Patents by Inventor Karl Norrman

Karl Norrman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Authentication in device to device discovery
    Patent number: 11516659
    Abstract: There is provided a method for authentication in device to device discovery. A method performed by a Discoverer device, comprises broadcasting a direct discovery request, receiving a direct discovery response from a Discoveree device, the direct discovery response comprising a first token, and the Discoverer device using the first token to verify that the Discoveree device is authorized to respond to the direct discovery request.
    Type: Grant
    Filed: June 7, 2018
    Date of Patent: November 29, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Vesa Lehtovirta, Karl Norrman, Monica Wifvesson
  • Security Context Handling in 5G During Connected Mode
    Publication number: 20220360980
    Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.
    Type: Application
    Filed: July 22, 2022
    Publication date: November 10, 2022
    Inventors: Noamen Ben Henda, Christine Jost, Karl Norrman, Monica Wifvesson
  • Protecting WLCP message exchange between TWAG and UE
    Patent number: 11490252
    Abstract: A method of protecting WLAN Control Protocol (WLCP) message exchange between a Trusted WLAN Access Gateway (TWAG)(112) of a Trusted WLAN Access Network (TWAN)(110) and a User Equipment (UE)(101) are provided. The method comprises deriving, by an Authentication, Authorization, and Accounting, (AAA) Server(103) of an Evolved Packet Core (EPC) network which is interfaced with the TWAN, and by the UE, a Master Session Key (MSK) and an Extended MSK (EMSK), sending, from the AAA Server to a Trusted WLAN AAA Proxy (TWAP)(113) of the TWAN and an Access Point (AP)(111) of the TWAN, the MSK or a key derived from at least the MSK, and deriving, by the TWAN or by the AAA Server, and by the UE, from the MSK, the EMSK, or the key derived from at least the MSK or the EMSK, a key for protecting the WLCP message exchange.—Corresponding devices, computer programs, and computer program products are further provided.
    Type: Grant
    Filed: May 28, 2020
    Date of Patent: November 1, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Dinand Roeland, Vesa Lehtovirta, Karl Norrman, Stefan Rommer
  • METHODS, APPARATUS AND MACHINE-READABLE MEDIA RELATING TO MACHINE-LEARNING IN A COMMUNICATION NETWORK
    Publication number: 20220321423
    Abstract: A method performed by a first network entity in a communications network is provided. The method comprises receiving a request from a second network entity, the request comprising one or more selection criteria for selecting network entities to participate in a collaborative learning process to train a model using a machine learning algorithm. The method further comprises transmitting a response message comprising an indication of whether or not the first network entity satisfies the one or more selection criteria.
    Type: Application
    Filed: August 6, 2020
    Publication date: October 6, 2022
    Inventors: Karl NORRMAN, Martin ISAKSSON
  • METHODS, APPARATUS AND MACHINE-READABLE MEDIA RELATING TO MACHINE-LEARNING IN A COMMUNICATION NETWORK
    Publication number: 20220294606
    Abstract: A method performed by a first entity in a communications network is provided. The first entity belongs to a plurality of entities configured to perform federated learning to develop a model. In the method, the first entity trains a model using a machine-learning algorithm, generating a model update. The first entity generates a first mask, receives an indication of one or more respective second masks from a subset of the remaining entities of the plurality of entities, and combines the first mask and the respective second masks to generate a combined mask. The first entity transmits an indication of the first mask to one or more third entities of the plurality of entities. The first entity applies the combined mask to the model update to generate a masked model update and transmits the masked model update to an aggregating entity of the communications network.
    Type: Application
    Filed: August 6, 2020
    Publication date: September 15, 2022
    Inventors: Karl NORRMAN, Martin ISAKSSON
  • METHODS, APPARATUS AND MACHINE-READABLE MEDIA RELATING TO MACHINE-LEARNING IN A COMMUNICATION NETWORK
    Publication number: 20220292398
    Abstract: A method performed by a first network entity in a communications network includes training a model to obtain a local model update including an update to values of one or more parameters of the model, in which training the model includes inputting training data into a machine learning algorithm. The method further includes applying a serialisation function to the local model update to construct a serial representation of the local model update, thereby removing information indicative of a structure of the model, and transmitting the serial representation of the local model update to an aggregator entity in the communications network.
    Type: Application
    Filed: August 6, 2020
    Publication date: September 15, 2022
    Inventors: Karl NORRMAN, Martin ISAKSSON
  • METHODS, APPARATUS AND MACHINE-READABLE MEDIA RELATING TO MACHINE-LEARNING IN A COMMUNICATION NETWORK
    Publication number: 20220294706
    Abstract: A method performed by a co-ordination network entity in a communications network includes transmitting a request message to a network registration entity in the communications network for identification information for a plurality of candidate network entities in the communications network capable of performing collaborative learning, and receiving identification information for the plurality of candidate network entities from the network registration entity. The method further includes initiating, at one or more network entities of the plurality of candidate network entities, training of a model using a machine-learning algorithm as part of a collaborative learning process.
    Type: Application
    Filed: August 6, 2020
    Publication date: September 15, 2022
    Inventors: Karl NORRMAN, Martin ISAKSSON
  • Security context handling in 5G during connected mode
    Patent number: 11432141
    Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.
    Type: Grant
    Filed: December 13, 2019
    Date of Patent: August 30, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Noamen Ben Henda, Christine Jost, Karl Norrman, Monica Wifvesson
  • Interworking and integration of different radio access networks
    Patent number: 11412376
    Abstract: The proposed technology generally relates to interworking and integration of different radio access networks, and more specifically to carrier aggregation between different radio access networks such as a cellular radio access network, e.g. a 3GPP network, on one hand and a WLAN network such as Wi-Fi, on the other hand. Such tight interworking/aggregation of radio access networks puts new requirements on efficient handling of authentication and security aspects. The proposed technology provides methods, and corresponding network nodes, computer programs, carriers comprising such computer programs, and computer program products as well as arrangements to support carrier aggregation between different radio access networks.
    Type: Grant
    Filed: May 21, 2015
    Date of Patent: August 9, 2022
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Oumer Teyeb, Niklas Johansson, Filip Mestanov, Karl Norrman, Magnus Stattin, Jari Vikberg
  • INTEGRITY PROTECTION
    Publication number: 20220224543
    Abstract: A message authentication code, for a message transmitted and received over a communications network, is formed by applying inputs to an integrity algorithm acting on the message. The inputs comprise: an integrity key; a value indicating a transfer direction; and a frame-dependent integrity input, wherein the frame-dependent integrity input is a frame-dependent modulo count value that also depends on a random value and on a frame-specific sequence number.
    Type: Application
    Filed: March 29, 2022
    Publication date: July 14, 2022
    Applicant: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Vesa Torvinen, Noamen Ben Henda, Qian Chen, Vesa Lehtovirta, Mats Näslund, Karl Norrman, Gang Ren, Mikael Wass, Monica Wifvesson
  • Security context handling in 5G during handover
    Patent number: 11388592
    Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.
    Type: Grant
    Filed: December 13, 2019
    Date of Patent: July 12, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Noamen Ben Henda, Christine Jost, Karl Norrman, Monica Wifvesson
  • Network architecture, methods, and devices for a wireless communications network
    Patent number: 11381445
    Abstract: Methods and apparatus in a fifth-generation wireless communications network, including an example method, in a wireless device, that includes determining a reporting quality threshold for a parameter related to channel state information (CSI); performing a measurement for each of a plurality of beams from a first predetermined set of beams for evaluation; evaluating the measurement for each of the plurality of beams against the reporting quality threshold; discontinuing the performing and evaluating of measurements in response to determining that the reporting quality threshold is met for one of the beams, such that one or more beams in the first predetermined set of beams are not measured and evaluated; and reporting, to the wireless communications network, CSI for the one of the beams.
    Type: Grant
    Filed: May 16, 2019
    Date of Patent: July 5, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Stefan Parkvall, Janne Peisa, Gunnar Mildh, Robert Baldemair, Stefan Wager, Jonas Kronander, Karl Werner, Richard Abrahamsson, Ismet Aktas, Peter Alriksson, Junaid Ansari, Shehzad Ali Ashraf, Henrik Asplund, Fredrik Athley, Håkan Axelsson, Joakim Axmon, Johan Axnäs, Kumar Balachandran, Gunnar Bark, Jan-Erik Berg, Andreas Bergström, Håkan Björkegren, Nadia Brahmi, Cagatay Capar, Anders Carlsson, Andreas Cedergren, Mikael Coldrey, Icaro L. J. da Silva, Erik Dahlman, Ali El Essaili, Ulrika Engström, Mårten Ericson, Erik Eriksson, Mikael Fallgren, Rui Fan, Gabor Fodor, Pål Frenger, Jonas Fridén, Jonas Fröberg Olsson, Anders Furuskär, Johan Furuskog, Virgile Garcia, Ather Gattami, Fredrik Gunnarsson, Ulf Gustavsson, Bo Hagerman, Fredrik Harrysson, Ning He, Martin Hessler, Kimmo Hiltunen, Songnam Hong, Dennis Hui, Jörg Huschke, Tim Irnich, Sven Jacobsson, Niklas Jaldén, Simon Järmyr, Zhiyuan Jiang, Martin Johansson, Niklas Johansson, Du Ho Kang, Eleftherios Karipidis, Patrik Karlsson, Ali S. Khayrallah, Caner Kilinc, Göran N. Klang, Sara Landström, Christina Larsson, Gen Li, Bo Lincoln, Lars Lindbom, Robert Lindgren, Bengt Lindoff, Fredrik Lindqvist, Jinhua Liu, Thorsten Lohmar, Qianxi Lu, Lars Manholm, Ivana Maric, Jonas Medbo, Qingyu Miao, Reza Moosavi, Walter Müller, Elena Myhre, Johan Nilsson, Karl Norrman, Bengt-Erik Olsson, Torgny Palenius, Sven Petersson, Jose Luis Pradas, Mikael Prytz, Olav Queseth, Pradeepa Ramachandra, Edgar Ramos, Andres Reial, Thomas Rimhagen, Emil Ringh, Patrik Rugeland, Johan Rune, Joachim Sachs, Henrik Sahlin, Vidit Saxena, Nima Seifi, Yngve Selén, Eliane Semaan, Sachin Sharma, Cong Shi, Johan Sköld, Magnus Stattin, Anders Stjernman, Dennis Sundman, Lars Sundström, Miurel Isabel Tercero Vargas, Claes Tidestav, Sibel Tombaz, Johan Torsner, Hugo Tullberg, Jari Vikberg, Peter Von Wrycza, Thomas Walldeen, Anders Wallén, Pontus Wallentin, Hai Wang, Ke Wang Helmersson, Jianfeng Wang, Yi-Pin Eric Wang, Niclas Wiberg, Emma Wittenmark, Osman Nuri Can Yilmaz, Ali Zaidi, Zhan Zhang, Zhang Zhang, Yanli Zheng
  • Node and method for detecting that a wireless device has been communicating with a non-legitimate device
    Patent number: 11297072
    Abstract: Embodiments herein relate to a method performed by a detecting node (101) in a communications network (100), for detecting that a wireless device, WD, (120) associated with a first domain of the communications network (100) has been communicating with a non-legitimate device (150). The non-legitimate device (150) is a device associated with a second domain of the communications network (100). The non-legitimate device (150) impersonates a network node (110, 111, 140) of a first domain of the communications network (100). The detecting node (101) obtains information regarding one or more protocol events related to the communication between the WD (120) and a first network node (110, 111, 140). The information comprises a time instance related to the one or more protocol events. The detecting node (101) determines, based on the time instance and a set of time limits related to the one or more protocol events, that the WD (120) has been communicating with the non-legitimate device (150).
    Type: Grant
    Filed: July 19, 2016
    Date of Patent: April 5, 2022
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Prajwol Kumar Nakarmi, András Méhes, Karl Norrman
  • Integrity protection
    Patent number: 11296890
    Abstract: A message authentication code, for a message transmitted and received over a communications network, is formed by applying inputs to an integrity algorithm acting on the message. The inputs comprise: an integrity key; a value indicating a transfer direction; and a frame-dependent integrity input, wherein the frame-dependent integrity input is a frame-dependent modulo count value that also depends on a random value and on a frame-specific sequence number.
    Type: Grant
    Filed: November 24, 2016
    Date of Patent: April 5, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Vesa Torvinen, Noamen Ben Henda, Qian Chen, Vesa Lehtovirta, Mats Näslund, Karl Norrman, Gang Ren, Mikael Wass, Monica Wifvesson
  • SECURITY CONTEXT IN A WIRELESS COMMUNICATION SYSTEM
    Publication number: 20220086706
    Abstract: Core network equipment is configured for use in a core network of a wireless communication system. The core network equipment is configured to switch switching to using a new non-access stratum, NAS, security context between a user equipment and the core network equipment. The core network equipment is also configured to, during or in association with a handover procedure for handover of the user equipment, signal from the core network equipment that the new NAS security context between the user equipment and the core network equipment is to be used as a basis for an access stratum (AS) security context between the user equipment and radio access network equipment.
    Type: Application
    Filed: November 23, 2021
    Publication date: March 17, 2022
    Inventors: Prajwol Kumar Nakarmi, Karl Norrman, Monica Wifvesson
  • Refreshing a security context for a mobile device
    Patent number: 11252561
    Abstract: A Radio Access Network (RAN) node instructs a wireless device having a connection to the RAN node to transition from a connected Radio Resource Control (RRC) state to an inactive RRC state in which key information supporting the connection, and a further connection to a Core Network (CN) node serving the wireless device, are maintained. Responsive to the wireless device returning to the connected RRC state, the RAN node requests new key material from the CN node, and replaces the key material supporting the connection with the new key material received from the CN node.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: February 15, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Karl Norrman, Gunnar Mildh, Oumer Teyeb, Stefan Wager
  • Method for performing a trustworthiness test on a random number generator
    Patent number: 11243744
    Abstract: A method (40) is provided for performing a trustworthiness test on a random number generator, RNG, (20) comprising a physical unclonable function, PUF-module (21). The trustworthiness test is implemented as a known answer test, KAT, and the method (40) comprises: receiving (41), in the PUF-module (21), an input based on test data, T, received from a verifier (11) provided with at least one test data-test result pair, (T, R), providing (42) an output from the PUF-module (21), determining (43) a test result, R?, based on the output from the PUF-module (21), and providing (44) the test result, R?, to the verifier (11). A random number generator (20), computer program and computer program products and a method performed by or in a verifier are also provided.
    Type: Grant
    Filed: November 15, 2016
    Date of Patent: February 8, 2022
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Mats Näslund, Elena Dubrova, Karl Norrman
  • Methods and devices for protecting data
    Patent number: 11232718
    Abstract: A method performed by a device for protecting data is provided. The method comprises inputting, to a Physically Unclonable Function, PUF, of the device, a challenge; obtaining, from the PUF, a response; and protecting the data by using the response. A device, a method in an encryption unit, computer program and computer program product are also provided.
    Type: Grant
    Filed: February 1, 2017
    Date of Patent: January 25, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Karl Norrman, Elena Dubrova
  • Communication with server during network device during extensible authentication protocol—authentication and key agreement prime procedure
    Patent number: 11228429
    Abstract: A communication device for communication with a network device during EAP-AKA?. The communication device is operative to receive a first Perfect Forward Secrecy, PFS, parameter value and at least one attribute value indicating a choice of a Diffie-Hellman group from the network device. The communication device is also operative to receive a cipher key, CK, and an integrity key, IK. Generate a modified cipher key, CK?, and a modified integrity key, IK? based on CK, IK and an access network identity. Operations include calculating a second PFS parameter value. Send the second PFS parameter value to the network device. Calculate a third PFS parameter value. Derive, using a Pseudo-random function, a key based on the third PFS parameter value, CK?, IK? and an identity associated with the communication device. A network device, methods, further communication devices, a server, computer programs and a computer program product are also disclosed.
    Type: Grant
    Filed: October 30, 2018
    Date of Patent: January 18, 2022
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Jari Arkko, Karl Norrman, Vesa Torvinen
  • Security context in a wireless communication system
    Patent number: 11184812
    Abstract: Core network equipment is configured for use in a core network of a wireless communication system. The core network equipment is configured to switch switching to using a new non-access stratum, NAS, security context between a user equipment and the core network equipment. The core network equipment is also configured to, during or in association with a handover procedure for handover of the user equipment, signal from the core network equipment that the new NAS security context between the user equipment and the core network equipment is to be used as a basis for an access stratum (AS) security context between the user equipment and radio access network equipment.
    Type: Grant
    Filed: January 25, 2021
    Date of Patent: November 23, 2021
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Prajwol Kumar Nakarmi, Karl Norrman, Monica Wifvesson