Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.

A permissions management system is disclosed for enabling a user to securely authorize a third-party system to access user account data and initiate transactions related to a user account, without disclosing to the third-party system account credentials. The system enables the user to also securely de-authorize the third-party system. For example, records may be automatically generated that securely store account information, including one or more permissions related to the account and/or the third-party. A token associated with a record may be shared with the third-party system, but neither the record itself, nor the user account credentials, may be shared with the third-party. Accordingly, the third-party may request user account data and/or initiate transactions by providing the token, but does not itself know, e.g., the user account credentials. Further, the user may set various permissions related to the token, and may also revoke the token (e.g., de-authorize the third-party), thus providing increased security to the user's account.

The present invention is applicable to the field of communications technologies, and provides a repeating method of a wireless repeating device and a wireless repeating device. The method includes the following steps: synchronizing network connection information of an upstream AP to a downstream WLAN AP interface of the wireless repeating device; obtaining, according to the downstream WLAN AP interface corresponding to the synchronized upstream AP, downstream wireless STA MAC address information, and establishing an upstream WLAN Client interface which is in a mapping relationship with an STA MAC address; and performing, according to the mapping relationship between the STA MAC address and the established upstream WLAN Client interface, management on data forwarded between the upstream AP and a downstream wireless STA.

The invention relates to a method, by a policy controller 100, for generating policy rules for data packet flows in a communications network. The policy controller 100 has access to a policy database 130 and stores a service level agreement. The service level agreement contains a plurality of different service level identifiers, each service level identifier being associated with a set of conditions that govern the policy rules to be applied to the data packet flows in the communications network. The method comprises the following steps: An authorization request is received for a data packet flow, the authorization request comprising service information for a service and a service level identifier. The policy database 130 is accessed and the set of conditions associated with the received service level identifier is determined. Further, based on the determined set of conditions, a policy rule to be applied to the data packet flow is generated. Policy controller 100 is configured to generate policy rules based on a third party or company profile, with the third party company being able to influence which policy rule should be selected by the policy controller. The authorization request may be received directly from an application function, AF 200. An input unit 230 is provided via which the third party can define and agree upon the service level agreement with an operator of the communications network. A policy control enforcing function PCEF 51 can interact with the PCRF 100 in order to enforce the policy rules.

A mobile communications transmission system provides a plurality of mobile communications cells in a building or campus. It comprises a first baseband unit and a first gateway device, which is connectable to a data network. At least one transceiver unit is connected to the first baseband unit. The at least one transceiver unit is configured to provide at least one first mobile communications cell. By way of this first mobile communications cell, a subscriber device in the building can exchange information with the data network. A first control device is connected to the first baseband unit and the first gateway device. The first baseband unit and the first gateway device are installed in the building or campus in which the at least one transceiver unit provides the at least one first mobile communications cell, whereas the first control device is accommodated remote therefrom at an operating company.

An authentication assurance level associated with an entity, for instance a user equipment, may be computed periodically or in response to an event. The authentication assurance level is compared to an authentication threshold. Based on the comparison, it is determined whether a fresh performance of at least one authentication factor needs to be performed. Thus, appropriate authentication factors and functions may be invoked on a periodic basis to maintain a certain authentication assurance level, which is referred to herein as the assurance threshold. The authentication assurance level may change, for instance decay, over time and may be refreshed periodically.

The present disclosure relates to a communication technique for converging a 5G communication system for supporting a higher data rate beyond a 4G system with an IoT technology, and a system therefor. The present disclosure can be applied to intelligent services on the basis of a 5G communication technology and an IoT-related technology (for example, smart home, smart building, smart city, smart car or connected car, healthcare, digital education, retail, security and safety-related service, and the like). The present invention provides a method for enhancing data security, comprising: when a request message including information related to a first privacy level is received from a user device, authenticating the user device; when the user device is an authenticated device as a result of the authentication, verifying the information related to the first privacy level; and when the verification of the information related to the first privacy level is completed, transmitting, to the user device, an image processed on the basis of the first privacy level among images processed on the basis of a plurality of privacy levels.

There is provided a method performed by a first entity of a network. Contextual information for the first entity and a timestamp for the contextual information is acquired (102). An authentication token is generated (104) using the acquired contextual information. Transmission of an authentication request message is initiated (106) towards a second entity of the network requesting authentication of the first entity with the second entity. The authentication request message comprises the generated authentication token and the timestamp for use in the authentication. An authentication response message indicative of whether authentication of the first entity with the second entity is successful or unsuccessful received (108).

The invention relates to a method for selectively configuring a container that contains an application, wherein user-authentication data are received by a container management component and forwarded via a container applicant to an authorisation server. This server transmits an authorisation response, on the basis of which a decision is made as to whether the application is allowed to be run in the container.

A method includes a network processing computer receiving an authorization request message comprising a token and a cryptogram during an interaction between a resource provider and a user. The network processing computer determines user credentials associated with the token. The network processing computer then determines a plan identifier based on the authorization request message. The network processing computer provides the plan identified to an authorizing entity computer.