registers the device by activating the allocated associated public identity in the multimedia service network. Thereby, the multimedia gateway can establish a multimedia session on behalf of the device, using the allocated associated public identity. | 09-02-2010 |
20110055565 | IMS USER EQUIPMENT, CONTROL METHOD THEREOF, HOST DEVICE, AND CONTROL METHOD THEREOF. - An IMS User Equipment (UE) is provided. The IMS UE comprises: searching means for searching, based on UPnP technology, a UPnP network for a host device that has IMS subscription information, establishing means for establishing a session with the host device discovered by the searching means, subscription retrieving means for retrieving, from the host device via the session, the IMS subscription information, registering means for registering with the IMS network using the IMS subscription information, key retrieving means for retrieving, from the host device via the session, a first encryption key shared with an IMS application server (AS) in an IMS network by sending identity of the IMS AS to the host device via the session, and communicating means for performing encrypted communication with the IMS AS using the first encryption key. | 03-03-2011 |
Patent application number | Description | Published |
20090199001 | Access to services in a telecommunications network - A method and arrangement is disclosed for providing a user, not previously having an individual subscription with a network operator, with credentials for secure access to network services. The arrangement includes a gateway, associated with a subscription for network services, having means for generating and exporting to a user entity personalized user security data derived from security data related to the subscription. In particular, the derivation of credentials is based on a function that is shared between network and gateway and further conveniently makes use of bootstrapping on keying material from the subscription authentication. Pre-registered user identities are assigned trusted users who, thereafter, can download credentials and authenticate for service access. The invention may be implemented at a public place for providing temporary visitors network access whereby trust may exemplary be established by presenting a credit card. | 08-06-2009 |
20100049980 | METHODS AND SYSTEMS FOR BOOTSTRAPPING SECURITY KEY INFORMATION USING SESSION INITIATION PROTOCOL - Methods, systems and communication nodes for bootstrapping key establishment to exchange encryption keys between a terminal-based client and an application server using Session Initiation Protocol (SIP) signaling are described. | 02-25-2010 |
20100115598 | METHOD AND ARRANGEMENT FOR INTEGRATION OF DIFFERENT AUTHENTICATION INFRASTRUCTURES - A method is disclosed that provides efficient integration of infrastructure for federated single sign on, e.g. Liberty ID-FP framework, and generic bootstrapping architecture, e.g. 3GPP GAA/GBA architecture. An integrated proxy server (IAP) is inserted in the path between a user and a service provider (SP). The proxy server differentiates type of access and determines corresponding operative state to act as a liberty enabled server or as a GAA/GBA network application function. A Bootstrapping, Identity, Authentication and Session Management arrangement (BIAS) leverages on 3GPP GAA/GBA infrastructure to provide an integrated system for handling Liberty Federated SSO and 3GPP GAA/GBA bootstrapping procedures at the same time. The method and arrangement provides improved use of infrastructure elements and performance for authenticated service access. | 05-06-2010 |
20100177769 | Method and Arrangement For Handling Profiles in a Multimedia Service Network - A method and apparatus for sharing an application profile for plural public IMS identities across different IMS subscriptions. A home application profile for a first public IMS identity (IMPUx) of a first IMS subscription, is stored in its entirety at a first HSS storage. A profile reference is stored as an abbreviated foreign application profile for a second public IMS identity (IMPUy) of a second IMS subscription at a second HSS storage. The profile reference points to the home application profile in the first HSS storage. An authorizing identifier for the second public IMS identity that authorizes access to the home application profile, is also stored at the first HSS storage. | 07-15-2010 |
20110010768 | Method and Apparatuses for End-to-Edge Media Protection in ANIMS System - An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node. | 01-13-2011 |
20110131414 | METHODS AND SYSTEMS FOR END-TO-END SECURE SIP PAYLOADS - Methods, systems and communication nodes for protecting Session Initiation Protocol (SIP) message payloads are described. Different protection techniques can be used to protect SIP payloads depending upon, for example, whether a recipient client application resides in a user equipment or an application server and/or whether a recipient client application resides in a same SIP/IP domain as the target SIP application server which is sending the SIP payloads. | 06-02-2011 |
20130268681 | Method and Apparatuses for End-to-Edge Media Protection in ANIMS System - An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node. | 10-10-2013 |
Patent application number | Description | Published |
20100281262 | Method for Digital Rights Management in a Mobile Communications Network - The present invention relates to a method and an operator network node for enabling a user-defined DRM domain of *SIMs hosted by *SIM-enabled devices. The operator network node is connectable to a *SIM based device and to a content provider node, and comprises means for establishing a secure channel between a *SIM-based device and an operator network node, means for creating a DRM domain defined by at least one user of *SIM-based devices, means for receiving at the operator network node a registration request from the *SIM-based device to register the *SIM of the *SIM-based device into the created user-defined DRM domain, means for registering at the operator network node the *SIM of the *SIM-based device into the registered user-defined DRM domain, and means for making the registered information associated with the user-defined DRM domain available to the content provider. The invention also relates to a further method and the content provider comprising means for accessing in the operator network node registered information associated with a registered user-defined DRM domain comprising *SIMs of a user, and means for establishing a content provider defined DRM domain comprising at least one of the *SIMs of the user-defined DRM domain. | 11-04-2010 |
20100333173 | System and Method of User Authentication in Wireless Communication Networks - Methods and systems taught herein provide for authentication information for authenticating a user terminal to be shared between a network entity that supports IMS-AKA authentication of the user terminal and a network entity that supports GBA-AKA authentication of the user terminal. Sharing authentication information between these entities allows all or part of the authentication information generated for IMS-AKA authentication of the user terminal to be used subsequently for GBA-AKA authentication of the user terminal, or vice versa. | 12-30-2010 |
20110296181 | Apparatuses and a Method for Protecting a Bootstrap Message in a Network - The embodiments of the present invention relate to apparatuses in the form of a first network unit and a device, and also relates to a method for enabling protection of a bootstrap message in a device management network system. The method comprises: receiving at the first network unit, a request to bootstrap the device; transmit a request for a bootstrap key, to a second network unit; receiving a message comprising the bootstrap key and further comprises trigger information and transmitting the trigger information to the device to trigger generation of the bootstrap key internally in the device. Thereafter a protected bootstrap message can be transmitted to the device from the first network unit, and when the device verifies and/or decrypts the bootstrap message, device management (DM) sessions can start between the device and the first network unit. | 12-01-2011 |
20110302627 | USER AUTHENTICATON - A method of authenticating access to a service comprises: a) receiving at a mobile terminal, over a bi-directional near-field communication channel between the mobile terminal and a browser, at least part of the identifier of a service; b) comparing, at the mobile terminal, at least part of the identifier received at the mobile terminal with a set of identifiers stored in the mobile device; and c) authenticating access to the service on the basis of whether at least part of the identifier received at the mobile terminal matches an identifier in the set. The mobile terminal may stored a set of URLs, and may compare a received URL (or part URL) with the set of stored URLs. It may generate an alert to the user if at least part of the URL received at the mobile terminal does not match a stored URL. User names and keys are not required to be stored on the web-browser, so the web-browser does not need to maintain a password database. This improves security, since a password database would be vulnerable to malicious code. | 12-08-2011 |
20120059897 | CHALLENGING A FIRST TERMINAL INTENDING TO COMMUNICATE WITH A SECOND TERMINAL - The invention relates to a method, party challenging device ( | 03-08-2012 |
20120159632 | Method and Arrangement for Detecting Fraud in Telecommunication Networks - Method and arrangement in a mediating function ( | 06-21-2012 |
20130148585 | DOWNLOADABLE ISIM - An IMS (IP Multimedia Subsystem) network contains at least one of (A) a discovery function ( | 06-13-2013 |
20140337222 | DEVICES AND METHODS PROVIDING MOBILE AUTHENTICATION OPTIONS FOR BROKERED EXPEDITED CHECKOUT - Apparatuses and methods for brokered expedited checkout for e-shopping in telecommunication networks are provided. An apparatus is configured to facilitate checkout for a purchase by a user using user equipment from an e-shop in a telecommunication network. The apparatus has a processing unit configured to authorize the user, to access information related to the user, to respond to queries related to the user based on the information, and to mediate between a payment system and the e-shop in order to pay for the purchase. | 11-13-2014 |
20140351575 | Apparatuses and a Method for Protecting a Bootstrap Message in a Network - The embodiments of the present invention relate to apparatuses in the form of a first network unit and a device, and also relates to a method for enabling protection of a bootstrap message in a device management network system. The method comprises: receiving at the first network unit, a request to bootstrap the device; transmit a request for a bootstrap key, to a second network unit; receiving a message comprising the bootstrap key and further comprises trigger information and transmitting the trigger information to the device to trigger generation of the bootstrap key internally in the device. Thereafter a protected bootstrap message can be transmitted to the device from the first network unit, and when the device verifies and/or decrypts the bootstrap message, device management (DM) sessions can start between the device and the first network unit. | 11-27-2014 |