公开(公告)号：WO2015159072A1

公开(公告)日：2015-10-22

申请号：PCT/GB2015/051136

申请日：2015-04-14

Applicant: VODAFONE IP LICENSING LIMITED

Inventor： BABBAGE, Stephen ,  BONE, Nicholas ,  PUDNEY, Christopher ,  BARRY, Aguibou Mountaga

IPC: H04W8/20 ,  H04W12/08

CPC classification number: H04W4/001 ,  G06F21/313 ,  G06F21/41 ,  G06F2221/2117 ,  H04W4/50 ,  H04W4/70 ,  H04W8/205 ,  H04W12/06 ,  H04W12/08

Abstract: Provisioning a subscriber in a network is provided by: receiving an initialisation request for access to a network on behalf of a subscriber, at an admission platform of a network operator associated with the subscriber; and assigning the subscriber limited access rights to the network, the limited access rights being configured for communication between the subscriber and a subscription manager, for reconfiguration of identity information associated with the subscriber.

Abstract translation: 通过以下方式提供在网络中的用户：在与用户相关联的网络运营商的准入平台处，代表用户接收对网络的访问的初始化请求; 以及将所述用户限制的访问权限分配给所述网络，所述受限访问权限被配置用于所述订户和订阅管理器之间的通信，用于重新配置与所述订户相关联的身份信息。

公开(公告)号：WO2015181359A1

公开(公告)日：2015-12-03

申请号：PCT/EP2015/061973

申请日：2015-05-29

Applicant: VODAFONE IP LICENSING LIMITED

Inventor： BONE, Nicholas ,  BABBAGE, Stephen ,  BARRY, Aguibou

IPC: H04L9/08

CPC classification number: H04L9/0841 ,  H04L9/0897 ,  H04L9/3228 ,  H04L63/12 ,  H04L67/141 ,  H04W8/18 ,  H04W12/04 ,  H04W48/18

Abstract: Method, system and apparatus for provisioning a subscription of a service to a device comprising: receiving a message from a device, the message protected by first provisioning data installed on the device. Authenticating the message using data corresponding to the first provisioning data. On successful authentication, providing data enabling the device to recover protected second provisioning data from a subscription manager. Providing the device with the protected second provisioning data.

Abstract translation: 用于向服务器提供对服务的订阅的方法，系统和装置，包括：从设备接收消息，所述消息由被安装在所述设备上的首次提供数据所保护。 使用与第一供应数据相对应的数据验证消息。 在成功认证时，提供使设备能够从订阅管理器恢复受保护的第二供应数据的数据。 为设备提供受保护的第二供应数据。

公开(公告)号：WO2012080740A1

公开(公告)日：2012-06-21

申请号：PCT/GB2011/052490

申请日：2011-12-15

Applicant: VODAFONE IP LICENSING LIMITED ,  BABBAGE, Steven ,  BONE, Nicholas

Inventor： BABBAGE, Steven ,  BONE, Nicholas

IPC: H04L9/08 ,  H04L9/32 ,  G07F7/10

CPC classification number: H04W12/06 ,  H04L9/0869 ,  H04L9/0897 ,  H04L9/14 ,  H04L9/3234 ,  H04L9/3236 ,  H04L9/3271 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/04

Abstract: To facilitate a change in network authentication key (Ki) for use by a smart card (SIM) during authentication on a cellular telecommunications network,there is provided a smart card management scheme that combines key derivation with over the air (OTA) provisioning. This scheme ensures both that the Ki is never transmitted OTA and that the Ki is stored in two locations only : on the SIM and at an authentication centre (AuC).

Abstract translation: 为了便于在蜂窝电信网络的认证期间由智能卡（SIM）使用的网络认证密钥（Ki）的改变，提供了组合密钥导出与空中（OTA）供应的智能卡管理方案。 该方案确保Ki从不传输OTA，并且Ki仅存储在两个位置：SIM和认证中心（AuC）。

公开(公告)号：WO2012035335A1

公开(公告)日：2012-03-22

申请号：PCT/GB2011/051718

申请日：2011-09-14

Applicant: VODAFONE IP LICENSING LIMITED ,  BONE, Nicholas

Inventor： BONE, Nicholas

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L63/0853

Abstract: To facilitate authentication over a wireless access network, it is proposed to provide a hub device having an authentication storage means (i.e. a (U)SIM) to which one or more machine devices are connected. Each machine devices connects to a wireless access network and in order to authenticate with that network requests authentication information from the hub device. The core network of the wireless access network, authenticates each machine device and provides the machine devices with parallel access to the access network in accordance with authentication information obtained from the hub device. The authentication information is unique to the respective machine device but also associated with information stored on the authentication storage means of the hub device.

Abstract translation: 为了促进通过无线接入网络的认证，建议提供一种具有连接一个或多个机器设备的认证存储装置（即（U）SIM）的集线器设备。 每个机器设备连接到无线接入网络，并且为了与该网络进行认证，请求从集线器设备获得认证信息。 无线接入网络的核心网络，对每个机器设备进行认证，并根据从集线器设备获取的认证信息向机器设备提供对接入网络的并行接入。 认证信息对于相应的机器设备是唯一的，但也与存储在集线器设备的认证存储装置上的信息相关联。

公开(公告)号：WO2012085593A1

公开(公告)日：2012-06-28

申请号：PCT/GB2011/052575

申请日：2011-12-22

Applicant: VODAFONE IP LICENSING LIMITED ,  BABBAGE, Steven ,  BONE, Nicholas

Inventor： BABBAGE, Steven ,  BONE, Nicholas

IPC: H04W8/18

CPC classification number: H04B1/3816 ,  H04M1/274516 ,  H04W8/183 ,  H04W12/06 ,  H04W12/08

Abstract: Where a smartcard is embedded or inaccessible within a cellular telecommunications device (i.e. an eUICC), locking the smartcard (or the subscription associated with the smartcard) to a particular MNO while allowing the MNO to be altered legitimately presents a challenge. A method is described using policy control tables stored in a trusted service manager registry and/or the smartcard's data store. By maintaining the policy control table, any MNO subscription may be downloaded / activated on the smartcard but the device will be prevented from accessing the desired MNO because that access would violate the lock rules.

Abstract translation: 在蜂窝电信设备（即，eUICC）中嵌入或不可访问智能卡的情况下，将智能卡（或与智能卡相关联的订阅）锁定到特定MNO，同时允许MNO被合法地改变呈现挑战。 使用存储在可信服务管理器注册表和/或智能卡的数据存储中的策略控制表来描述方法。 通过维护策略控制表，可以在智能卡上下载/激活任何MNO订阅，但是将阻止该设备访问所需的MNO，因为该访问将违反锁定规则。

公开(公告)号：WO2017134449A1

公开(公告)日：2017-08-10

申请号：PCT/GB2017/050268

申请日：2017-02-03

Applicant: VODAFONE IP LICENSING LIMITED

Inventor： BONE, Nicholas ,  SNAPE, Timothy ,  DERAKHSHAN, Peyman

IPC: H04L29/06 ,  H04W12/02

CPC classification number: H04L63/205 ,  H04L67/12 ,  H04L69/24 ,  H04W12/02

Abstract: There are provided methods, systems and apparatus for identifying and/or changing the level of bearer security provided for a communications connection (315) between a terminal (310) and a serving network (320). An example method comprises the steps of communicating from the terminal (310) to a telecommunications network entity (324) in the serving network a security demand comprising at least one request for at least one particular security setting to be applied to a corresponding security parameter of the communications connection, wherein the security parameter defines an aspect of the security of the communications connection. If at least one of the requested particular security settings can be applied to the corresponding security parameter, the telecommunications network entity applies the requested security setting to the corresponding security parameter.

Abstract translation: 提供了用于识别和/或改变为终端（310）和服务网络（320）之间的通信连接（315）提供的承载安全等级的方法，系统和装置。 一种示例方法包括以下步骤：从服务网络中的终端（310）向电信网络实体（324）传送包括至少一个对至少一个特定安全设置的请求的安全需求，所述至少一个特定安全设置将被应用于相应的安全参数 所述通信连接，其中所述安全参数定义所述通信连接的安全性的方面。 如果所请求的特定安全设置中的至少一个可以应用于相应的安全参数，则电信网络实体将所请求的安全设置应用于相应的安全参数。

公开(公告)号：WO2012035349A1

公开(公告)日：2012-03-22

申请号：PCT/GB2011/051733

申请日：2011-09-14

Applicant: VODAFONE IP LICENSING LIMITED ,  BONE, Nicholas ,  RAEBURN, James

Inventor： BONE, Nicholas ,  RAEBURN, James

IPC: H04W8/22

CPC classification number: H04L63/101 ,  H04W8/22 ,  H04W12/08 ,  H04W48/02

Abstract: To control access by any given mobile terminal to a mobile telecommunications network, a smartcard (i.e. a SI M) is arranged to include a list of device identifiers corresponding to one or more mobile terminals together with an indication of their respective access categories (i.e. black-list, grey-list or white-list). This list is constructed from an updated list of identifiers of mobile devices into which the smartcard has been inserted. This may be enhanced with a limited number of generic excluded identifiers. The smartcard thus maintains a local database of banned devices and/or devices that need to be monitored by the network.

Abstract translation: 为了控制任何给定的移动终端对移动电信网络的访问，布置智能卡（即，SI M）以包括对应于一个或多个移动终端的设备标识符的列表以及它们各自的访问类别的指示（即黑色 列表，灰名单或白名单）。 该列表由智能卡插入的移动设备的标识符的更新列表构成。 这可以通过有限数量的通用排除标识符来增强。 因此，智能卡维护了需要被网络监视的被禁设备和/或设备的本地数据库。

公开(公告)号：WO2012035340A1

公开(公告)日：2012-03-22

申请号：PCT/GB2011/051724

申请日：2011-09-14

Applicant: VODAFONE IP LICENSING LIMITED ,  BONE, Nicholas

Inventor： BONE, Nicholas

IPC: H04L29/06 ,  H04W12/06

CPC classification number: H04L63/08 ,  H04L63/18 ,  H04L63/20 ,  H04W12/06

Abstract: To enable formation of secure associations between IP-enabled devices when they have not previously connected, a method is proposed where a declaration of ownership of a target device is made by the subscriber of a originating device and that subscriber giving that declaration is authenticated by means of a SIM card, say. The originating device establishes secure connection to a first server. The target device establishes a secure connection to a second server. Provided the first and second servers can establish a conventional IP-type SA (e.g. using IPSec or TLS), there is a chain of secure associations between the two devices. This chain is then used to build a new secure association between originating device and target Device. The first and second servers thus act as proxies for two devices respectively and negotiate the secure association on their behalf. They then transfer the new secure association information securely to the devices using the existing chain of secure associations.

Abstract translation: 为了在未启用IP设备之前形成安全关联，当一个目标设备的所有权声明由一个始发设备的用户做出时，提出一种方法，该用户通过方式对该声明进行认证 的SIM卡，说。 始发设备建立到第一服务器的安全连接。 目标设备建立到第二服务器的安全连接。 如果第一和第二服务器可以建立传统的IP类型SA（例如使用IPSec或TLS），则在两个设备之间存在一连串的安全关联。 然后，该链用于在始发设备和目标设备之间构建新的安全关联。 因此，第一和第二服务器分别用作两个设备的代理，并代表它们协商安全关联。 然后，他们使用现有的安全关联链将安全关联信息安全地传输到设备。

公开(公告)号：WO2012035338A1

公开(公告)日：2012-03-22

申请号：PCT/GB2011/051721

申请日：2011-09-14

Applicant: VODAFONE IP LICENSING LIMITED ,  BONE, Nicholas ,  HOWARD, Peter

Inventor： BONE, Nicholas ,  HOWARD, Peter

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L63/0853 ,  H04W12/12

Abstract: To allow devices to authenticate to a wide area mobile network when they temporarily do not have a connection to a SIM card and to authenticate the base station and so protect against false base stations, a system is provided where certain authentication credentials are pre-fetched while connection to the SIM card and the authentication subsystem of the wide area mobile network are in signalling connection. These advance credentials are then presented by the devices in authentication requests without requiring access via the mobile network or the connected presence of the SIM card being necessary for successful authentication.

Abstract translation: 为了允许设备在暂时没有到SIM卡的连接并且验证基站并且因此防止假基站的情​​况下向广域移动网络进行认证时，提供系统，其中预先获取某些认证凭证，同时 连接到SIM卡和广域移动网络的认证子系统处于信令连接。 这些提前凭证然后由认证请求中的设备呈现，而不需要通过移动网络访问或成功认证所需的SIM卡的连接存在。