A data communication network has computer systems that process virtual network elements during network processing time cycles to forward data communication packets for user data services. The computer systems process hardware-embedded codes during the network processing time cycles to identify the computer systems. A security server validates the computer system identities for the virtual network elements. A database system maintains a distributed data structure that individually associates the data services, the computer systems, the virtual network elements, and the computer system validities. The security server and the database system could be discrete systems or they may be at least partially integrated within the computer systems where they would typically execute during different processing time cycles from the virtual network elements.

A method of controlling access to a cellular communication network, for a terminal (MT) identified by a terminal identifier (IMEI) with a subscription identified by a subscription identifier (IMSI), characterized in that it comprises the following steps: creation in a database (DB), of at least one record comprising at least one subscription identifier with at least one terminal identifier, checking that said terminal (MT) together with said subscription are indeed authorized to use the cellular communication network, by verifying the presence in the database (DB) of at least one record comprising the subscription identifier (IMSI) of said subscription associated with the terminal identifier (IMIE) said verification being performed at the time of each attempt at connection of said terminal (MT) or of said subscription, authorization of access or refusal of access of said terminal (MT) to said network according to the result of the verification step. The invention also comprises a system and a computer program product to implement the method.

The present application discloses a method for synchronizing encryption information between a SCell and UE, which includes that: the SCell transmits a COUNT value of RB established for the UE to a PCell; the PCell transmits the COUNT value received from the SCell to the UE; and the PCell receives a COUNT value of RB established on the SCell that is saved by the UE from the UE. Or, the SCell and the UE may directly exchange the COUNT value of RB. By the present application, the security and correctness of data can be ensured.

The present invention provides a device and a method in a device for authenticating the device for use in a network. The method includes requesting a first security context for use in securing a first type of communication, where as part of requesting the first security context, a second security context is jointly requested for use in securing a second type of communication. The first security context is then received and used to provide secure access and communication via the first type of communication. The second security context is then received and used to provide secure access and communication via the second type of communication.

Telecommunications data usage management may be provided. A network state associated with a communication network may be identified. Upon determining that the network state is not in compliance with a data usage policy, access to the communication network may be restricted for at least one application.

A communication system is described in which user plane communication and control plane communication for a particular mobile communication device can be split between a base station that operates a small cell and a macro base station. Appropriate security for the user plane and control plane communications is safeguarded by ensuring that each base station is able to obtain or derive the correct security parameters for protecting the user plane or control plane communication for which it is responsible.

A method for dynamically provisioning access and/or service for a device may include receiving information indicative of a user identity associated with a user of a device, correlating the user identity to the device, determining a user profile descriptive of access to be afforded to the user in a network or indicative of service parameters associated with provision of services to the user in the network, and granting the user access to use the network services via the device in accordance with the user profile.

An anti-theft protection method and device for a cellular phone is provided. The method includes: judging whether the cellular phone satisfies a pre-set condition for starting an anti-theft mode, if so, starting the anti-theft mode; and transmitting anti-theft protection information to a designated contact to instruct the designated contact to perform anti-theft processing for the cellular phone. The device comprises a judgment module, a starting module, and a transmission module.

The present invention provides authentication method and authentication device for communication apparatus and a communication apparatus. The communication apparatus comprises at least one of a communication terminal and a communication card, and the authentication method comprises: S10: binding identity information of owner of the communication apparatus to the communication apparatus; S20: requesting to obtain identity information of a user when the communication apparatus is restarted; S30: comparing the identity information of the user obtained through requesting with the identity information of the owner of the communication apparatus bound to the communication apparatus; S40: determining whether the obtained identity information of the user is the same as the identity information of the owner of the communication apparatus bound to the communication apparatus, if yes, proceeding to step S50, otherwise, proceeding to step S60; S50: starting the communication apparatus normally, and S60: locking the communication apparatus.

The present disclosure provides a network locking method for a wireless terminal, comprising: a front-end network-locking module sends a locking certificate generation request to a wireless terminal, and the wireless terminal generates a locking certificate according to the locking certificate generation request; a back-end network-locking module signs the locking certificate to generate a signed locking certificate; the front-end network-locking module performs communication interaction with the wireless terminal to send the signed locking certificate to the wireless terminal, for the wireless terminal to perform locking operations.