Patents by Inventor Kari Timo Juhani Kostiainen
Kari Timo Juhani Kostiainen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11153081Abstract: A method and apparatus includes a determining unit configured to determine whether a device entering a network should be allowed access and an executing unit configured to execute a configuration protocol between the registrar and the device and to a shared unique configuration key between the registrar and the device. If the device provides a privileged service, the configuration protocol enables the device to advertise the privileged service or if the device is a control point, the configuration protocol enables the device to advertise that it is able to control certain privileged services. The registrar also includes a controlling unit configured to obtain a controller key, if the registrar is to become controller of the new device and a service unit configured to execute a credential service that allows devices providing privileged services to delegate issuing of access control credentials to the registrar, wherein other devices may use the credential service to obtain credentials for privileged services.Type: GrantFiled: March 26, 2020Date of Patent: October 19, 2021Assignee: Conversant Wireless Licensing S.a r.l.Inventors: Kari Timo Juhani Kostiainen, Seamus Peter Moloney, Olli Antero Rantapuska
-
Publication number: 20200328887Abstract: A method and apparatus includes a determining unit configured to determine whether a device entering a network should be allowed access and an executing unit configured to execute a configuration protocol between the registrar and the device and to a shared unique configuration key between the registrar and the device. If the device provides a privileged service, the configuration protocol enables the device to advertise the privileged service or if the device is a control point, the configuration protocol enables the device to advertise that it is able to control certain privileged services. The registrar also includes a controlling unit configured to obtain a controller key, if the registrar is to become controller of the new device and a service unit configured to execute a credential service that allows devices providing privileged services to delegate issuing of access control credentials to the registrar, wherein other devices may use the credential service to obtain credentials for privileged services.Type: ApplicationFiled: March 26, 2020Publication date: October 15, 2020Inventors: Kari Timo Juhani Kostiainen, Seamus Peter Moloney, Olli Antero Rantapuska
-
Patent number: 10637661Abstract: A method and apparatus includes a determining unit configured to determine whether a device entering a network should be allowed access and an executing unit configured to execute a configuration protocol between the registrar and the device and to a shared unique configuration key between the registrar and the device. If the device provides a privileged service, the configuration protocol enables the device to advertise the privileged service or if the device is a control point, the configuration protocol enables the device to advertise that it is able to control certain privileged services. The registrar also includes a controlling unit configured to obtain a controller key, if the registrar is to become controller of the new device and a service unit configured to execute a credential service that allows devices providing privileged services to delegate issuing of access control credentials to the registrar, wherein other devices may use the credential service to obtain credentials for privileged services.Type: GrantFiled: June 4, 2018Date of Patent: April 28, 2020Assignee: Conversant Wireless Licensing S.a r.l.Inventors: Kari Timo Juhani Kostiainen, Seamus Peter Moloney, Olli Antero Rantapuska
-
Publication number: 20190020638Abstract: A method and apparatus includes a determining unit configured to determine whether a device entering a network should be allowed access and an executing unit configured to execute a configuration protocol between the registrar and the device and to a shared unique configuration key between the registrar and the device. If the device provides a privileged service, the configuration protocol enables the device to advertise the privileged service or if the device is a control point, the configuration protocol enables the device to advertise that it is able to control certain privileged services. The registrar also includes a controlling unit configured to obtain a controller key, if the registrar is to become controller of the new device and a service unit configured to execute a credential service that allows devices providing privileged services to delegate issuing of access control credentials to the registrar, wherein other devices may use the credential service to obtain credentials for privileged services.Type: ApplicationFiled: June 4, 2018Publication date: January 17, 2019Inventors: Kari Timo Juhani Kostiainen, Seamus Peter Moloney, Olli Antero Rantapuska
-
Patent number: 10027638Abstract: A method and apparatus includes a determining unit configured to determine whether a device entering a network should be allowed access and an executing unit configured to execute a configuration protocol between the registrar and the device and to a shared unique configuration key between the registrar and the device. If the device provides a privileged service, the configuration protocol enables the device to advertise the privileged service or if the device is a control point, the configuration protocol enables the device to advertise that it is able to control certain privileged services. The registrar also includes a controlling unit configured to obtain a controller key, if the registrar is to become controller of the new device and a service unit configured to execute a credential service that allows devices providing privileged services to delegate issuing of access control credentials to the registrar, wherein other devices may use the credential service to obtain credentials for privileged services.Type: GrantFiled: February 16, 2015Date of Patent: July 17, 2018Assignee: Conversant Wireless Licensing S.a.r.l.Inventors: Kari Timo Juhani Kostiainen, Seamus Peter Moloney, Olli Antero Rantapuska
-
Publication number: 20150163208Abstract: A method and apparatus includes a determining unit configured to determine whether a device entering a network should be allowed access and an executing unit configured to execute a configuration protocol between the registrar and the device and to a shared unique configuration key between the registrar and the device. If the device provides a privileged service, the configuration protocol enables the device to advertise the privileged service or if the device is a control point, the configuration protocol enables the device to advertise that it is able to control certain privileged services. The registrar also includes a controlling unit configured to obtain a controller key, if the registrar is to become controller of the new device and a service unit configured to execute a credential service that allows devices providing privileged services to delegate issuing of access control credentials to the registrar, wherein other devices may use the credential service to obtain credentials for privileged services.Type: ApplicationFiled: February 16, 2015Publication date: June 11, 2015Inventors: Kari Timo Juhani Kostiainen, Seamus Peter Moloney, Olli Antero Rantapuska
-
Methods, apparatuses, and computer program products for authentication of fragments using hash trees
Patent number: 8352737Abstract: An apparatus for authentication of fragments using hash trees may include a processor. The processor may be configured to provide one or more data fragments and a hash tree representing the one or more fragments, send at least one first fragment accompanied by any nodes of the hash tree necessary to authenticate the one or more first sent fragments, and send one or more subsequent fragments accompanied by only some, but not all, of the nodes of the hash tree necessary to authenticate the one or more subsequent fragments with the other nodes that are not sent but are necessary for authentication having been previously sent in conjunction with a prior fragment.Type: GrantFiled: December 20, 2007Date of Patent: January 8, 2013Assignee: Nokia CorporationInventors: John Solis, Kari Timo Juhani Kostiainen, Philip Ginzboorg, Nadarajah Asokan, Joerg Ott, Cheng Luo -
Publication number: 20120324214Abstract: The exemplary embodiments or the invention provide at least a method, apparatus, and program of computer instructions to perform operations including receiving a challenge from a prover device, reading and saving an old value of a selected platform configuration register, obtaining at least one measurement or property and forming a new platform configuration register value, where the forming includes calculating a cryptographic hash over the old value of the platform configuration register and the obtained at least one measurement or property, triggering, with the trusted software, an attestation by sending a challenge to a trusted platform module/mobile platform module, and sending by the prover device a device certificate, attestation, at least one measurement or property, and old platform configuration register value to the verifier.Type: ApplicationFiled: February 16, 2011Publication date: December 20, 2012Applicant: NOKIA CORPORATIONInventors: Nadarajah Asokan, Jan-Erik Ekberg, Kari Timo Juhani Kostiainen
-
Publication number: 20120239936Abstract: Methods and apparatus, including computer program products, are provided for credential transfer. In one aspect there is provided a method. The method may include receiving, at a first device, an authorization token; determining, at the first device, a delegation token, one or more credentials, and metadata; and providing, by the first device to a second device, the delegation token, the one or more credentials, and the metadata. Related apparatus, systems, methods, and articles are also described.Type: ApplicationFiled: December 18, 2009Publication date: September 20, 2012Applicant: NOKIA CORPORATIONInventors: Silke Holtmanns, Nadarajah Asokan, Kari Timo Juhani Kostiainen
-
Patent number: 7913086Abstract: The invention relates to a method for remote attestation. In the method is created a first asymmetric key pair in a trusted platform module in an electronic device. A first public key and software platform state information are certified with an attestation identity key associated with the trusted platform module to produce a first certificate. A second asymmetric key pair is produced in an application within the electronic device. The second public key is certified with said first secret key to produce a second certificate. A message is signed with the second secret key to provide a message signature in the first electronic device. The message and the message signature, software platform state information, the first certificate and the second certificate are sent to a second electronic device.Type: GrantFiled: June 20, 2007Date of Patent: March 22, 2011Assignee: Nokia CorporationInventors: Kari Timo Juhani Kostiainen, Nadarajah Asokan
-
METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR AUTHENTICATION OF FRAGMENTS USING HASH TREES
Publication number: 20090164783Abstract: An apparatus for authentication of fragments using hash trees may include a processor. The processor may be configured to provide one or more data fragments and a hash tree representing the one or more fragments, send at least one first fragment accompanied by any nodes of the hash tree necessary to authenticate the one or more first sent fragments, and send one or more subsequent fragments accompanied by only some, but not all, of the nodes of the hash tree necessary to authenticate the one or more subsequent fragments with the other nodes that are not sent but are necessary for authentication having been previously sent in conjunction with a prior fragment.Type: ApplicationFiled: December 20, 2007Publication date: June 25, 2009Inventors: John Solis, Kari Timo Juhani Kostiainen, Philip Ginzboorg, Nadarajah Asokan, Joerg Ott, Cheng Luo -
Publication number: 20080320308Abstract: The invention relates to a method for remote attestation. In the method is created a first asymmetric key pair in a trusted platform module in an electronic device. A first public key and software platform state information are certified with an attestation identity key associated with the trusted platform module to produce a first certificate. A second asymmetric key pair is produced in an application within the electronic device. The second public key is certified with said first secret key to produce a second certificate. A message is signed with the second secret key to provide a message signature in the first electronic device. The message and the message signature, software platform state information, the first certificate and the second certificate are sent to a second electronic device.Type: ApplicationFiled: June 20, 2007Publication date: December 25, 2008Inventors: Kari Timo Juhani Kostiainen, Nadarajah Asokan