EP1466438A1 - Method at access right control within mobile communication - Google Patents

Method at access right control within mobile communication

Info

Publication number
EP1466438A1
EP1466438A1 EP02793724A EP02793724A EP1466438A1 EP 1466438 A1 EP1466438 A1 EP 1466438A1 EP 02793724 A EP02793724 A EP 02793724A EP 02793724 A EP02793724 A EP 02793724A EP 1466438 A1 EP1466438 A1 EP 1466438A1
Authority
EP
European Patent Office
Prior art keywords
policy
mobile
password
communication system
mobile unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP02793724A
Other languages
German (de)
French (fr)
Inventor
Jonas Eriksson
Rolf Kawe
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telia Co AB
Original Assignee
Telia AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telia AB filed Critical Telia AB
Publication of EP1466438A1 publication Critical patent/EP1466438A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Definitions

  • the present invention relates to the field access right control within mobile communication systems.
  • the mobile unit consists of a mobile telephone with one or more so called smart cards.
  • the mobile unit (or usually a smart card in the mobile unit) in its turn contains one or more private keys, which can be used for authentication and to create "non-rejection" only when a CA (Certificate Authority) has issued certificate which verifies that a specific user holds these private keys .
  • CA Certificate Authority
  • CA has in many cases points of view on which rules that shall apply for which passwords a user is allowed to select.
  • CA then has what is generally called a password policy.
  • the password policy can for instance apply to rules regarding length, allowed characters and updating intervals.
  • Such a policy only has been possible to apply to the cases where it already at the issuing of the card has been made clear which CA that shall issue the certificate connected/associated to the keys on the card.
  • the smart card often will be distributed to the user before anyone knows what CA that shall issue the certificate connected/associated to pair of keys on the card; so the method of entering/applying CA's password policy on the card before it is distributed to the user is not applicable.
  • the aim of the invention is to provide a method to electronically distribute a password policy over a mobile communication system to a mobile unit so that said policy directly can start being applied in the mobile unit or an additional unit.
  • the invention consequently includes a method within a mobile radio communication system with mobile units and connected service providers who provide services over said communication system, where the access from a mobile terminal of a service at a service provider requires a password. The method includes the steps to:
  • a mobile unit electronically receive said policy and handle and draw up/configure passwords associated with/to said service provider according to rules specified in the from the service provider or by him/her appointed certificate authority, said issued/transmitted policy.
  • the method also includes that the mobile unit or a specific gateway authenticates and authorizes the sender of the policy in order to prevent illegal utilization of the possibility to change a policy.
  • Figure 1 shows an administration route/path according to one embodiment of the invention for PIN-policy.
  • Figure 2 shows an administration route/path for PIN-policy according to another embodiment of the invention; and
  • Figure 3 shows a flow chart for a method according to the invention .
  • Figure 4A and 4B show schematically the location/placing of authentication and authorization units according to two embodiments of the invention.
  • One embodiment of the invention relates to a method to distribute a password in form of a PIN-policy for cryptographic keys in mobile units "over the air", that is via the communication system in which the unit is intended to operate.
  • the keys are in the typical case held/kept in a device/smart card in the mobile unit which cannot be juggled with, but it is not necessary.
  • the cryptographic keys are in the typical case private keys in asymmetric pair of keys.
  • the cryptographic keys, or the unit in which these are generated, have been distributed to the user already before it is known which party that will issue certificate which associates/connects the user to a certain pair of keys .
  • CA When a CA shall issue a certificate, the user is linked/associated to a private key in usual way via an "over the air proof of possession"-procedure .
  • CA distributes its PIN-policy via the cellular mobile communication system to the mobile unit which holds/contains the private key.
  • An application in the mobile unit attends to that the PIN-policy comes into force, and forces the user to select a PIN-code according to the policy for utilization of the certified key.
  • Figure 1 the flow is illustrated:
  • CA 101 has decided to distribute its PIN-policy to a certain mobile unit.
  • CA addresses the PIN-policy to a certain mobile unit and a certain private key in the mobile unit 115 and transmits/sends this to a gateway 105 for the purpose.
  • This gateway 105 authenticates CA 101 and decides whether CA 101 is entitled to distribute a PIN-policy to the mobile unit 115 (authorization) .
  • Said gateway 105 is preferably arranged at the operator of the mobile communication system.
  • Gateway 105 sends/transmits the PIN-policy further over the mobile communication network 110.
  • the mobile unit 115 receives the PIN-policy, secures that it is coming from the mobile operator' s gateway
  • Step 1 is preferably preceded by an inquiry from the client/user to CA about issuing of a client certificate.
  • a password policy preferably includes rules about, in the general case:
  • a PIN-policy consists of a data structure which is interpreted by an application for the purpose which has been arranged in the mobile unit.
  • a PIN-policy is realized as an executable application which is transmitted to the mobile unit. In the first case it is conceivable that a plurality of PIN-polices can be active at the same time, but some mechanism to solve conflicting policies, if any, then is needed.
  • the mobile unit 115 then preferably includes one or more integrated or removable smart cards or any other form of device which is protected against manipulations.
  • the invention of course is applicable also in the cases when the private key is not stored in a device which is protected against manipulation, but in any other way in the mobile unit.
  • CA 201 transmits its policy via a general traffic gateway for the mobile communication network (GGSN for GPRS/UMTS) 210, without mechanisms for authentication and authorization of CA 201.
  • GGSN for GPRS/UMTS
  • mechanisms for authentication and authorization are instead implemented in the mobile unit 215
  • CA creates 310 a policy specification, and addresses 320 a mobile unit and addresses 330 a private key within said mobile unit. Further, the specification is transmitted 340 over the mobile network, possibly via a specific gateway as has been mentioned above. The specification is received 350 and the transmitter/sender is authenticated 360, respective, whenever applicable, authorized 370. Depending on the number of units between CA and mobile unit which need own authentication and authorization, the steps to transmit 340, receive 350, authenticate 360 and authorize 370 are repeated 375. Finally, the policy is stored and activated in the mobile station.
  • PIN-policy for other purposes than unlocking/use of private keys of course also can be distributed to the mobile unit according to the invention.
  • Both A and B can load down its policy to the mobile unit. Both policy from CA A and a policy from CA B are put into practice each time PIN is changed. This requires a mechanism in the mobile unit to solve conflicting demands.
  • Both A and B sends/transmits its policy to the operator of the mobile communication network.
  • the operator creates a "summing up" of these rules and decides about which policy that finally is transmitted to the mobile unit.
  • Both A and B can load down its policy to the mobile unit. Separate PINs are used for the same key depending on which of his/her certificates the user wants to refer to. Policy from CA A applies when the user refers to his/her certificate from CA A, and policy from CA B applies when the user refers to his/her certificate from CA B.
  • FIG. 4A shows an authentication unit 402 and an authorization unit 404 arranged in gateway 105.
  • Figure 4B shows an authentication unit 402 and an authorization unit 404 arranged in a mobile unit 115.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention related to a method in a mobile radio communication system with mobile units and connected service providers who provide services over said communication system, where the access from a mobile terminal of a service at a service provider requires a password. The method includes the steps to: - from a service provider, or by him/her appointed certificate authority, electronically transmit/send a password policy to a mobile unit, - in a mobile unit electronically receive said policy and handle and create/configure password connected/associated with said service provider according to rules specified in, the from the service provider or by him/her appointed certificate authority, said policy. The method also includes that the mobile unit or a specific gateway authenticates and authorizes the transmitter/sender of the policy in order to prevent illegal utilization of the possibility to change a policy.

Description

METHOD AT ACCESS RIGHT CONTROL WITHIN MOBILE COMMUNICATION
TECHNICAL FIELD The present invention relates to the field access right control within mobile communication systems.
PRIOR ART
There is a number of connections/situations within a mobile radio communication system with mobile units and connected units which provide services over said communication systems, where the access from a mobile terminal of a service at such a service provider requires a password for access right control/check in a mobile unit for access to different functions, data files or for use of encryption keys. These passwords frequently can be changed by the user. Usually there is a need for certain restrictions regarding among other things configuration and validity for these passwords.
In the patent document WO 01/35685 a system to deliver a PIN-code (PIN = Personal Identification Number) to a mobile terminal by means of an SMS-message (SMS = Short Message Service) is described. The system makes it possible that a SIM-card (SIM = Subscriber Identity Module) is equipped with a PIN-code after the card having been delivered to customer .
In the patent document US 6,202,157 a system to distribute and execute a policy for password in a network for data communication is described.
In the patent document US 4,924,514 a device for handling of encryption keys is described. Control vectors control the handling of the keys at which the cryptographic facility is given possibility to change its policy. The invention is among other things based on the knowledge of the inventors about that there usually is a need to put a policy into practice about which codes that can be selected. In order to today apply a policy for password, which is connected to local functions in the mobile unit, is required that this policy in entered into the mobile unit or additional units, for instance a smart card at, or just before, distribution of these units.
Both mobile operators and banks are interested in, and are working on, solutions where a user shall be authenticated (be identified to have declared/stated identity) and by his/her mobile unit create digital signatures which cannot be rejected. Typically the mobile unit consists of a mobile telephone with one or more so called smart cards. The mobile unit (or usually a smart card in the mobile unit) in its turn contains one or more private keys, which can be used for authentication and to create "non-rejection" only when a CA (Certificate Authority) has issued certificate which verifies that a specific user holds these private keys .
The use of the private keys are all but always protected by a password, which users often have possibility to change or select themselves. CA has in many cases points of view on which rules that shall apply for which passwords a user is allowed to select. CA then has what is generally called a password policy. The password policy can for instance apply to rules regarding length, allowed characters and updating intervals. Such a policy only has been possible to apply to the cases where it already at the issuing of the card has been made clear which CA that shall issue the certificate connected/associated to the keys on the card. In the mobile case, the smart card often will be distributed to the user before anyone knows what CA that shall issue the certificate connected/associated to pair of keys on the card; so the method of entering/applying CA's password policy on the card before it is distributed to the user is not applicable.
SUMMARY OF THE INVENTION
The aim of the invention is to provide a method to electronically distribute a password policy over a mobile communication system to a mobile unit so that said policy directly can start being applied in the mobile unit or an additional unit. The invention consequently includes a method within a mobile radio communication system with mobile units and connected service providers who provide services over said communication system, where the access from a mobile terminal of a service at a service provider requires a password. The method includes the steps to:
- from a service provider, or by him/her appointed certificate authority, electronically transmit a password policy to a mobile unit;
- in a mobile unit electronically receive said policy and handle and draw up/configure passwords associated with/to said service provider according to rules specified in the from the service provider or by him/her appointed certificate authority, said issued/transmitted policy. The method also includes that the mobile unit or a specific gateway authenticates and authorizes the sender of the policy in order to prevent illegal utilization of the possibility to change a policy.
BRIEF DESCRIPTION OF THE DRAWINGS The invention will be described more in detail in the following, with references to enclosed drawings, in which: Figure 1 shows an administration route/path according to one embodiment of the invention for PIN-policy. Figure 2 shows an administration route/path for PIN-policy according to another embodiment of the invention; and Figure 3 shows a flow chart for a method according to the invention .
Figure 4A and 4B show schematically the location/placing of authentication and authorization units according to two embodiments of the invention.
DESCRIPTION OF PREFERRED EMBODIMENTS
One embodiment of the invention relates to a method to distribute a password in form of a PIN-policy for cryptographic keys in mobile units "over the air", that is via the communication system in which the unit is intended to operate. The keys are in the typical case held/kept in a device/smart card in the mobile unit which cannot be juggled with, but it is not necessary. The cryptographic keys are in the typical case private keys in asymmetric pair of keys. The cryptographic keys, or the unit in which these are generated, have been distributed to the user already before it is known which party that will issue certificate which associates/connects the user to a certain pair of keys .
When a CA shall issue a certificate, the user is linked/associated to a private key in usual way via an "over the air proof of possession"-procedure . Before, after or during this procedure CA distributes its PIN-policy via the cellular mobile communication system to the mobile unit which holds/contains the private key. An application in the mobile unit attends to that the PIN-policy comes into force, and forces the user to select a PIN-code according to the policy for utilization of the certified key. In Figure 1 the flow is illustrated:
1. CA 101 has decided to distribute its PIN-policy to a certain mobile unit. 2. CA addresses the PIN-policy to a certain mobile unit and a certain private key in the mobile unit 115 and transmits/sends this to a gateway 105 for the purpose. This gateway 105 authenticates CA 101 and decides whether CA 101 is entitled to distribute a PIN-policy to the mobile unit 115 (authorization) . Said gateway 105 is preferably arranged at the operator of the mobile communication system.
3. Gateway 105 sends/transmits the PIN-policy further over the mobile communication network 110.
4. The mobile unit 115 receives the PIN-policy, secures that it is coming from the mobile operator' s gateway
105, and activates the policy for key in question. If the user since before has a PIN-code which does not fulfil the policy, he/she is requested to select a new PIN-code according to the policy. 5. Alternatively, when the user changes PIN-code next time, it has to fulfill the requirements in the PIN- policy.
Step 1 is preferably preceded by an inquiry from the client/user to CA about issuing of a client certificate. A password policy preferably includes rules about, in the general case:
- number of characters/symbols (min . , max.) prohibited characters/symbols - prohibited combination of characters/symbols intervals for how often change of password has to be done (for instance the number of times a password is allowed to be used) . The policy of course can be general for all users, but also "personalized", for instance include controls of that a certain user does not utilizes his/her personal code number as PIN etc.
In one embodiment a PIN-policy consists of a data structure which is interpreted by an application for the purpose which has been arranged in the mobile unit. In another embodiment a PIN-policy is realized as an executable application which is transmitted to the mobile unit. In the first case it is conceivable that a plurality of PIN-polices can be active at the same time, but some mechanism to solve conflicting policies, if any, then is needed.
The mobile unit 115 then preferably includes one or more integrated or removable smart cards or any other form of device which is protected against manipulations. The invention of course is applicable also in the cases when the private key is not stored in a device which is protected against manipulation, but in any other way in the mobile unit.
In one embodiment the specific gateway which is mentioned in step 2 does not exist, compare Figure 2. Instead CA 201 transmits its policy via a general traffic gateway for the mobile communication network (GGSN for GPRS/UMTS) 210, without mechanisms for authentication and authorization of CA 201. In this embodiment mechanisms for authentication and authorization are instead implemented in the mobile unit 215
In Figure 3 the method steps corresponding to the distribution path in Figure 1 and Figure 2 are shown. CA creates 310 a policy specification, and addresses 320 a mobile unit and addresses 330 a private key within said mobile unit. Further, the specification is transmitted 340 over the mobile network, possibly via a specific gateway as has been mentioned above. The specification is received 350 and the transmitter/sender is authenticated 360, respective, whenever applicable, authorized 370. Depending on the number of units between CA and mobile unit which need own authentication and authorization, the steps to transmit 340, receive 350, authenticate 360 and authorize 370 are repeated 375. Finally, the policy is stored and activated in the mobile station.
Of course in alternative embodiments other parties than CA can load down a PIN-policy. Particularly in one embodiment the operator of the mobile communication service is capable of loading down his/her PIN-policy to the mobile units in his/her network.
PIN-policy for other purposes than unlocking/use of private keys of course also can be distributed to the mobile unit according to the invention. For instance PIN- codes and passwords for: use of symmetrical keys - write/read rights to/of data files
- GSM execution of applications etc.
In the case there are more than one CA (we call these A respective B) which certifies the same key, the following method is an embodiment of the invention:
Both A and B can load down its policy to the mobile unit. Both policy from CA A and a policy from CA B are put into practice each time PIN is changed. This requires a mechanism in the mobile unit to solve conflicting demands.
- Both A and B sends/transmits its policy to the operator of the mobile communication network. The operator creates a "summing up" of these rules and decides about which policy that finally is transmitted to the mobile unit.
Both A and B can load down its policy to the mobile unit. Separate PINs are used for the same key depending on which of his/her certificates the user wants to refer to. Policy from CA A applies when the user refers to his/her certificate from CA A, and policy from CA B applies when the user refers to his/her certificate from CA B.
In Figure 4 A and B are shown how units for authentication and authorization have been arranged in preferred embodiments. Fig. 4A shows an authentication unit 402 and an authorization unit 404 arranged in gateway 105. Figure 4B shows an authentication unit 402 and an authorization unit 404 arranged in a mobile unit 115.
Of course there is in most cases a reliable transport mechanism required to transmit a PIN-policy from CA, or other provider/issuer of the policy, to the mobile unit. There are several methods to realize this, but this is out of the scope of the invention.
The scope of protection is only limited by the following patent claims.

Claims

PATENT CLAIMS
1. A method in a mobile radio communication system with mobile units and connected service providers who provide services over said communication system, where the access via a specific mobile terminal of a specific service at a specific service provider requires a password, c h a r a c t e r i z e d in that said method includes the steps to - from a service provider, or by him/her appointed certificate authority electronically transmit a password policy to a mobile unit
- in a mobile unit, electronically receive said policy and handle and create/configure password in connection with said service provider according to rules specified in, from the service provider or by him/her appointed certificate authority, said transmitted/send policy.
2. A method as claimed in patent claim 1, c h a r a c t e r i z e d in the following steps :
- creation of a password policy specification at a service provider or by him/her appointed certificate authority
(CA) production/deriving of the address to a mobile unit, - production/deriving of the address to a private key in said mobile unit, transmission/sending of the specification, reception of the specification, authentication of CA, - authorization of CA, storing of a policy which corresponds to the specification, and activation of said policy.
3. A method as claimed in patent claim 1, c h a r a c t e r i z e d in that it includes the following steps . creation of a password policy specification at a CA, - production/deriving of the address to a mobile unit, production/deriving of the address to a private key in said mobile unit, distribution of the policy specification to a gateway for downloading of policy, - authentication of CA in said gateway, authorization of CA in said gateway, distribution of the specification from gateway to mobile unit over a mobile communication network, reception of the specification, - ensuring that the specification is emanating from approved gateway, storing of a policy which corresponds to the specification, and activation of said policy.
4. A method as claimed in patent claim 3, c h a r a c t e r i z e d in that it further includes the step: forcing the user to immediately change password to one which fulfils the new policy.
5. A method as claimed in patent claim 3, c h a r a c t e r i z e d in that it further includes the step: - awaiting to insert/apply the policy until the user changes password next time.
6. A method as claimed in any of the patent claims 1-5, c h a r a c t e r i z e d in that said password is a PIN- code.
7. A mobile radio communication system with mobile units and connected service providers who provide services over said communication system, where the access via a specific mobile terminal of a specific service at a specific service provider requires a password, c h a r a c t e r i z e d in that said system includes means to, from a service provider, transmit/send a policy specification for password to a mobile unit.
8. A mobile communication system as claimed in patent claim
7, c h a r a c t e r i z e d in that said system includes means to in a mobile unit receive a policy specification for password.
9. A mobile communication system as claimed in patent claim
8, c h a r a c t e r i z e d in that in said system means has been arranged for authentication of a policy sender/transmitter.
10. A mobile communication system as claimed in patent claim 8, c h a r a c t e r i z e d in that in said system means has been arranged for authorization of a policy sender/transmitter .
11. A mobile communication system as claimed in patent claim 7, c h a r a c t e r i z e d in that a gateway including means for authentication and authorization of a policy-sender/transmitter has been arranged to connect a CA to the mobile communication system, and to authorize and authenticate said CA.
12. A mobile communication system as claimed in patent claim 9 or 10, c h a r a c t e r i z e d in that means for authorization of a policy-transmitter/sender has been arranged in a mobile unit.
13. A mobile communication system as claimed in any of the patent claims 7-12, c h a r a c t e r i z e d in that said policy specification is arranged in form of a data structure .
14. A mobile communication system as claimed in any of the patent claims 7-12, c h a r a c t e r i z e d in that said policy specification is arranged in form of an executable application .
EP02793724A 2002-01-10 2002-12-20 Method at access right control within mobile communication Withdrawn EP1466438A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
SE0200061 2002-01-10
SE0200061A SE519072C2 (en) 2002-01-10 2002-01-10 Method of access control in mobile communications
PCT/SE2002/002424 WO2003058880A1 (en) 2002-01-10 2002-12-20 Method at access right control within mobile communication

Publications (1)

Publication Number Publication Date
EP1466438A1 true EP1466438A1 (en) 2004-10-13

Family

ID=20286626

Family Applications (1)

Application Number Title Priority Date Filing Date
EP02793724A Withdrawn EP1466438A1 (en) 2002-01-10 2002-12-20 Method at access right control within mobile communication

Country Status (5)

Country Link
EP (1) EP1466438A1 (en)
AU (1) AU2002359203A1 (en)
NO (1) NO20042773L (en)
SE (1) SE519072C2 (en)
WO (1) WO2003058880A1 (en)

Families Citing this family (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2107756A1 (en) 2008-03-31 2009-10-07 British Telecommunications Public Limited Company Policy resolution
US8924543B2 (en) 2009-01-28 2014-12-30 Headwater Partners I Llc Service design center for device assisted services
US8391834B2 (en) 2009-01-28 2013-03-05 Headwater Partners I Llc Security techniques for device assisted services
US8402111B2 (en) 2009-01-28 2013-03-19 Headwater Partners I, Llc Device assisted services install
US8346225B2 (en) 2009-01-28 2013-01-01 Headwater Partners I, Llc Quality of service for device assisted services
US8626115B2 (en) 2009-01-28 2014-01-07 Headwater Partners I Llc Wireless network service interfaces
US8275830B2 (en) 2009-01-28 2012-09-25 Headwater Partners I Llc Device assisted CDR creation, aggregation, mediation and billing
US20100188993A1 (en) 2009-01-28 2010-07-29 Gregory G. Raleigh Network tools for analysis, design, testing, and production of services
US8548428B2 (en) 2009-01-28 2013-10-01 Headwater Partners I Llc Device group partitions and settlement platform
US8924469B2 (en) 2008-06-05 2014-12-30 Headwater Partners I Llc Enterprise access control and accounting allocation for access networks
US8635335B2 (en) 2009-01-28 2014-01-21 Headwater Partners I Llc System and method for wireless network offloading
US8340634B2 (en) 2009-01-28 2012-12-25 Headwater Partners I, Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US8589541B2 (en) 2009-01-28 2013-11-19 Headwater Partners I Llc Device-assisted services for protecting network capacity
US8406748B2 (en) 2009-01-28 2013-03-26 Headwater Partners I Llc Adaptive ambient services
US8898293B2 (en) 2009-01-28 2014-11-25 Headwater Partners I Llc Service offer set publishing to device agent with on-device service selection
US8832777B2 (en) 2009-03-02 2014-09-09 Headwater Partners I Llc Adapting network policies based on device service processor configuration
US9578182B2 (en) 2009-01-28 2017-02-21 Headwater Partners I Llc Mobile device and service management
US10798252B2 (en) 2009-01-28 2020-10-06 Headwater Research Llc System and method for providing user notifications
US9647918B2 (en) 2009-01-28 2017-05-09 Headwater Research Llc Mobile device and method attributing media services network usage to requesting application
US9253663B2 (en) 2009-01-28 2016-02-02 Headwater Partners I Llc Controlling mobile device communications on a roaming network based on device state
US9557889B2 (en) 2009-01-28 2017-01-31 Headwater Partners I Llc Service plan design, user interfaces, application programming interfaces, and device management
US10200541B2 (en) 2009-01-28 2019-02-05 Headwater Research Llc Wireless end-user device with divided user space/kernel space traffic policy system
US10492102B2 (en) 2009-01-28 2019-11-26 Headwater Research Llc Intermediate networking devices
US10264138B2 (en) 2009-01-28 2019-04-16 Headwater Research Llc Mobile device and service management
US9955332B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Method for child wireless device activation to subscriber account of a master wireless device
US10783581B2 (en) 2009-01-28 2020-09-22 Headwater Research Llc Wireless end-user device providing ambient or sponsored services
US9392462B2 (en) 2009-01-28 2016-07-12 Headwater Partners I Llc Mobile end-user device with agent limiting wireless data communication for specified background applications based on a stored policy
US9571559B2 (en) 2009-01-28 2017-02-14 Headwater Partners I Llc Enhanced curfew and protection associated with a device group
US10248996B2 (en) 2009-01-28 2019-04-02 Headwater Research Llc Method for operating a wireless end-user device mobile payment agent
US8893009B2 (en) 2009-01-28 2014-11-18 Headwater Partners I Llc End user device that secures an association of application to service policy with an application certificate check
US9572019B2 (en) 2009-01-28 2017-02-14 Headwater Partners LLC Service selection set published to device agent with on-device service selection
US9980146B2 (en) 2009-01-28 2018-05-22 Headwater Research Llc Communications device with secure data path processing agents
US9954975B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Enhanced curfew and protection associated with a device group
US11218854B2 (en) 2009-01-28 2022-01-04 Headwater Research Llc Service plan design, user interfaces, application programming interfaces, and device management
US9755842B2 (en) 2009-01-28 2017-09-05 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US10484858B2 (en) 2009-01-28 2019-11-19 Headwater Research Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US10237757B2 (en) 2009-01-28 2019-03-19 Headwater Research Llc System and method for wireless network offloading
US11973804B2 (en) 2009-01-28 2024-04-30 Headwater Research Llc Network service plan design
US8745191B2 (en) 2009-01-28 2014-06-03 Headwater Partners I Llc System and method for providing user notifications
US10057775B2 (en) 2009-01-28 2018-08-21 Headwater Research Llc Virtualized policy and charging system
US10064055B2 (en) 2009-01-28 2018-08-28 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US9706061B2 (en) 2009-01-28 2017-07-11 Headwater Partners I Llc Service design center for device assisted services
US11985155B2 (en) 2009-01-28 2024-05-14 Headwater Research Llc Communications device with secure data path processing agents
US10841839B2 (en) 2009-01-28 2020-11-17 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US9351193B2 (en) 2009-01-28 2016-05-24 Headwater Partners I Llc Intermediate networking devices
US10326800B2 (en) 2009-01-28 2019-06-18 Headwater Research Llc Wireless network service interfaces
US9565707B2 (en) 2009-01-28 2017-02-07 Headwater Partners I Llc Wireless end-user device with wireless data attribution to multiple personas
US9858559B2 (en) 2009-01-28 2018-01-02 Headwater Research Llc Network service plan design
US9270559B2 (en) 2009-01-28 2016-02-23 Headwater Partners I Llc Service policy implementation for an end-user device having a control application or a proxy agent for routing an application traffic flow
US10715342B2 (en) 2009-01-28 2020-07-14 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US8793758B2 (en) 2009-01-28 2014-07-29 Headwater Partners I Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US10779177B2 (en) 2009-01-28 2020-09-15 Headwater Research Llc Device group partitions and settlement platform
US9154826B2 (en) 2011-04-06 2015-10-06 Headwater Partners Ii Llc Distributing content and service launch objects to mobile devices
WO2014159862A1 (en) 2013-03-14 2014-10-02 Headwater Partners I Llc Automated credential porting for mobile devices

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE68922884T2 (en) * 1988-08-11 1995-11-30 Ibm Processing of personal identification numbers with the help of control vectors.
US4924514A (en) * 1988-08-26 1990-05-08 International Business Machines Corporation Personal identification number processing using control vectors
US5944824A (en) * 1997-04-30 1999-08-31 Mci Communications Corporation System and method for single sign-on to a plurality of network elements
US6202157B1 (en) * 1997-12-08 2001-03-13 Entrust Technologies Limited Computer network security system and method having unilateral enforceable security policy provision
DK174672B1 (en) * 1999-11-09 2003-08-25 Orange As Electronic identification code delivery system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO03058880A1 *

Also Published As

Publication number Publication date
SE0200061D0 (en) 2002-01-10
SE0200061L (en) 2003-01-07
NO20042773L (en) 2004-09-10
AU2002359203A1 (en) 2003-07-24
WO2003058880A1 (en) 2003-07-17
SE519072C2 (en) 2003-01-07

Similar Documents

Publication Publication Date Title
EP1466438A1 (en) Method at access right control within mobile communication
US8001615B2 (en) Method for managing the security of applications with a security module
KR101047641B1 (en) Enhance security and privacy for security devices
CN101167388B (en) Limited supply access to mobile terminal features
EP2368339B1 (en) Secure transaction authentication
EP1476980B1 (en) Requesting digital certificates
RU2404520C2 (en) Method for provision of signature key for digital signature, verification or coding of data, and also mobile terminal
EP2106191B1 (en) A method for updating a smartcard and a smartcard having update capability
US20060262929A1 (en) Method and system for identifying the identity of a user
US20070209081A1 (en) Methods, systems, and computer program products for providing a client device with temporary access to a service during authentication of the client device
US20040266395A1 (en) Process for securing a mobile terminal and applications of the process for executing applications requiring a high degree of security
US20020187808A1 (en) Method and arrangement for encrypting data transfer at an interface in mobile equipment in radio network, and mobile equipment in radio network
US7734279B2 (en) Method and system for controlling resources via a mobile terminal, related network and computer program product therefor
KR20060116822A (en) Method for the authentication of applications
US7865719B2 (en) Method for establishing the authenticity of the identity of a service user and device for carrying out the method
KR20140098872A (en) security system and method using trusted service manager and biometric for web service of mobile nfc device
US7072646B1 (en) Method of distributing keys to subscribers of communications networks
US9648495B2 (en) Method and device for transmitting a verification request to an identification module
US8296575B2 (en) Method for protecting electronic device, and electronic device
US7394901B2 (en) Method for exchanging authentication information between a communication entity and an operator server
Khu-Smith et al. Enhancing e-commerce security using GSM authentication

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20040810

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LI LU MC NL PT SE SI SK TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: TELIASONERA AB

17Q First examination report despatched

Effective date: 20100518

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20100929